O01eg/freeorion-test-web - Change CJDJTP27H2CZOFMKYVGCLYTKIFCRL3AZXKULFDFJ2NP4V22C5JFAC

Implement PKCE for Mastodon auth

Created by O01eg on April 13, 2026

CJDJTP27H2CZOFMKYVGCLYTKIFCRL3AZXKULFDFJ2NP4V22C5JFAC

Dependencies

In channels

main

Change contents

Replacement in src/templates/login.html at line 30 [5.296]

B:BD[4.93] → [4.93:157]

	<legend>Social Auth with Mastodon (not yet supported)</legend>

[4.93]

[4.157]

	<legend>Social Auth with Mastodon</legend>

Replacement in src/pages/reset_game_pwd.rs at line 42 [8.597]

∅:D[6.366] → [7.1022:1083]

B:BD[9.189] → [7.1022:1083]

    let token = match Uuid::parse_str(&token.into_inner()) {

[6.366]

[7.1083]

    let token = match Uuid::parse_str(&token.into_inner().replace("=", "")) {

Replacement in src/pages/mod.rs at line 50 [11.50]

B:BD[10.41] → [10.41:104]

    pub cache_mastodon_state: Mutex<TtlCache<String, String>>,

[10.41]

[12.1056]

    pub cache_mastodon_state: Mutex<TtlCache<String, (String, String)>>,

Insertion in src/pages/log_in.rs at line 5 [5.2605]
[5.2709]
[5.2709]
```
use rand::{rng, RngExt};
use sha2::{Digest, Sha256};
```
Insertion in src/pages/log_in.rs at line 10 [5.2605]
[5.2710]
[5.2710]
```
use base64::Engine;
```
Insertion in src/pages/log_in.rs at line 260 [5.2605]
[13.2342]
[13.2342]
```
    code_verifier: &str,
```

Replacement in src/pages/log_in.rs at line 268 [5.2605]

B:BD[13.2657] → [13.2657:2777]

            "client_id={}&client_secret={}&redirect_uri={}&grant_type=authorization_code&code={}&scopes=read:accounts",

[13.2657]

[3.487]

            "client_id={}&client_secret={}&redirect_uri={}&grant_type=authorization_code&code={}&scopes=read:accounts&code_verifier={}",

Replacement in src/pages/log_in.rs at line 272 [5.2605]

B:BD[3.783] → [3.783:872]

            pct_str::PctString::encode(code.chars(), pct_str::UriReserved::Any).as_str()

[3.783]

[13.3142]

            pct_str::PctString::encode(code.chars(), pct_str::UriReserved::Any).as_str(),
            code_verifier

Insertion in src/pages/log_in.rs at line 560 [5.2605]

[14.1]

[10.105]

    let mut random_bytes = [0u8; 32];
    rng().fill(&mut random_bytes);
    let code_verifier = base64::engine::general_purpose::URL_SAFE_NO_PAD.encode(random_bytes);
    let mut hasher = Sha256::new();
    hasher.update(code_verifier.as_bytes());
    let code_challenge = base64::engine::general_purpose::URL_SAFE_NO_PAD.encode(hasher.finalize());

Replacement in src/pages/log_in.rs at line 569 [5.2605]

B:BD[13.7436] → [10.150:285]

    let location = format!("https://{}/oauth/authorize?client_id={}&scope=read:accounts&redirect_uri={}&response_type=code&state={}",

[13.7436]

[13.7562]

    let location = format!("https://{}/oauth/authorize?client_id={}&scope=read:accounts&redirect_uri={}&response_type=code&state={}&code_challenge_method=S256&code_challenge={}",

Replacement in src/pages/log_in.rs at line 573 [5.2605]
∅:D[3.1062] → [10.379:395]
B:BD[10.379] → [10.379:395]
```
        state);
```
[3.1062]
[10.395]
```
        state,
        code_challenge);
```
Replacement in src/pages/log_in.rs at line 580 [5.2605]
B:BD[10.507] → [10.507:527]
```
            domain,
```
[10.507]
[10.527]
```
            (domain, code_verifier),
```

Replacement in src/pages/log_in.rs at line 629 [5.2605]

B:BD[10.1004] → [10.1004:1190]

    if cached_data.is_none_or(|x| x != domain) {
        log::warn!("Unknown state for mastodon redirect: {}", state);
        return HttpResponse::BadRequest().body("Incorrect");
    }

[10.1004]

[10.1190]

    let code_verifier = match cached_data {
        None => {
            log::warn!("Unknown state for mastodon redirect: {}", state);
            return HttpResponse::BadRequest().body("Incorrect");
        }
        Some((cached_domain, code_verifier)) => {
            if cached_domain != domain {
                log::warn!(
                    "Unknown domain and state for mastodon redirect: {} domain {} != {}",
                    state,
                    domain,
                    cached_domain
                );
                return HttpResponse::BadRequest().body("Incorrect");
            } else {
                code_verifier
            }
        }
    };

Insertion in src/pages/log_in.rs at line 692 [5.2605]
[13.10080]
[13.10080]
```
            &code_verifier,
```

Insertion in Cargo.toml at line 29 [15.77]

[2.16]

[7.2575]


[dependencies.rand]
version = "0.10"
features = ["thread_rng"]

Insertion in Cargo.lock at line 1004 [17.8513]
[16.4438]
[17.20518]
```
 "rand 0.10.1",
```

Implement PKCE for Mastodon auth

Dependencies

In channels

Change contents

Replacement in src/templates/login.html at line 30 [5.296]

Replacement in src/pages/reset_game_pwd.rs at line 42 [8.597]

Replacement in src/pages/mod.rs at line 50 [11.50]

Insertion in src/pages/log_in.rs at line 5 [5.2605]

Insertion in src/pages/log_in.rs at line 10 [5.2605]

Insertion in src/pages/log_in.rs at line 260 [5.2605]

Replacement in src/pages/log_in.rs at line 268 [5.2605]

Replacement in src/pages/log_in.rs at line 272 [5.2605]

Insertion in src/pages/log_in.rs at line 560 [5.2605]

Replacement in src/pages/log_in.rs at line 569 [5.2605]

Replacement in src/pages/log_in.rs at line 573 [5.2605]

Replacement in src/pages/log_in.rs at line 580 [5.2605]

Replacement in src/pages/log_in.rs at line 629 [5.2605]

Insertion in src/pages/log_in.rs at line 692 [5.2605]

Insertion in Cargo.toml at line 29 [15.77]

Insertion in Cargo.lock at line 1004 [17.8513]