Added state location register hook. T712.
This commit is contained in:
parent
77e0126808
commit
28cf4dd5f5
|
@ -59,17 +59,19 @@ type (
|
||||||
}
|
}
|
||||||
|
|
||||||
WriteAsOauthCfg struct {
|
WriteAsOauthCfg struct {
|
||||||
ClientID string `ini:"client_id"`
|
ClientID string `ini:"client_id"`
|
||||||
ClientSecret string `ini:"client_secret"`
|
ClientSecret string `ini:"client_secret"`
|
||||||
AuthLocation string `ini:"auth_location"`
|
AuthLocation string `ini:"auth_location"`
|
||||||
TokenLocation string `ini:"token_location"`
|
TokenLocation string `ini:"token_location"`
|
||||||
InspectLocation string `ini:"inspect_location"`
|
InspectLocation string `ini:"inspect_location"`
|
||||||
|
StateRegisterLocation string `ini:"state_register_location"`
|
||||||
}
|
}
|
||||||
|
|
||||||
SlackOauthCfg struct {
|
SlackOauthCfg struct {
|
||||||
ClientID string `ini:"client_id"`
|
ClientID string `ini:"client_id"`
|
||||||
ClientSecret string `ini:"client_secret"`
|
ClientSecret string `ini:"client_secret"`
|
||||||
TeamID string `ini:"team_id"`
|
TeamID string `ini:"team_id"`
|
||||||
|
StateRegisterLocation string `ini:"state_register_location"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// AppCfg holds values that affect how the application functions
|
// AppCfg holds values that affect how the application functions
|
||||||
|
|
99
oauth.go
99
oauth.go
|
@ -3,6 +3,7 @@ package writefreely
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"github.com/gorilla/mux"
|
"github.com/gorilla/mux"
|
||||||
"github.com/gorilla/sessions"
|
"github.com/gorilla/sessions"
|
||||||
|
@ -12,6 +13,8 @@ import (
|
||||||
"io"
|
"io"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
"net/url"
|
||||||
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -71,17 +74,25 @@ type HttpClient interface {
|
||||||
type oauthClient interface {
|
type oauthClient interface {
|
||||||
GetProvider() string
|
GetProvider() string
|
||||||
GetClientID() string
|
GetClientID() string
|
||||||
|
GetCallbackLocation() string
|
||||||
buildLoginURL(state string) (string, error)
|
buildLoginURL(state string) (string, error)
|
||||||
exchangeOauthCode(ctx context.Context, code string) (*TokenResponse, error)
|
exchangeOauthCode(ctx context.Context, code string) (*TokenResponse, error)
|
||||||
inspectOauthAccessToken(ctx context.Context, accessToken string) (*InspectResponse, error)
|
inspectOauthAccessToken(ctx context.Context, accessToken string) (*InspectResponse, error)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type oauthStateRegisterer struct {
|
||||||
|
location string
|
||||||
|
callbackLocation string
|
||||||
|
httpClient HttpClient
|
||||||
|
}
|
||||||
|
|
||||||
type oauthHandler struct {
|
type oauthHandler struct {
|
||||||
Config *config.Config
|
Config *config.Config
|
||||||
DB OAuthDatastore
|
DB OAuthDatastore
|
||||||
Store sessions.Store
|
Store sessions.Store
|
||||||
EmailKey []byte
|
EmailKey []byte
|
||||||
oauthClient oauthClient
|
oauthClient oauthClient
|
||||||
|
oauthStateRegisterer *oauthStateRegisterer
|
||||||
}
|
}
|
||||||
|
|
||||||
func (h oauthHandler) viewOauthInit(app *App, w http.ResponseWriter, r *http.Request) error {
|
func (h oauthHandler) viewOauthInit(app *App, w http.ResponseWriter, r *http.Request) error {
|
||||||
|
@ -90,6 +101,13 @@ func (h oauthHandler) viewOauthInit(app *App, w http.ResponseWriter, r *http.Req
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return impart.HTTPError{http.StatusInternalServerError, "could not prepare oauth redirect url"}
|
return impart.HTTPError{http.StatusInternalServerError, "could not prepare oauth redirect url"}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if h.oauthStateRegisterer != nil {
|
||||||
|
if err := h.oauthStateRegisterer.register(ctx, state); err != nil {
|
||||||
|
