From ba72697f1a414cab8c1428a0ca5af0880ba644bc Mon Sep 17 00:00:00 2001
From: MrMelon54 <github@mrmelon54.com>
Date: Wed, 14 Feb 2024 21:04:52 +0000
Subject: [PATCH] Add wider oauth/user perm boxes and allow wildcard oauth
 perms

---
 go.mod                     | 2 +-
 go.sum                     | 4 ++--
 pages/manage-apps.go.html  | 4 ++--
 pages/manage-users.go.html | 2 +-
 server/jwt.go              | 9 ++++-----
 test-client/index.html     | 2 +-
 6 files changed, 11 insertions(+), 12 deletions(-)

diff --git a/go.mod b/go.mod
index b1249d8..cff2733 100644
--- a/go.mod
+++ b/go.mod
@@ -4,7 +4,7 @@ go 1.22
 
 require (
 	github.com/1f349/cache v0.0.2
-	github.com/1f349/mjwt v0.2.1
+	github.com/1f349/mjwt v0.2.4
 	github.com/1f349/overlapfs v0.0.1
 	github.com/1f349/violet v0.0.13
 	github.com/MrMelon54/exit-reload v0.0.1
diff --git a/go.sum b/go.sum
index a872c1b..8ac3ddb 100644
--- a/go.sum
+++ b/go.sum
@@ -1,8 +1,8 @@
 cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 github.com/1f349/cache v0.0.2 h1:27QD6zPd9xYyvh9V1qqWq+EAt5+N+qvyGWKfnjMrhP8=
 github.com/1f349/cache v0.0.2/go.mod h1:LibAMy13dF0KO1fQA9aEjZPBCB6Y4b5kKYEQJUqc2rQ=
-github.com/1f349/mjwt v0.2.1 h1:REdiM/MaNjYQwHvI39LaMPhlvMg4Vy9SgomWMsKTNz8=
-github.com/1f349/mjwt v0.2.1/go.mod h1:KEs6jd9JjWrQW+8feP2pGAU7pdA3aYTqjkT/YQr73PU=
+github.com/1f349/mjwt v0.2.4 h1:FDVl2v50N1BdPjd79srRzIstZsQ/KLWWidsmJ6arPfI=
+github.com/1f349/mjwt v0.2.4/go.mod h1:KEs6jd9JjWrQW+8feP2pGAU7pdA3aYTqjkT/YQr73PU=
 github.com/1f349/overlapfs v0.0.1 h1:LAxBolrXFAgU0yqZtXg/C/aaPq3eoQSPpBc49BHuTp0=
 github.com/1f349/overlapfs v0.0.1/go.mod h1:I6aItQycr7nrzplmfNXp/QF9tTmKRSgY3fXmu/7Ky2o=
 github.com/1f349/violet v0.0.13 h1:lJpTz15Ea83Uc1VAISXTjtKuzr8Pe8NM4cMGp3Aiyhk=
diff --git a/pages/manage-apps.go.html b/pages/manage-apps.go.html
index c3c9446..c18d992 100644
--- a/pages/manage-apps.go.html
+++ b/pages/manage-apps.go.html
@@ -61,7 +61,7 @@
             {{if .IsAdmin}}
                 <div>
                     <label for="field_perms">Perms:</label>
-                    <input type="text" name="perms" id="field_perms" value="{{.Edit.Perms}}" required/>
+                    <input type="text" name="perms" id="field_perms" value="{{.Edit.Perms}}" size="100"/>
                 </div>
             {{end}}
             <div>
@@ -143,7 +143,7 @@
             {{if .IsAdmin}}
                 <div>
                     <label for="field_perms">Perms:</label>
-                    <input type="text" name="perms" id="field_perms" required/>
+                    <input type="text" name="perms" id="field_perms"/>
                 </div>
             {{end}}
             <div>
diff --git a/pages/manage-users.go.html b/pages/manage-users.go.html
index 856821c..e487bf2 100644
--- a/pages/manage-users.go.html
+++ b/pages/manage-users.go.html
@@ -24,7 +24,7 @@
             </div>
             <div>
                 <label for="field_roles">Roles:</label>
-                <input type="text" name="roles" id="field_roles" value="{{.Edit.Roles}}"/>
+                <input type="text" name="roles" id="field_roles" value="{{.Edit.Roles}}" size="100"/>
             </div>
             <div>
                 <label for="field_active">Active: <input type="checkbox" name="active" id="field_active" checked/></label>
diff --git a/server/jwt.go b/server/jwt.go
index e6fc03d..25480af 100644
--- a/server/jwt.go
+++ b/server/jwt.go
@@ -36,15 +36,14 @@ func (j *JWTAccessGenerate) Token(ctx context.Context, data *oauth2.GenerateBasi
 	}
 	beginCtx.Rollback()
 
-	ps := claims.NewPermStorage()
+	ps := claims.ParsePermStorage(roles)
+	var out *claims.PermStorage
 	ForEachRole(data.Client.(interface{ UsePerms() string }).UsePerms(), func(role string) {
-		if HasRole(roles, role) {
-			ps.Set(role)
-		}
+		out = ps.Filter(strings.Split(role, " "))
 	})
 
 	access, err = j.signer.GenerateJwt(data.UserID, "", jwt.ClaimStrings{data.TokenInfo.GetClientID()}, data.TokenInfo.GetAccessExpiresIn(), auth.AccessTokenClaims{
-		Perms: ps,
+		Perms: out,
 	})
 
 	if isGenRefresh {
diff --git a/test-client/index.html b/test-client/index.html
index 62e7b7c..cb05a00 100644
--- a/test-client/index.html
+++ b/test-client/index.html
@@ -6,7 +6,7 @@
   <script>
       const ssoService = "http://localhost:9090";
 
-      POP2.init(ssoService + "/authorize", "f4cdb93d-fe28-427b-b037-f03f44c86a16", "openid profile age", 500, 600);
+      POP2.init(ssoService + "/authorize", "f4cdb93d-fe28-427b-b037-f03f44c86a16", "openid profile age email", 500, 600);
 
       window.addEventListener("load", function () {
           doThisThing(false);