viscous/cloudreve
1
0
Fork 0
mirror of https://github.com/cloudreve/cloudreve.git synced 2026-03-03 02:27:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

Adjust OAuth grant validation limits (no code changes yet) (#3261)

Browse Source 
* Initial plan

* Increase OAuth state limit

Co-authored-by: HFO4 <16058869+HFO4@users.noreply.github.com>

* Default PKCE method when missing

Co-authored-by: HFO4 <16058869+HFO4@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: HFO4 <16058869+HFO4@users.noreply.github.com>
This commit is contained in:
Copilot
2026-02-03 14:55:00 +08:00
committed by GitHub
parent 87d48ac4a7
commit 1f580f0d8a
1 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
service/oauth/oauth.go
View File

@@ -48,10 +48,10 @@ type (
ClientID string `json:"client_id" binding:"required"`
ResponseType string `json:"response_type" binding:"required,eq=code"`
RedirectURI string `json:"redirect_uri" binding:"required"`
State string `json:"state" binding:"max=255"`
State string `json:"state" binding:"max=4096"`
Scope string `json:"scope" binding:"required"`
CodeChallenge string `json:"code_challenge" binding:"max=255"`
CodeChallengeMethod string `json:"code_challenge_method" binding:"eq=S256,omitempty"`
CodeChallengeMethod string `json:"code_challenge_method" binding:"omitempty,eq=S256"`
}
)
@@ -60,6 +60,9 @@ func (s *GrantService) Get(c *gin.Context) (*GrantResponse, error) {
user := inventory.UserFromContext(c)
kv := dep.KV()
oAuthClient := dep.OAuthClientClient()
if s.CodeChallenge != "" && s.CodeChallengeMethod == "" {
s.CodeChallengeMethod = "S256"
}
// 1. Get app registration and grant
app, err := oAuthClient.GetByGUIDWithGrants(c, s.ClientID, user.ID)