@@ -40,26 +40,31 @@ type Replacement struct {
4040func ForwardAuthHandler (c * gin.Context ) {
4141 clientcode , err := c .Cookie ("client-code" )
4242 if err != nil {
43- fmt .Println ("no client code found in cookie" )
43+ log .Println ("no client code found in cookie" )
4444 ForwardAuthHandlerWithoutState (c )
4545 return
4646 }
4747 clientstate , err := c .Cookie ("client-state" )
4848 if err != nil {
49- fmt .Println ("no state found in cookie" )
49+ log .Println ("no state found in cookie" )
5050 ForwardAuthHandlerWithoutState (c )
5151 return
5252 }
5353 if err := checkCode (clientcode , clientstate ); err != nil {
54- fmt .Printf ("invalid code and state %s\n " , err .Error ())
54+ log .Printf ("invalid code and state: %s\n " , err .Error ())
5555 ForwardAuthHandlerWithoutState (c )
5656 return
5757 }
5858 ForwardAuthHandlerWithState (c )
5959}
6060
6161func ForwardAuthHandlerWithoutState (c * gin.Context ) {
62- body , _ := io .ReadAll (c .Request .Body )
62+ body , err := io .ReadAll (c .Request .Body )
63+ if err != nil {
64+ log .Printf ("error reading request body: %s\n " , err .Error ())
65+ c .JSON (http .StatusBadRequest , gin.H {"error" : "failed to read request body" })
66+ return
67+ }
6368 state := httpstate .NewState (c .Request .Method , c .Request .Header , body )
6469 stateNonce , err := stateStorage .SetState (state )
6570 if err != nil {
@@ -77,17 +82,24 @@ func ForwardAuthHandlerWithoutState(c *gin.Context) {
7782}
7883
7984func ForwardAuthHandlerWithState (c * gin.Context ) {
80- fmt .Println ("client code checked" )
85+ log .Println ("client code checked" )
8186
8287 var replacement Replacement
8388 replacement .ShouldReplaceBody = true
8489 replacement .ShouldReplaceHeader = true
8590
8691 stateString , _ := c .Cookie ("client-state" )
87- stateNonce , _ := strconv .Atoi (stateString )
92+ stateNonce , err := strconv .Atoi (stateString )
93+ if err != nil {
94+ log .Printf ("invalid state nonce %s: %s\n " , stateString , err .Error ())
95+ replacement .ShouldReplaceBody = false
96+ replacement .ShouldReplaceHeader = false
97+ c .JSON (200 , replacement )
98+ return
99+ }
88100 state , err := stateStorage .PopState (stateNonce )
89101 if err != nil {
90- fmt .Printf ("no related state found, state nonce %s\n " , stateString )
102+ log .Printf ("no related state found, state nonce %s: %s \n " , stateString , err . Error () )
91103 replacement .ShouldReplaceBody = false
92104 replacement .ShouldReplaceHeader = false
93105 c .JSON (200 , replacement )
@@ -105,19 +117,26 @@ func CasdoorCallbackHandler(c *gin.Context) {
105117 var splits = strings .Split (config .CurrentConfig .PluginEndpoint , "://" )
106118 if len (splits ) < 2 {
107119 c .JSON (500 , gin.H {
108- "error" : "invalid webhook address in configuration" + stateString ,
120+ "error" : "invalid webhook address in configuration" ,
109121 })
110122 return
111123 }
112124 domain := splits [1 ]
113125 c .SetCookie ("client-code" , code , 3600 , "/" , domain , false , true )
114126 c .SetCookie ("client-state" , stateString , 3600 , "/" , domain , false , true )
115- stateNonce , _ := strconv .Atoi (stateString )
127+ stateNonce , err := strconv .Atoi (stateString )
128+ if err != nil {
129+ log .Printf ("invalid state parameter %s: %s\n " , stateString , err .Error ())
130+ c .JSON (500 , gin.H {
131+ "error" : "invalid state parameter" ,
132+ })
133+ return
134+ }
116135 state , err := stateStorage .GetState (stateNonce )
117136 if err != nil {
118- fmt .Printf ("no related state found, state nonce %s\n " , stateString )
137+ log .Printf ("no related state found, state nonce %s: %s \n " , stateString , err . Error () )
119138 c .JSON (500 , gin.H {
120- "error" : "no related state found, state nonce " + stateString ,
139+ "error" : "no related state found" ,
121140 })
122141 return
123142 }
@@ -126,7 +145,6 @@ func CasdoorCallbackHandler(c *gin.Context) {
126145 uri := state .Header .Get ("X-Forwarded-URI" )
127146 url := fmt .Sprintf ("%s://%s%s" , scheme , host , uri )
128147 c .Redirect (307 , url )
129-
130148}
131149
132150func checkCode (code , state string ) error {
0 commit comments