Emergency fixes

3 months ago · 2ee09afac2
parent fa57f5997f
commit 2ee09afac2
5 changed files with 54 additions and 38 deletions
--- a/api/account/common.go
+++ b/api/account/common.go
@ -44,6 +44,9 @@ var (

 	isValidUsername = regexp.MustCompile(`^\w{1,16}$`).MatchString
 	semaphore       = make(chan bool, ArgonMaxInstances)
+
+	GameURL string
+	OAuthCallbackURL string
 )

 func deriveArgon2IDKey(password, salt []byte) []byte {
--- a/api/account/discord.go
+++ b/api/account/discord.go
@ -22,20 +22,24 @@ import (
 	"errors"
 	"net/http"
 	"net/url"
-	"os"
+)
+
+var (
+	DiscordClientID string
+	DiscordClientSecret string
+	DiscordCallbackURL string
 )

 func HandleDiscordCallback(w http.ResponseWriter, r *http.Request) (string, error) {
 	code := r.URL.Query().Get("code")
-	gameUrl := os.Getenv("GAME_URL")
 	if code == "" {
-		defer http.Redirect(w, r, gameUrl, http.StatusSeeOther)
+		defer http.Redirect(w, r, GameURL, http.StatusSeeOther)
 		return "", errors.New("code is empty")
 	}

 	discordId, err := RetrieveDiscordId(code)
 	if err != nil {
-		defer http.Redirect(w, r, gameUrl, http.StatusSeeOther)
+		defer http.Redirect(w, r, GameURL, http.StatusSeeOther)
 		return "", err
 	}

@ -43,15 +47,15 @@ func HandleDiscordCallback(w http.ResponseWriter, r *http.Request) (string, erro
 }

 func RetrieveDiscordId(code string) (string, error) {
-	token, err := http.PostForm("https://discord.com/api/oauth2/token", url.Values{
-		"client_id":     {os.Getenv("DISCORD_CLIENT_ID")},
-		"client_secret": {os.Getenv("DISCORD_CLIENT_SECRET")},
-		"grant_type":    {"authorization_code"},
-		"code":          {code},
-		"redirect_uri":  {os.Getenv("DISCORD_CALLBACK_URL")},
-		"scope":         {"identify"},
-	})
-
+	var v url.Values
+	v.Set("client_id", DiscordClientID)
+	v.Set("client_secret", DiscordClientSecret)
+	v.Set("grant_type", "authorization_code")
+	v.Set("code", code)
+	v.Set("redirect_uri", DiscordCallbackURL)
+	v.Set("scope", "identify")
+
+	token, err := http.PostForm("https://discord.com/api/oauth2/token", v)
 	if err != nil {
 		return "", err
 	}
--- a/api/account/google.go
+++ b/api/account/google.go
@ -27,6 +27,12 @@ import (
 	"github.com/golang-jwt/jwt/v5"
 )

+var (
+	GoogleClientID string
+	GoogleClientSecret string
+	GoogleCallbackURL string
+)
+
 func HandleGoogleCallback(w http.ResponseWriter, r *http.Request) (string, error) {
 	code := r.URL.Query().Get("code")
 	gameUrl := os.Getenv("GAME_URL")
@ -45,18 +51,20 @@ func HandleGoogleCallback(w http.ResponseWriter, r *http.Request) (string, error
 }

 func RetrieveGoogleId(code string) (string, error) {
-	token, err := http.PostForm("https://oauth2.googleapis.com/token", url.Values{
-		"client_id":     {os.Getenv("GOOGLE_CLIENT_ID")},
-		"client_secret": {os.Getenv("GOOGLE_CLIENT_SECRET")},
-		"code":          {code},
-		"grant_type":    {"authorization_code"},
-		"redirect_uri":  {os.Getenv("GOOGLE_CALLBACK_URL")},
-	})
-
+	var v url.Values
+	v.Set("client_id", GoogleClientID)
+	v.Set("client_secret", GoogleClientSecret)
+	v.Set("code", code)
+	v.Set("grant_type", "authorization_code")
+	v.Set("redirect_uri", GoogleCallbackURL)
+
+	token, err := http.PostForm("https://oauth2.googleapis.com/token", v)
 	if err != nil {
 		return "", err
 	}
+
 	defer token.Body.Close()
+
 	type TokenResponse struct {
 		AccessToken  string `json:"access_token"`
 		TokenType    string `json:"token_type"`
@ -65,6 +73,7 @@ func RetrieveGoogleId(code string) (string, error) {
 		RefreshToken string `json:"refresh_token"`
 		Scope        string `json:"scope"`
 	}
+
 	var tokenResponse TokenResponse
 	err = json.NewDecoder(token.Body).Decode(&tokenResponse)
 	if err != nil {
--- a/api/endpoints.go
+++ b/api/endpoints.go
@ -24,7 +24,6 @@ import (
 	"errors"
 	"fmt"
 	"net/http"
-	"os"
 	"strconv"
 	"strings"
 	"time"
@ -563,7 +562,6 @@ func handleDailyRankingPageCount(w http.ResponseWriter, r *http.Request) {
 func handleProviderCallback(w http.ResponseWriter, r *http.Request) {
 	provider := r.PathValue("provider")
 	state := r.URL.Query().Get("state")
-	gameUrl := os.Getenv("GAME_URL")
 	var externalAuthId string
 	var err error
 	switch provider {
@ -585,13 +583,13 @@ func handleProviderCallback(w http.ResponseWriter, r *http.Request) {
 		state = strings.Replace(state, " ", "+", -1)
 		stateByte, err := base64.StdEncoding.DecodeString(state)
 		if err != nil {
-			http.Redirect(w, r, gameUrl, http.StatusSeeOther)
+			http.Redirect(w, r, account.GameURL, http.StatusSeeOther)
 			return
 		}

