mirrors/pocket-id
1
0
Fork 0
mirror of https://github.com/pocket-id/pocket-id.git synced 2026-02-10 17:14:22 +00:00
Code Activity

fix: decode URL-encoded client ID and secret in Basic auth (#1263)

Browse Source
This commit is contained in:
Yegor Pomortsev
2026-01-24 12:52:17 -08:00
committed by GitHub
parent 1de231f1ff
commit 6eebecd85a
3 changed files with 84 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
backend/internal/utils/http_util.go
View File

@@ -2,6 +2,7 @@ package utils
import (
"net/http"
"net/url"
"strconv"
"strings"
"time"
@@ -21,6 +22,27 @@ func BearerAuth(r *http.Request) (string, bool) {
return "", false
}
// OAuthClientBasicAuth returns the OAuth client ID and secret provided in the request's
// Authorization header, if present. See RFC 6749, Section 2.3.
func OAuthClientBasicAuth(r *http.Request) (clientID, clientSecret string, ok bool) {
clientID, clientSecret, ok = r.BasicAuth()
if !ok {
return "", "", false
}
clientID, err := url.QueryUnescape(clientID)
if err != nil {
return "", "", false
}
clientSecret, err = url.QueryUnescape(clientSecret)
if err != nil {
return "", "", false
}
return clientID, clientSecret, true
}
// SetCacheControlHeader sets the Cache-Control header for the response.
func SetCacheControlHeader(ctx *gin.Context, maxAge, staleWhileRevalidate time.Duration) {
_, ok := ctx.GetQuery("skipCache")