Emergency fixes

pull/47/merge
Pancakes 4 months ago
parent fa57f5997f
commit 2ee09afac2
No known key found for this signature in database
GPG Key ID: 5792877BFA27DC8F

@ -44,6 +44,9 @@ var (
isValidUsername = regexp.MustCompile(`^\w{1,16}$`).MatchString isValidUsername = regexp.MustCompile(`^\w{1,16}$`).MatchString
semaphore = make(chan bool, ArgonMaxInstances) semaphore = make(chan bool, ArgonMaxInstances)
GameURL string
OAuthCallbackURL string
) )
func deriveArgon2IDKey(password, salt []byte) []byte { func deriveArgon2IDKey(password, salt []byte) []byte {

@ -22,20 +22,24 @@ import (
"errors" "errors"
"net/http" "net/http"
"net/url" "net/url"
"os" )
var (
DiscordClientID string
DiscordClientSecret string
DiscordCallbackURL string
) )
func HandleDiscordCallback(w http.ResponseWriter, r *http.Request) (string, error) { func HandleDiscordCallback(w http.ResponseWriter, r *http.Request) (string, error) {
code := r.URL.Query().Get("code") code := r.URL.Query().Get("code")
gameUrl := os.Getenv("GAME_URL")
if code == "" { if code == "" {
defer http.Redirect(w, r, gameUrl, http.StatusSeeOther) defer http.Redirect(w, r, GameURL, http.StatusSeeOther)
return "", errors.New("code is empty") return "", errors.New("code is empty")
} }
discordId, err := RetrieveDiscordId(code) discordId, err := RetrieveDiscordId(code)
if err != nil { if err != nil {
defer http.Redirect(w, r, gameUrl, http.StatusSeeOther) defer http.Redirect(w, r, GameURL, http.StatusSeeOther)
return "", err return "", err
} }
@ -43,15 +47,15 @@ func HandleDiscordCallback(w http.ResponseWriter, r *http.Request) (string, erro
} }
func RetrieveDiscordId(code string) (string, error) { func RetrieveDiscordId(code string) (string, error) {
token, err := http.PostForm("https://discord.com/api/oauth2/token", url.Values{ var v url.Values
"client_id": {os.Getenv("DISCORD_CLIENT_ID")}, v.Set("client_id", DiscordClientID)
"client_secret": {os.Getenv("DISCORD_CLIENT_SECRET")}, v.Set("client_secret", DiscordClientSecret)
"grant_type": {"authorization_code"}, v.Set("grant_type", "authorization_code")
"code": {code}, v.Set("code", code)
"redirect_uri": {os.Getenv("DISCORD_CALLBACK_URL")}, v.Set("redirect_uri", DiscordCallbackURL)
"scope": {"identify"}, v.Set("scope", "identify")
})
token, err := http.PostForm("https://discord.com/api/oauth2/token", v)
if err != nil { if err != nil {
return "", err return "", err
} }

@ -27,6 +27,12 @@ import (
"github.com/golang-jwt/jwt/v5" "github.com/golang-jwt/jwt/v5"
) )
var (
GoogleClientID string
GoogleClientSecret string
GoogleCallbackURL string
)
func HandleGoogleCallback(w http.ResponseWriter, r *http.Request) (string, error) { func HandleGoogleCallback(w http.ResponseWriter, r *http.Request) (string, error) {
code := r.URL.Query().Get("code") code := r.URL.Query().Get("code")
gameUrl := os.Getenv("GAME_URL") gameUrl := os.Getenv("GAME_URL")
@ -45,18 +51,20 @@ func HandleGoogleCallback(w http.ResponseWriter, r *http.Request) (string, error
} }
func RetrieveGoogleId(code string) (string, error) { func RetrieveGoogleId(code string) (string, error) {
token, err := http.PostForm("https://oauth2.googleapis.com/token", url.Values{ var v url.Values
"client_id": {os.Getenv("GOOGLE_CLIENT_ID")}, v.Set("client_id", GoogleClientID)
"client_secret": {os.Getenv("GOOGLE_CLIENT_SECRET")}, v.Set("client_secret", GoogleClientSecret)
"code": {code}, v.Set("code", code)
"grant_type": {"authorization_code"}, v.Set("grant_type", "authorization_code")
"redirect_uri": {os.Getenv("GOOGLE_CALLBACK_URL")}, v.Set("redirect_uri", GoogleCallbackURL)
})
token, err := http.PostForm("https://oauth2.googleapis.com/token", v)
if err != nil { if err != nil {
return "", err return "", err
} }
defer token.Body.Close() defer token.Body.Close()
type TokenResponse struct { type TokenResponse struct {
AccessToken string `json:"access_token"` AccessToken string `json:"access_token"`
TokenType string `json:"token_type"` TokenType string `json:"token_type"`
@ -65,6 +73,7 @@ func RetrieveGoogleId(code string) (string, error) {
RefreshToken string `json:"refresh_token"` RefreshToken string `json:"refresh_token"`
Scope string `json:"scope"` Scope string `json:"scope"`
} }
var tokenResponse TokenResponse var tokenResponse TokenResponse
err = json.NewDecoder(token.Body).Decode(&tokenResponse) err = json.NewDecoder(token.Body).Decode(&tokenResponse)
if err != nil { if err != nil {

