diff options
Diffstat (limited to 'fig-frontend/src/Fig')
| -rw-r--r-- | fig-frontend/src/Fig/Frontend.hs | 2 | ||||
| -rw-r--r-- | fig-frontend/src/Fig/Frontend/Auth.hs | 44 |
2 files changed, 30 insertions, 16 deletions
diff --git a/fig-frontend/src/Fig/Frontend.hs b/fig-frontend/src/Fig/Frontend.hs index 6efa2a1..0f347de 100644 --- a/fig-frontend/src/Fig/Frontend.hs +++ b/fig-frontend/src/Fig/Frontend.hs @@ -53,7 +53,6 @@ server cfg busAddr = do | ev == [sexp|(monitor twitch stream online)|] -> do let live = mapMaybe (\case SExprString s -> Just s; _ -> Nothing) rest let new = Set.fromList live - log $ "Streams online: " <> tshow live old <- MVar.swapMVar currentlyLive new let online = Set.difference new old let offline = Set.difference old new @@ -74,6 +73,7 @@ app cfg cmds liveEvents currentlyLive = do st <- stateRef Sc.scottyApp do Sc.middleware $ Wai.Static.staticPolicy $ Wai.Static.addBase cfg.assetPath + Sc.get "/" $ Sc.redirect "/index.html" Sc.get "/api/check" $ authed cfg \auth -> do Sc.json @[Text] [auth.id, auth.name] Sc.put "/api/buffer" do diff --git a/fig-frontend/src/Fig/Frontend/Auth.hs b/fig-frontend/src/Fig/Frontend/Auth.hs index e9fe233..27e1045 100644 --- a/fig-frontend/src/Fig/Frontend/Auth.hs +++ b/fig-frontend/src/Fig/Frontend/Auth.hs @@ -4,6 +4,10 @@ import Fig.Prelude import qualified Network.HTTP.Req as R +import Data.Maybe (mapMaybe) +import qualified Data.Text as Text +import qualified Data.Text.Lazy as Text.Lazy +import qualified Data.Map.Strict as Map import qualified Data.Aeson as Aeson import qualified Data.Aeson.Types as Aeson @@ -21,7 +25,7 @@ data TokenContents = TokenContents , iat :: !Int , iss :: !Text , sub :: !Text - , azp :: !Text + , azp :: !(Maybe Text) , nonce :: !Text , preferred_username :: !Text } deriving (Show, Eq, Generic) @@ -53,21 +57,31 @@ validateToken encodedToken = fetchJwk >>= \case data Auth = Auth { id :: !Text, name :: !Text } deriving Show checkAuth :: Config -> Sc.ActionM (Maybe Auth) -checkAuth cfg = (,) - <$> Sc.C.getCookie "id_token" - <*> Sc.C.getCookie "authnonce" +checkAuth cfg = + Sc.header "Authorization" >>= \case - (Just token, Just nonce) -> do - validateToken (encodeUtf8 token) >>= \case - Just tc - | tc.aud == cfg.clientId - , tc.nonce == nonce - -> do - log $ tshow tc - pure . Just $ Auth - { name = tc.preferred_username - , id = tc.sub - } + Just authstrLazy -> do + let authstr = drop 1 $ Text.splitOn " " $ Text.Lazy.toStrict authstrLazy + let pairs = Map.fromList $ flip mapMaybe authstr \s -> + case Text.splitOn "=" s of + [k, v] -> Just (k, Text.takeWhile (/='"') $ Text.drop 1 v) + _ -> Nothing + case (Map.lookup "token" pairs, Map.lookup "nonce" pairs) of + (Just token, Just nonce) -> do + log $ tshow token + log $ tshow nonce + validateToken (encodeUtf8 token) >>= \case + Just tc + | tc.aud == cfg.clientId + , tc.nonce == nonce + -> do + log $ tshow tc + pure . Just $ Auth + { name = tc.preferred_username + , id = tc.sub + } + _else -> do + pure Nothing _else -> pure Nothing _else -> pure Nothing |