summaryrefslogtreecommitdiff
path: root/auth.go (follow)
Commit message (Collapse)AuthorAgeFilesLines
* err.go: Create, and unify some error definitionsRunxi Yu9 days1-19/+13
|
* *.go: Limit to approximately 80 characters per lineRunxi Yu10 days1-20/+77
|
* *: Overhaul structure again and embed everythingRunxi Yu11 days1-0/+374
| | | | | | | | - Remove sub-Makefiles; recursive make is annoying - Just use one top-level Makefile that builds everything - Embed templates and minified static resources into the binary - Embed all compiled documentation into the binary and serve - Embed all source into the binary and serve
* *.go: Move to backendRunxi Yu11 days1-374/+0
| | | | And adjust Makefiles, admin handbook, and lint.sh accordingly.
* auth.go: Improve display of OAuth 2.0 errorsRunxi Yu12 days1-4/+17
| | | | Implements: https://todo.sr.ht/~runxiyu/cca/9
* {auth,utils,ws}.go: randomBytes -> randomStringRunxi Yu2024-10-021-2/+2
|
* {auth,db,wsm}.go: Make 23505 (uniqueness violation) a constantRunxi Yu2024-10-011-1/+1
|
* {auth,ws}.go: Remove unnecessary TODOsRunxi Yu2024-10-011-5/+0
|
* auth.go: Add TODO about INSERTRunxi Yu2024-10-011-0/+7
|
* utils.go, auth.go: Rename random to randomBytesRunxi Yu2024-09-301-2/+2
|
* *: Change license to AGPL-3.0-or-laterRunxi Yu2024-09-301-21/+11
|
* auth.go, config.go, cca.scfg.example: Issue expiring cookiesRunxi Yu2024-09-301-2/+7
|
* {auth,index,ws}.go, schema.sql: Move session cookie into the user tableRunxi Yu2024-09-301-19/+6
| | | | | | | One user shall only have one session at a time. This reduces the possibility of strange race conditions and simplifies the code a lot. References: https://todo.sr.ht/~runxiyu/cca/4
* auth.go: Document why we use a hybrid auth flowRunxi Yu2024-09-291-1/+12
|
* *.go: Wrap errorsRunxi Yu2024-09-261-9/+9
|
* auth.go: Use contexts in getAccessTokenRunxi Yu2024-09-261-3/+8
|
* {auth,index,ws}.go: Add contexts for database callsRunxi Yu2024-09-261-6/+7
|
* auth.go: Close PostForm response bodyRunxi Yu2024-09-241-0/+1
|
* auth.go: Fix json tag, should be access_token not accessTokenRunxi Yu2024-09-241-1/+1
|
* auth.go: Fix grant_type=authorization_codeRunxi Yu2024-09-241-1/+1
| | | | I accidentally changed it to authorizationCode during linting
* *.go: LintingRunxi Yu2024-09-241-80/+80
|
* {utils,auth,index,ws}.go: Handle errors in random number generationRunxi Yu2024-09-241-4/+11
|
* auth.go: Remove unnecessary fmt.SprintfRunxi Yu2024-09-231-1/+1
|
* auth.go, ws.go: Update commentsRunxi Yu2024-09-231-2/+5
|
* auth.go: Use && instead of nested if statementRunxi Yu2024-09-111-14/+12
|
* *.go: Shorter line lengthsRunxi Yu2024-09-091-3/+9
|
* *.go: Add commentsRunxi Yu2024-09-091-2/+40
|
* *.go: Simplify error messages and reformatRunxi Yu2024-09-081-30/+29
|
* auth.go: Expand staff departmentsRunxi Yu2024-09-071-2/+2
|
* *: Call Graph API for department informationRunxi Yu2024-09-071-9/+102
| | | | | | | | | | | | I am using a hybrid flow with "id_token" for OpenID Connect and "code" for an Authorization Code. I would use "token" too but that doesn't seem to be supported for standard web-apps and could result in strange session-hijacking issues. We still need PKCE sometime in the future; however it's not a priority: the worst attack someone could pull off is to use a different user's Authorization Code and steal a Department, which probably isn't too big of a deal as the Authorization Code should be secret anyways.
* *: Basic authentication and templatesRunxi Yu2024-09-071-0/+215
These are imported from FBFP and slightly modified to be specific to YKPS (while not being hard to port to other environments that use APIs that use OAUTH 2.0). Some code is also simplified. Database code still needs an audit, and things are not tested yet.
generated by cgit v1.2.3 (git 2.39.1) at 2024-10-16 14:21:28 +0000