Writefreely
/
writefreely
mirror of https://github.com/writeas/writefreely
1
0
Fork 0
Code Issues Releases Wiki Activity

Added state location register hook. T712.

This commit is contained in:
Nick Gerakines 2020-01-07 15:22:25 -05:00
parent 77e0126808
commit 28cf4dd5f5
4 changed files with 97 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
config/config.go
View File

@ -59,17 +59,19 @@ type (
} }
WriteAsOauthCfg struct { WriteAsOauthCfg struct {
ClientID string `ini:"client_id"` ClientID string `ini:"client_id"`
ClientSecret string `ini:"client_secret"` ClientSecret string `ini:"client_secret"`
AuthLocation string `ini:"auth_location"` AuthLocation string `ini:"auth_location"`
TokenLocation string `ini:"token_location"` TokenLocation string `ini:"token_location"`
InspectLocation string `ini:"inspect_location"` InspectLocation string `ini:"inspect_location"`
StateRegisterLocation string `ini:"state_register_location"`
} }
SlackOauthCfg struct { SlackOauthCfg struct {
ClientID string `ini:"client_id"` ClientID string `ini:"client_id"`
ClientSecret string `ini:"client_secret"` ClientSecret string `ini:"client_secret"`
TeamID string `ini:"team_id"` TeamID string `ini:"team_id"`
StateRegisterLocation string `ini:"state_register_location"`
} }
// AppCfg holds values that affect how the application functions // AppCfg holds values that affect how the application functions

