starred/godoxy-yusing
1
0
Fork 0
mirror of https://github.com/yusing/godoxy.git synced 2026-04-27 10:47:06 +02:00
Code Issues 18 Packages Projects Releases 10 Wiki Activity

fix(oidc): apply rate limit to fix oocasional oauth state error due to race condition

Browse Source
This commit is contained in:
yusing
2025-05-28 22:12:41 +08:00
parent 717fd0e58c
commit 32d8292b17
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
internal/auth/oidc.go
View File

@@ -18,6 +18,7 @@ import (
"github.com/yusing/go-proxy/internal/net/gphttp" "github.com/yusing/go-proxy/internal/net/gphttp"
"github.com/yusing/go-proxy/internal/utils" "github.com/yusing/go-proxy/internal/utils"
"golang.org/x/oauth2" "golang.org/x/oauth2"
"golang.org/x/time/rate"
) )
type ( type (
@@ -162,6 +163,8 @@ func (auth *OIDCProvider) HandleAuth(w http.ResponseWriter, r *http.Request) {
} }
} }
var rateLimit = rate.NewLimiter(rate.Every(time.Second), 1)
func (auth *OIDCProvider) LoginHandler(w http.ResponseWriter, r *http.Request) { func (auth *OIDCProvider) LoginHandler(w http.ResponseWriter, r *http.Request) {
// check for session token // check for session token
sessionToken, err := r.Cookie(CookieOauthSessionToken) sessionToken, err := r.Cookie(CookieOauthSessionToken)
@@ -182,6 +185,11 @@ func (auth *OIDCProvider) LoginHandler(w http.ResponseWriter, r *http.Request) {
return return
} }
if !rateLimit.Allow() {
http.Error(w, "auth rate limit exceeded", http.StatusTooManyRequests)
return
}
state := generateState() state := generateState()
SetTokenCookie(w, r, CookieOauthState, state, 300*time.Second) SetTokenCookie(w, r, CookieOauthState, state, 300*time.Second)
// redirect user to Idp // redirect user to Idp