2022-05-04 16:27:16 +02:00
|
|
|
package auth
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"context"
|
|
|
|
|
|
2023-12-18 23:39:16 +01:00
|
|
|
"codeberg.org/pronounscc/pronouns.cc/backend/common"
|
2022-05-04 16:27:16 +02:00
|
|
|
"github.com/mediocregopher/radix/v4"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// numStates is the number of CSRF states stored in Redis at any one time.
|
|
|
|
|
// This must be an integer.
|
|
|
|
|
const numStates = "1000"
|
|
|
|
|
|
|
|
|
|
// setCSRFState generates a random string to use as state, then stores that in Redis.
|
|
|
|
|
func (s *Server) setCSRFState(ctx context.Context) (string, error) {
|
2023-12-18 23:39:16 +01:00
|
|
|
state := common.RandBase64(32)
|
2022-05-04 16:27:16 +02:00
|
|
|
|
2022-05-17 22:35:26 +02:00
|
|
|
err := s.DB.MultiCmd(ctx,
|
2022-05-04 16:27:16 +02:00
|
|
|
radix.Cmd(nil, "LPUSH", "csrf", state),
|
|
|
|
|
radix.Cmd(nil, "LTRIM", "csrf", "0", numStates),
|
|
|
|
|
)
|
|
|
|
|
return state, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// validateCSRFState checks if the given state exists in Redis.
|
|
|
|
|
func (s *Server) validateCSRFState(ctx context.Context, state string) (matched bool, err error) {
|
|
|
|
|
var num int
|
|
|
|
|
err = s.DB.Redis.Do(ctx, radix.Cmd(&num, "LREM", "csrf", "1", state))
|
|
|
|
|
if err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
return num > 0, nil
|
|
|
|
|
}
|
