pangolin_mirror/pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-03-08 19:56:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

check resource id on verify access token

Browse Source
This commit is contained in:
miloschwartz
2025-04-06 13:08:55 -04:00
parent 5a6a035d30
commit 0e65f8c921
4 changed files with 16 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
server/auth/verifyResourceAccessToken.ts
View File

@@ -13,10 +13,12 @@ import { sha256 } from "@oslojs/crypto/sha2";
export async function verifyResourceAccessToken({ export async function verifyResourceAccessToken({
accessToken, accessToken,
accessTokenId accessTokenId,
resourceId
}: { }: {
accessToken: string; accessToken: string;
accessTokenId?: string; accessTokenId?: string;
resourceId?: number; // IF THIS IS NOT SET, THE TOKEN IS VALID FOR ALL RESOURCES
}): Promise<{ }): Promise<{
valid: boolean; valid: boolean;
error?: string; error?: string;
@@ -100,6 +102,13 @@ export async function verifyResourceAccessToken({
}; };
} }
if (resourceId && resource.resourceId !== resourceId) {
return {
valid: false,
error: "Resource ID does not match"
};
}
return { return {
valid: true, valid: true,
tokenItem, tokenItem,

6
server/routers/badger/verifySession.ts
View File

@@ -209,7 +209,8 @@ export async function verifyResourceSession(
const { valid, error, tokenItem } = await verifyResourceAccessToken( const { valid, error, tokenItem } = await verifyResourceAccessToken(
{ {
accessToken, accessToken,
accessTokenId accessTokenId,
resourceId: resource.resourceId
} }
); );
@@ -244,7 +245,8 @@ export async function verifyResourceSession(
const { valid, error, tokenItem } = await verifyResourceAccessToken( const { valid, error, tokenItem } = await verifyResourceAccessToken(
{ {
accessToken, accessToken,
accessTokenId accessTokenId,
resourceId: resource.resourceId
} }
); );

6
src/app/auth/resource/[resourceId]/AccessToken.tsx
View File

@@ -17,13 +17,11 @@ import { useEffect, useState } from "react";
type AccessTokenProps = { type AccessTokenProps = {
token: string; token: string;
resourceId?: number; resourceId?: number;
redirectUrl?: string;
}; };
export default function AccessToken({ export default function AccessToken({
token, token,
resourceId, resourceId
redirectUrl
}: AccessTokenProps) { }: AccessTokenProps) {
const [loading, setLoading] = useState(true); const [loading, setLoading] = useState(true);
const [isValid, setIsValid] = useState(false); const [isValid, setIsValid] = useState(false);
@@ -96,7 +94,7 @@ export default function AccessToken({
if (res.data.data.session) { if (res.data.data.session) {
setIsValid(true); setIsValid(true);
window.location.href = appendRequestToken( window.location.href = appendRequestToken(
redirectUrl!, res.data.data.redirectUrl!,
res.data.data.session res.data.data.session
); );
} }

1
src/app/auth/resource/[resourceId]/page.tsx
View File

@@ -123,7 +123,6 @@ export default async function ResourceAuthPage(props: {
<AccessToken <AccessToken
token={searchParams.token} token={searchParams.token}
resourceId={params.resourceId} resourceId={params.resourceId}
redirectUrl={redirectUrl}
/> />
</div> </div>
); );