From 28a7798b4d9e1815ae03e3dcea1cb22a1aaeabc5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=B9=B3=E5=8F=B0=E4=B8=AD=E5=BF=83/=E6=8A=80=E6=9C=AF?= =?UTF-8?q?=E9=83=A8-=E9=BB=84=E6=B6=9B?= Date: Fri, 6 Dec 2019 10:17:53 +0800 Subject: [PATCH 1/2] some fixes --- auth.go | 30 +++++++++++------------------- 1 file changed, 11 insertions(+), 19 deletions(-) diff --git a/auth.go b/auth.go index ee7e3d5..da31f93 100644 --- a/auth.go +++ b/auth.go @@ -36,13 +36,14 @@ func NewOpenId(r *http.Request) *OpenId { id.root = proto + r.Host uri := r.RequestURI - if i := strings.Index(uri, "openid"); i != -1 { + if i := strings.Index(uri, "openid."); i != -1 { uri = uri[0 : i-1] } id.returnUrl = id.root + uri switch r.Method { case "POST": + r.ParseForm() id.data = r.Form case "GET": id.data = r.URL.Query() @@ -52,24 +53,15 @@ func NewOpenId(r *http.Request) *OpenId { } func (id OpenId) AuthUrl() string { - data := map[string]string{ - "openid.claimed_id": openId_identifier, - "openid.identity": openId_identifier, - "openid.mode": openId_mode, - "openid.ns": openId_ns, - "openid.realm": id.root, - "openid.return_to": id.returnUrl, - } - - i := 0 - url := steam_login + "?" - for key, value := range data { - url += key + "=" + value - if i != len(data)-1 { - url += "&" - } - i++ - } + data := make(url.Values) + data.Set("openid.claimed_id", openId_identifier) + data.Set("openid.identity", openId_identifier) + data.Set("openid.mode", openId_mode) + data.Set("openid.ns", openId_ns) + data.Set("openid.realm", id.root) + data.Set("openid.return_to", id.returnUrl) + + url := steam_login + "?" + data.Encode() return url } From d7d24ec08da3bd4c3174815394ef9c8a5171f796 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=B9=B3=E5=8F=B0=E4=B8=AD=E5=BF=83/=E6=8A=80=E6=9C=AF?= =?UTF-8?q?=E9=83=A8-=E9=BB=84=E6=B6=9B?= Date: Fri, 6 Dec 2019 10:57:20 +0800 Subject: [PATCH 2/2] some fixes --- auth.go | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/auth.go b/auth.go index da31f93..9e25b66 100644 --- a/auth.go +++ b/auth.go @@ -112,6 +112,24 @@ func (id *OpenId) ValidateAndGetId() (string, error) { return digits_extraction_regexp.ReplaceAllString(openIdUrl, ""), nil } +// Dangerous. Only use for debug. +func (id *OpenId) GetIdWithoutValidateToSteam() (string, error) { + if id.Mode() != "id_res" { + return "", errors.New("Mode must equal to \"id_res\".") + } + + if id.data.Get("openid.return_to") != id.returnUrl { + return "", errors.New("The \"return_to url\" must match the url of current request.") + } + + openIdUrl := id.data.Get("openid.claimed_id") + if !validation_regexp.MatchString(openIdUrl) { + return "", errors.New("Invalid steam id pattern.") + } + + return digits_extraction_regexp.ReplaceAllString(openIdUrl, ""), nil +} + func (id OpenId) ValidateAndGetUser(apiKey string) (*PlayerSummaries, error) { steamId, err := id.ValidateAndGetId() if err != nil {