🐛 Fixed profile injection panic in /userinfo route

2022-02-18 00:22:20 +05:00 · 2022-02-18 00:22:20 +05:00 · 460bd1a657
parent 1480f58cac
commit 460bd1a657
1 changed files with 23 additions and 12 deletions
--- a/internal/user/delivery/http/user_http.go
+++ b/internal/user/delivery/http/user_http.go
@ -16,10 +16,10 @@ import (
 type (
 	UserInformationResponse struct {
-		Name  string        `json:"name,omitempty"`
+		Name  string `json:"name,omitempty"`
-		URL   *domain.URL   `json:"url,omitempty"`
+		URL   string `json:"url,omitempty"`
-		Photo *domain.URL   `json:"photo,omitempty"`
+		Photo string `json:"photo,omitempty"`
-		Email *domain.Email `json:"email,omitempty"`
+		Email string `json:"email,omitempty"`
 	}
 	RequestHandler struct {
@ -75,21 +75,32 @@ func (h *RequestHandler) handleUserInformation(ctx *http.RequestCtx) {
 		return
 	}
-	if !tkn.Scope.Has(domain.ScopeProfile) && !tkn.Scope.Has(domain.ScopeEmail) {
+	if !tkn.Scope.Has(domain.ScopeProfile) {
 		ctx.SetStatusCode(http.StatusForbidden)
 		_ = encoder.Encode(domain.NewError(
 			domain.ErrorCodeInsufficientScope,
-			"token with 'profile' and/or 'email' scopes is required to view profile data",
+			"token with 'profile' scope is required to view profile data",
 			"https://indieauth.net/source/#user-information",
 		))
 		return
 	}
-	_ = encoder.Encode(&UserInformationResponse{
+	resp := new(UserInformationResponse)
-		Name:  "",
+	if tkn.Extra == nil {
-		URL:   &domain.URL{},
+		_ = encoder.Encode(resp)
-		Photo: &domain.URL{},
+
-		Email: &domain.Email{},
+		return
-	})
+	}
 	resp.Name, _ = tkn.Extra["name"].(string)
 	resp.URL, _ = tkn.Extra["url"].(string)
 	resp.Photo, _ = tkn.Extra["photo"].(string)
 	if tkn.Scope.Has(domain.ScopeEmail) {
 		resp.Email, _ = tkn.Extra["email"].(string)
 	}
 	_ = encoder.Encode(resp)
 }