diff --git a/README.md b/README.md index 0910d83..b1b3ddd 100644 --- a/README.md +++ b/README.md @@ -39,14 +39,14 @@ The configuration is a yaml based file of key value pairs. It is located in the ```json { "General": { - "DBPath": "main.db", // Location of the bolt DB database - "ListenAddr": ":8080", // Listen address of the http server (IP:Port) - "ShortedIDLength": 4 // Length of the random generated ID + "DBPath": "main.db", + "ListenAddr": ":8080", + "ShortedIDLength": 4 }, "OAuth": { "Google": { - "ClientID": "", // Google client ID - "ClientSecret": "" // Google client secret + "ClientID": "", + "ClientSecret": "" } } } @@ -137,6 +137,8 @@ Next changes sorted by priority - [ ] Add Deletion functionality (depends on the authorization) - [ ] Refactore Unit Tests - [ ] Performance optimization +- [ ] Update configuration +- [ ] Increase code coverage - [ ] Add ability to track the visitors (Referrer, maybe also live) - [ ] Create Makefile for building everything - [ ] Test docker-compose installation diff --git a/handlers/auth.go b/handlers/auth.go index 476ceba..a669f0a 100644 --- a/handlers/auth.go +++ b/handlers/auth.go @@ -68,20 +68,13 @@ func (h *Handler) handleGoogleCheck(c *gin.Context) { c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()}) return } - // to the callback, providing flexibility. - token, err := jwt.Parse(data.Token, func(token *jwt.Token) (interface{}, error) { - // Don't forget to validate the alg is what you expect: - if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok { - return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"]) - } - + token, err := jwt.ParseWithClaims(data.Token, &jwtClaims{}, func(token *jwt.Token) (interface{}, error) { return h.config.Secret, nil }) - if claims, ok := token.Claims.(jwtClaims); ok && token.Valid { - fmt.Println(claims.OAuthID, claims.OAuthProvider) + if claims, ok := token.Claims.(*jwtClaims); ok && token.Valid { c.JSON(http.StatusOK, claims) } else { - c.JSON(http.StatusUnauthorized, gin.H{"error": err.Error()}) + c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()}) } } @@ -89,7 +82,7 @@ func (h *Handler) handleGoogleCallback(c *gin.Context) { session := sessions.Default(c) retrievedState := session.Get("state") if retrievedState != c.Query("state") { - c.JSON(http.StatusUnauthorized, gin.H{"error": fmt.Errorf("Invalid session state: %s", retrievedState)}) + c.JSON(http.StatusUnauthorized, gin.H{"error": fmt.Sprintf("Invalid session state: %s", retrievedState)}) return } diff --git a/handlers/handlers_test.go b/handlers/handlers_test.go index 8768a47..c76de94 100644 --- a/handlers/handlers_test.go +++ b/handlers/handlers_test.go @@ -245,8 +245,10 @@ func getBackend() (func(), error) { if err != nil { return nil, errors.Wrap(err, "could not create store") } - handler := New(config.Handlers{ + handler, err := New(config.Handlers{ ListenAddr: ":8080", + Secret: []byte(""), + BaseURL: "http://127.0.0.1", }, *store) if err != nil { return nil, errors.Wrap(err, "could not create handler") diff --git a/static/src/App/App.js b/static/src/App/App.js index 39eab21..155805f 100644 --- a/static/src/App/App.js +++ b/static/src/App/App.js @@ -28,6 +28,17 @@ class ContainerExampleContainer extends Component { onAuthCallback = data => { window.removeEventListener('onAuthCallback', this.onAuthCallback); var token = data.detail.token; + fetch("/api/v1/check", { + method: "POST", + body: JSON.stringify({ + Token: token + }), + headers: { + 'Accept': 'application/json', + 'Content-Type': 'application/json' + } + }).then(res => res.text()) + .then(d => console.log(d)) } onAuthClick = () => { @@ -37,7 +48,7 @@ class ContainerExampleContainer extends Component { wHeight = 500; var wLeft = (window.screen.width / 2) - (wwidth / 2); var wTop = (window.screen.height / 2) - (wHeight / 2); - window.open("/api/v1/login", "", `width=${wwidth}, height=${wHeight}, top=${wTop}, left=${wLeft}, menubar=0, toolbar=0`) + window.open("/api/v1/login", "", `width=${wwidth}, height=${wHeight}, top=${wTop}, left=${wLeft}`) } render() {