admin/Authentication
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added more error logs

Browse Source
This commit is contained in:
F04C
2026-02-27 10:19:24 +08:00
parent acebd04780
commit b76eba9bf0
1 changed files with 15 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
handlers/google_auth.go
+15 -2
View File
@@ -219,10 +219,12 @@ func GoogleCallback(w http.ResponseWriter, r *http.Request) {
} }
if !emailExists { if !emailExists {
helper.LogError(errors.New("unregistered email"), "Google login attempt with unregistered email: "+email)
if FetchedRedirectURI != nil && *FetchedRedirectURI != "" { if FetchedRedirectURI != nil && *FetchedRedirectURI != "" {
RedirectURI := *FetchedRedirectURI RedirectURI := *FetchedRedirectURI
log.Print("RedirectURI from query param: ", RedirectURI) log.Print("RedirectURI from query param: ", RedirectURI)
if !IsAllowedRedirectURI(RedirectURI) { if !IsAllowedRedirectURI(RedirectURI) {
helper.LogError(errors.New("unauthorized redirect uri"), "Blocked redirect URI for unregistered email: "+RedirectURI)
helper.RespondWithError(w, http.StatusUnauthorized, "Unauthorized RedirectURI") helper.RespondWithError(w, http.StatusUnauthorized, "Unauthorized RedirectURI")
log.Print("Unauthorized RedirectURI: ", RedirectURI) log.Print("Unauthorized RedirectURI: ", RedirectURI)
return return
@@ -294,6 +296,7 @@ func GoogleCallback(w http.ResponseWriter, r *http.Request) {
err = helper.LogLoginEventV2(userID, ipAddress) err = helper.LogLoginEventV2(userID, ipAddress)
if err != nil { if err != nil {
helper.LogError(err, fmt.Sprintf("Failed to log login event. user_id=%s ip=%s", userID, ipAddress))
helper.RespondWithError(w, http.StatusBadGateway, "Failed to Log Login Event") helper.RespondWithError(w, http.StatusBadGateway, "Failed to Log Login Event")
return return
} }
@@ -304,6 +307,7 @@ func GoogleCallback(w http.ResponseWriter, r *http.Request) {
RedirectURI := *FetchedRedirectURI RedirectURI := *FetchedRedirectURI
log.Print("RedirectURI from query param: ", RedirectURI) log.Print("RedirectURI from query param: ", RedirectURI)
if !IsAllowedRedirectURI(RedirectURI) { if !IsAllowedRedirectURI(RedirectURI) {
helper.LogError(errors.New("unauthorized redirect uri"), "Blocked redirect URI after successful auth: "+RedirectURI)
helper.RespondWithError(w, http.StatusUnauthorized, "Unauthorized RedirectURI") helper.RespondWithError(w, http.StatusUnauthorized, "Unauthorized RedirectURI")
log.Print("Unauthorized RedirectURI: ", RedirectURI) log.Print("Unauthorized RedirectURI: ", RedirectURI)
return return
@@ -324,12 +328,21 @@ func GoogleCallback(w http.ResponseWriter, r *http.Request) {
func validateState(w http.ResponseWriter, r *http.Request) bool { func validateState(w http.ResponseWriter, r *http.Request) bool {
cookie, err := r.Cookie("oauth_state") cookie, err := r.Cookie("oauth_state")
if err != nil || r.URL.Query().Get("state") != cookie.Value { callbackState := r.URL.Query().Get("state")
if err != nil {
helper.LogError(err, "oauth_state cookie missing or unreadable during callback")
helper.LogWarn(errorInvalidState) helper.LogWarn(errorInvalidState)
helper.RespondWithError(w, http.StatusUnauthorized, errorInvalidState) helper.RespondWithError(w, http.StatusUnauthorized, errorInvalidState)
return false return false
} }
helper.LogInfo(fmt.Sprintf("Cookie state: %s, Callback state: %s", cookie.Value, r.URL.Query().Get("state")))
if callbackState != cookie.Value {
helper.LogError(errors.New("oauth state mismatch"), fmt.Sprintf("OAuth state mismatch. cookie_state=%s callback_state=%s", cookie.Value, callbackState))
helper.LogWarn(errorInvalidState)
helper.RespondWithError(w, http.StatusUnauthorized, errorInvalidState)
return false
}
helper.LogInfo(fmt.Sprintf("Cookie state: %s, Callback state: %s", cookie.Value, callbackState))
return true return true
} }