refactor: don't store oauth token in cookie

internal/api/api.go

@@ -291,7 +291,7 @@ func (api *API) SetupRoutes() {
 			return
 		}
 
-		token, tokenErr := provider.ExchangeToken(code)
+		_, tokenErr := provider.ExchangeToken(code)
 
 		if handleApiError(c, "Failed to exchange token", tokenErr) {
 			return
@@ -315,7 +315,7 @@ func (api *API) SetupRoutes() {
 		}
 
 		session := sessions.Default(c)
-		session.Set("tinyauth_sid", fmt.Sprintf("%s:%s", providerName.Provider, token))
+		session.Set("tinyauth_sid", fmt.Sprintf("%s:%s", providerName.Provider, email))
 		session.Save()
 
 		redirectURI, redirectURIErr := c.Cookie("tinyauth_redirect_uri")

internal/hooks/hooks.go

@@ -8,7 +8,6 @@ import (
 
 	"github.com/gin-contrib/sessions"
 	"github.com/gin-gonic/gin"
-	"golang.org/x/oauth2"
 )
 
 func NewHooks(auth *auth.Auth, providers *providers.Providers) *Hooks {
@@ -90,22 +89,7 @@ func (hooks *Hooks) UseUserContext(c *gin.Context) (types.UserContext, error) {
 		}, nil
 	}
 
-	provider.Token = &oauth2.Token{
+	if !hooks.Auth.EmailWhitelisted(sessionValue) {
-		AccessToken: sessionValue,
-	}
-
-	email, emailErr := hooks.Providers.GetUser(sessionType)
-
-	if emailErr != nil {
-		return types.UserContext{
-			Email:      "",
-			IsLoggedIn: false,
-			OAuth:      false,
-			Provider:   "",
-		}, nil
-	}
-
-	if !hooks.Auth.EmailWhitelisted(email) {
 		session.Delete("tinyauth_sid")
 		session.Save()
 		return types.UserContext{
@@ -117,7 +101,7 @@ func (hooks *Hooks) UseUserContext(c *gin.Context) (types.UserContext, error) {
 	}
 
 	return types.UserContext{
-		Email:      email,
+		Email:      sessionValue,
 		IsLoggedIn: true,
 		OAuth:      true,
 		Provider:   sessionType,