|  | @@ -1,6 +1,7 @@
 | 
											
												
													
														|  |  package oauth2
 |  |  package oauth2
 | 
											
												
													
														|  |  
 |  |  
 | 
											
												
													
														|  |  import (
 |  |  import (
 | 
											
												
													
														|  | 
 |  | +	"context"
 | 
											
												
													
														|  |  	"encoding/json"
 |  |  	"encoding/json"
 | 
											
												
													
														|  |  	"log"
 |  |  	"log"
 | 
											
												
													
														|  |  	"net/http"
 |  |  	"net/http"
 | 
											
										
											
												
													
														|  | @@ -17,21 +18,17 @@ import (
 | 
											
												
													
														|  |  type OauthHandler struct {
 |  |  type OauthHandler struct {
 | 
											
												
													
														|  |  	googleOauthConfig *oauth2.Config
 |  |  	googleOauthConfig *oauth2.Config
 | 
											
												
													
														|  |  	syncDb            *syncdb.SyncDB
 |  |  	syncDb            *syncdb.SyncDB
 | 
											
												
													
														|  | -	oauthStateString  string
 |  | 
 | 
											
												
													
														|  | -	DefaultUserGroup  string
 |  | 
 | 
											
												
													
														|  |  	ag                *auth.AuthAgent
 |  |  	ag                *auth.AuthAgent
 | 
											
												
													
														|  |  	reg               *reg.RegisterHandler
 |  |  	reg               *reg.RegisterHandler
 | 
											
												
													
														|  |  	coredb            *db.Database
 |  |  	coredb            *db.Database
 | 
											
												
													
														|  | -	config            *Config
 |  | 
 | 
											
												
													
														|  |  }
 |  |  }
 | 
											
												
													
														|  |  
 |  |  
 | 
											
												
													
														|  |  type Config struct {
 |  |  type Config struct {
 | 
											
												
													
														|  | -	Enabled          bool   `json:"enabled"`
 |  | 
 | 
											
												
													
														|  | -	IDP              string `json:"idp"`
 |  | 
 | 
											
												
													
														|  | -	RedirectURL      string `json:"redirect_url"`
 |  | 
 | 
											
												
													
														|  | -	ClientID         string `json:"client_id"`
 |  | 
 | 
											
												
													
														|  | -	ClientSecret     string `json:"client_secret"`
 |  | 
 | 
											
												
													
														|  | -	DefaultUserGroup string `json:"default_user_group"`
 |  | 
 | 
											
												
													
														|  | 
 |  | +	Enabled      bool   `json:"enabled"`
 | 
											
												
													
														|  | 
 |  | +	IDP          string `json:"idp"`
 | 
											
												
													
														|  | 
 |  | +	RedirectURL  string `json:"redirect_url"`
 | 
											
												
													
														|  | 
 |  | +	ClientID     string `json:"client_id"`
 | 
											
												
													
														|  | 
 |  | +	ClientSecret string `json:"client_secret"`
 | 
											
												
													
														|  |  }
 |  |  }
 | 
											
												
													
														|  |  
 |  |  
 | 
											
												
													
														|  |  //NewOauthHandler xxx
 |  |  //NewOauthHandler xxx
 | 
											
										
											
												
													
														|  | @@ -50,11 +47,10 @@ func NewOauthHandler(authAgent *auth.AuthAgent, register *reg.RegisterHandler, c
 | 
											
												
													
														|  |  			Scopes:       getScope(coreDb),
 |  |  			Scopes:       getScope(coreDb),
 | 
											
												
													
														|  |  			Endpoint:     getEndpoint(coreDb),
 |  |  			Endpoint:     getEndpoint(coreDb),
 | 
											
												
													
														|  |  		},
 |  |  		},
 | 
											
												
													
														|  | -		DefaultUserGroup: readSingleConfig("defaultusergroup", coreDb),
 |  | 
 | 
											
												
													
														|  | -		ag:               authAgent,
 |  | 
 | 
											
												
													
														|  | -		syncDb:           syncdb.NewSyncDB(),
 |  | 
 | 
											
												
													
														|  | -		reg:              register,
 |  | 
 | 
											
												
													
														|  | -		coredb:           coreDb,
 |  | 
 | 
											
												
													
														|  | 
 |  | +		ag:     authAgent,
 | 
											
												
													
														|  | 
 |  | +		syncDb: syncdb.NewSyncDB(),
 | 
											
												
													
														|  | 
 |  | +		reg:    register,
 | 
											
												
													
														|  | 
 |  | +		coredb: coreDb,
 | 
											
												
													
														|  |  	}
 |  |  	}
 | 
											
												
													
														|  |  
 |  |  
 | 
											
												
													
														|  |  	return &NewlyCreatedOauthHandler
 |  |  	return &NewlyCreatedOauthHandler
 | 
											
