199 lines
5.8 KiB
Plaintext
199 lines
5.8 KiB
Plaintext
{% package template %}
|
|
|
|
{% import (
|
|
"source.toby3d.me/toby3d/auth/internal/domain"
|
|
"source.toby3d.me/toby3d/auth/internal/domain/challenge"
|
|
"source.toby3d.me/toby3d/auth/internal/domain/response"
|
|
"source.toby3d.me/toby3d/auth/web/template/layout"
|
|
) %}
|
|
|
|
{% code type Authorize struct {
|
|
layout.BaseOf
|
|
Scope domain.Scopes
|
|
CodeChallengeMethod challenge.Method
|
|
ResponseType response.Type
|
|
Client *domain.Client
|
|
Me *domain.Me
|
|
RedirectURI *domain.URL
|
|
Providers []*domain.Provider
|
|
CSRF []byte
|
|
CodeChallenge string
|
|
State string
|
|
} %}
|
|
|
|
{% stripspace %}
|
|
{% func (p *Authorize) Title() %}
|
|
{% if p.Client.Name != "" %}
|
|
{%= p.T("Authorize %s", p.Client.Name) %}
|
|
{% else %}
|
|
{%= p.T("Authorize application") %}
|
|
{% endif %}
|
|
{% endfunc %}
|
|
|
|
{% func (p *Authorize) Body() %}
|
|
<header>
|
|
{% if p.Client.Logo != nil %}
|
|
<img class=""{% space %}
|
|
crossorigin="anonymous"{% space %}
|
|
decoding="async"{% space %}
|
|
height="140"{% space %}
|
|
importance="high"{% space %}
|
|
loading="lazy"{% space %}
|
|
referrerpolicy="no-referrer-when-downgrade"{% space %}
|
|
src="{%s p.Client.Logo.String() %}"{% space %}
|
|
alt="{%s p.Client.Name %}"{% space %}
|
|
width="140">
|
|
{% endif %}
|
|
|
|
<h2>
|
|
{% if p.Client.URL != nil %}
|
|
<a href="{%s p.Client.URL.String() %}">
|
|
{% endif %}
|
|
{% if p.Client.Name != "" %}
|
|
{%s p.Client.Name %}
|
|
{% else %}
|
|
{%s p.Client.ID.String() %}
|
|
{% endif %}
|
|
{% if p.Client.URL != nil %}
|
|
</a>
|
|
{% endif %}
|
|
</h2>
|
|
</header>
|
|
|
|
<main>
|
|
<aside>
|
|
{% if p.CodeChallengeMethod != challenge.Und && p.CodeChallenge != "" %}
|
|
<p class="with-icon">
|
|
<span class="icon"{% space %}
|
|
role="img"{% space %}
|
|
aria-label="closed lock with key">🔐</span>
|
|
|
|
{%= p.T(`This client uses %sPKCE%s with the %s%s%s method.`, `<abbr title="Proof of Key Code Exchange">`,
|
|
`</abbr>`, `<code>`, p.CodeChallengeMethod, `</code>`) %}
|
|
</p>
|
|
{% else %}
|
|
<details>
|
|
<summary class="with-icon">
|
|
<span class="icon"{% space %}
|
|
role="img"{% space %}
|
|
aria-label="unlock">🔓</span>
|
|
|
|
{%= p.T(`This client does not use %sPKCE%s!`, `<abbr title="Proof of Key Code Exchange">`, `</abbr>`) %}
|
|
</summary>
|
|
<p>
|
|
{%= p.T(`%sProof of Key Code Exchange%s is a mechanism that protects against attackers in the middle hijacking `+
|
|
`your application's authentication process. You can still authorize this application without this protection, `+
|
|
`but you must independently verify the security of this connection. If you have any doubts - stop the process `+
|
|
