barbercollie/tinyauth
1
0
Fork 1
mirror of https://github.com/steveiliop56/tinyauth.git synced 2026-03-25 16:07:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: prevent ddos attacks in oauth rate limit

Browse Source
This commit is contained in:
Stavros
2026-03-22 20:43:33 +02:00
parent db73c56dfe
commit 7ae16d6bdc
2 changed files with 45 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
internal/controller/oauth_controller.go
View File

@@ -129,6 +129,7 @@ func (controller *OAuthController) oauthCallbackHandler(c *gin.Context) {
}
c.SetCookie(controller.config.OAuthSessionCookieName, "", -1, "/", fmt.Sprintf(".%s", controller.config.CookieDomain), controller.config.SecureCookie, true)
defer controller.auth.EndOAuthSession(sessionIdCookie)
state := c.Query("state")
csrfCookie, err := c.Cookie(controller.config.CSRFCookieName)
@@ -227,9 +228,6 @@ func (controller *OAuthController) oauthCallbackHandler(c *gin.Context) {
tlog.AuditLoginSuccess(c, sessionCookie.Username, sessionCookie.Provider)
// Clear OAuth session
controller.auth.EndOAuthSession(sessionIdCookie)
redirectURI, err := c.Cookie(controller.config.RedirectCookieName)
if err != nil || !utils.IsRedirectSafe(redirectURI, controller.config.CookieDomain) {