diff options
Diffstat (limited to 'internal')
| -rw-r--r-- | internal/api/server.go | 4 | ||||
| -rw-r--r-- | internal/oauth/oauth.go | 19 |
2 files changed, 12 insertions, 11 deletions
diff --git a/internal/api/server.go b/internal/api/server.go index 9073618f0..0cfe23531 100644 --- a/internal/api/server.go +++ b/internal/api/server.go @@ -19,6 +19,8 @@ package api import ( + "github.com/gin-contrib/sessions" + "github.com/gin-contrib/sessions/memstore" "github.com/gin-gonic/gin" "github.com/gotosocial/gotosocial/internal/config" "github.com/sirupsen/logrus" @@ -67,6 +69,8 @@ func (s *server) AttachHandler(method string, path string, handler gin.HandlerFu func New(config *config.Config, logger *logrus.Logger) Server { engine := gin.New() + store := memstore.NewStore([]byte("authentication-key"), []byte("encryption-key")) + engine.Use(sessions.Sessions("mysession", store)) return &server{ APIGroup: engine.Group("/api").Group("/v1"), logger: logger, diff --git a/internal/oauth/oauth.go b/internal/oauth/oauth.go index d877022d9..94258b806 100644 --- a/internal/oauth/oauth.go +++ b/internal/oauth/oauth.go @@ -20,10 +20,12 @@ package oauth import ( "bytes" + "fmt" "net/http" "net/url" "time" + "github.com/gin-contrib/sessions" "github.com/gin-gonic/gin" "github.com/go-pg/pg/v10" "github.com/go-session/session" @@ -75,7 +77,7 @@ func New(ts oauth2.TokenStore, cs oauth2.ClientStore, conn *pg.DB, log *logrus.L } func (a *API) AddRoutes(s api.Server) error { - s.AttachHandler(methodAny, "/auth/sign_in", gin.WrapF(a.SignInHandler)) + s.AttachHandler(methodAny, "/auth/sign_in", a.SignInHandler) s.AttachHandler(methodAny, "/oauth/token", gin.WrapF(a.TokenHandler)) s.AttachHandler(methodAny, "/oauth/authorize", gin.WrapF(a.AuthorizeHandler)) s.AttachHandler(methodAny, "/auth", gin.WrapF(a.AuthHandler)) @@ -93,13 +95,8 @@ func incorrectPassword() (string, error) { // SignInHandler should be served at https://example.org/auth/sign_in. // The idea is to present a sign in page to the user, where they can enter their username and password. // The handler will then redirect to the auth handler served at /auth -func (a *API) SignInHandler(w http.ResponseWriter, r *http.Request) { - store, err := session.Start(r.Context(), w, r) - if err != nil { - http.Error(w, err.Error(), http.StatusInternalServerError) - return - } - +func (a *API) SignInHandler(c *gin.Context) { + s := sessions.Default(c) if r.Method == "POST" { if r.Form == nil { if err := r.ParseForm(); err != nil { @@ -107,8 +104,8 @@ func (a *API) SignInHandler(w http.ResponseWriter, r *http.Request) { return } } - store.Set("username", r.Form.Get("username")) - store.Save() + s.Set("username", r.Form.Get("username")) + s.Save() w.Header().Set("Location", "/auth") w.WriteHeader(http.StatusFound) @@ -171,7 +168,7 @@ func (a *API) AuthHandler(w http.ResponseWriter, r *http.Request) { } /* - SUB-HANDLERS -- don't serve these directly + SUB-HANDLERS -- don't serve these directly, they should be attached to the oauth2 server */ // PasswordAuthorizationHandler takes a username (in this case, we use an email address) |