From 2ee09afac2380634445adcbcfce3cb94b41610aa Mon Sep 17 00:00:00 2001 From: Pancakes Date: Sat, 27 Jul 2024 20:38:32 -0400 Subject: [PATCH] Emergency fixes --- api/account/common.go | 3 +++ api/account/discord.go | 30 +++++++++++++++++------------- api/account/google.go | 25 +++++++++++++++++-------- api/endpoints.go | 16 +++++++--------- rogueserver.go | 18 ++++++++++-------- 5 files changed, 54 insertions(+), 38 deletions(-) diff --git a/api/account/common.go b/api/account/common.go index 8e8c0ff..3e5d948 100644 --- a/api/account/common.go +++ b/api/account/common.go @@ -44,6 +44,9 @@ var ( isValidUsername = regexp.MustCompile(`^\w{1,16}$`).MatchString semaphore = make(chan bool, ArgonMaxInstances) + + GameURL string + OAuthCallbackURL string ) func deriveArgon2IDKey(password, salt []byte) []byte { diff --git a/api/account/discord.go b/api/account/discord.go index df2e8bb..c070c96 100644 --- a/api/account/discord.go +++ b/api/account/discord.go @@ -22,20 +22,24 @@ import ( "errors" "net/http" "net/url" - "os" +) + +var ( + DiscordClientID string + DiscordClientSecret string + DiscordCallbackURL string ) func HandleDiscordCallback(w http.ResponseWriter, r *http.Request) (string, error) { code := r.URL.Query().Get("code") - gameUrl := os.Getenv("GAME_URL") if code == "" { - defer http.Redirect(w, r, gameUrl, http.StatusSeeOther) + defer http.Redirect(w, r, GameURL, http.StatusSeeOther) return "", errors.New("code is empty") } discordId, err := RetrieveDiscordId(code) if err != nil { - defer http.Redirect(w, r, gameUrl, http.StatusSeeOther) + defer http.Redirect(w, r, GameURL, http.StatusSeeOther) return "", err } @@ -43,15 +47,15 @@ func HandleDiscordCallback(w http.ResponseWriter, r *http.Request) (string, erro } func RetrieveDiscordId(code string) (string, error) { - token, err := http.PostForm("https://discord.com/api/oauth2/token", url.Values{ - "client_id": {os.Getenv("DISCORD_CLIENT_ID")}, - "client_secret": {os.Getenv("DISCORD_CLIENT_SECRET")}, - "grant_type": {"authorization_code"}, - "code": {code}, - "redirect_uri": {os.Getenv("DISCORD_CALLBACK_URL")}, - "scope": {"identify"}, - }) - + var v url.Values + v.Set("client_id", DiscordClientID) + v.Set("client_secret", DiscordClientSecret) + v.Set("grant_type", "authorization_code") + v.Set("code", code) + v.Set("redirect_uri", DiscordCallbackURL) + v.Set("scope", "identify") + + token, err := http.PostForm("https://discord.com/api/oauth2/token", v) if err != nil { return "", err } diff --git a/api/account/google.go b/api/account/google.go index 1cf2c67..f4a7520 100644 --- a/api/account/google.go +++ b/api/account/google.go @@ -27,6 +27,12 @@ import ( "github.com/golang-jwt/jwt/v5" ) +var ( + GoogleClientID string + GoogleClientSecret string + GoogleCallbackURL string +) + func HandleGoogleCallback(w http.ResponseWriter, r *http.Request) (string, error) { code := r.URL.Query().Get("code") gameUrl := os.Getenv("GAME_URL") @@ -45,18 +51,20 @@ func HandleGoogleCallback(w http.ResponseWriter, r *http.Request) (string, error } func RetrieveGoogleId(code string) (string, error) { - token, err := http.PostForm("https://oauth2.googleapis.com/token", url.Values{ - "client_id": {os.Getenv("GOOGLE_CLIENT_ID")}, - "client_secret": {os.Getenv("GOOGLE_CLIENT_SECRET")}, - "code": {code}, - "grant_type": {"authorization_code"}, - "redirect_uri": {os.Getenv("GOOGLE_CALLBACK_URL")}, - }) - + var v url.Values + v.Set("client_id", GoogleClientID) + v.Set("client_secret", GoogleClientSecret) + v.Set("code", code) + v.Set("grant_type", "authorization_code") + v.Set("redirect_uri", GoogleCallbackURL) + + token, err := http.PostForm("https://oauth2.googleapis.com/token", v) if err != nil { return "", err } + defer token.Body.Close() + type TokenResponse struct { AccessToken string `json:"access_token"` TokenType string `json:"token_type"` @@ -65,6 +73,7 @@ func RetrieveGoogleId(code string) (string, error) { RefreshToken string `json:"refresh_token"` Scope string `json:"scope"` } + var tokenResponse TokenResponse err = json.NewDecoder(token.Body).Decode(&tokenResponse) if err != nil { diff --git a/api/endpoints.go b/api/endpoints.go index 1c1ed43..47c3e7c 100644 --- a/api/endpoints.go +++ b/api/endpoints.go @@ -24,7 +24,6 @@ import ( "errors" "fmt" "net/http" - "os" "strconv" "strings" "time" @@ -563,7 +562,6 @@ func handleDailyRankingPageCount(w http.ResponseWriter, r *http.Request) { func handleProviderCallback(w http.ResponseWriter, r *http.Request) { provider := r.PathValue("provider") state := r.URL.Query().Get("state") - gameUrl := os.Getenv("GAME_URL") var externalAuthId string var err error switch provider { @@ -585,13 +583,13 @@ func handleProviderCallback(w http.ResponseWriter, r *http.Request) { state = strings.Replace(state, " ", "+", -1) stateByte, err := base64.StdEncoding.DecodeString(state) if err != nil { - http.Redirect(w, r, gameUrl, http.StatusSeeOther) + http.Redirect(w, r, account.GameURL, http.StatusSeeOther) return } userName, err := db.FetchUsernameBySessionToken(stateByte) if err != nil { - http.Redirect(w, r, gameUrl, http.StatusSeeOther) + http.Redirect(w, r, account.GameURL, http.StatusSeeOther) return } @@ -603,7 +601,7 @@ func handleProviderCallback(w http.ResponseWriter, r *http.Request) { } if err != nil { - http.Redirect(w, r, gameUrl, http.StatusSeeOther) + http.Redirect(w, r, account.GameURL, http.StatusSeeOther) return } @@ -616,13 +614,13 @@ func handleProviderCallback(w http.ResponseWriter, r *http.Request) { userName, err = db.FetchUsernameByGoogleId(externalAuthId) } if err != nil { - http.Redirect(w, r, gameUrl, http.StatusSeeOther) + http.Redirect(w, r, account.GameURL, http.StatusSeeOther) return } sessionToken, err := account.GenerateTokenForUsername(userName) if err != nil { - http.Redirect(w, r, gameUrl, http.StatusSeeOther) + http.Redirect(w, r, account.GameURL, http.StatusSeeOther) return } @@ -632,12 +630,12 @@ func handleProviderCallback(w http.ResponseWriter, r *http.Request) { Path: "/", Secure: true, SameSite: http.SameSiteStrictMode, - Domain: "beta.pokerogue.net", + Domain: "pokerogue.net", Expires: time.Now().Add(time.Hour * 24 * 30 * 3), // 3 months }) } - defer http.Redirect(w, r, gameUrl, http.StatusSeeOther) + defer http.Redirect(w, r, account.GameURL, http.StatusSeeOther) } func handleProviderLogout(w http.ResponseWriter, r *http.Request) { diff --git a/rogueserver.go b/rogueserver.go index 4242329..ba9e68b 100644 --- a/rogueserver.go +++ b/rogueserver.go @@ -26,6 +26,7 @@ import ( "os" "github.com/pagefaultgames/rogueserver/api" + "github.com/pagefaultgames/rogueserver/api/account" "github.com/pagefaultgames/rogueserver/db" ) @@ -49,21 +50,22 @@ func main() { googleclientid := flag.String("googleclientid", "gcid", "Google Oauth2 Client ID") googlesecretid := flag.String("googlesecretid", "gsid", "Google Oauth2 Secret ID") + callbackurl := flag.String("callbackurl", "http://localhost:8001/", "Callback URL for Oauth2 Client") gameurl := flag.String("gameurl", "https://pokerogue.net", "URL for game server") flag.Parse() - // set discord client id as env variable - os.Setenv("DISCORD_CLIENT_ID", *discordclientid) - os.Setenv("DISCORD_CLIENT_SECRET", *discordsecretid) - os.Setenv("DISCORD_CALLBACK_URL", *callbackurl+"/auth/discord/callback") + account.GameURL = *gameurl + + account.DiscordClientID = *discordclientid + account.DiscordClientSecret = *discordsecretid + account.DiscordCallbackURL = *callbackurl+"/auth/discord/callback" - os.Setenv("GOOGLE_CLIENT_ID", *googleclientid) - os.Setenv("GOOGLE_CLIENT_SECRET", *googlesecretid) - os.Setenv("GOOGLE_CALLBACK_URL", *callbackurl+"/auth/google/callback") - os.Setenv("GAME_URL", *gameurl) + account.GoogleClientID = *googleclientid + account.GoogleClientSecret = *googlesecretid + account.GoogleCallbackURL = *callbackurl+"/auth/google/callback" // register gob types gob.Register([]interface{}{})