										
											
												
													
														|  | @@ -62,6 +58,11 @@ func NewOauthHandler(authAgent *auth.AuthAgent, register *reg.RegisterHandler, c
 | 
											
												
													
														|  |  
 |  |  
 | 
											
												
													
														|  |  //HandleOauthLogin xxx
 |  |  //HandleOauthLogin xxx
 | 
											
												
													
														|  |  func (oh *OauthHandler) HandleLogin(w http.ResponseWriter, r *http.Request) {
 |  |  func (oh *OauthHandler) HandleLogin(w http.ResponseWriter, r *http.Request) {
 | 
											
												
													
														|  | 
 |  | +	enabled := oh.readSingleConfig("enabled")
 | 
											
												
													
														|  | 
 |  | +	if enabled == "" || enabled == "false" {
 | 
											
												
													
														|  | 
 |  | +		sendTextResponse(w, "OAuth disabled")
 | 
											
												
													
														|  | 
 |  | +		return
 | 
											
												
													
														|  | 
 |  | +	}
 | 
											
												
													
														|  |  	//add cookies
 |  |  	//add cookies
 | 
											
												
													
														|  |  	redirect, err := mv(r, "redirect", false)
 |  |  	redirect, err := mv(r, "redirect", false)
 | 
											
												
													
														|  |  	//store the redirect url to the sync map
 |  |  	//store the redirect url to the sync map
 | 
											
										
											
												
													
														|  | @@ -80,6 +81,11 @@ func (oh *OauthHandler) HandleLogin(w http.ResponseWriter, r *http.Request) {
 | 
											
												
													
														|  |  
 |  |  
 | 
											
												
													
														|  |  //OauthAuthorize xxx
 |  |  //OauthAuthorize xxx
 | 
											
												
													
														|  |  func (oh *OauthHandler) HandleAuthorize(w http.ResponseWriter, r *http.Request) {
 |  |  func (oh *OauthHandler) HandleAuthorize(w http.ResponseWriter, r *http.Request) {
 | 
											
												
													
														|  | 
 |  | +	enabled := oh.readSingleConfig("enabled")
 | 
											
												
													
														|  | 
 |  | +	if enabled == "" || enabled == "false" {
 | 
											
												
													
														|  | 
 |  | +		sendTextResponse(w, "OAuth disabled")
 | 
											
												
													
														|  | 
 |  | +		return
 | 
											
												
													
														|  | 
 |  | +	}
 | 
											
												
													
														|  |  	//read the uuid(aka the state parameter)
 |  |  	//read the uuid(aka the state parameter)
 | 
											
												
													
														|  |  	uuid, err := r.Cookie("uuid_login")
 |  |  	uuid, err := r.Cookie("uuid_login")
 | 
											
												
													
														|  |  	if err != nil {
 |  |  	if err != nil {
 | 
											
										
											
												
													
														|  | @@ -104,7 +110,7 @@ func (oh *OauthHandler) HandleAuthorize(w http.ResponseWriter, r *http.Request)
 | 
											
												
													
														|  |  	}
 |  |  	}
 | 
											
												
													
														|  |  
 |  |  
 | 
											
												
													
														|  |  	//exchange the infromation to get code
 |  |  	//exchange the infromation to get code
 | 
											
												
													
														|  | -	token, err := oh.googleOauthConfig.Exchange(oauth2.NoContext, code)
 |  | 
 | 
											
												
													
														|  | 
 |  | +	token, err := oh.googleOauthConfig.Exchange(context.Background(), code)
 | 
											
												
													
														|  |  	if err != nil {
 |  |  	if err != nil {
 | 
											
												
													
														|  |  		sendTextResponse(w, "Code exchange failed.")
 |  |  		sendTextResponse(w, "Code exchange failed.")
 | 
											
												
													
														|  |  		return
 |  |  		return
 | 
											
										
											
												
													
														|  | @@ -113,35 +119,33 @@ func (oh *OauthHandler) HandleAuthorize(w http.ResponseWriter, r *http.Request)
 | 
											
												
													
														|  |  	//get user info
 |  |  	//get user info
 | 
											
												
													
														|  |  	username, err := getUserInfo(token.AccessToken, oh.coredb)
 |  |  	username, err := getUserInfo(token.AccessToken, oh.coredb)
 | 
											
