added oauth flow to get authorization code

2026-01-22 19:52:43 +11:00
parent 7be15160d5
commit c14c5d43ee
15 changed files with 1313 additions and 32 deletions
--- a/internal/handlers/callback.go
+++ b/internal/handlers/callback.go
@@ -0,0 +1,61 @@
+package handlers
+
+import (
+	"net/http"
+
+	"git.haelnorr.com/h/golib/hws"
+	"git.haelnorr.com/h/oslstats/internal/config"
+	"git.haelnorr.com/h/oslstats/pkg/oauth"
+	"github.com/pkg/errors"
+)
+
+func Callback(server *hws.Server, cfg *config.Config) http.Handler {
+	return http.HandlerFunc(
+		func(w http.ResponseWriter, r *http.Request) {
+			state := r.URL.Query().Get("state")
+			code := r.URL.Query().Get("code")
+			if state == "" && code == "" {
+				http.Redirect(w, r, "/", http.StatusBadRequest)
+				return
+			}
+			data, err := verifyState(cfg.OAuth, w, r, state)
+			if err != nil {
+				err = server.ThrowError(w, r, hws.HWSError{
+					StatusCode:      http.StatusForbidden,
+					Message:         "OAuth state verification failed",
+					Error:           err,
+					Level:           hws.ErrorLevel("debug"),
+					RenderErrorPage: true,
+				})
+				if err != nil {
+					server.ThrowFatal(w, err)
+				}
+				return
+			}
+			switch data {
+			case "login":
+				w.Write([]byte(code))
+				return
+			}
+		},
+	)
+}
+
+func verifyState(cfg *oauth.Config, w http.ResponseWriter, r *http.Request, state string) (string, error) {
+	if r == nil {
+		return "", errors.New("request cannot be nil")
+	}
+	if state == "" {
+		return "", errors.New("state param field is empty")
+	}
+	uak, err := oauth.GetStateCookie(r)
+	if err != nil {
+		return "", errors.Wrap(err, "oauth.GetStateCookie")
+	}
+	data, err := oauth.VerifyState(cfg, state, uak)
+	if err != nil {
+		return "", errors.Wrap(err, "oauth.VerifyState")
+	}
+	oauth.DeleteStateCookie(w)
+	return data, nil
+}
--- a/internal/handlers/login.go
+++ b/internal/handlers/login.go
@@ -0,0 +1,48 @@
+package handlers
+
+import (
+	"net/http"
+
+	"git.haelnorr.com/h/golib/hws"
+	"git.haelnorr.com/h/oslstats/internal/config"
+	"git.haelnorr.com/h/oslstats/internal/discord"
+	"git.haelnorr.com/h/oslstats/pkg/oauth"
+)
+
+func Login(server *hws.Server, cfg *config.Config) http.Handler {
+	return http.HandlerFunc(
+		func(w http.ResponseWriter, r *http.Request) {
+			state, uak, err := oauth.GenerateState(cfg.OAuth, "login")
+			if err != nil {
+				err = server.ThrowError(w, r, hws.HWSError{
+					StatusCode:      http.StatusInternalServerError,
+					Message:         "Failed to generate state token",
+					Error:           err,
+					Level:           hws.ErrorLevel("error"),
+					RenderErrorPage: true,
+				})
+				if err != nil {
+					server.ThrowFatal(w, err)
+				}
+				return
+			}
+			oauth.SetStateCookie(w, uak, cfg.HWSAuth.SSL)
+
+			link, err := discord.GetOAuthLink(cfg.Discord, state, cfg.HWSAuth.TrustedHost)
+			if err != nil {
+				err = server.ThrowError(w, r, hws.HWSError{
+					StatusCode:      http.StatusInternalServerError,
+					Message:         "An error occured trying to generate the login link",
+					Error:           err,
+					Level:           hws.ErrorLevel("error"),
+					RenderErrorPage: true,
+				})
+				if err != nil {
+					server.ThrowFatal(w, err)
+				}
+				return
+			}
+			http.Redirect(w, r, link, http.StatusSeeOther)
+		},
+	)
+}