Merge branch 'feature/auth_gitea' of meutel/go-bouquins into master

2019-09-08 09:33:24 +00:00 · 2019-09-08 09:33:24 +00:00 · 7f8165e72b
parent 23fec6721c 903dc45917
commit 7f8165e72b
7 changed files with 283 additions and 14 deletions
--- a/assets/css/bouquins.css
+++ b/assets/css/bouquins.css
@ -12,3 +12,7 @@ span.providericon {
 .googleicon {
  background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAMAAABEpIrGAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JgAAgIQAAPoAAACA6AAAdTAAAOpgAAA6mAAAF3CculE8AAAB1FBMVEUAAAD/AADsQzXrQzbqQzXpRDTqQzXqQjXqQzXqRDToRjbqQzXqQzXqQzXqRDXrRTHxRznqQzXpQzXqQzXpQzTjOTnrQTTqQzXqQzToRDPpQjfqQzXqQzXpQzbsRDjqQzXoRDfqQzXqQzXrQzXqRDXqQjXqQzbqQzXqQzXqQzTsQjn/rxDqRDTqQzXqRDXoRjr8vAX5sQrsTDHrQjT//wD7vAT7ugbvZif6vgX1jRjqQzX7vAT5sAo/jss9kb77uwRAieH6vQX6vQX6vAX6vQVBiOnkuA4/i9r6vAWstCQ1qVI3pFI9k7E+j8n4vAZvrT00qFM0p1M/jso+lLn8vAXkug1CqU00qFQ8lK45l6ffvxg3qFI0qFM9lqpBieU/jc00qFQzqFM1p09An2A0plk/jdA5lqwtpVo0qFM0qFM1qVQ1qFM1p1I0p1IzqVI1qFM1qFM+j8gzplM0qFNAi91Cl6o1qVM0qFM/jNQ7m602qFE0qFM1qFMxpVI0qVM0qFM0qFM0qFQktkk4p1A0qFM0qVM0qVMzo1IA/wA2p1M0qFIzqFIzp1QzqFI0p1PqQzX7vAVChfRChu9BhvA0qFNChfJBhfM1p1o9krs5mpQ3oHf////8WgVEAAAAj3RSTlMAATVylKafh24xIZXl5o8aEpD5940JJ9nWLUby8Tkp8Dje+rt8YF/7/pwbIOX2VhaV58xZAeP7xTfK63Kv47x8+6VgpGH+sfU1y+wcfd/7xv6d36SU6NJYYjEg5fdL/OePnx0IcPxQEdz7vX5gXXOl7tko8PgbRPH6OCbYzB+O+PaJByCT4+YZATRwpIZtMQ4TRwgAAAABYktHRJvv2FeEAAAAB3RJTUUH4QgKAjghFnOx6QAAAWBJREFUOMtjYCABMDIxs7CysXNwMmKV5uLm6YcCXj5+DGkBQaF+JCAsIooqLybejwYkJJHlpaTR5ftlZJHk5eQx5RWQ7VeEiiopq6iqqSiro+lnEIRIa2hqQf3DiqKfQVsHLK+rhxDSR/GBgaERSL8xrvAzMZ1gZq7Rr4kzgC0mAIGllRZOBdYgBRNsYFxbZGAHdgJYgT1MwURk4AAScQQrcMKqYBJIxBmswAWrgsmErHBFONINqwJ3kIgHSN7TyxvVbz5gBb7QgPLzD5gSiKogCKwgGMwOCQ2bMmVKQDiyfMRUkPy0SDAnKnoKCMQgqYiNAxsQD+UmgBVMCUhMgvCTU1LB8lPToArSMyAqpmRmZefk5uUXTJk+A6SgEG5iUfEUdDBz8sSSUoSdZeUYKmZVVCK7uqoaXUFNLaq/0+vqkaUbGpsw0kVzSytMui2hHWvS6ejsaulO7Ont6yAlywMAh+DsfszQdOIAAAAldEVYdGRhdGU6Y3JlYXRlADIwMTctMDgtMTBUMDI6NTY6MzMrMDA6MDAy1cN5AAAAJXRFWHRkYXRlOm1vZGlmeQAyMDE3LTA4LTEwVDAyOjU2OjMzKzAwOjAwQ4h7xQAAAABJRU5ErkJggg==);
 }
+
+.giteaicon {
+  background-image: url(./gitea.svg);
+}
--- a/assets/css/gitea.svg
+++ b/assets/css/gitea.svg
@ -0,0 +1,160 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:dc="http://purl.org/dc/elements/1.1/"
+   xmlns:cc="http://creativecommons.org/ns#"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   width="512"
+   height="512"
+   viewBox="0 0 135.46667 135.46667"
+   version="1.1"
+   id="svg8"
+   sodipodi:docname="logo.svg"
+   inkscape:version="0.92.1 r15371"
+   inkscape:export-filename=""
+   inkscape:export-xdpi="48.000004"
+   inkscape:export-ydpi="48.000004">
+  <defs
+     id="defs2" />
+  <sodipodi:namedview
+     id="base"
+     pagecolor="#ffffff"
+     bordercolor="#666666"
+     borderopacity="1.0"
+     inkscape:pageopacity="0"
+     inkscape:pageshadow="2"
+     inkscape:zoom="0.70710678"
+     inkscape:cx="418.13805"
+     inkscape:cy="177.57445"
+     inkscape:document-units="mm"
+     inkscape:current-layer="layer2"
+     showgrid="false"
+     units="px"
+     width="256px"
+     showguides="false"
+     inkscape:window-width="1920"
+     inkscape:window-height="1137"
+     inkscape:window-x="1912"
+     inkscape:window-y="-8"
+     inkscape:window-maximized="1"
+     inkscape:pagecheckerboard="false"
+     inkscape:measure-start="283.373,243.952"
+     inkscape:measure-end="290.267,236.527">
+    <sodipodi:guide
+       position="0,0"
+       orientation="0,512"
+       id="guide3699"
+       inkscape:locked="false" />
+    <sodipodi:guide
+       position="135.46667,0"
+       orientation="-512,0"
+       id="guide3701"
+       inkscape:locked="false" />
+    <sodipodi:guide
+       position="135.46667,135.46667"
+       orientation="0,-512"
+       id="guide3703"
+       inkscape:locked="false" />
+    <sodipodi:guide
+       position="0,135.46667"
