525c79a
525c79a5578fcca23c1bea81d4c439c068a9c033f372f5b
cfac7e8| Status | File | + | - |
|---|---|---|---|
| M |
internal/web/handlers/handlers.go
|
9 | 0 |
| M |
internal/web/server.go
|
1 | 0 |
internal/web/handlers/handlers.gomodified@@ -56,6 +56,12 @@ type Deps struct { | ||
| 56 | 56 | // group so the API surface (PAT-authenticated, no browser-form |
| 57 | 57 | // posts) can register its routes. |
| 58 | 58 | APIMounter func(chi.Router) |
| 59 | + // DeviceCodeAPIMounter, when non-nil, registers the RFC 8628 | |
| 60 | + // device-code JSON endpoints (/login/device/code + | |
| 61 | + // /login/oauth/access_token) on the CSRF-exempt group. The | |
| 62 | + // matching browser-facing /login/device verification page is | |
| 63 | + // mounted by AuthMounter (CSRF-protected). | |
| 64 | + DeviceCodeAPIMounter func(chi.Router) | |
| 59 | 65 | // AvatarMounter, when non-nil, registers /avatars/{username} on the |
| 60 | 66 | // CSRF-exempt group (avatar GETs are safe and benefit from caching). |
| 61 | 67 | AvatarMounter func(chi.Router) |
@@ -241,6 +247,9 @@ func RegisterChi(r *chi.Mux, deps Deps) (*chi.Mux, middleware.PanicHandler, http | ||
| 241 | 247 | if deps.APIMounter != nil { |
| 242 | 248 | deps.APIMounter(r) |
| 243 | 249 | } |
| 250 | + if deps.DeviceCodeAPIMounter != nil { | |
| 251 | + deps.DeviceCodeAPIMounter(r) | |
| 252 | + } | |
| 244 | 253 | if deps.AvatarMounter != nil { |
| 245 | 254 | deps.AvatarMounter(r) |
| 246 | 255 | } |
internal/web/server.gomodified@@ -168,6 +168,7 @@ func Run(ctx context.Context, opts Options) error { | ||
| 168 | 168 | return fmt.Errorf("auth handlers: %w", err) |
| 169 | 169 | } |
| 170 | 170 | deps.AuthMounter = auth.Mount |
| 171 | + deps.DeviceCodeAPIMounter = auth.MountDeviceCodeAPI | |
| 171 | 172 | |
| 172 | 173 | var ( |
| 173 | 174 | runnerJWT *runnerjwt.Signer |