												
													
														|  |  	if err != nil {
 |  |  	if err != nil {
 | 
											
												
													
														|  | -		oh.ag.Logger.LogAuth(r, false)
 |  | 
 | 
											
												
													
														|  | 
 |  | +		oh.ag.Logger.LogAuthByRequestInfo(username, r.RemoteAddr, time.Now().Unix(), false, "web")
 | 
											
												
													
														|  |  		sendTextResponse(w, "Failed to obtain user info.")
 |  |  		sendTextResponse(w, "Failed to obtain user info.")
 | 
											
												
													
														|  |  		return
 |  |  		return
 | 
											
												
													
														|  |  	}
 |  |  	}
 | 
											
												
													
														|  |  
 |  |  
 | 
											
												
													
														|  | -	r.Form.Add("username", username) // to address Tobychui's log auth function
 |  | 
 | 
											
												
													
														|  | -
 |  | 
 | 
											
												
													
														|  |  	if !oh.ag.UserExists(username) {
 |  |  	if !oh.ag.UserExists(username) {
 | 
											
												
													
														|  |  		//register user if not already exists
 |  |  		//register user if not already exists
 | 
											
												
													
														|  |  		//if registration is closed, return error message.
 |  |  		//if registration is closed, return error message.
 | 
											
												
													
														|  |  		//also makr the login as fail.
 |  |  		//also makr the login as fail.
 | 
											
												
													
														|  |  		if oh.reg.AllowRegistry {
 |  |  		if oh.reg.AllowRegistry {
 | 
											
												
													
														|  | -			oh.ag.Logger.LogAuth(r, false)
 |  | 
 | 
											
												
													
														|  | -			http.Redirect(w, r, "/public/register/register.system?user="+username, 302)
 |  | 
 | 
											
												
													
														|  | 
 |  | +			oh.ag.Logger.LogAuthByRequestInfo(username, r.RemoteAddr, time.Now().Unix(), false, "web")
 | 
											
												
													
														|  | 
 |  | +			http.Redirect(w, r, "/public/register/register.system?user="+username, http.StatusFound)
 | 
											
												
													
														|  |  		} else {
 |  |  		} else {
 | 
											
												
													
														|  | -			oh.ag.Logger.LogAuth(r, false)
 |  | 
 | 
											
												
													
														|  | 
 |  | +			oh.ag.Logger.LogAuthByRequestInfo(username, r.RemoteAddr, time.Now().Unix(), false, "web")
 | 
											
												
													
														|  |  			sendHTMLResponse(w, "You are not allowed to register in this system. <a href=\"/\">Back</a>")
 |  |  			sendHTMLResponse(w, "You are not allowed to register in this system. <a href=\"/\">Back</a>")
 | 
											
												
													
														|  |  		}
 |  |  		}
 | 
											
												
													
														|  |  	} else {
 |  |  	} else {
 | 
											
												
													
														|  |  		log.Println(username + " logged in via OAuth.")
 |  |  		log.Println(username + " logged in via OAuth.")
 | 
											
												
													
														|  |  		oh.ag.LoginUserByRequest(w, r, username, true)
 |  |  		oh.ag.LoginUserByRequest(w, r, username, true)
 | 
											
												
													
														|  | -		oh.ag.Logger.LogAuth(r, true)
 |  | 
 | 
											
												
													
														|  | 
 |  | +		oh.ag.Logger.LogAuthByRequestInfo(username, r.RemoteAddr, time.Now().Unix(), true, "web")
 | 
											
												
													
														|  |  		//clear the cooke
 |  |  		//clear the cooke
 | 
											
												
													
														|  |  		oh.addCookie(w, "uuid_login", "-invaild-", -1)
 |  |  		oh.addCookie(w, "uuid_login", "-invaild-", -1)
 | 
											
												
													
														|  |  		//read the value from db and delete it from db
 |  |  		//read the value from db and delete it from db
 | 
											
												
													
														|  |  		url := oh.syncDb.Read(uuid.Value)
 |  |  		url := oh.syncDb.Read(uuid.Value)
 | 
											
												
													
														|  |  		oh.syncDb.Delete(uuid.Value)
 |  |  		oh.syncDb.Delete(uuid.Value)
 | 
											
												
													
														|  |  		//redirect to the desired page
 |  |  		//redirect to the desired page
 | 
											
												
													
														|  | -		http.Redirect(w, r, url, 302)
 |  | 
 | 
											
												
													
														|  | 
 |  | +		http.Redirect(w, r, url, http.StatusFound)
 | 
											
												
													
														|  |  	}
 |  |  	}
 | 
											
												
													
														|  |  }
 |  |  }
 | 
											
												
													
														|  |  
 |  |  
 | 
											
										
											
