diff mod_http_oauth2/mod_http_oauth2.lua @ 4269:143515d0b212

mod_http_oauth2: Factor out authorization code validity decision I intend to use it for a couple of more things, so having a single definition helps keep things tidy
author Kim Alvefur <zash@zash.se>
date Sun, 22 Nov 2020 18:39:55 +0100
parents 7b4a73364363
children 243f7b0dbf35
line wrap: on
line diff
--- a/mod_http_oauth2/mod_http_oauth2.lua	Sun Nov 22 17:00:26 2020 +0100
+++ b/mod_http_oauth2/mod_http_oauth2.lua	Sun Nov 22 18:39:55 2020 +0100
@@ -14,6 +14,10 @@
 local clients = module:open_store("oauth2_clients", "map");
 local codes = module:open_store("oauth2_codes", "map");
 
+local function code_expired(code)
+	return os.difftime(os.time(), code.issued) > 900;
+end
+
 local function oauth_error(err_name, err_desc)
 	return errors.new({
 		type = "modify";
@@ -118,7 +122,7 @@
 	end
 	local code, err = codes:get(client_owner, client_id .. "#" .. params.code);
 	if err then error(err); end
-	if not code or type(code) ~= "table" or os.difftime(os.time(), code.issued) > 900 then
+	if not code or type(code) ~= "table" or code_expired(code) then
 		module:log("debug", "authorization_code invalid or expired: %q", code);
 		return oauth_error("invalid_client", "incorrect credentials");
 	end