b835de2dc4
* Able to authenticate user against IndieAuth. For #1273 * WIP server indieauth endpoint. For https://github.com/owncast/owncast/issues/1272 * Add migration to remove access tokens from user * Add authenticated bool to user for display purposes * Add indieauth modal and auth flair to display names. For #1273 * Validate URLs and display errors * Renames, cleanups * Handle relative auth endpoint paths. Add error handling for missing redirects. * Disallow using display names in use by registered users. Closes #1810 * Verify code verifier via code challenge on callback * Use relative path to authorization_endpoint * Post-rebase fixes * Use a timestamp instead of a bool for authenticated * Propertly handle and display error in modal * Use auth'ed timestamp to derive authenticated flag to display in chat * don't redirect unless a URL is present avoids redirecting to `undefined` if there was an error * improve error message if owncast server URL isn't set * fix IndieAuth PKCE implementation use SHA256 instead of SHA1, generates a longer code verifier (must be 43-128 chars long), fixes URL-safe SHA256 encoding * return real profile data for IndieAuth response * check the code verifier in the IndieAuth server * Linting * Add new chat settings modal anad split up indieauth ui * Remove logging error * Update the IndieAuth modal UI. For #1273 * Add IndieAuth repsonse error checking * Disable IndieAuth client if server URL is not set. * Add explicit error messages for specific error types * Fix bad logic * Return OAuth-keyed error responses for indieauth server * Display IndieAuth error in plain text with link to return to main page * Remove redundant check * Add additional detail to error * Hide IndieAuth details behind disclosure details * Break out migration into two steps because some people have been runing dev in production * Add auth option to user dropdown Co-authored-by: Aaron Parecki <aaron@parecki.com>
86 lines
2.2 KiB
Go
86 lines
2.2 KiB
Go
package controllers
|
|
|
|
import (
|
|
"encoding/json"
|
|
"net/http"
|
|
|
|
"github.com/owncast/owncast/core/chat"
|
|
"github.com/owncast/owncast/core/user"
|
|
"github.com/owncast/owncast/router/middleware"
|
|
log "github.com/sirupsen/logrus"
|
|
)
|
|
|
|
// ExternalGetChatMessages gets all of the chat messages.
|
|
func ExternalGetChatMessages(integration user.ExternalAPIUser, w http.ResponseWriter, r *http.Request) {
|
|
middleware.EnableCors(w)
|
|
getChatMessages(w, r)
|
|
}
|
|
|
|
// GetChatMessages gets all of the chat messages.
|
|
func GetChatMessages(u user.User, w http.ResponseWriter, r *http.Request) {
|
|
getChatMessages(w, r)
|
|
}
|
|
|
|
func getChatMessages(w http.ResponseWriter, r *http.Request) {
|
|
w.Header().Set("Content-Type", "application/json")
|
|
|
|
switch r.Method {
|
|
case http.MethodGet:
|
|
messages := chat.GetChatHistory()
|
|
|
|
if err := json.NewEncoder(w).Encode(messages); err != nil {
|
|
log.Debugln(err)
|
|
}
|
|
default:
|
|
w.WriteHeader(http.StatusNotImplemented)
|
|
if err := json.NewEncoder(w).Encode(j{"error": "method not implemented (PRs are accepted)"}); err != nil {
|
|
InternalErrorHandler(w, err)
|
|
}
|
|
}
|
|
}
|
|
|
|
// RegisterAnonymousChatUser will register a new user.
|
|
func RegisterAnonymousChatUser(w http.ResponseWriter, r *http.Request) {
|
|
if r.Method != POST {
|
|
WriteSimpleResponse(w, false, r.Method+" not supported")
|
|
return
|
|
}
|
|
|
|
type registerAnonymousUserRequest struct {
|
|
DisplayName string `json:"displayName"`
|
|
}
|
|
|
|
type registerAnonymousUserResponse struct {
|
|
ID string `json:"id"`
|
|
AccessToken string `json:"accessToken"`
|
|
DisplayName string `json:"displayName"`
|
|
}
|
|
|
|
decoder := json.NewDecoder(r.Body)
|
|
var request registerAnonymousUserRequest
|
|
if err := decoder.Decode(&request); err != nil { //nolint
|
|
// this is fine. register a new user anyway.
|
|
}
|
|
|
|
if request.DisplayName == "" {
|
|
request.DisplayName = r.Header.Get("X-Forwarded-User")
|
|
}
|
|
|
|
newUser, accessToken, err := user.CreateAnonymousUser(request.DisplayName)
|
|
if err != nil {
|
|
WriteSimpleResponse(w, false, err.Error())
|
|
return
|
|
}
|
|
|
|
response := registerAnonymousUserResponse{
|
|
ID: newUser.ID,
|
|
AccessToken: accessToken,
|
|
DisplayName: newUser.DisplayName,
|
|
}
|
|
|
|
w.Header().Set("Content-Type", "application/json")
|
|
middleware.DisableCache(w)
|
|
|
|
WriteResponse(w, response)
|
|
}
|