refactored for maintainability
This commit is contained in:
@@ -3,7 +3,6 @@ package handlers
|
||||
import (
|
||||
"context"
|
||||
"net/http"
|
||||
"time"
|
||||
|
||||
"git.haelnorr.com/h/golib/cookies"
|
||||
"git.haelnorr.com/h/golib/hws"
|
||||
@@ -15,11 +14,12 @@ import (
|
||||
"git.haelnorr.com/h/oslstats/internal/db"
|
||||
"git.haelnorr.com/h/oslstats/internal/discord"
|
||||
"git.haelnorr.com/h/oslstats/internal/store"
|
||||
"git.haelnorr.com/h/oslstats/internal/throw"
|
||||
"git.haelnorr.com/h/oslstats/pkg/oauth"
|
||||
)
|
||||
|
||||
func Callback(
|
||||
server *hws.Server,
|
||||
s *hws.Server,
|
||||
auth *hwsauth.Authenticator[*db.User, bun.Tx],
|
||||
conn *bun.DB,
|
||||
cfg *config.Config,
|
||||
@@ -31,26 +31,9 @@ func Callback(
|
||||
attempts, exceeded, track := store.TrackRedirect(r, "/callback", 5)
|
||||
|
||||
if exceeded {
|
||||
err := errors.Errorf(
|
||||
"callback redirect loop detected after %d attempts | ip=%s ua=%s path=%s first_seen=%s",
|
||||
attempts,
|
||||
track.IP,
|
||||
track.UserAgent,
|
||||
track.Path,
|
||||
track.FirstSeen.Format("2006-01-02T15:04:05Z07:00"),
|
||||
)
|
||||
|
||||
err := track.Error(attempts)
|
||||
store.ClearRedirectTrack(r, "/callback")
|
||||
|
||||
throwError(
|
||||
server,
|
||||
w,
|
||||
r,
|
||||
http.StatusBadRequest,
|
||||
"OAuth callback failed: Too many redirect attempts. Please try logging in again.",
|
||||
err,
|
||||
"warn",
|
||||
)
|
||||
throw.BadRequest(s, w, r, "Too many redirects. Please try logging in again.", err)
|
||||
return
|
||||
}
|
||||
|
||||
@@ -64,12 +47,12 @@ func Callback(
|
||||
if err != nil {
|
||||
if vsErr, ok := err.(*verifyStateError); ok {
|
||||
if vsErr.IsCookieError() {
|
||||
throwUnauthorized(server, w, r, "OAuth session not found or expired", err)
|
||||
throw.Unauthorized(s, w, r, "OAuth session not found or expired", err)
|
||||
} else {
|
||||
throwForbiddenSecurity(server, w, r, "OAuth state verification failed", err)
|
||||
throw.ForbiddenSecurity(s, w, r, "OAuth state verification failed", err)
|
||||
}
|
||||
} else {
|
||||
throwForbiddenSecurity(server, w, r, "OAuth state verification failed", err)
|
||||
throw.ForbiddenSecurity(s, w, r, "OAuth state verification failed", err)
|
||||
}
|
||||
return
|
||||
}
|
||||
@@ -77,20 +60,17 @@ func Callback(
|
||||
|
||||
switch data {
|
||||
case "login":
|
||||
ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
|
||||
defer cancel()
|
||||
tx, err := conn.BeginTx(ctx, nil)
|
||||
if err != nil {
|
||||
throwInternalServiceError(server, w, r, "DB Transaction failed to start", err)
|
||||
var redirect func()
|
||||
if ok := db.WithWriteTx(s, w, r, conn, func(ctx context.Context, tx bun.Tx) (bool, error) {
|
||||
redirect, err = login(ctx, auth, tx, cfg, w, r, code, store, discordAPI)
|
||||
if err != nil {
|
||||
throw.InternalServiceError(s, w, r, "OAuth login failed", err)
|
||||
return false, nil
|
||||
}
|
||||
return true, nil
|
||||
}); !ok {
|
||||
return
|
||||
}
|
||||
defer tx.Rollback()
|
||||
redirect, err := login(ctx, auth, tx, cfg, w, r, code, store, discordAPI)
|
||||
if err != nil {
|
||||
throwInternalServiceError(server, w, r, "OAuth login failed", err)
|
||||
return
|
||||
}
|
||||
tx.Commit()
|
||||
redirect()
|
||||
return
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user