Emergency fixes

pull/47/merge
Pancakes 3 months ago
parent fa57f5997f
commit 2ee09afac2
No known key found for this signature in database
GPG Key ID: 5792877BFA27DC8F

@ -44,6 +44,9 @@ var (
isValidUsername = regexp.MustCompile(`^\w{1,16}$`).MatchString
semaphore = make(chan bool, ArgonMaxInstances)
GameURL string
OAuthCallbackURL string
)
func deriveArgon2IDKey(password, salt []byte) []byte {

@ -22,20 +22,24 @@ import (
"errors"
"net/http"
"net/url"
"os"
)
var (
DiscordClientID string
DiscordClientSecret string
DiscordCallbackURL string
)
func HandleDiscordCallback(w http.ResponseWriter, r *http.Request) (string, error) {
code := r.URL.Query().Get("code")
gameUrl := os.Getenv("GAME_URL")
if code == "" {
defer http.Redirect(w, r, gameUrl, http.StatusSeeOther)
defer http.Redirect(w, r, GameURL, http.StatusSeeOther)
return "", errors.New("code is empty")
}
discordId, err := RetrieveDiscordId(code)
if err != nil {
defer http.Redirect(w, r, gameUrl, http.StatusSeeOther)
defer http.Redirect(w, r, GameURL, http.StatusSeeOther)
return "", err
}
@ -43,15 +47,15 @@ func HandleDiscordCallback(w http.ResponseWriter, r *http.Request) (string, erro
}
func RetrieveDiscordId(code string) (string, error) {
token, err := http.PostForm("https://discord.com/api/oauth2/token", url.Values{
"client_id": {os.Getenv("DISCORD_CLIENT_ID")},
"client_secret": {os.Getenv("DISCORD_CLIENT_SECRET")},
"grant_type": {"authorization_code"},
"code": {code},
"redirect_uri": {os.Getenv("DISCORD_CALLBACK_URL")},
"scope": {"identify"},
})
var v url.Values
v.Set("client_id", DiscordClientID)
v.Set("client_secret", DiscordClientSecret)
v.Set("grant_type", "authorization_code")
v.Set("code", code)
v.Set("redirect_uri", DiscordCallbackURL)
v.Set("scope", "identify")
token, err := http.PostForm("https://discord.com/api/oauth2/token", v)
if err != nil {
return "", err
}

@ -27,6 +27,12 @@ import (
"github.com/golang-jwt/jwt/v5"
)
var (
GoogleClientID string
GoogleClientSecret string
GoogleCallbackURL string
)
func HandleGoogleCallback(w http.ResponseWriter, r *http.Request) (string, error) {
code := r.URL.Query().Get("code")
gameUrl := os.Getenv("GAME_URL")
@ -45,18 +51,20 @@ func HandleGoogleCallback(w http.ResponseWriter, r *http.Request) (string, error
}
func RetrieveGoogleId(code string) (string, error) {
token, err := http.PostForm("https://oauth2.googleapis.com/token", url.Values{
"client_id": {os.Getenv("GOOGLE_CLIENT_ID")},
"client_secret": {os.Getenv("GOOGLE_CLIENT_SECRET")},
"code": {code},
"grant_type": {"authorization_code"},
"redirect_uri": {os.Getenv("GOOGLE_CALLBACK_URL")},
})
var v url.Values
v.Set("client_id", GoogleClientID)
v.Set("client_secret", GoogleClientSecret)
v.Set("code", code)
v.Set("grant_type", "authorization_code")
v.Set("redirect_uri", GoogleCallbackURL)
token, err := http.PostForm("https://oauth2.googleapis.com/token", v)
if err != nil {
return "", err
}
defer token.Body.Close()
type TokenResponse struct {
AccessToken string `json:"access_token"`
TokenType string `json:"token_type"`
@ -65,6 +73,7 @@ func RetrieveGoogleId(code string) (string, error) {
RefreshToken string `json:"refresh_token"`
Scope string `json:"scope"`
}
var tokenResponse TokenResponse
err = json.NewDecoder(token.Body).Decode(&tokenResponse)
if err != nil {