return impart.HTTPError{http.StatusInternalServerError, "could not register state location"}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
location, err := h.oauthClient.buildLoginURL(state)
|
location, err := h.oauthClient.buildLoginURL(state)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return impart.HTTPError{http.StatusInternalServerError, "could not prepare oauth redirect url"}
|
return impart.HTTPError{http.StatusInternalServerError, "could not prepare oauth redirect url"}
|
||||||
|
@ -99,19 +117,36 @@ func (h oauthHandler) viewOauthInit(app *App, w http.ResponseWriter, r *http.Req
|
||||||
|
|
||||||
func configureSlackOauth(parentHandler *Handler, r *mux.Router, app *App) {
|
func configureSlackOauth(parentHandler *Handler, r *mux.Router, app *App) {
|
||||||
if app.Config().SlackOauth.ClientID != "" {
|
if app.Config().SlackOauth.ClientID != "" {
|
||||||
oauthClient := slackOauthClient{
|
var stateRegisterClient *oauthStateRegisterer = nil
|
||||||
ClientID: app.Config().SlackOauth.ClientID,
|
if app.Config().SlackOauth.StateRegisterLocation != "" {
|
||||||
ClientSecret: app.Config().SlackOauth.ClientSecret,
|
stateRegisterClient = &oauthStateRegisterer{
|
||||||
TeamID: app.Config().SlackOauth.TeamID,
|
location: app.Config().SlackOauth.StateRegisterLocation,
|
||||||
CallbackLocation: app.Config().App.Host + "/oauth/callback",
|
callbackLocation: app.Config().App.Host + "/oauth/callback",
|
||||||
HttpClient: config.DefaultHTTPClient(),
|
httpClient: config.DefaultHTTPClient(),
|
||||||
|
}
|
||||||
}
|
}
|
||||||
configureOauthRoutes(parentHandler, r, app, oauthClient)
|
oauthClient := slackOauthClient{
|
||||||
|
ClientID: app.Config().SlackOauth.ClientID,
|
||||||
|
ClientSecret: app.Config().SlackOauth.ClientSecret,
|
||||||
|
TeamID: app.Config().SlackOauth.TeamID,
|
||||||
|
HttpClient: config.DefaultHTTPClient(),
|
||||||
|
//CallbackLocation: app.Config().App.Host + "/oauth/callback",
|
||||||
|
CallbackLocation: "http://localhost:5000/callback",
|
||||||
|
}
|
||||||
|
configureOauthRoutes(parentHandler, r, app, oauthClient, stateRegisterClient)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func configureWriteAsOauth(parentHandler *Handler, r *mux.Router, app *App) {
|
func configureWriteAsOauth(parentHandler *Handler, r *mux.Router, app *App) {
|
||||||
if app.Config().WriteAsOauth.ClientID != "" {
|
if app.Config().WriteAsOauth.ClientID != "" {
|
||||||
|
var stateRegisterClient *oauthStateRegisterer = nil
|
||||||
|
if app.Config().WriteAsOauth.StateRegisterLocation != "" {
|
||||||
|
stateRegisterClient = &oauthStateRegisterer{
|
||||||
|
location: app.Config().WriteAsOauth.StateRegisterLocation,
|
||||||
|
callbackLocation: app.Config().App.Host + "/oauth/callback",
|
||||||
|
httpClient: config.DefaultHTTPClient(),
|
||||||
|
}
|
||||||
|
}
|
||||||
oauthClient := writeAsOauthClient{
|
oauthClient := writeAsOauthClient{
|
||||||
ClientID: app.Config().WriteAsOauth.ClientID,
|
ClientID: app.Config().WriteAsOauth.ClientID,
|
||||||
ClientSecret: app.Config().WriteAsOauth.ClientSecret,
|
ClientSecret: app.Config().WriteAsOauth.ClientSecret,
|
||||||
|
@ -119,19 +154,20 @@ func configureWriteAsOauth(parentHandler *Handler, r *mux.Router, app *App) {
|
||||||
InspectLocation: config.OrDefaultString(app.Config().WriteAsOauth.InspectLocation, writeAsIdentityLocation),
|
InspectLocation: config.OrDefaultString(app.Config().WriteAsOauth.InspectLocation, writeAsIdentityLocation),
|
||||||
AuthLocation: config.OrDefaultString(app.Config().WriteAsOauth.AuthLocation, writeAsAuthLocation),
|
AuthLocation: config.OrDefaultString(app.Config().WriteAsOauth.AuthLocation, writeAsAuthLocation),
|
||||||
HttpClient: config.DefaultHTTPClient(),
|
HttpClient: config.DefaultHTTPClient(),
|
||||||
CallbackLocation: app.Config().App.Host + "/oauth/callback",
|
CallbackLocation: "http://localhost:5000/callback",
|
||||||
}
|
}
|
||||||
