From 548243090747019d48ac8306e271d64399c325dd Mon Sep 17 00:00:00 2001
From: Stavros <steveiliop56@gmail.com>
Date: Sun, 19 Oct 2025 19:03:32 +0300
Subject: [PATCH] refactor: generate a verifier on every oauth auth session

---
 internal/controller/oauth_controller.go   | 1 +
 internal/service/generic_oauth_service.go | 8 ++++++--
 internal/service/github_oauth_service.go  | 9 ++++++---
 internal/service/google_oauth_service.go  | 9 ++++++---
 internal/service/oauth_broker_service.go  | 1 +
 5 files changed, 20 insertions(+), 8 deletions(-)

diff --git a/internal/controller/oauth_controller.go b/internal/controller/oauth_controller.go
index c0a7380..61b6c07 100644
--- a/internal/controller/oauth_controller.go
+++ b/internal/controller/oauth_controller.go
@@ -72,6 +72,7 @@ func (controller *OAuthController) oauthURLHandler(c *gin.Context) {
 		return
 	}
 
+	service.GenerateVerifier()
 	state := service.GenerateState()
 	authURL := service.GetAuthURL(state)
 	c.SetCookie(controller.config.CSRFCookieName, state, int(time.Hour.Seconds()), "/", fmt.Sprintf(".%s", controller.config.CookieDomain), controller.config.SecureCookie, true)
diff --git a/internal/service/generic_oauth_service.go b/internal/service/generic_oauth_service.go
index 053944a..49fa9bd 100644
--- a/internal/service/generic_oauth_service.go
+++ b/internal/service/generic_oauth_service.go
@@ -59,10 +59,8 @@ func (generic *GenericOAuthService) Init() error {
 	ctx := context.Background()
 
 	ctx = context.WithValue(ctx, oauth2.HTTPClient, httpClient)
-	verifier := oauth2.GenerateVerifier()
 
 	generic.context = ctx
-	generic.verifier = verifier
 	return nil
 }
 
@@ -76,6 +74,12 @@ func (generic *GenericOAuthService) GenerateState() string {
 	return state
 }
 
+func (generic *GenericOAuthService) GenerateVerifier() string {
+	verifier := oauth2.GenerateVerifier()
+	generic.verifier = verifier
+	return verifier
+}
+
 func (generic *GenericOAuthService) GetAuthURL(state string) string {
 	return generic.config.AuthCodeURL(state, oauth2.AccessTypeOffline, oauth2.S256ChallengeOption(generic.verifier))
 }
diff --git a/internal/service/github_oauth_service.go b/internal/service/github_oauth_service.go
index 163c2c8..0d3d76f 100644
--- a/internal/service/github_oauth_service.go
+++ b/internal/service/github_oauth_service.go
@@ -53,10 +53,7 @@ func (github *GithubOAuthService) Init() error {
 	httpClient := &http.Client{}
 	ctx := context.Background()
 	ctx = context.WithValue(ctx, oauth2.HTTPClient, httpClient)
-	verifier := oauth2.GenerateVerifier()
-
 	github.context = ctx
-	github.verifier = verifier
 	return nil
 }
 
@@ -70,6 +67,12 @@ func (github *GithubOAuthService) GenerateState() string {
 	return state
 }
 
+func (github *GithubOAuthService) GenerateVerifier() string {
+	verifier := oauth2.GenerateVerifier()
+	github.verifier = verifier
+	return verifier
+}
+
 func (github *GithubOAuthService) GetAuthURL(state string) string {
 	return github.config.AuthCodeURL(state, oauth2.AccessTypeOffline, oauth2.S256ChallengeOption(github.verifier))
 }
diff --git a/internal/service/google_oauth_service.go b/internal/service/google_oauth_service.go
index ab0597d..474c285 100644
--- a/internal/service/google_oauth_service.go
+++ b/internal/service/google_oauth_service.go
@@ -48,10 +48,7 @@ func (google *GoogleOAuthService) Init() error {
 	httpClient := &http.Client{}
 	ctx := context.Background()
 	ctx = context.WithValue(ctx, oauth2.HTTPClient, httpClient)
-	verifier := oauth2.GenerateVerifier()
-
 	google.context = ctx
-	google.verifier = verifier
 	return nil
 }
 
@@ -65,6 +62,12 @@ func (oauth *GoogleOAuthService) GenerateState() string {
 	return state
 }
 
+func (google *GoogleOAuthService) GenerateVerifier() string {
+	verifier := oauth2.GenerateVerifier()
+	google.verifier = verifier
+	return verifier
+}
+
 func (google *GoogleOAuthService) GetAuthURL(state string) string {
 	return google.config.AuthCodeURL(state, oauth2.AccessTypeOffline, oauth2.S256ChallengeOption(google.verifier))
 }
diff --git a/internal/service/oauth_broker_service.go b/internal/service/oauth_broker_service.go
index 1038184..e15d9c6 100644
--- a/internal/service/oauth_broker_service.go
+++ b/internal/service/oauth_broker_service.go
@@ -11,6 +11,7 @@ import (
 type OAuthService interface {
 	Init() error
 	GenerateState() string
+	GenerateVerifier() string
 	GetAuthURL(state string) string
 	VerifyCode(code string) error
 	Userinfo() (config.Claims, error)