@ -24,7 +24,6 @@ import (
"errors" "errors"
"fmt" "fmt"
"net/http" "net/http"
"os"
"strconv" "strconv"
"strings" "strings"
"time" "time"
@ -563,7 +562,6 @@ func handleDailyRankingPageCount(w http.ResponseWriter, r *http.Request) {
func handleProviderCallback(w http.ResponseWriter, r *http.Request) { func handleProviderCallback(w http.ResponseWriter, r *http.Request) {
provider := r.PathValue("provider") provider := r.PathValue("provider")
state := r.URL.Query().Get("state") state := r.URL.Query().Get("state")
gameUrl := os.Getenv("GAME_URL")
var externalAuthId string var externalAuthId string
var err error var err error
switch provider { switch provider {
@ -585,13 +583,13 @@ func handleProviderCallback(w http.ResponseWriter, r *http.Request) {
state = strings.Replace(state, " ", "+", -1) state = strings.Replace(state, " ", "+", -1)
stateByte, err := base64.StdEncoding.DecodeString(state) stateByte, err := base64.StdEncoding.DecodeString(state)
if err != nil { if err != nil {
http.Redirect(w, r, gameUrl, http.StatusSeeOther) http.Redirect(w, r, account.GameURL, http.StatusSeeOther)
return return
} }
userName, err := db.FetchUsernameBySessionToken(stateByte) userName, err := db.FetchUsernameBySessionToken(stateByte)
if err != nil { if err != nil {
http.Redirect(w, r, gameUrl, http.StatusSeeOther) http.Redirect(w, r, account.GameURL, http.StatusSeeOther)
return return
} }
@ -603,7 +601,7 @@ func handleProviderCallback(w http.ResponseWriter, r *http.Request) {
} }
if err != nil { if err != nil {
http.Redirect(w, r, gameUrl, http.StatusSeeOther) http.Redirect(w, r, account.GameURL, http.StatusSeeOther)
return return
} }
@ -616,13 +614,13 @@ func handleProviderCallback(w http.ResponseWriter, r *http.Request) {
userName, err = db.FetchUsernameByGoogleId(externalAuthId) userName, err = db.FetchUsernameByGoogleId(externalAuthId)
} }
if err != nil { if err != nil {
http.Redirect(w, r, gameUrl, http.StatusSeeOther) http.Redirect(w, r, account.GameURL, http.StatusSeeOther)
return return
} }
sessionToken, err := account.GenerateTokenForUsername(userName) sessionToken, err := account.GenerateTokenForUsername(userName)
if err != nil { if err != nil {
http.Redirect(w, r, gameUrl, http.StatusSeeOther) http.Redirect(w, r, account.GameURL, http.StatusSeeOther)
return return
} }
@ -632,12 +630,12 @@ func handleProviderCallback(w http.ResponseWriter, r *http.Request) {
Path: "/", Path: "/",
Secure: true, Secure: true,
SameSite: http.SameSiteStrictMode, SameSite: http.SameSiteStrictMode,
Domain: "beta.pokerogue.net", Domain: "pokerogue.net",
Expires: time.Now().Add(time.Hour * 24 * 30 * 3), // 3 months Expires: time.Now().Add(time.Hour * 24 * 30 * 3), // 3 months
}) })
} }
defer http.Redirect(w, r, gameUrl, http.StatusSeeOther) defer http.Redirect(w, r, account.GameURL, http.StatusSeeOther)
} }
func handleProviderLogout(w http.ResponseWriter, r *http.Request) { func handleProviderLogout(w http.ResponseWriter, r *http.Request) {

@ -26,6 +26,7 @@ import (
"os" "os"
"github.com/pagefaultgames/rogueserver/api" "github.com/pagefaultgames/rogueserver/api"
"github.com/pagefaultgames/rogueserver/api/account"
"github.com/pagefaultgames/rogueserver/db" "github.com/pagefaultgames/rogueserver/db"
) )
@ -49,21 +50,22 @@ func main() {
googleclientid := flag.String("googleclientid", "gcid", "Google Oauth2 Client ID") googleclientid := flag.String("googleclientid", "gcid", "Google Oauth2 Client ID")
googlesecretid := flag.String("googlesecretid", "gsid", "Google Oauth2 Secret ID") googlesecretid := flag.String("googlesecretid", "gsid", "Google Oauth2 Secret ID")
callbackurl := flag.String("callbackurl", "http://localhost:8001/", "Callback URL for Oauth2 Client") callbackurl := flag.String("callbackurl", "http://localhost:8001/", "Callback URL for Oauth2 Client")
gameurl := flag.String("gameurl", "https://pokerogue.net", "URL for game server") gameurl := flag.String("gameurl", "https://pokerogue.net", "URL for game server")
flag.Parse() flag.Parse()
// set discord client id as env variable account.GameURL = *gameurl
os.Setenv("DISCORD_CLIENT_ID", *discordclientid)
os.Setenv("DISCORD_CLIENT_SECRET", *discordsecretid) account.DiscordClientID = *discordclientid
os.Setenv("DISCORD_CALLBACK_URL", *callbackurl+"/auth/discord/callback") account.DiscordClientSecret = *discordsecretid
account.DiscordCallbackURL = *callbackurl+"/auth/discord/callback"
os.Setenv("GOOGLE_CLIENT_ID", *googleclientid) account.GoogleClientID = *googleclientid
os.Setenv("GOOGLE_CLIENT_SECRET", *googlesecretid) account.GoogleClientSecret = *googlesecretid
os.Setenv("GOOGLE_CALLBACK_URL", *callbackurl+"/auth/google/callback") account.GoogleCallbackURL = *callbackurl+"/auth/google/callback"
os.Setenv("GAME_URL", *gameurl)
// register gob types // register gob types
gob.Register([]interface{}{}) gob.Register([]interface{}{})

Loading…
Cancel
Save