+       orientation="512,0"
+       id="guide3705"
+       inkscape:locked="false" />
+  </sodipodi:namedview>
+  <metadata
+     id="metadata5">
+    <rdf:RDF>
+      <cc:Work
+         rdf:about="">
+        <dc:format>image/svg+xml</dc:format>
+        <dc:type
+           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+        <dc:title></dc:title>
+      </cc:Work>
+    </rdf:RDF>
+  </metadata>
+  <g
+     inkscape:label="Layer 1"
+     inkscape:groupmode="layer"
+     id="layer1"
+     transform="translate(0,-161.53334)"
+     style="display:inline">
+    <path
+       style="fill:#609926;fill-opacity:1;stroke:#428f29;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;stroke-miterlimit:4;stroke-dasharray:none"
+       d="m 27.709937,195.15095 c -9.546573,-0.0272 -22.3392732,6.79805 -21.6317552,23.90397 1.105534,26.72889 25.4565952,29.20839 35.1916502,29.42301 1.068023,5.01357 12.521798,22.30563 21.001818,23.21667 h 37.15277 c 22.27763,-1.66785 38.9607,-75.75671 26.59321,-76.03825 -46.781583,2.47691 -49.995146,2.13838 -88.599758,0 -2.495053,-0.0266 -5.972321,-0.49474 -9.707935,-0.5054 z m 2.491319,9.45886 c 1.351378,13.69267 3.555849,21.70359 8.018216,33.94345 -11.382872,-1.50473 -21.069822,-5.22443 -22.851515,-19.10984 -0.950962,-7.4112 2.390428,-15.16769 14.833299,-14.83361 z"
+       id="path3722"
+       inkscape:connector-curvature="0"
+       sodipodi:nodetypes="sscccccsccsc" />
+  </g>
+  <g
+     inkscape:groupmode="layer"
+     id="layer2"
+     inkscape:label="Layer 2"
+     style="display:inline">
+    <rect
+       style="display:inline;fill:#ffffff;fill-opacity:1;stroke:none;stroke-width:0.24757317;stroke-opacity:1"
+       id="rect4599"
+       width="34.762054"
+       height="34.762054"
+       x="87.508659"
+       y="18.291576"
+       transform="rotate(25.914715)"
+       ry="5.4825778" />
+    <path
+       style="display:inline;fill:#ffffff;fill-opacity:1;stroke:none;stroke-width:0.26644793px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+       d="m 79.804947,57.359056 3.241146,1.609954 V 35.255731 h -3.262698 z"
+       id="path4525"
+       inkscape:connector-curvature="0"
+       sodipodi:nodetypes="ccccc" />
+  </g>
+  <g
+     inkscape:groupmode="layer"
+     id="layer3"
+     inkscape:label="Layer 3"
+     style="display:inline">
+    <g
+       style="display:inline"
+       id="g4539">
+      <circle
+         transform="rotate(-19.796137)"
+         r="3.4745038"
+         cy="90.077766"
+         cx="49.064713"
+         id="path4606"
+         style="fill:#609926;fill-opacity:1;stroke:none;stroke-width:0.26458332;stroke-opacity:1" />
+      <circle
+         transform="rotate(-19.796137)"
+         r="3.4745038"
+         cy="102.1049"
+         cx="36.810425"
+         id="path4606-3"
+         style="fill:#609926;fill-opacity:1;stroke:none;stroke-width:0.26458332;stroke-opacity:1" />
+      <circle
+         transform="rotate(-19.796137)"
+         r="3.4745038"
+         cy="111.43928"
+         cx="46.484283"
+         id="path4606-1"
+         style="fill:#609926;fill-opacity:1;stroke:none;stroke-width:0.26458332;stroke-opacity:1" />
+      <rect
+         transform="rotate(26.024158)"
+         y="18.061695"
+         x="97.333458"
+         height="27.261492"
+         width="2.6726954"
+         id="rect4629-8"
+         style="fill:#609926;fill-opacity:1;stroke:none;stroke-width:0.27444693;stroke-opacity:1" />
+      <path
+         sodipodi:nodetypes="cc"
+         inkscape:connector-curvature="0"
+         id="path4514"
+         d="m 76.558096,68.116343 c 12.97589,6.395378 13.012989,4.101862 4.890858,20.907244"
+         style="fill:none;stroke:#609926;stroke-width:2.68000007;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
+    </g>
+  </g>
+</svg>
--- a/bouquins/auth.go
+++ b/bouquins/auth.go
@ -33,18 +33,35 @@ type LoginModel struct {

