gitea-admin/lti-api
1
0
Fork 0
mirror of https://gitlab.com/mbugroup/lti-api.git synced 2026-05-20 13:31:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

[FIX/BE-US] changes permission to redis and scope

Browse Source
This commit is contained in:
ragilap
2026-01-29 14:33:26 +07:00
parent 9dd4a93476
commit a21b554fc7
4 changed files with 60 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/modules/sso/controllers/sso.controller.go
+17 -4
View File
@@ -200,7 +200,7 @@ func (h *Controller) Refresh(c *fiber.Ctx) error {
return fiber.NewError(fiber.StatusUnauthorized, "invalid access token")
}
issueCookies(c, struct {
if err := issueCookies(c, struct {
AccessToken string `json:"access_token"`
RefreshToken string `json:"refresh_token"`
TokenType string `json:"token_type"`
@@ -218,7 +218,9 @@ func (h *Controller) Refresh(c *fiber.Ctx) error {
IDToken: tokenResp.IDToken,
Error: tokenResp.Error,
Description: tokenResp.Description,
}, verification)
}, verification); err != nil {
return err
}
utils.Log.WithFields(logrus.Fields{
"user_id": verification.UserID,
@@ -307,7 +309,9 @@ func (h *Controller) Callback(c *fiber.Ctx) error {
}
// prepare cookies
issueCookies(c, tokenResp, verification)
if err := issueCookies(c, tokenResp, verification); err != nil {
return err
}
redirectTarget := sessionData.ReturnTo
if redirectTarget == "" {
@@ -742,13 +746,21 @@ func issueCookies(c *fiber.Ctx, tokenResp struct {
IDToken string `json:"id_token"`
Error string `json:"error"`
Description string `json:"error_description"`
}, verification *sso.VerificationResult) {
}, verification *sso.VerificationResult) error {
if revoker := session.GetRevocationStore(); revoker != nil && verification != nil {
if err := revoker.ClearUserLogout(c.Context(), verification.UserID); err != nil {
utils.Log.WithError(err).Warn("failed to clear logout marker")
}
}
if max := config.SSOAccessTokenMaxBytes; max > 0 && len(tokenResp.AccessToken) > max {
utils.Log.WithFields(logrus.Fields{
"token_len": len(tokenResp.AccessToken),
"max_len": max,
}).Warn("sso access token exceeds cookie size limit")
return fiber.NewError(fiber.StatusRequestEntityTooLarge, "access token too large")
}
accessName := resolveSSOCookieName(config.SSOAccessCookieName, "access")
refreshName := resolveSSOCookieName(config.SSORefreshCookieName, "refresh")
maxAge := tokenResp.ExpiresIn
@@ -790,6 +802,7 @@ func issueCookies(c *fiber.Ctx, tokenResp struct {
// Optional: expose limited info via headers for FE debugging (avoid tokens)
c.Set("X-Auth-User", fmt.Sprintf("%d", verification.UserID))
return nil
}
func clearSSOCookie(c *fiber.Ctx, name string) {