Home Esplora Aiuto
Accedi
TC
/
arozos
1
0
Forka 0
File Problemi 0 Pull Requests 0 Wiki
Albero (Tree): 975e5cfb43
Rami (Branch) Tag
arozos
/
mod
/
auth
/
oauth2
/
oauth2.go

oauth2.go 4.1 KB
Cronologia Originale

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140 
  1. package oauth2
    2. 

  2. 

  3. import (
    4. 

  4. 	"encoding/json"
    5. 

  5. 	"io/ioutil"
    6. 

  6. 	"log"
    7. 

  7. 	"net/http"
    8. 

  8. 	"time"
    9. 

  9. 

  10. 	"golang.org/x/oauth2"
    11. 

  11. 	"golang.org/x/oauth2/google"
    12. 

  12. 	auth "imuslab.com/arozos/mod/auth"
    13. 

  13. 	syncdb "imuslab.com/arozos/mod/auth/oauth2/syncdb"
    14. 

  14. 	reg "imuslab.com/arozos/mod/auth/register"
    15. 

  15. )
    16. 

  16. 

  17. type OauthHandler struct {
    18. 

  18. 	googleOauthConfig *oauth2.Config
    19. 

  19. 	syncDb            *syncdb.SyncDB
    20. 

  20. 	oauthStateString  string
    21. 

  21. 	DefaultUserGroup  string
    22. 

  22. 	ag                *auth.AuthAgent
    23. 

  23. 	reg               *reg.RegisterHandler
    24. 

  24. }
    25. 

  25. 

  26. type GoogleField struct {
    27. 

  27. 	ID            string `json:"id"`
    28. 

  28. 	Email         string `json:"email"`
    29. 

  29. 	VerifiedEmail bool   `json:"verified_email"`
    30. 

  30. 	Name          string `json:"name"`
    31. 

  31. 	GivenName     string `json:"given_name"`
    32. 

  32. 	FamilyName    string `json:"family_name"`
    33. 

  33. 	Picture       string `json:"picture"`
    34. 

  34. 	Locale        string `json:"locale"`
    35. 

  35. }
    36. 

  36. 

  37. //NewOauthHandler xxx
    38. 

  38. func NewOauthHandler(authAgent *auth.AuthAgent, register *reg.RegisterHandler) *OauthHandler {
    39. 

  39. 	NewlyCreatedOauthHandler := OauthHandler{
    40. 

  40. 		googleOauthConfig: &oauth2.Config{
    41. 

  41. 			RedirectURL:  "http://localhost:8080/system/auth/oauth/authorize",
    42. 

  42. 			ClientID:     "682431817920-nkmfn7m6uq0qbdo00hr2944m6r3hj8ua.apps.googleusercontent.com",
    43. 

  43. 			ClientSecret: "Obdlr2S5n8rj_qwsPLhToD3h",
    44. 

  44. 			Scopes: []string{"https://www.googleapis.com/auth/userinfo.profile",
    45. 

  45. 				"https://www.googleapis.com/auth/userinfo.email"},
    46. 

  46. 			Endpoint: google.Endpoint,
    47. 

  47. 		},
    48. 

  48. 		// Some random string, random for each request
    49. 

  49. 		DefaultUserGroup: "default",
    50. 

  50. 		ag:               authAgent,
    51. 

  51. 		syncDb:           syncdb.NewSyncDB(),
    52. 

  52. 		reg:              register,
    53. 

  53. 	}
    54. 

  54. 

  55. 	return &NewlyCreatedOauthHandler
    56. 

  56. }
    57. 

  57. 

  58. //HandleOauthLogin xxx
    59. 

  59. func (oh *OauthHandler) HandleLogin(w http.ResponseWriter, r *http.Request) {
    60. 

  60. 	//add cookies
    61. 

  61. 	redirect, e := r.URL.Query()["redirect"]
    62. 

  62. 	uuid := ""
    63. 

  63. 	if !e || len(redirect[0]) < 1 {
    64. 

  64. 		uuid = oh.syncDb.Store("/")
    65. 

  65. 	} else {
    66. 

  66. 		uuid = oh.syncDb.Store(redirect[0])
    67. 

  67. 	}
    68. 

  68. 	oh.addCookie(w, "uuid_login", uuid, 30*time.Minute)
    69. 

