Enforce stricter login rules

rust
Elnu 2 years ago
parent d2758c852e
commit 3fdd1c870f

@ -78,28 +78,35 @@ fn login() -> Redirect {
#[derive(FromForm)]
struct Login<'r> {
token_type: &'r str,
access_token: &'r str,
expires_in: u64,
scope: &'r str,
}
#[post("/login", data = "<login>")]
fn post_login(login: Form<Login<'_>>, cookies: &CookieJar<'_>) -> Redirect {
cookies.add_private(Cookie::new(TOKEN_COOKIE, login.access_token.to_owned()));
cookies.add(Cookie::new(TOKEN_EXPIRE_COOKIE, (Utc::now() + Duration::seconds(login.expires_in as i64)).timestamp().to_string()));
if login.token_type != "Bearer" || login.scope != "guilds.join+identify+guilds" {
cookies.add_private(Cookie::new(TOKEN_COOKIE, login.access_token.to_owned()));
cookies.add(Cookie::new(TOKEN_EXPIRE_COOKIE, (Utc::now() + Duration::seconds(login.expires_in as i64)).timestamp().to_string()));
}
Redirect::to("/")
}
#[get("/success")]
fn success() -> RawHtml<&'static str> {
RawHtml("<form action=\"/login\" method=\"post\">
<input type=\"hidden\" name=\"access_token\">
<input type=\"hidden\" name=\"expires_in\">
</form>
RawHtml("<form action=\"/login\" method=\"post\"></form>
<script>
const params = new URLSearchParams(location.hash.slice(1));
document.querySelector(\"[name=access_token]\").value = params.get(\"access_token\");
document.querySelector(\"[name=expires_in]\").value = params.get(\"expires_in\");
document.querySelector(\"form\").submit();
const params = new URLSearchParams(location.hash.slice(1));
const form = document.querySelector(\"form\");
[\"token_type\", \"access_token\", \"expires_in\", \"scope\"].forEach(field => {
const input = document.createElement(\"input\");
input.type = \"hidden\";
input.name = field;
input.value = params.get(field);
form.appendChild(input);
});
form.submit();
</script>")
}

Loading…
Cancel
Save