` and contact the developers.`, `<dfn id="PKCE">`, `</dfn>`) %}
|
|
</p>
|
|
</details>
|
|
{% endif %}
|
|
</aside>
|
|
|
|
<form class=""{% space %}
|
|
accept-charset="utf-8"{% space %}
|
|
action="/authorize/verify"{% space %}
|
|
autocomplete="off"{% space %}
|
|
enctype="application/x-www-form-urlencoded"{% space %}
|
|
method="post"{% space %}
|
|
novalidate="true"{% space %}
|
|
target="_self">
|
|
|
|
{% if p.CSRF != nil %}
|
|
<input type="hidden"{% space %}
|
|
name="_csrf"{% space %}
|
|
value="{%z p.CSRF %}">
|
|
{% endif %}
|
|
|
|
{% for key, val := range map[string]string{
|
|
"client_id": p.Client.ID.String(),
|
|
"redirect_uri": p.RedirectURI.String(),
|
|
"response_type": p.ResponseType.String(),
|
|
"state": p.State,
|
|
} %}
|
|
<input type="hidden"{% space %}
|
|
name="{%s key %}"{% space %}
|
|
value="{%s val %}">
|
|
{% endfor %}
|
|
|
|
{% if len(p.Scope) > 0 %}
|
|
<fieldset>
|
|
<legend>{%= p.T("Scopes") %}</legend>
|
|
|
|
{% for _, scope := range p.Scope %}
|
|
<div>
|
|
<label>
|
|
<input type="checkbox"{% space %}
|
|
name="scope[]"{% space %}
|
|
value="{%s scope.String() %}"{% space %}
|
|
checked>
|
|
|
|
{%s scope.String() %}
|
|
</label>
|
|
</div>
|
|
{% endfor %}
|
|
</fieldset>
|
|
{% else %}
|
|
<aside>
|
|
<p>{%= p.T(`No scopes is requested: the application will only get your profile URL.`) %}</p>
|
|
</aside>
|
|
{% endif %}
|
|
|
|
{% if p.CodeChallenge != "" %}
|
|
{% for key, val := range map[string]string{
|
|
"code_challenge": p.CodeChallenge,
|
|
"code_challenge_method": p.CodeChallengeMethod.String(),
|
|
} %}
|
|
<input type="hidden"{% space %}
|
|
name="{%s key %}"{% space %}
|
|
value="{%s val %}">
|
|
{% endfor %}
|
|
{% endif %}
|
|
|
|
{% if p.Me != nil %}
|
|
<input type="hidden"{% space %}
|
|
name="me"{% space %}
|
|
value="{%s p.Me.String() %}">
|
|
{% endif %}
|
|
|
|
{% if len(p.Providers) > 0 %}
|
|
<select name="provider"{% space %}
|
|
autocomplete{% space %}
|
|
required>
|
|
|
|
{% for _, provider := range p.Providers %}
|
|
<option value="{%s provider.UID %}"
|
|
{% if provider.UID == "mastodon" %}selected{% endif %}>
|
|
|
|
{%s provider.Name %}
|
|
</option>
|
|
{% endfor %}
|
|
</select>
|
|
{% else %}
|
|
<input type="hidden"{% space %}
|
|
name="provider"{% space %}
|
|
value="direct">
|
|
{% endif %}
|
|
|
|
<button type="submit"{% space %}
|
|
name="authorize"{% space %}
|
|
value="deny">
|
|
|
|
{%= p.T("Deny") %}
|
|
</button>
|
|
|
|
<button type="submit"{% space %}
|
|
name="authorize"{% space %}
|
|
value="allow">
|
|
|
|
{%= p.T("Allow") %}
|
|
</button>
|
|
|
|
<aside>
|
|
<p>{%= p.T(`You will be redirected to %s%s%s`, `<code>`, p.RedirectURI, `</code>`) %}</p>
|
|
</aside>
|
|
</form>
|
|
</main>
|
|
{% endfunc %}
|
|
{% endstripspace %}
|