fix: use correct jwt/v5 API for OAuth state token
All checks were successful
Build and Push Docker Image / build-and-push (push) Successful in 6s
All checks were successful
Build and Push Docker Image / build-and-push (push) Successful in 6s
This commit is contained in:
Play Life Bot
@@ -5835,36 +5835,49 @@ func (a *App) updateTelegramIntegrationHandler(w http.ResponseWriter, r *http.Re
|
|||||||
sendErrorWithCORS(w, "Bot token is now configured via TELEGRAM_BOT_TOKEN environment variable", http.StatusBadRequest)
|
sendErrorWithCORS(w, "Bot token is now configured via TELEGRAM_BOT_TOKEN environment variable", http.StatusBadRequest)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// OAuthStateClaims структура для OAuth state JWT
|
||||||
|
type OAuthStateClaims struct {
|
||||||
|
UserID int `json:"user_id"`
|
||||||
|
Type string `json:"type"`
|
||||||
|
jwt.RegisteredClaims
|
||||||
|
}
|
||||||
|
|
||||||
// generateOAuthState генерирует JWT state для OAuth
|
// generateOAuthState генерирует JWT state для OAuth
|
||||||
func generateOAuthState(userID int, jwtSecret string) (string, error) {
|
func generateOAuthState(userID int, jwtSecret string) (string, error) {
|
||||||
token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
|
claims := OAuthStateClaims{
|
||||||
"user_id": userID,
|
UserID: userID,
|
||||||
"type": "todoist_oauth",
|
Type: "todoist_oauth",
|
||||||
"exp": time.Now().Add(24 * time.Hour).Unix(), // 1 день
|
RegisteredClaims: jwt.RegisteredClaims{
|
||||||
})
|
ExpiresAt: jwt.NewNumericDate(time.Now().Add(24 * time.Hour)), // 1 день
|
||||||
|
IssuedAt: jwt.NewNumericDate(time.Now()),
|
||||||
|
},
|
||||||
|
}
|
||||||
|
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
|
||||||
return token.SignedString([]byte(jwtSecret))
|
return token.SignedString([]byte(jwtSecret))
|
||||||
}
|
}
|
||||||
|
|
||||||
// validateOAuthState проверяет и извлекает user_id из JWT state
|
// validateOAuthState проверяет и извлекает user_id из JWT state
|
||||||
func validateOAuthState(stateString string, jwtSecret string) (int, error) {
|
func validateOAuthState(stateString string, jwtSecret string) (int, error) {
|
||||||
token, err := jwt.Parse(stateString, func(token *jwt.Token) (interface{}, error) {
|
token, err := jwt.ParseWithClaims(stateString, &OAuthStateClaims{}, func(token *jwt.Token) (interface{}, error) {
|
||||||
|
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
|
||||||
|
return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
|
||||||
|
}
|
||||||
return []byte(jwtSecret), nil
|
return []byte(jwtSecret), nil
|
||||||
})
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return 0, err
|
return 0, err
|
||||||
}
|
}
|
||||||
|
|
||||||
claims, ok := token.Claims.(jwt.MapClaims)
|
claims, ok := token.Claims.(*OAuthStateClaims)
|
||||||
if !ok || !token.Valid {
|
if !ok || !token.Valid {
|
||||||
return 0, fmt.Errorf("invalid token")
|
return 0, fmt.Errorf("invalid token")
|
||||||
}
|
}
|
||||||
|
|
||||||
if claims["type"] != "todoist_oauth" {
|
if claims.Type != "todoist_oauth" {
|
||||||
return 0, fmt.Errorf("wrong token type")
|
return 0, fmt.Errorf("wrong token type")
|
||||||
}
|
}
|
||||||
|
|
||||||
userID := int(claims["user_id"].(float64))
|
return claims.UserID, nil
|
||||||
return userID, nil
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// exchangeCodeForToken обменивает OAuth code на access_token
|
// exchangeCodeForToken обменивает OAuth code на access_token
|
||||||
|
|||||||
Reference in New Issue
Block a user