  69. 	//handle redirect
    70. 

  70. 	url := oh.googleOauthConfig.AuthCodeURL(uuid)
    71. 

  71. 	http.Redirect(w, r, url, http.StatusTemporaryRedirect)
    72. 

  72. }
    73. 

  73. 

  74. //OauthAuthorize xxx
    75. 

  75. func (oh *OauthHandler) HandleAuthorize(w http.ResponseWriter, r *http.Request) {
    76. 

  76. 	//read the uuid(aka the state parameter)
    77. 

  77. 	uuid, err := r.Cookie("uuid_login")
    78. 

  78. 	if err != nil {
    79. 

  79. 		w.Header().Set("Content-Type", "text/html; charset=UTF-8")
    80. 

  80. 		w.Write([]byte("Invalid redirect URI."))
    81. 

  81. 	}
    82. 

  82. 

  83. 	state := r.FormValue("state")
    84. 

  84. 	if state != uuid.Value {
    85. 

  85. 		w.Header().Set("Content-Type", "text/html; charset=UTF-8")
    86. 

  86. 		w.Write([]byte("Invalid oauth state."))
    87. 

  87. 		return
    88. 

  88. 	}
    89. 

  89. 

  90. 	code := r.FormValue("code")
    91. 

  91. 	token, err := oh.googleOauthConfig.Exchange(oauth2.NoContext, code)
    92. 

  92. 	if err != nil {
    93. 

  93. 		w.Header().Set("Content-Type", "text/html; charset=UTF-8")
    94. 

  94. 		w.Write([]byte("Code exchange failed."))
    95. 

  95. 		return
    96. 

  96. 	}
    97. 

  97. 

  98. 	response, err := http.Get("https://www.googleapis.com/oauth2/v2/userinfo?access_token=" + token.AccessToken)
    99. 

  99. 

  100. 	defer response.Body.Close()
    101. 

  101. 	contents, err := ioutil.ReadAll(response.Body)
    102. 

  102. 	var data GoogleField
    103. 

  103. 	json.Unmarshal([]byte(contents), &data)
    104. 

  104. 

  105. 	if !oh.ag.UserExists(data.Email) {
    106. 

  106. 		//register user if not already exists
    107. 

  107. 		//random pwd to prevent ppl bypassing the OAuth handler
    108. 

  108. 		if oh.reg.AllowRegistry {
    109. 

  109. 			http.Redirect(w, r, "/public/register/register.system?user="+data.Email, 302)
    110. 

  110. 		} else {
    111. 

  111. 			w.Header().Set("Content-Type", "text/html; charset=UTF-8")
    112. 

  112. 			w.Write([]byte("You are not allowed to register in this system.&nbsp;<a href=\"/\">Back</a>"))
    113. 

  113. 		}
    114. 

  114. 	} else {
    115. 

  115. 		log.Println(data.Email + " logged in via OAuth.")
    116. 

  116. 		oh.ag.LoginUserByRequest(w, r, data.Email, true)
    117. 

  117. 		//clear the cooke
    118. 

  118. 		oh.addCookie(w, "uuid_login", "-invaild-", -1)
    119. 

  119. 		//read the value from db and delete it from db
    120. 

  120. 		url := oh.syncDb.Read(uuid.Value)
    121. 

  121. 		oh.syncDb.Delete(uuid.Value)
    122. 

  122. 		//redirect to the desired page
    123. 

  123. 		http.Redirect(w, r, url, 302)
    124. 

  124. 	}
    125. 

  125. }
    126. 

  126. 

  127. func (oh *OauthHandler) CheckOAuth(w http.ResponseWriter, r *http.Request) {
    128. 

  128. 	sendJSONResponse(w, "true")
    129. 

  129. }
    130. 

  130. 

  131. //https://golangcode.com/add-a-http-cookie/
    132. 

  132. func (oh *OauthHandler) addCookie(w http.ResponseWriter, name, value string, ttl time.Duration) {
    133. 

  133. 	expire := time.Now().Add(ttl)
    134. 

  134. 	cookie := http.Cookie{
    135. 

  135. 		Name:    name,
    136. 

  136. 		Value:   value,
    137. 

  137. 		Expires: expire,
    138. 

  138. 	}
    139. 

  139. 	http.SetCookie(w, &cookie)
    140. 

  140. }
    141.