Refactor oauth login
This commit is contained in:
parent
a750f646a9
commit
d30327817e
4 changed files with 90 additions and 90 deletions
|
|
@ -4,7 +4,12 @@ package middleware
|
|||
import (
|
||||
"context"
|
||||
"crypto/rand"
|
||||
"log"
|
||||
"net/http"
|
||||
|
||||
urls "forgejo.gwairfelin.com/max/gispatcho"
|
||||
"forgejo.gwairfelin.com/max/gonotes/internal/auth"
|
||||
"golang.org/x/oauth2"
|
||||
)
|
||||
|
||||
type Session struct {
|
||||
|
|
@ -13,12 +18,26 @@ type Session struct {
|
|||
|
||||
type SessionStore struct {
|
||||
sessions map[string]Session
|
||||
oauth *oauth2.Config
|
||||
Routes urls.URLs
|
||||
}
|
||||
|
||||
type ContextKey string
|
||||
|
||||
func NewSessionStore() SessionStore {
|
||||
return SessionStore{sessions: make(map[string]Session, 10)}
|
||||
func NewSessionStore(oauth *oauth2.Config, prefix string) SessionStore {
|
||||
store := SessionStore{
|
||||
sessions: make(map[string]Session, 10),
|
||||
oauth: oauth,
|
||||
}
|
||||
store.Routes = urls.URLs{
|
||||
Prefix: prefix,
|
||||
URLs: map[string]urls.URL{
|
||||
"login": {Path: "/login/", Protocol: "GET", Handler: store.LoginViewOAUTH},
|
||||
"callback": {Path: "/callback/", Protocol: "GET", Handler: store.CallbackViewOAUTH},
|
||||
"logout": {Path: "/logout/", Protocol: "GET", Handler: store.Logout},
|
||||
},
|
||||
}
|
||||
return store
|
||||
}
|
||||
|
||||
func (s *SessionStore) Login(user string, w http.ResponseWriter) string {
|
||||
|
|
@ -47,6 +66,57 @@ func (s *SessionStore) Logout(w http.ResponseWriter, r *http.Request) {
|
|||
http.Redirect(w, r, "/", http.StatusTemporaryRedirect)
|
||||
}
|
||||
|
||||
func (s *SessionStore) LoginViewOAUTH(w http.ResponseWriter, r *http.Request) {
|
||||
log.Printf("%+v", *s.oauth)
|
||||
|
||||
oauthState := auth.GenerateStateOAUTHCookie(w, s.Routes.Prefix)
|
||||
|
||||
url := s.oauth.AuthCodeURL(oauthState)
|
||||
log.Printf("Redirecting to %s", url)
|
||||
http.Redirect(w, r, url, http.StatusTemporaryRedirect)
|
||||
}
|
||||
|
||||
func (s *SessionStore) CallbackViewOAUTH(w http.ResponseWriter, r *http.Request) {
|
||||
// Read oauthState from Cookie
|
||||
oauthState, err := r.Cookie("oauthstate")
|
||||
if err != nil {
|
||||
log.Printf("An error occured during login: %s", err)
|
||||
http.Redirect(w, r, "/", http.StatusTemporaryRedirect)
|
||||
return
|
||||
}
|
||||
|
||||
log.Printf("%v", oauthState)
|
||||
|
||||
if r.FormValue("state") != oauthState.Value {
|
||||
log.Println("invalid oauth state")
|
||||
http.Redirect(w, r, "/", http.StatusTemporaryRedirect)
|
||||
return
|
||||
}
|
||||
|
||||
data, err := auth.GetUserData(r.FormValue("code"), s.oauth)
|
||||
if err != nil {
|
||||
log.Println(err.Error())
|
||||
http.Redirect(w, r, "/", http.StatusTemporaryRedirect)
|
||||
return
|
||||
}
|
||||
|
||||
username, ok := data["preferred_username"]
|
||||
if !ok {
|
||||
log.Println("No username in auth response")
|
||||
http.Redirect(w, r, "/", http.StatusTemporaryRedirect)
|
||||
return
|
||||
}
|
||||
userStr, ok := username.(string)
|
||||
if !ok {
|
||||
log.Println("Username not interpretable as string")
|
||||
http.Redirect(w, r, "/", http.StatusTemporaryRedirect)
|
||||
return
|
||||
}
|
||||
|
||||
s.Login(userStr, w)
|
||||
http.Redirect(w, r, "/", http.StatusTemporaryRedirect)
|
||||
}
|
||||
|
||||
func (s *SessionStore) AsMiddleware(next http.Handler) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
sessionCookie, err := r.Cookie("id")
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue