misc fixes

Zibbp · Dec 12, 2024 · 3dd4c47 · 3dd4c47
1 parent 2223924
commit 3dd4c47
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 27 deletions.
diff --git a/internal/auth/jwt.go b/internal/auth/jwt.go
@@ -80,25 +80,6 @@ func setTokenCookie(c echo.Context, name string, token string, expiration time.T
 	c.SetCookie(cookie)
 }
 
-// checkAccessToken checks if the JWT access token is valid.
-func checkAccessToken(accessToken string) (*Claims, error) {
-	// Parse the token.
-	token, err := jwt.ParseWithClaims(accessToken, &Claims{}, func(token *jwt.Token) (interface{}, error) {
-		return []byte(GetJWTSecret()), nil
-	})
-	if err != nil {
-		return nil, err
-	}
-
-	// Validate the token and return the custom claims.
-	claims, ok := token.Claims.(*Claims)
-	if !ok || !token.Valid {
-		return nil, err
-	}
-
-	return claims, nil
-}
-
 // JWTErrorChecker will be executed when user try to access a protected path.
 func JWTErrorChecker(err error, c echo.Context) error {
 	// Redirects to the signIn form.

diff --git a/internal/auth/oauth.go b/internal/auth/oauth.go
@@ -51,16 +51,25 @@ type OAuthResponse struct {
 	UserInfo    UserInfo
 }
 
-func generateSecureRandomString() string {
+func generateSecureRandomString() (string, error) {
 	b := make([]byte, 32)
-	rand.Read(b)
-	return base64.URLEncoding.EncodeToString(b)
+	_, err := rand.Read(b)
+	if err != nil {
+		return "", err
+	}
+	return base64.URLEncoding.EncodeToString(b), nil
 }
 
 func (s *Service) OAuthRedirect(c echo.Context) error {
 	// generate state and nonce
-	state := generateSecureRandomString()
-	nonce := generateSecureRandomString()
+	state, err := generateSecureRandomString()
+	if err != nil {
+		return err
+	}
+	nonce, err := generateSecureRandomString()
+	if err != nil {
+		return err
+	}
 
 	stateCookie := new(http.Cookie)
 	stateCookie.Name = "oidc_state"
@@ -82,7 +91,7 @@ func (s *Service) OAuthRedirect(c echo.Context) error {
 		oauth2.SetAuthURLParam("nonce", nonce),
 		oauth2.AccessTypeOffline,
 	)
-	err := c.Redirect(http.StatusTemporaryRedirect, authURL)
+	err = c.Redirect(http.StatusTemporaryRedirect, authURL)
 	if err != nil {
 		return err
 	}
@@ -135,7 +144,10 @@ func (s *Service) OAuthCallback(c echo.Context) (*ent.User, error) {
 
 	// Debug claims in dev
 	if s.EnvConfig.Development {
-		debugOidcClaims(idToken)
+		err := debugOidcClaims(idToken)
+		if err != nil {
+			return nil, err
+		}
 	}
 
 	// Verify nonce to prevent replay attack

diff --git a/internal/transport/http/middleware.go b/internal/transport/http/middleware.go
@@ -95,7 +95,10 @@ func userFromContext(c echo.Context) *ent.User {
 	userStr := c.Get("user")
 	user, ok := userStr.(*ent.User)
 	if !ok {
-		ErrorInvalidAccessTokenResponse(c)
+		err := ErrorInvalidAccessTokenResponse(c)
+		if err != nil {
+			return nil
+		}
 	}
 	return user
 }