handle callback URL, check state parameter

3 years ago · 2ebe7a3c0d
parent 49a43f0698
commit 2ebe7a3c0d
2 changed files with 50 additions and 2 deletions
--- a/auth.js
+++ b/auth.js
@ -55,4 +55,52 @@ export class Auth {
      status: 302,
    }))
  }
+
+  getToken(code) {
+    this._code = code
+    return 'test'
+  }
+
+  async callback(event) {
+    const url = new URL(event.request.url)
+    const { state, code } = Object.fromEntries(
+      url.searchParams.entries()
+    )
+    const cookies = cookie.getCookies(
+      event.request.headers
+    )
+    const headers = new Headers({
+      Location: '/#/'
+    })
+    if (cookies['oauth.gitea.state'] !== state) {
+      event.respondWith(new Response('invalid state', {
+        status: 401,
+      }))
+      return
+    }
+    const token = await this.getToken(code)
+    cookie.deleteCookie(headers, 'oauth.gitea.state')
+    cookie.setCookie(headers, {
+      name: 'oauth.gitea.token',
+      value: token,
+    })
+    event.respondWith(new Response('', {
+      headers,
+      status: 302,
+    }))
+  }
+
+  async serve(event) {
+    const {pathname} = new URL(event.request.url)
+    const u = this.baseUrl
+    if (pathname === `${u}/api/auth`) {
+      await this.redirect(event)
+    } else if (pathname === `${u}/api/auth/callback`) {
+      await this.callback(event)
+    } else {
+      event.respondWith(new Response(
+        'Not Found', {status: 404}
+      ))
+    }
+  }
 }
--- a/server.js
+++ b/server.js
@ -112,8 +112,8 @@ export class Server {

  async serveRequest(event) {
    const {pathname} = new URL(event.request.url)
-    if (pathname === `${this.baseUrl}/api/auth`) {
-      await this.auth.redirect(event)
+    if (pathname.startsWith(`${this.baseUrl}/api/auth`)) {
+      await this.auth.serve(event)
    } else {
      await this.frontend.serve(event)
    }