gonotes/internal/auth/oauth.go

package auth

import (
	"context"
	"crypto/rand"
	"encoding/base64"
	"encoding/json"
	"fmt"
	"net/http"

	"forgejo.gwairfelin.com/max/gonotes/internal/conf"
	"golang.org/x/oauth2"
)

func GenerateStateOAUTHCookie(w http.ResponseWriter, prefix string) string {

	b := make([]byte, 16)
	rand.Read(b)
	state := base64.URLEncoding.EncodeToString(b)
	cookie := http.Cookie{
		Name: "oauthstate", Value: state,
		MaxAge: 30, Secure: true, HttpOnly: true, Path: prefix,
	}
	http.SetCookie(w, &cookie)

	return state
}

func GetUserFromForgejo(code string, oauth *oauth2.Config) (string, error) {
	// Use code to get token and get user info from Google.

	token, err := oauth.Exchange(context.Background(), code)
	if err != nil {
		return "", fmt.Errorf("code exchange wrong: %s", err.Error())
	}

	request, err := http.NewRequest("GET", conf.Conf.OIDC.UserinfoURL, nil)
	if err != nil {
		return "", fmt.Errorf("failed to init http client for userinfo: %s", err.Error())
	}
	request.Header.Set("Authorization", fmt.Sprintf("token %s", token.AccessToken))
	response, err := http.DefaultClient.Do(request)

	if err != nil {
		return "", fmt.Errorf("failed getting user info: %s", err.Error())
	}
	defer response.Body.Close()

	uInf := make(map[string]any)

	err = json.NewDecoder(response.Body).Decode(&uInf)
	if err != nil {
		return "", fmt.Errorf("failed to parse response as json: %s", err.Error())
	}

	username, ok := uInf["preferred_username"]
	if !ok {
		return "", fmt.Errorf("no username in response: %s", err.Error())
	}
	userStr, ok := username.(string)
	if !ok {
		return "", fmt.Errorf("username not a string: %s", err.Error())
	}

	return userStr, nil
}