configureOauthRoutes(parentHandler, r, app, oauthClient)
|
configureOauthRoutes(parentHandler, r, app, oauthClient, stateRegisterClient)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func configureOauthRoutes(parentHandler *Handler, r *mux.Router, app *App, oauthClient oauthClient) {
|
func configureOauthRoutes(parentHandler *Handler, r *mux.Router, app *App, oauthClient oauthClient, stateRegisterClient *oauthStateRegisterer) {
|
||||||
handler := &oauthHandler{
|
handler := &oauthHandler{
|
||||||
Config: app.Config(),
|
Config: app.Config(),
|
||||||
DB: app.DB(),
|
DB: app.DB(),
|
||||||
Store: app.SessionStore(),
|
Store: app.SessionStore(),
|
||||||
oauthClient: oauthClient,
|
oauthClient: oauthClient,
|
||||||
EmailKey: app.keys.EmailKey,
|
EmailKey: app.keys.EmailKey,
|
||||||
|
oauthStateRegisterer: stateRegisterClient,
|
||||||
}
|
}
|
||||||
r.HandleFunc("/oauth/"+oauthClient.GetProvider(), parentHandler.OAuth(handler.viewOauthInit)).Methods("GET")
|
r.HandleFunc("/oauth/"+oauthClient.GetProvider(), parentHandler.OAuth(handler.viewOauthInit)).Methods("GET")
|
||||||
r.HandleFunc("/oauth/callback", parentHandler.OAuth(handler.viewOauthCallback)).Methods("GET")
|
r.HandleFunc("/oauth/callback", parentHandler.OAuth(handler.viewOauthCallback)).Methods("GET")
|
||||||
|
@ -197,6 +233,29 @@ func (h oauthHandler) viewOauthCallback(app *App, w http.ResponseWriter, r *http
|
||||||
return h.showOauthSignupPage(app, w, r, tp, nil)
|
return h.showOauthSignupPage(app, w, r, tp, nil)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (r *oauthStateRegisterer) register(ctx context.Context, state string) error {
|
||||||
|
form := url.Values{}
|
||||||
|
form.Add("state", state)
|
||||||
|
form.Add("location", r.callbackLocation)
|
||||||
|
req, err := http.NewRequestWithContext(ctx, "POST", r.location, strings.NewReader(form.Encode()))
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
req.Header.Set("User-Agent", "writefreely")
|
||||||
|
req.Header.Set("Accept", "application/json")
|
||||||
|
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
|
||||||
|
|
||||||
|
resp, err := r.httpClient.Do(req)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if resp.StatusCode != http.StatusCreated {
|
||||||
|
return errors.New("register state and location")
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
func limitedJsonUnmarshal(body io.ReadCloser, n int, thing interface{}) error {
|
func limitedJsonUnmarshal(body io.ReadCloser, n int, thing interface{}) error {
|
||||||
lr := io.LimitReader(body, int64(n+1))
|
lr := io.LimitReader(body, int64(n+1))
|
||||||
data, err := ioutil.ReadAll(lr)
|
data, err := ioutil.ReadAll(lr)
|
||||||
|
|
|
@ -62,6 +62,10 @@ func (c slackOauthClient) GetClientID() string {
|
||||||
return c.ClientID
|
return c.ClientID
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (c slackOauthClient) GetCallbackLocation() string {
|
||||||
|
return c.CallbackLocation
|
||||||
|
}
|
||||||
|
|
||||||
func (c slackOauthClient) buildLoginURL(state string) (string, error) {
|
func (c slackOauthClient) buildLoginURL(state string) (string, error) {
|
||||||
u, err := url.Parse(slackAuthLocation)
|
u, err := url.Parse(slackAuthLocation)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
@ -34,6 +34,10 @@ func (c writeAsOauthClient) GetClientID() string {
|
||||||
return c.ClientID
|
return c.ClientID
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (c writeAsOauthClient) GetCallbackLocation() string {
|
||||||
|
return c.CallbackLocation
|
||||||
|
}
|
||||||
|
|
||||||
func (c writeAsOauthClient) buildLoginURL(state string) (string, error) {
|
func (c writeAsOauthClient) buildLoginURL(state string) (string, error) {
|
||||||
u, err := url.Parse(c.AuthLocation)
|
u, err := url.Parse(c.AuthLocation)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
Loading…
Reference in New Issue