mirror of
https://git.joinsharkey.org/Sharkey/Sharkey.git
synced 2024-12-03 20:53:09 +02:00
use verifyChallenge
This commit is contained in:
parent
9c29880f8b
commit
c0f63234d7
1 changed files with 3 additions and 7 deletions
|
@ -12,6 +12,7 @@ import fastifyView from '@fastify/view';
|
||||||
import pug from 'pug';
|
import pug from 'pug';
|
||||||
import bodyParser from 'body-parser';
|
import bodyParser from 'body-parser';
|
||||||
import fastifyExpress from '@fastify/express';
|
import fastifyExpress from '@fastify/express';
|
||||||
|
import { verifyChallenge } from 'pkce-challenge';
|
||||||
import { secureRndstr } from '@/misc/secure-rndstr.js';
|
import { secureRndstr } from '@/misc/secure-rndstr.js';
|
||||||
import { MetaService } from '@/core/MetaService.js';
|
import { MetaService } from '@/core/MetaService.js';
|
||||||
import { HttpRequestService } from '@/core/HttpRequestService.js';
|
import { HttpRequestService } from '@/core/HttpRequestService.js';
|
||||||
|
@ -251,12 +252,6 @@ async function discoverClientInformation(httpRequestService: HttpRequestService,
|
||||||
// };
|
// };
|
||||||
// }
|
// }
|
||||||
|
|
||||||
function pkceS256(codeVerifier: string): string {
|
|
||||||
return crypto.createHash('sha256')
|
|
||||||
.update(codeVerifier, 'ascii')
|
|
||||||
.digest('base64url');
|
|
||||||
}
|
|
||||||
|
|
||||||
type OmitFirstElement<T extends unknown[]> = T extends [unknown, ...(infer R)]
|
type OmitFirstElement<T extends unknown[]> = T extends [unknown, ...(infer R)]
|
||||||
? R
|
? R
|
||||||
: [];
|
: [];
|
||||||
|
@ -365,7 +360,8 @@ export class OAuth2ProviderService {
|
||||||
delete TEMP_GRANT_CODES[code];
|
delete TEMP_GRANT_CODES[code];
|
||||||
if (body.client_id !== granted.clientId) return [false];
|
if (body.client_id !== granted.clientId) return [false];
|
||||||
if (redirectUri !== granted.redirectUri) return [false];
|
if (redirectUri !== granted.redirectUri) return [false];
|
||||||
if (!body.code_verifier || pkceS256(body.code_verifier as string) !== granted.codeChallenge) return [false];
|
if (!body.code_verifier) return [false];
|
||||||
|
if (!(await verifyChallenge(body.code_verifier as string, granted.codeChallenge))) return [false];
|
||||||
|
|
||||||
const accessToken = secureRndstr(128, true);
|
const accessToken = secureRndstr(128, true);
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue