From 2ebe7a3c0d88c1c52ef44c81fae9532e0e9bacd8 Mon Sep 17 00:00:00 2001 From: bat Date: Wed, 31 May 2023 06:42:58 +0000 Subject: [PATCH] handle callback URL, check state parameter --- auth.js | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ server.js | 4 ++-- 2 files changed, 50 insertions(+), 2 deletions(-) diff --git a/auth.js b/auth.js index 3619ced..250003e 100644 --- a/auth.js +++ b/auth.js @@ -55,4 +55,52 @@ export class Auth { status: 302, })) } + + getToken(code) { + this._code = code + return 'test' + } + + async callback(event) { + const url = new URL(event.request.url) + const { state, code } = Object.fromEntries( + url.searchParams.entries() + ) + const cookies = cookie.getCookies( + event.request.headers + ) + const headers = new Headers({ + Location: '/#/' + }) + if (cookies['oauth.gitea.state'] !== state) { + event.respondWith(new Response('invalid state', { + status: 401, + })) + return + } + const token = await this.getToken(code) + cookie.deleteCookie(headers, 'oauth.gitea.state') + cookie.setCookie(headers, { + name: 'oauth.gitea.token', + value: token, + }) + event.respondWith(new Response('', { + headers, + status: 302, + })) + } + + async serve(event) { + const {pathname} = new URL(event.request.url) + const u = this.baseUrl + if (pathname === `${u}/api/auth`) { + await this.redirect(event) + } else if (pathname === `${u}/api/auth/callback`) { + await this.callback(event) + } else { + event.respondWith(new Response( + 'Not Found', {status: 404} + )) + } + } } \ No newline at end of file diff --git a/server.js b/server.js index 0c91d94..3a978b8 100644 --- a/server.js +++ b/server.js @@ -112,8 +112,8 @@ export class Server { async serveRequest(event) { const {pathname} = new URL(event.request.url) - if (pathname === `${this.baseUrl}/api/auth`) { - await this.auth.redirect(event) + if (pathname.startsWith(`${this.baseUrl}/api/auth`)) { + await this.auth.serve(event) } else { await this.frontend.serve(event) }