aboutsummaryrefslogtreecommitdiff
path: root/auth.go (follow)
Commit message (Collapse)AuthorAgeFilesLines
* auth.go: Remove access token expiration fields and related TODORunxi Yu2024-10-101-14/+5
| | | | | We're only using the token immediately after it is issued, so it's a bit unnecessary.
* auth.go: Remove TODO about implementing nonce checksRunxi Yu2024-10-101-7/+0
| | | | It's the OAuth provider that's responsible for checking this nonce.
* auth.go: Remove TODO about using ON CONFLICTRunxi Yu2024-10-101-7/+0
| | | | | | I think using the pgErr method actually makes the logic easier to follow especially since I'm not updating the "confirmed" field when UPDATEing but it's being initialized to false during INSERT.
* auth.go, schema.sql: Add "confirmed" field to usersRunxi Yu2024-10-091-1/+1
|
* *.go, tmpl/staff.html: Allow staff to export choicesRunxi Yu2024-10-091-1/+1
| | | | Implements: https://todo.sr.ht/~runxiyu/cca/3
* *.go: Update commentsRunxi Yu2024-10-091-7/+0
|
* err.go: Create, and unify some error definitionsRunxi Yu2024-10-081-19/+13
|
* *.go: Limit to approximately 80 characters per lineRunxi Yu2024-10-061-20/+77
|
* *: Overhaul structure again and embed everythingRunxi Yu2024-10-061-0/+374
| | | | | | | | - Remove sub-Makefiles; recursive make is annoying - Just use one top-level Makefile that builds everything - Embed templates and minified static resources into the binary - Embed all compiled documentation into the binary and serve - Embed all source into the binary and serve
* *.go: Move to backendRunxi Yu2024-10-051-374/+0
| | | | And adjust Makefiles, admin handbook, and lint.sh accordingly.
* auth.go: Improve display of OAuth 2.0 errorsRunxi Yu2024-10-041-4/+17
| | | | Implements: https://todo.sr.ht/~runxiyu/cca/9
* {auth,utils,ws}.go: randomBytes -> randomStringRunxi Yu2024-10-021-2/+2
|
* {auth,db,wsm}.go: Make 23505 (uniqueness violation) a constantRunxi Yu2024-10-011-1/+1
|
* {auth,ws}.go: Remove unnecessary TODOsRunxi Yu2024-10-011-5/+0
|
* auth.go: Add TODO about INSERTRunxi Yu2024-10-011-0/+7
|
* utils.go, auth.go: Rename random to randomBytesRunxi Yu2024-09-301-2/+2
|
* *: Change license to AGPL-3.0-or-laterRunxi Yu2024-09-301-21/+11
|
* auth.go, config.go, cca.scfg.example: Issue expiring cookiesRunxi Yu2024-09-301-2/+7
|
* {auth,index,ws}.go, schema.sql: Move session cookie into the user tableRunxi Yu2024-09-301-19/+6
| | | | | | | One user shall only have one session at a time. This reduces the possibility of strange race conditions and simplifies the code a lot. References: https://todo.sr.ht/~runxiyu/cca/4
* auth.go: Document why we use a hybrid auth flowRunxi Yu2024-09-291-1/+12
|
* *.go: Wrap errorsRunxi Yu2024-09-261-9/+9
|
* auth.go: Use contexts in getAccessTokenRunxi Yu2024-09-261-3/+8
|
* {auth,index,ws}.go: Add contexts for database callsRunxi Yu2024-09-261-6/+7
|
* auth.go: Close PostForm response bodyRunxi Yu2024-09-241-0/+1
|
* auth.go: Fix json tag, should be access_token not accessTokenRunxi Yu2024-09-241-1/+1
|
* auth.go: Fix grant_type=authorization_codeRunxi Yu2024-09-241-1/+1
| | | | I accidentally changed it to authorizationCode during linting
* *.go: LintingRunxi Yu2024-09-241-80/+80
|
* {utils,auth,index,ws}.go: Handle errors in random number generationRunxi Yu2024-09-241-4/+11
|
* auth.go: Remove unnecessary fmt.SprintfRunxi Yu2024-09-231-1/+1
|
* auth.go, ws.go: Update commentsRunxi Yu2024-09-231-2/+5
|
* auth.go: Use && instead of nested if statementRunxi Yu2024-09-111-14/+12
|
* *.go: Shorter line lengthsRunxi Yu2024-09-091-3/+9
|
* *.go: Add commentsRunxi Yu2024-09-091-2/+40
|
* *.go: Simplify error messages and reformatRunxi Yu2024-09-081-30/+29
|
* auth.go: Expand staff departmentsRunxi Yu2024-09-071-2/+2
|
* *: Call Graph API for department informationRunxi Yu2024-09-071-9/+102
| | | | | | | | | | | | I am using a hybrid flow with "id_token" for OpenID Connect and "code" for an Authorization Code. I would use "token" too but that doesn't seem to be supported for standard web-apps and could result in strange session-hijacking issues. We still need PKCE sometime in the future; however it's not a priority: the worst attack someone could pull off is to use a different user's Authorization Code and steal a Department, which probably isn't too big of a deal as the Authorization Code should be secret anyways.
* *: Basic authentication and templatesRunxi Yu2024-09-071-0/+215
These are imported from FBFP and slightly modified to be specific to YKPS (while not being hard to port to other environments that use APIs that use OAUTH 2.0). Some code is also simplified. Database code still needs an audit, and things are not tested yet.