From c207fcc9499c81eeba413187c87c20bb4e2165ee Mon Sep 17 00:00:00 2001
From: bat <bat@noreply.codeberg.org>
Date: Wed, 24 May 2023 06:44:00 +0000
Subject: [PATCH] add state to cookie so it can be confirmed in callback

---
 auth.js | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/auth.js b/auth.js
index f079563..2913b58 100644
--- a/auth.js
+++ b/auth.js
@@ -1,3 +1,5 @@
+import * as cookie from 'https://deno.land/std@0.188.0/http/cookie.ts'
+
 export class Auth {
   constructor({
     baseUrl,
@@ -25,14 +27,20 @@ export class Auth {
       this.remoteBaseUrl + '/auth/callback'
     )
     const timestamp = new Date().valueOf()
+    const randomInt = Math.floor(Math.random() * 10000)
     // TODO: sign
-    const signedTimestamp = `${timestamp}`
-    search.set('state', signedTimestamp)
+    const state = `${randomInt}-${timestamp}`
+    search.set('state', state)
     url.search = search.toString()
+    const headers = new Headers({
+      Location: url.toString()
+    })
+    cookie.setCookie(headers, {
+      name: 'oauth.gitea.state',
+      value: state,
+    })
     return new Response('', {
-      headers: {
-        Location: url.toString()
-      },
+      headers,
       status: 302,
     })
   }