 // NewLoginModel constructor for LoginModel
 func (app *Bouquins) NewLoginModel(req *http.Request) *LoginModel {
-	return &LoginModel{*app.NewModel("Authentification", "provider", req), Providers}
+	var configured []OAuth2Provider
+	for _, p := range Providers {
+		for _, provConf := range app.Conf.ProvidersConf {
+			if provConf.Name == p.Name() {
+				configured = append(configured, p)
+			}
+		}
+	}
+	return &LoginModel{*app.NewModel("Authentification", "provider", req), configured}
 }

 // OAuth2Provider allows to get a user from an OAuth2 token
 type OAuth2Provider interface {
-	GetUser(token *oauth2.Token) (string, error)
+	GetUser(app *Bouquins, token *oauth2.Token) (string, error)
 	Config(conf *Conf) *oauth2.Config
 	Name() string
 	Label() string
 	Icon() string
 }

+func findProvider(name string) OAuth2Provider {
+	for _, p := range Providers {
+		if p.Name() == name {
+			return p
+		}
+	}
+	return nil
+}
+
 // generates a 16 characters long random string
 func securedRandString() string {
 	b := make([]byte, 16)
@ -123,7 +140,7 @@ func (app *Bouquins) CallbackPage(res http.ResponseWriter, req *http.Request) er
 	if err != nil {
 		return fmt.Errorf("Code exchange failed with '%s'", err)
 	}
-	userEmail, err := provider.GetUser(token)
+	userEmail, err := provider.GetUser(app, token)
 	if err != nil {
 		return err
 	}
--- a/bouquins/bouquins.go
+++ b/bouquins/bouquins.go
@ -85,6 +85,9 @@ type ProviderConf struct {
 	Name         string `json:"name"`
 	ClientID     string `json:"client-id"`
 	ClientSecret string `json:"client-secret"`
+	AuthURL      string `json:"auth-url"`
+	TokenURL     string `json:"token-url"`
+	ProfileURL   string `json:"profile-url"`
 }