@ -24,7 +24,6 @@ import (
"errors"
"fmt"
"net/http"
"os"
"strconv"
"strings"
"time"
@ -563,7 +562,6 @@ func handleDailyRankingPageCount(w http.ResponseWriter, r *http.Request) {
func handleProviderCallback(w http.ResponseWriter, r *http.Request) {
provider := r.PathValue("provider")
state := r.URL.Query().Get("state")
gameUrl := os.Getenv("GAME_URL")
var externalAuthId string
var err error
switch provider {
@ -585,13 +583,13 @@ func handleProviderCallback(w http.ResponseWriter, r *http.Request) {
state = strings.Replace(state, " ", "+", -1)
stateByte, err := base64.StdEncoding.DecodeString(state)
if err != nil {
http.Redirect(w, r, gameUrl, http.StatusSeeOther)
http.Redirect(w, r, account.GameURL, http.StatusSeeOther)
return
}
userName, err := db.FetchUsernameBySessionToken(stateByte)
if err != nil {
http.Redirect(w, r, gameUrl, http.StatusSeeOther)
http.Redirect(w, r, account.GameURL, http.StatusSeeOther)
return
}
@ -603,7 +601,7 @@ func handleProviderCallback(w http.ResponseWriter, r *http.Request) {
}
if err != nil {
http.Redirect(w, r, gameUrl, http.StatusSeeOther)
http.Redirect(w, r, account.GameURL, http.StatusSeeOther)
return
}
@ -616,13 +614,13 @@ func handleProviderCallback(w http.ResponseWriter, r *http.Request) {
userName, err = db.FetchUsernameByGoogleId(externalAuthId)
}
if err != nil {
http.Redirect(w, r, gameUrl, http.StatusSeeOther)
http.Redirect(w, r, account.GameURL, http.StatusSeeOther)
return
}
sessionToken, err := account.GenerateTokenForUsername(userName)
if err != nil {
http.Redirect(w, r, gameUrl, http.StatusSeeOther)
http.Redirect(w, r, account.GameURL, http.StatusSeeOther)
return
}
@ -632,12 +630,12 @@ func handleProviderCallback(w http.ResponseWriter, r *http.Request) {
Path: "/",
Secure: true,
SameSite: http.SameSiteStrictMode,
Domain: "beta.pokerogue.net",
Domain: "pokerogue.net",
Expires: time.Now().Add(time.Hour * 24 * 30 * 3), // 3 months
})
}
defer http.Redirect(w, r, gameUrl, http.StatusSeeOther)
defer http.Redirect(w, r, account.GameURL, http.StatusSeeOther)
}
func handleProviderLogout(w http.ResponseWriter, r *http.Request) {

@ -26,6 +26,7 @@ import (
"os"
"github.com/pagefaultgames/rogueserver/api"
"github.com/pagefaultgames/rogueserver/api/account"
"github.com/pagefaultgames/rogueserver/db"
)
@ -49,21 +50,22 @@ func main() {
googleclientid := flag.String("googleclientid", "gcid", "Google Oauth2 Client ID")
googlesecretid := flag.String("googlesecretid", "gsid", "Google Oauth2 Secret ID")
callbackurl := flag.String("callbackurl", "http://localhost:8001/", "Callback URL for Oauth2 Client")
gameurl := flag.String("gameurl", "https://pokerogue.net", "URL for game server")
flag.Parse()
// set discord client id as env variable
os.Setenv("DISCORD_CLIENT_ID", *discordclientid)
os.Setenv("DISCORD_CLIENT_SECRET", *discordsecretid)
os.Setenv("DISCORD_CALLBACK_URL", *callbackurl+"/auth/discord/callback")
account.GameURL = *gameurl
account.DiscordClientID = *discordclientid
account.DiscordClientSecret = *discordsecretid
account.DiscordCallbackURL = *callbackurl+"/auth/discord/callback"
os.Setenv("GOOGLE_CLIENT_ID", *googleclientid)
os.Setenv("GOOGLE_CLIENT_SECRET", *googlesecretid)
os.Setenv("GOOGLE_CALLBACK_URL", *callbackurl+"/auth/google/callback")
os.Setenv("GAME_URL", *gameurl)
account.GoogleClientID = *googleclientid
account.GoogleClientSecret = *googlesecretid
account.GoogleCallbackURL = *callbackurl+"/auth/google/callback"
// register gob types
gob.Register([]interface{}{})

Loading…
Cancel
Save