 		userName, err := db.FetchUsernameBySessionToken(stateByte)
 		if err != nil {
-			http.Redirect(w, r, gameUrl, http.StatusSeeOther)
+			http.Redirect(w, r, account.GameURL, http.StatusSeeOther)
 			return
 		}

@ -603,7 +601,7 @@ func handleProviderCallback(w http.ResponseWriter, r *http.Request) {
 		}

 		if err != nil {
-			http.Redirect(w, r, gameUrl, http.StatusSeeOther)
+			http.Redirect(w, r, account.GameURL, http.StatusSeeOther)
 			return
 		}

@ -616,13 +614,13 @@ func handleProviderCallback(w http.ResponseWriter, r *http.Request) {
 			userName, err = db.FetchUsernameByGoogleId(externalAuthId)
 		}
 		if err != nil {
-			http.Redirect(w, r, gameUrl, http.StatusSeeOther)
+			http.Redirect(w, r, account.GameURL, http.StatusSeeOther)
 			return
 		}

 		sessionToken, err := account.GenerateTokenForUsername(userName)
 		if err != nil {
-			http.Redirect(w, r, gameUrl, http.StatusSeeOther)
+			http.Redirect(w, r, account.GameURL, http.StatusSeeOther)
 			return
 		}

@ -632,12 +630,12 @@ func handleProviderCallback(w http.ResponseWriter, r *http.Request) {
 			Path:     "/",
 			Secure:   true,
 			SameSite: http.SameSiteStrictMode,
-			Domain:   "beta.pokerogue.net",
+			Domain:   "pokerogue.net",
 			Expires:  time.Now().Add(time.Hour * 24 * 30 * 3), // 3 months
 		})
 	}

-	defer http.Redirect(w, r, gameUrl, http.StatusSeeOther)
+	defer http.Redirect(w, r, account.GameURL, http.StatusSeeOther)
 }

 func handleProviderLogout(w http.ResponseWriter, r *http.Request) {
--- a/rogueserver.go
+++ b/rogueserver.go
@ -26,6 +26,7 @@ import (
 	"os"

 	"github.com/pagefaultgames/rogueserver/api"
+	"github.com/pagefaultgames/rogueserver/api/account"
 	"github.com/pagefaultgames/rogueserver/db"
 )

@ -49,21 +50,22 @@ func main() {

 	googleclientid := flag.String("googleclientid", "gcid", "Google Oauth2 Client ID")
 	googlesecretid := flag.String("googlesecretid", "gsid", "Google Oauth2 Secret ID")
+
 	callbackurl := flag.String("callbackurl", "http://localhost:8001/", "Callback URL for Oauth2 Client")

 	gameurl := flag.String("gameurl", "https://pokerogue.net", "URL for game server")

 	flag.Parse()

-	// set discord client id as env variable
-	os.Setenv("DISCORD_CLIENT_ID", *discordclientid)
-	os.Setenv("DISCORD_CLIENT_SECRET", *discordsecretid)
-	os.Setenv("DISCORD_CALLBACK_URL", *callbackurl+"/auth/discord/callback")
+	account.GameURL = *gameurl
+
+	account.DiscordClientID = *discordclientid
+	account.DiscordClientSecret = *discordsecretid
+	account.DiscordCallbackURL = *callbackurl+"/auth/discord/callback"

-	os.Setenv("GOOGLE_CLIENT_ID", *googleclientid)
-	os.Setenv("GOOGLE_CLIENT_SECRET", *googlesecretid)
-	os.Setenv("GOOGLE_CALLBACK_URL", *callbackurl+"/auth/google/callback")
-	os.Setenv("GAME_URL", *gameurl)
+	account.GoogleClientID = *googleclientid
+	account.GoogleClientSecret = *googlesecretid
+	account.GoogleCallbackURL = *callbackurl+"/auth/google/callback"

 	// register gob types
 	gob.Register([]interface{}{})