From f5a125d350d3363f98e746db93f20eb0233dc0da Mon Sep 17 00:00:00 2001 From: Dmitry Verkhoturov Date: Tue, 17 Aug 2021 23:17:18 +0200 Subject: [PATCH] bump backend auth module to fix telegram auth --- backend/_example/memory_store/go.sum | 2 +- backend/go.mod | 2 +- backend/go.sum | 2 ++ .../github.com/go-pkgz/auth/provider/apple.go | 2 +- .../go-pkgz/auth/provider/telegram.go | 19 ++++++++++++++----- backend/vendor/modules.txt | 2 +- 6 files changed, 20 insertions(+), 9 deletions(-) diff --git a/backend/_example/memory_store/go.sum b/backend/_example/memory_store/go.sum index 4c74b2dfd9..d7456638f7 100644 --- a/backend/_example/memory_store/go.sum +++ b/backend/_example/memory_store/go.sum @@ -94,7 +94,7 @@ github.com/go-chi/render v1.0.1/go.mod h1:pq4Rr7HbnsdaeHagklXub+p6Wd16Af5l9koip1 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= -github.com/go-pkgz/auth v1.17.0/go.mod h1:KhMsOKhNU8fJbWKUYPhfGaYGgnZuSOIs52ojELWxOUk= +github.com/go-pkgz/auth v1.17.1-0.20210817211320-fed26c31c35c/go.mod h1:KhMsOKhNU8fJbWKUYPhfGaYGgnZuSOIs52ojELWxOUk= github.com/go-pkgz/expirable-cache v0.0.3 h1:rTh6qNPp78z0bQE6HDhXBHUwqnV9i09Vm6dksJLXQDc= github.com/go-pkgz/expirable-cache v0.0.3/go.mod h1:+IauqN00R2FqNRLCLA+X5YljQJrwB179PfiAoMPlTlQ= github.com/go-pkgz/jrpc v0.2.0 h1:CLy/eZyekjraVrxZV18N2R1mYLMJ/nWrgdfyIOGPY/E= diff --git a/backend/go.mod b/backend/go.mod index 6165251722..35e2861fc3 100644 --- a/backend/go.mod +++ b/backend/go.mod @@ -11,7 +11,7 @@ require ( github.com/go-chi/chi/v5 v5.0.2 github.com/go-chi/cors v1.2.0 github.com/go-chi/render v1.0.1 - github.com/go-pkgz/auth v1.17.0 + github.com/go-pkgz/auth v1.17.1-0.20210817211320-fed26c31c35c github.com/go-pkgz/jrpc v0.2.0 github.com/go-pkgz/lcw v0.8.1 github.com/go-pkgz/lgr v0.10.4 diff --git a/backend/go.sum b/backend/go.sum index 093495e732..1bde64866d 100644 --- a/backend/go.sum +++ b/backend/go.sum @@ -107,6 +107,8 @@ github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-pkgz/auth v1.17.0 h1:m6seF+WbIUlLM96RNZvdq0kKDzZ8ynMOQpANJ1YDviQ= github.com/go-pkgz/auth v1.17.0/go.mod h1:KhMsOKhNU8fJbWKUYPhfGaYGgnZuSOIs52ojELWxOUk= +github.com/go-pkgz/auth v1.17.1-0.20210817211320-fed26c31c35c h1:khIhLaxSlY6vxbAFYrxcePBJ7uuZTezKxZkiQ417cng= +github.com/go-pkgz/auth v1.17.1-0.20210817211320-fed26c31c35c/go.mod h1:KhMsOKhNU8fJbWKUYPhfGaYGgnZuSOIs52ojELWxOUk= github.com/go-pkgz/expirable-cache v0.0.3 h1:rTh6qNPp78z0bQE6HDhXBHUwqnV9i09Vm6dksJLXQDc= github.com/go-pkgz/expirable-cache v0.0.3/go.mod h1:+IauqN00R2FqNRLCLA+X5YljQJrwB179PfiAoMPlTlQ= github.com/go-pkgz/jrpc v0.2.0 h1:CLy/eZyekjraVrxZV18N2R1mYLMJ/nWrgdfyIOGPY/E= diff --git a/backend/vendor/github.com/go-pkgz/auth/provider/apple.go b/backend/vendor/github.com/go-pkgz/auth/provider/apple.go index 1e1cfdbd4d..a9640563a3 100644 --- a/backend/vendor/github.com/go-pkgz/auth/provider/apple.go +++ b/backend/vendor/github.com/go-pkgz/auth/provider/apple.go @@ -217,7 +217,7 @@ func (ah *AppleHandler) initPrivateKey() error { return nil } -// tokenKeyFunc use for verify JWT sign, it receive the parsed token and should return the key for validating. +// tokenKeyFunc use for verify JWT sign, it receives the parsed token and should return the key for validating. func (ah *AppleHandler) tokenKeyFunc(jwtToken *jwt.Token) (interface{}, error) { if jwtToken == nil { return nil, errors.New("failed to call token keyFunc, because token is nil") diff --git a/backend/vendor/github.com/go-pkgz/auth/provider/telegram.go b/backend/vendor/github.com/go-pkgz/auth/provider/telegram.go index 178c9bdcd7..45c647dda5 100644 --- a/backend/vendor/github.com/go-pkgz/auth/provider/telegram.go +++ b/backend/vendor/github.com/go-pkgz/auth/provider/telegram.go @@ -192,9 +192,15 @@ func (th *TelegramHandler) LoginHandler(w http.ResponseWriter, r *http.Request) token, err := randToken() if err != nil { rest.SendErrorJSON(w, r, th.L, http.StatusInternalServerError, err, "failed to generate code") + return } th.requests.Lock() + if th.requests.data == nil { + th.requests.Unlock() + rest.SendErrorJSON(w, r, th.L, http.StatusInternalServerError, errors.New("run goroutine is not running"), "failed to process login request") + return + } th.requests.data[token] = tgAuthRequest{ expires: time.Now().Add(tgAuthRequestLifetime), } @@ -236,8 +242,11 @@ func (th *TelegramHandler) LoginHandler(w http.ResponseWriter, r *http.Request) claims := authtoken.Claims{ User: &u, StandardClaims: jwt.StandardClaims{ - Id: queryToken, - Issuer: th.ProviderName, + Audience: r.URL.Query().Get("site"), + Id: queryToken, + Issuer: th.ProviderName, + ExpiresAt: time.Now().Add(30 * time.Minute).Unix(), + NotBefore: time.Now().Add(-1 * time.Minute).Unix(), }, SessionOnly: false, // TODO } @@ -255,11 +264,11 @@ func (th *TelegramHandler) LoginHandler(w http.ResponseWriter, r *http.Request) delete(th.requests.data, queryToken) } -// AuthHandler does nothing since we're don't have any callbacks -func (th *TelegramHandler) AuthHandler(w http.ResponseWriter, r *http.Request) {} +// AuthHandler does nothing since we don't have any callbacks +func (th *TelegramHandler) AuthHandler(_ http.ResponseWriter, _ *http.Request) {} // LogoutHandler - GET /logout -func (th *TelegramHandler) LogoutHandler(w http.ResponseWriter, r *http.Request) { +func (th *TelegramHandler) LogoutHandler(w http.ResponseWriter, _ *http.Request) { th.TokenService.Reset(w) } diff --git a/backend/vendor/modules.txt b/backend/vendor/modules.txt index 60bbd4d8c2..8b04058fd9 100644 --- a/backend/vendor/modules.txt +++ b/backend/vendor/modules.txt @@ -93,7 +93,7 @@ github.com/go-chi/cors # github.com/go-chi/render v1.0.1 ## explicit github.com/go-chi/render -# github.com/go-pkgz/auth v1.17.0 +# github.com/go-pkgz/auth v1.17.1-0.20210817211320-fed26c31c35c ## explicit github.com/go-pkgz/auth github.com/go-pkgz/auth/avatar