diff options
| author |  Tobi Smethurst <31960611+tsmethurst@users.noreply.github.com> | 2021-05-10 16:29:05 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2021-05-10 16:29:05 +0200 |
| commit | 742f985d5b0620ad14015f9a2df9940edc254bf4 (patch) | |
| tree | 5c8d469fd015efc6f8459f2d9df04132877285a3 /internal/oauth | |
| parent | Webfinger + Small fixes (#20) (diff) | |
| download | gotosocial-742f985d5b0620ad14015f9a2df9940edc254bf4.tar.xz | |
Mediahandler (#21)
Media GET and media PUT handlers
Diffstat (limited to 'internal/oauth')
| -rw-r--r-- | internal/oauth/server.go | 5 | ||||
| -rw-r--r-- | internal/oauth/tokenstore.go | 27 |
2 files changed, 25 insertions, 7 deletions
diff --git a/internal/oauth/server.go b/internal/oauth/server.go index 7877d667e..fb84743cd 100644 --- a/internal/oauth/server.go +++ b/internal/oauth/server.go @@ -72,7 +72,10 @@ func New(database db.DB, log *logrus.Logger) Server { manager := manage.NewDefaultManager() manager.MapTokenStorage(ts) manager.MapClientStorage(cs) - manager.SetAuthorizeCodeTokenCfg(manage.DefaultAuthorizeCodeTokenCfg) + manager.SetAuthorizeCodeTokenCfg(&manage.Config{ + AccessTokenExp: 0, // access tokens don't expire -- they must be revoked + IsGenerateRefresh: false, // don't use refresh tokens + }) sc := &server.Config{ TokenType: "Bearer", // Must follow the spec. diff --git a/internal/oauth/tokenstore.go b/internal/oauth/tokenstore.go index f9654a687..195db838f 100644 --- a/internal/oauth/tokenstore.go +++ b/internal/oauth/tokenstore.go @@ -202,17 +202,17 @@ func TokenToPGToken(tkn *models.Token) *Token { // going to cause all sorts of interesting problems. So check first to make sure that the ExpiresIn is not equal // to the zero value of a time.Duration, which is 0s. If it *is* empty/nil, just leave the ExpiresAt at nil as well. - var cea time.Time + cea := time.Time{} if tkn.CodeExpiresIn != 0*time.Second { cea = now.Add(tkn.CodeExpiresIn) } - var aea time.Time + aea := time.Time{} if tkn.AccessExpiresIn != 0*time.Second { aea = now.Add(tkn.AccessExpiresIn) } - var rea time.Time + rea := time.Time{} if tkn.RefreshExpiresIn != 0*time.Second { rea = now.Add(tkn.RefreshExpiresIn) } @@ -240,6 +240,21 @@ func TokenToPGToken(tkn *models.Token) *Token { func TokenToOauthToken(pgt *Token) *models.Token { now := time.Now() + var codeExpiresIn time.Duration + if !pgt.CodeExpiresAt.IsZero() { + codeExpiresIn = pgt.CodeExpiresAt.Sub(now) + } + + var accessExpiresIn time.Duration + if !pgt.AccessExpiresAt.IsZero() { + accessExpiresIn = pgt.AccessExpiresAt.Sub(now) + } + + var refreshExpiresIn time.Duration + if !pgt.RefreshExpiresAt.IsZero() { + refreshExpiresIn = pgt.RefreshExpiresAt.Sub(now) + } + return &models.Token{ ClientID: pgt.ClientID, UserID: pgt.UserID, @@ -249,12 +264,12 @@ func TokenToOauthToken(pgt *Token) *models.Token { CodeChallenge: pgt.CodeChallenge, CodeChallengeMethod: pgt.CodeChallengeMethod, CodeCreateAt: pgt.CodeCreateAt, - CodeExpiresIn: pgt.CodeExpiresAt.Sub(now), + CodeExpiresIn: codeExpiresIn, Access: pgt.Access, AccessCreateAt: pgt.AccessCreateAt, - AccessExpiresIn: pgt.AccessExpiresAt.Sub(now), + AccessExpiresIn: accessExpiresIn, Refresh: pgt.Refresh, RefreshCreateAt: pgt.RefreshCreateAt, - RefreshExpiresIn: pgt.RefreshExpiresAt.Sub(now), + RefreshExpiresIn: refreshExpiresIn, } } |