99
oauth.go
View File

@ -3,6 +3,7 @@ package writefreely
import ( import (
"context" "context"
"encoding/json" "encoding/json"
"errors"
"fmt" "fmt"
"github.com/gorilla/mux" "github.com/gorilla/mux"
"github.com/gorilla/sessions" "github.com/gorilla/sessions"
@ -12,6 +13,8 @@ import (
"io" "io"
"io/ioutil" "io/ioutil"
"net/http" "net/http"
"net/url"
"strings"
"time" "time"
) )
@ -71,17 +74,25 @@ type HttpClient interface {
type oauthClient interface { type oauthClient interface {
GetProvider() string GetProvider() string
GetClientID() string GetClientID() string
GetCallbackLocation() string
buildLoginURL(state string) (string, error) buildLoginURL(state string) (string, error)
exchangeOauthCode(ctx context.Context, code string) (*TokenResponse, error) exchangeOauthCode(ctx context.Context, code string) (*TokenResponse, error)
inspectOauthAccessToken(ctx context.Context, accessToken string) (*InspectResponse, error) inspectOauthAccessToken(ctx context.Context, accessToken string) (*InspectResponse, error)
} }
type oauthStateRegisterer struct {
location string
callbackLocation string
httpClient HttpClient
}
type oauthHandler struct { type oauthHandler struct {
Config *config.Config Config *config.Config
DB OAuthDatastore DB OAuthDatastore
Store sessions.Store Store sessions.Store
EmailKey []byte EmailKey []byte
oauthClient oauthClient oauthClient oauthClient
oauthStateRegisterer *oauthStateRegisterer
} }
func (h oauthHandler) viewOauthInit(app *App, w http.ResponseWriter, r *http.Request) error { func (h oauthHandler) viewOauthInit(app *App, w http.ResponseWriter, r *http.Request) error {
@ -90,6 +101,13 @@ func (h oauthHandler) viewOauthInit(app *App, w http.ResponseWriter, r *http.Req
if err != nil { if err != nil {
return impart.HTTPError{http.StatusInternalServerError, "could not prepare oauth redirect url"} return impart.HTTPError{http.StatusInternalServerError, "could not prepare oauth redirect url"}
} }
if h.oauthStateRegisterer != nil {
if err := h.oauthStateRegisterer.register(ctx, state); err != nil {
return impart.HTTPError{http.StatusInternalServerError, "could not register state location"}
}
}
location, err := h.oauthClient.buildLoginURL(state) location, err := h.oauthClient.buildLoginURL(state)
if err != nil { if err != nil {
return impart.HTTPError{http.StatusInternalServerError, "could not prepare oauth redirect url"} return impart.HTTPError{http.StatusInternalServerError, "could not prepare oauth redirect url"}
@ -99,19 +117,36 @@ func (h oauthHandler) viewOauthInit(app *App, w http.ResponseWriter, r *http.Req
func configureSlackOauth(parentHandler *Handler, r *mux.Router, app *App) { func configureSlackOauth(parentHandler *Handler, r *mux.Router, app *App) {
if app.Config().SlackOauth.ClientID != "" { if app.Config().SlackOauth.ClientID != "" {
oauthClient := slackOauthClient{ var stateRegisterClient *oauthStateRegisterer = nil
ClientID: app.Config().SlackOauth.ClientID, if app.Config().SlackOauth.StateRegisterLocation != "" {
ClientSecret: app.Config().SlackOauth.ClientSecret, stateRegisterClient = &oauthStateRegisterer{
TeamID: app.Config().SlackOauth.TeamID, location: app.Config().SlackOauth.StateRegisterLocation,
CallbackLocation: app.Config().App.Host + "/oauth/callback", callbackLocation: app.Config().App.Host + "/oauth/callback",
HttpClient: config.DefaultHTTPClient(), httpClient: config.DefaultHTTPClient(),
}
} }
configureOauthRoutes(parentHandler, r, app, oauthClient) oauthClient := slackOauthClient{
ClientID: app.Config().SlackOauth.ClientID,
ClientSecret: app.Config().SlackOauth.ClientSecret,
TeamID: app.Config().SlackOauth.TeamID,
HttpClient: config.DefaultHTTPClient(),
//CallbackLocation: app.Config().App.Host + "/oauth/callback",
CallbackLocation: "http://localhost:5000/callback",
}
configureOauthRoutes(parentHandler, r, app, oauthClient, stateRegisterClient)
} }
} }
func configureWriteAsOauth(parentHandler *Handler, r *mux.Router, app *App) { func configureWriteAsOauth(parentHandler *Handler, r *mux.Router, app *App) {
if app.Config().WriteAsOauth.ClientID != "" { if app.Config().WriteAsOauth.ClientID != "" {
var stateRegisterClient *oauthStateRegisterer = nil
if app.Config().WriteAsOauth.StateRegisterLocation != "" {
stateRegisterClient = &oauthStateRegisterer{
location: app.Config().WriteAsOauth.StateRegisterLocation,
callbackLocation: app.Config().App.Host + "/oauth/callback",
httpClient: config.DefaultHTTPClient(),
}
}
oauthClient := writeAsOauthClient{ oauthClient := writeAsOauthClient{
ClientID: app.Config().WriteAsOauth.ClientID, ClientID: app.Config().WriteAsOauth.ClientID,
ClientSecret: app.Config().WriteAsOauth.ClientSecret, ClientSecret: app.Config().WriteAsOauth.ClientSecret,
@ -119,19 +154,20 @@ func configureWriteAsOauth(parentHandler *Handler, r *mux.Router, app *App) {
InspectLocation: config.OrDefaultString(app.Config().WriteAsOauth.InspectLocation, writeAsIdentityLocation), InspectLocation: config.OrDefaultString(app.Config().WriteAsOauth.InspectLocation, writeAsIdentityLocation),
AuthLocation: config.OrDefaultString(app.Config().WriteAsOauth.AuthLocation, writeAsAuthLocation), AuthLocation: config.OrDefaultString(app.Config().WriteAsOauth.AuthLocation, writeAsAuthLocation),
HttpClient: config.DefaultHTTPClient(), HttpClient: config.DefaultHTTPClient(),
CallbackLocation: app.Config().App.Host + "/oauth/callback", CallbackLocation: "http://localhost:5000/callback",
} }
configureOauthRoutes(parentHandler, r, app, oauthClient) configureOauthRoutes(parentHandler, r, app, oauthClient, stateRegisterClient)
} }
} }
func configureOauthRoutes(parentHandler *Handler, r *mux.Router, app *App, oauthClient oauthClient) { func configureOauthRoutes(parentHandler *Handler, r *mux.Router, app *App, oauthClient oauthClient, stateRegisterClient *oauthStateRegisterer) {
handler := &oauthHandler{ handler := &oauthHandler{
Config: app.Config(), Config: app.Config(),
DB: app.DB(), DB: app.DB(),
Store: app.SessionStore(), Store: app.SessionStore(),
oauthClient: oauthClient, oauthClient: oauthClient,
EmailKey: app.keys.EmailKey, EmailKey: app.keys.EmailKey,
oauthStateRegisterer: stateRegisterClient,
} }
r.HandleFunc("/oauth/"+oauthClient.GetProvider(), parentHandler.OAuth(handler.viewOauthInit)).Methods("GET") r.HandleFunc("/oauth/"+oauthClient.GetProvider(), parentHandler.OAuth(handler.viewOauthInit)).Methods("GET")
r.HandleFunc("/oauth/callback", parentHandler.OAuth(handler.viewOauthCallback)).Methods("GET") r.HandleFunc("/oauth/callback", parentHandler.OAuth(handler.viewOauthCallback)).Methods("GET")
@ -197,6 +233,29 @@ func (h oauthHandler) viewOauthCallback(app *App, w http.ResponseWriter, r *http
return h.showOauthSignupPage(app, w, r, tp, nil) return h.showOauthSignupPage(app, w, r, tp, nil)
} }
func (r *oauthStateRegisterer) register(ctx context.Context, state string) error {
form := url.Values{}
form.Add("state", state)
form.Add("location", r.callbackLocation)
req, err := http.NewRequestWithContext(ctx, "POST", r.location, strings.NewReader(form.Encode()))
if err != nil {
return err
}
req.Header.Set("User-Agent", "writefreely")
req.Header.Set("Accept", "application/json")
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
resp, err := r.httpClient.Do(req)
if err != nil {
return err
}
if resp.StatusCode != http.StatusCreated {
return errors.New("register state and location")
}
return nil
}
func limitedJsonUnmarshal(body io.ReadCloser, n int, thing interface{}) error { func limitedJsonUnmarshal(body io.ReadCloser, n int, thing interface{}) error {
lr := io.LimitReader(body, int64(n+1)) lr := io.LimitReader(body, int64(n+1))
data, err := ioutil.ReadAll(lr) data, err := ioutil.ReadAll(lr)

4
oauth_slack.go
View File

@ -62,6 +62,10 @@ func (c slackOauthClient) GetClientID() string {
return c.ClientID return c.ClientID
} }
func (c slackOauthClient) GetCallbackLocation() string {
return c.CallbackLocation
}
func (c slackOauthClient) buildLoginURL(state string) (string, error) { func (c slackOauthClient) buildLoginURL(state string) (string, error) {
u, err := url.Parse(slackAuthLocation) u, err := url.Parse(slackAuthLocation)
if err != nil { if err != nil {

4
oauth_writeas.go
View File

@ -34,6 +34,10 @@ func (c writeAsOauthClient) GetClientID() string {
return c.ClientID return c.ClientID
} }
func (c writeAsOauthClient) GetCallbackLocation() string {
return c.CallbackLocation
}
func (c writeAsOauthClient) buildLoginURL(state string) (string, error) { func (c writeAsOauthClient) buildLoginURL(state string) (string, error) {
u, err := url.Parse(c.AuthLocation) u, err := url.Parse(c.AuthLocation)
if err != nil { if err != nil {