												
													
														|  | @@ -176,15 +180,13 @@ func (oh *OauthHandler) ReadConfig(w http.ResponseWriter, r *http.Request) {
 | 
											
												
													
														|  |  	redirecturl := oh.readSingleConfig("redirecturl")
 |  |  	redirecturl := oh.readSingleConfig("redirecturl")
 | 
											
												
													
														|  |  	clientid := oh.readSingleConfig("clientid")
 |  |  	clientid := oh.readSingleConfig("clientid")
 | 
											
												
													
														|  |  	clientsecret := oh.readSingleConfig("clientsecret")
 |  |  	clientsecret := oh.readSingleConfig("clientsecret")
 | 
											
												
													
														|  | -	defaultusergroup := oh.readSingleConfig("defaultusergroup")
 |  | 
 | 
											
												
													
														|  |  
 |  |  
 | 
											
												
													
														|  |  	config, err := json.Marshal(Config{
 |  |  	config, err := json.Marshal(Config{
 | 
											
												
													
														|  | -		Enabled:          enabled,
 |  | 
 | 
											
												
													
														|  | -		IDP:              idp,
 |  | 
 | 
											
												
													
														|  | -		RedirectURL:      redirecturl,
 |  | 
 | 
											
												
													
														|  | -		ClientID:         clientid,
 |  | 
 | 
											
												
													
														|  | -		ClientSecret:     clientsecret,
 |  | 
 | 
											
												
													
														|  | -		DefaultUserGroup: defaultusergroup,
 |  | 
 | 
											
												
													
														|  | 
 |  | +		Enabled:      enabled,
 | 
											
												
													
														|  | 
 |  | +		IDP:          idp,
 | 
											
												
													
														|  | 
 |  | +		RedirectURL:  redirecturl,
 | 
											
												
													
														|  | 
 |  | +		ClientID:     clientid,
 | 
											
												
													
														|  | 
 |  | +		ClientSecret: clientsecret,
 | 
											
												
													
														|  |  	})
 |  |  	})
 | 
											
												
													
														|  |  	if err != nil {
 |  |  	if err != nil {
 | 
											
												
													
														|  |  		empty, err := json.Marshal(Config{})
 |  |  		empty, err := json.Marshal(Config{})
 | 
											
										
											
												
													
														|  | @@ -238,19 +240,11 @@ func (oh *OauthHandler) WriteConfig(w http.ResponseWriter, r *http.Request) {
 | 
											
												
													
														|  |  			return
 |  |  			return
 | 
											
												
													
														|  |  		}
 |  |  		}
 | 
											
												
													
														|  |  	}
 |  |  	}
 | 
											
												
													
														|  | -	defaultusergroup, err := mv(r, "defaultusergroup", true)
 |  | 
 | 
											
												
													
														|  | -	if err != nil {
 |  | 
 | 
											
												
													
														|  | -		if showError {
 |  | 
 | 
											
												
													
														|  | -			sendErrorResponse(w, "defaultusergroup field can't be empty'")
 |  | 
 | 
											
												
													
														|  | -			return
 |  | 
 | 
											
												
													
														|  | -		}
 |  | 
 | 
											
												
													
														|  | -	}
 |  | 
 | 
											
												
													
														|  |  
 |  |  
 | 
											
												
													
														|  |  	oh.coredb.Write("oauth", "idp", idp)
 |  |  	oh.coredb.Write("oauth", "idp", idp)
 | 
											
												
													
														|  |  	oh.coredb.Write("oauth", "redirecturl", redirecturl)
 |  |  	oh.coredb.Write("oauth", "redirecturl", redirecturl)
 | 
											
												
													
														|  |  	oh.coredb.Write("oauth", "clientid", clientid)
 |  |  	oh.coredb.Write("oauth", "clientid", clientid)
 | 
											
												
													
														|  |  	oh.coredb.Write("oauth", "clientsecret", clientsecret)
 |  |  	oh.coredb.Write("oauth", "clientsecret", clientsecret)
 | 
											
												
													
														|  | -	oh.coredb.Write("oauth", "defaultusergroup", defaultusergroup)
 |  | 
 | 
											
												
													
														|  |  
 |  |  
 | 
											
												
													
														|  |  	//update the information inside the oauth class
 |  |  	//update the information inside the oauth class
 | 
											
												
													
														|  |  	oh.googleOauthConfig = &oauth2.Config{
 |  |  	oh.googleOauthConfig = &oauth2.Config{
 |