diff --git a/go.mod b/go.mod index 7f89983c78..b39aac6db0 100644 --- a/go.mod +++ b/go.mod @@ -13,8 +13,6 @@ require ( github.com/gobwas/glob v0.2.3 github.com/gofrs/uuid v4.3.1+incompatible github.com/golang-jwt/jwt v3.2.2+incompatible - github.com/gorilla/securecookie v1.1.1 - github.com/gorilla/sessions v1.1.1 github.com/jackc/pgconn v1.13.0 github.com/jackc/pgerrcode v0.0.0-20201024163028-a0d42d470451 github.com/jackc/pgproto3/v2 v2.3.1 // indirect @@ -101,7 +99,6 @@ require ( github.com/golang-jwt/jwt/v4 v4.4.3 // indirect github.com/golang/protobuf v1.5.3 // indirect github.com/google/uuid v1.3.0 // indirect - github.com/gorilla/context v1.1.1 // indirect github.com/gorilla/css v1.0.0 // indirect github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0 // indirect github.com/h2non/parth v0.0.0-20190131123155-b4df798d6542 // indirect diff --git a/go.sum b/go.sum index 7405564f41..4ffdf51985 100644 --- a/go.sum +++ b/go.sum @@ -249,14 +249,8 @@ github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= -github.com/gorilla/context v1.1.1 h1:AWwleXJkX/nhcU9bZSnZoi3h/qGYqQAGhq6zZe/aQW8= -github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg= github.com/gorilla/css v1.0.0 h1:BQqNyPTi50JCFMTw/b67hByjMVXZRwGha6wxVGkeihY= github.com/gorilla/css v1.0.0/go.mod h1:Dn721qIggHpt4+EFCcTLTU/vk5ySda2ReITrtgBl60c= -github.com/gorilla/securecookie v1.1.1 h1:miw7JPhV+b/lAHSXz4qd/nN9jRiAFV5FwjeKyCS8BvQ= -github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4= -github.com/gorilla/sessions v1.1.1 h1:YMDmfaK68mUixINzY/XjscuJ47uXFWSSHzFbBQM0PrE= -github.com/gorilla/sessions v1.1.1/go.mod h1:8KCfur6+4Mqcc6S0FEfKuN15Vl5MgXW92AE8ovaJD0w= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0 h1:BZHcxBETFHIdVyhyEfOvn/RdU/QGdLI4y34qQGjGWO0= github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0/go.mod h1:hgWBS7lorOAVIJEQMi4ZsPv9hVvWI6+ch50m39Pf2Ks= diff --git a/internal/api/external.go b/internal/api/external.go index 9ccfdb196f..a20e3ba597 100644 --- a/internal/api/external.go +++ b/internal/api/external.go @@ -134,13 +134,6 @@ func (a *API) GetExternalProviderRedirectURL(w http.ResponseWriter, r *http.Requ } authURL := p.AuthCodeURL(tokenString, authUrlParams...) - switch externalProvider := p.(type) { - case *provider.TwitterProvider: - if err := storage.StoreInSession(providerType, externalProvider.Marshal(), r, w); err != nil { - return "", internalServerError("Error storing request token in session").WithInternalError(err) - } - } - return authURL, nil } diff --git a/internal/api/external_oauth.go b/internal/api/external_oauth.go index 2fd93d22ee..e37b7d6820 100644 --- a/internal/api/external_oauth.go +++ b/internal/api/external_oauth.go @@ -9,7 +9,6 @@ import ( "github.com/sirupsen/logrus" "github.com/supabase/auth/internal/api/provider" "github.com/supabase/auth/internal/observability" - "github.com/supabase/auth/internal/storage" ) // OAuthProviderData contains the userData and token returned by the oauth provider @@ -110,24 +109,14 @@ func (a *API) oAuth1Callback(ctx context.Context, r *http.Request, providerType if err != nil { return nil, badRequestError("Unsupported provider: %+v", err).WithInternalError(err) } - value, err := storage.GetFromSession(providerType, r) - if err != nil { - return &OAuthProviderData{}, err - } oauthToken := getRequestToken(ctx) oauthVerifier := getOAuthVerifier(ctx) var accessToken *oauth.AccessToken var userData *provider.UserProvidedData if twitterProvider, ok := oAuthProvider.(*provider.TwitterProvider); ok { - requestToken, err := twitterProvider.Unmarshal(value) - if err != nil { - return &OAuthProviderData{}, err - } - if requestToken.Token != oauthToken { - return nil, internalServerError("Request token doesn't match token in callback") - } - twitterProvider.OauthVerifier = oauthVerifier - accessToken, err = twitterProvider.Consumer.AuthorizeToken(requestToken, oauthVerifier) + accessToken, err = twitterProvider.Consumer.AuthorizeToken(&oauth.RequestToken{ + Token: oauthToken, + }, oauthVerifier) if err != nil { return nil, internalServerError("Unable to retrieve access token").WithInternalError(err) } diff --git a/internal/storage/session.go b/internal/storage/session.go deleted file mode 100644 index e6189690da..0000000000 --- a/internal/storage/session.go +++ /dev/null @@ -1,42 +0,0 @@ -package storage - -import ( - "errors" - "net/http" - - "github.com/gorilla/securecookie" - "github.com/gorilla/sessions" - "github.com/kelseyhightower/envconfig" -) - -var sessionName = "_gotrue_session" -var Store sessions.Store - -type SessionConfig struct { - Key []byte `envconfig:"GOTRUE_SESSION_KEY"` -} - -func init() { - var sessionConfig SessionConfig - err := envconfig.Process("GOTRUE_SESSION_KEY", &sessionConfig) - if err != nil || len(sessionConfig.Key) == 0 { - sessionConfig.Key = securecookie.GenerateRandomKey(32) - } - Store = sessions.NewCookieStore(sessionConfig.Key) -} - -func StoreInSession(key string, value string, req *http.Request, res http.ResponseWriter) error { - session, _ := Store.New(req, sessionName) - session.Values[key] = value - return session.Save(req, res) -} - -func GetFromSession(key string, req *http.Request) (string, error) { - session, _ := Store.Get(req, sessionName) - value, ok := session.Values[key] - if !ok { - return "", errors.New("session could not be found for this request") - } - - return value.(string), nil -}