github.com/kyleu/dbaudit@v0.0.2-0.20240321155047-ff2f2c940496/app/lib/auth/webstate.go (about) 1 // Package auth - Content managed by Project Forge, see [projectforge.md] for details. 2 package auth 3 4 import ( 5 "encoding/base64" 6 "net/http" 7 "net/url" 8 9 "github.com/markbates/goth" 10 "github.com/pkg/errors" 11 12 "github.com/kyleu/dbaudit/app/util" 13 ) 14 15 func getState(r *http.Request) string { 16 state := r.URL.Query().Get("state") 17 if len(state) > 0 { 18 return string(state) 19 } 20 nonceBytes := util.RandomBytes(64) 21 return base64.URLEncoding.EncodeToString(nonceBytes) 22 } 23 24 func validateState(w http.ResponseWriter, r *http.Request, sess goth.Session) error { 25 rawAuthURL, err := sess.GetAuthURL() 26 if err != nil { 27 return err 28 } 29 30 authURL, err := url.Parse(rawAuthURL) 31 if err != nil { 32 return err 33 } 34 35 originalState := authURL.Query().Get("state") 36 qs := r.URL.Query().Get("state") 37 if originalState != "" && (originalState != qs) { 38 return errors.New("state token mismatch") 39 } 40 return nil 41 }