From 7a14bf42ab9530a51b17edafa7761e9d8b7f2388 Mon Sep 17 00:00:00 2001
From: xun <xun794@gmail.com>
Date: Tue, 24 Oct 2023 15:02:58 +0800
Subject: [PATCH] fix: clientStore and tokenStore maybe have some problems.

---
 api/v1/oauth_server.go |  9 +++------
 example/client.go      | 18 ++++++++++++++++--
 2 files changed, 19 insertions(+), 8 deletions(-)

diff --git a/api/v1/oauth_server.go b/api/v1/oauth_server.go
index e6ce34f..3b9024e 100644
--- a/api/v1/oauth_server.go
+++ b/api/v1/oauth_server.go
@@ -30,6 +30,9 @@ var (
 	srv            *server.Server
 	pgxConn, _     = pgx.Connect(context.Background(), config.Config.Sub("oauth.server").GetString("db_uri"))
 	adapter        = pgx4adapter.NewConn(pgxConn)
+	// FIXME: tokenStore, clientStore maybe have some problem
+	tokenStore, _  = pg.NewTokenStore(adapter, pg.WithTokenStoreGCInterval(time.Minute))
+	clientStore, _ = pg.NewClientStore(adapter)
 )
 
 func init() {
@@ -37,11 +40,6 @@ func init() {
 }
 
 func InitServer() {
-	// use PostgreSQL token store with pgx.Connection adapter
-	tokenStore, _ := pg.NewTokenStore(adapter, pg.WithTokenStoreGCInterval(time.Minute))
-	defer tokenStore.Close()
-	clientStore, _ := pg.NewClientStore(adapter)
-
 	mg := manage.NewDefaultManager()
 	mg.MapTokenStorage(tokenStore)
 	mg.SetAuthorizeCodeTokenCfg(manage.DefaultAuthorizeCodeTokenCfg)
@@ -90,7 +88,6 @@ func CreateClient(c *gin.Context) {
 		return
 	}
 
-	clientStore, _ := pg.NewClientStore(adapter)
 	cErr := clientStore.Create(&models.Client{
 		ID:     clientID,
 		Secret: secret,
diff --git a/example/client.go b/example/client.go
index 853f29a..f8c4f76 100644
--- a/example/client.go
+++ b/example/client.go
@@ -2,6 +2,7 @@ package main
 
 import (
 	"context"
+	"crypto/rand"
 	"crypto/sha256"
 	"encoding/base64"
 	"encoding/json"
@@ -33,6 +34,19 @@ var (
 	globalToken *oauth2.Token // Non-concurrent security
 )
 
+func GenerateVerifier() string {
+	// "RECOMMENDED that the output of a suitable random number generator be
+	// used to create a 32-octet sequence.  The octet sequence is then
+	// base64url-encoded to produce a 43-octet URL-safe string to use as the
+	// code verifier."
+	// https://datatracker.ietf.org/doc/html/rfc7636#section-4.1
+	data := make([]byte, 32)
+	if _, err := rand.Read(data); err != nil {
+		panic(err)
+	}
+	return base64.RawURLEncoding.EncodeToString(data)
+}
+
 func main() {
 	http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
 		u := config.AuthCodeURL("xyz",
@@ -43,6 +57,7 @@ func main() {
 	})
 
 	http.HandleFunc("/api/auth/callback/sastlink", func(w http.ResponseWriter, r *http.Request) {
+
 		r.ParseForm()
 		println(r.URL.RawQuery)
 		// state := r.Form.Get("state")
@@ -61,7 +76,6 @@ func main() {
 	http.HandleFunc("/oauth2", func(w http.ResponseWriter, r *http.Request) {
 		r.ParseForm()
 		println(r.URL.RawQuery)
-		verifier := oauth2.GenerateVerifier()
 		// state := r.Form.Get("state")
 		// if state != "xyz" {
 		// 	http.Error(w, "State invalid", http.StatusBadRequest)
@@ -73,7 +87,7 @@ func main() {
 			return
 		}
 		fmt.Println("Code:" + code)
-		//token, err := config.Exchange(r.Context(), code, oauth2.SetAuthURLParam("code_verifier", "sast_forever"))
+		// token, err := config.Exchange(r.Context(), code, oauth2.SetAuthURLParam("code_verifier", "sast_forever"))
 		//if err != nil {
 		//	http.Error(w, err.Error(), http.StatusInternalServerError)
 		//	return