 // Bouquins contains application common resources: templates, database
--- a/bouquins/gitea.go
+++ b/bouquins/gitea.go
@ -0,0 +1,94 @@
+package bouquins
+
+import (
+	"encoding/json"
+	"fmt"
+	"log"
+	"net/http"
+
+	"golang.org/x/oauth2"
+)
+
+// GithubProvider implements OAuth2 client with github.com
+type GiteaProvider string
+
+type giteaProfile struct {
+	AvatarURL string `json:"avatar_url"`
+	Created   string `json:"created"`
+	Email     string `json:"email"`
+	FullName  string `json:"full_name"`
+	ID        int64  `json:"id"`
+	IsAdmin   bool   `json:"is_admin"`
+	Language  string `json:"language"`
+	LastLogin string `json:"last_login"`
+	Login     string `json:"login"`
+}
+
+func init() {
+	Providers = append(Providers, GiteaProvider("gitea"))
+}
+
+// Name returns name of provider
+func (p GiteaProvider) Name() string {
+	return string(p)
+}
+
+// Label returns label of provider
+func (p GiteaProvider) Label() string {
+	return "Gitea"
+}
+
+// ProfileURL returns redirect URL for oauth2 auth
+func (p GiteaProvider) ProfileURL(conf *Conf) string {
+	for _, c := range conf.ProvidersConf {
+		if c.Name == p.Name() {
+			return c.ProfileURL
+		}
+	}
+	return ""
+}
+
+// Icon returns icon CSS class for provider
+func (p GiteaProvider) Icon() string {
+	return "giteaicon"
+}
+
+// Config returns OAuth configuration for this provider
+func (p GiteaProvider) Config(conf *Conf) *oauth2.Config {
+	for _, c := range conf.ProvidersConf {
+		if c.Name == p.Name() {
+			return &oauth2.Config{
+				ClientID:     c.ClientID,
+				ClientSecret: c.ClientSecret,
+				RedirectURL:  conf.ExternalURL + "/callback",
+				Endpoint:     oauth2.Endpoint{c.AuthURL, c.TokenURL, oauth2.AuthStyleAutoDetect},
+			}
+		}
+	}
+	return nil
+}
+
+// GetUser returns github primary email
+func (p GiteaProvider) GetUser(app *Bouquins, token *oauth2.Token) (string, error) {
+	apiReq, err := http.NewRequest("GET", p.ProfileURL(app.Conf), nil)
+	apiReq.Header.Add("Accept", "application/json")
+	apiReq.Header.Add("Authorization", "token "+token.AccessToken)
+	client := &http.Client{}
+	response, err := client.Do(apiReq)
+	defer response.Body.Close()
+	if err != nil {
+		log.Println("Auth error", err)
+		return "", fmt.Errorf("Authentification error")
+	}
+
+	dec := json.NewDecoder(response.Body)
+	var profile giteaProfile
+	err = dec.Decode(&profile)
+	if err != nil {
+		log.Printf("Error reading %s API response %v", p.Name(), err)
+		return "", fmt.Errorf("Error reading %s API response", p.Name())
+	}
+	userEmail := profile.Email
+	log.Println("User email:", userEmail)
+	return userEmail, nil
+}
--- a/bouquins/github.go
+++ b/bouquins/github.go
@ -55,7 +55,7 @@ func (p GithubProvider) Config(conf *Conf) *oauth2.Config {
 }

 // GetUser returns github primary email
-func (p GithubProvider) GetUser(token *oauth2.Token) (string, error) {
+func (p GithubProvider) GetUser(app *Bouquins, token *oauth2.Token) (string, error) {
 	apiReq, err := http.NewRequest("GET", "https://api.github.com/user/emails", nil)
 	apiReq.Header.Add("Accept", "application/vnd.github.v3+json")
 	apiReq.Header.Add("Authorization", "token "+token.AccessToken)
@ -83,12 +83,3 @@ func (p GithubProvider) GetUser(token *oauth2.Token) (string, error) {
 	log.Println("User email:", userEmail)
 	return userEmail, nil
 }
-
-func findProvider(name string) OAuth2Provider {
-	for _, p := range Providers {
-		if p.Name() == name {
-			return p
-		}
-	}
-	return nil
-}
--- a/bouquins/google.go
+++ b/bouquins/google.go
@ -60,7 +60,7 @@ func (p GoogleProvider) Config(conf *Conf) *oauth2.Config {
 }

 // GetUser returns github primary email
-func (p GoogleProvider) GetUser(token *oauth2.Token) (string, error) {
+func (p GoogleProvider) GetUser(app *Bouquins, token *oauth2.Token) (string, error) {
 	apiRes, err := http.Post("https://www.googleapis.com/oauth2/v2/tokeninfo?access_token="+token.AccessToken, "application/json", nil)
 	defer apiRes.Body.Close()
 	if err != nil {