Refactoring: move auth logic in auth.go

2017-09-08 18:19:31 +02:00 · 2017-09-08 18:19:31 +02:00 · 893daeab71
parent 2909754be4
commit 893daeab71
2 changed files with 118 additions and 106 deletions
--- a/bouquins/auth.go
+++ b/bouquins/auth.go
@ -0,0 +1,118 @@
+package bouquins
+
+import (
+	"encoding/json"
+	"fmt"
+	"log"
+	"math/rand"
+	"net/http"
+
+	"github.com/gorilla/sessions"
+	"golang.org/x/oauth2"
+)
+
+const (
+	alphanums         = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
+	sessionName       = "bouquins"
+	sessionOAuthState = "oauthState"
+	sessionUser       = "username"
+)
+
+// generates a 16 characters long random string
+func securedRandString() string {
+	b := make([]byte, 16)
+	for i := range b {
+		b[i] = alphanums[rand.Intn(len(alphanums))]
+	}
+	return string(b)
+}
+
+// current session
+func (app *Bouquins) Session(req *http.Request) *sessions.Session {
+	session, _ := app.Cookies.Get(req, sessionName)
+	return session
+}
+
+// logged in username
+func (app *Bouquins) Username(req *http.Request) string {
+	username := app.Session(req).Values[sessionUser]
+	if username != nil {
+		return username.(string)
+	}
+	return ""
+}
+
+// sets value in session
+func (app *Bouquins) SessionSet(name string, value string, res http.ResponseWriter, req *http.Request) {
+	session := app.Session(req)
+	session.Values[name] = value
+	session.Save(req, res)
+}
+
+// LoginPage redirects to OAuth login page (github)
+func (app *Bouquins) LoginPage(res http.ResponseWriter, req *http.Request) error {
+	// TODO choose provider
+	state := securedRandString()
+	app.SessionSet(sessionOAuthState, state, res, req)
+	url := app.OAuthConf.AuthCodeURL(state)
+	http.Redirect(res, req, url, http.StatusTemporaryRedirect)
+	return nil
+}
+
+// LogoutPage logout connected user
+func (app *Bouquins) LogoutPage(res http.ResponseWriter, req *http.Request) error {
+	app.SessionSet(sessionUser, "", res, req)
+	return RedirectHome(res, req)
+}
+
+// CallbackPage handle OAuth 2 callback
+func (app *Bouquins) CallbackPage(res http.ResponseWriter, req *http.Request) error {
+	savedState := app.Session(req).Values[sessionOAuthState]
+	if savedState == "" {
+		return fmt.Errorf("missing saved oauth state")
+	}
+	app.SessionSet(sessionOAuthState, "", res, req)
+	state := req.FormValue("state")
+	if state != savedState {
+		return fmt.Errorf("invalid oauth state, expected '%s', got '%s'", "state", state)
+	}
+	code := req.FormValue("code")
+	token, err := app.OAuthConf.Exchange(oauth2.NoContext, code)
+	if err != nil {
+		return fmt.Errorf("Code exchange failed with '%s'", err)
+	}
+	apiReq, err := http.NewRequest("GET", "https://api.github.com/user/emails", nil)
+	apiReq.Header.Add("Accept", "application/vnd.github.v3+json")
+	apiReq.Header.Add("Authorization", "token "+token.AccessToken)
+	client := &http.Client{}
+	response, err := client.Do(apiReq)
+	defer response.Body.Close()
+	if err != nil {
+		log.Println("Auth error", err)
+		return fmt.Errorf("Authentification error")
+	}
+
+	dec := json.NewDecoder(response.Body)
+	var emails []GitHubEmail
+	err = dec.Decode(&emails)
+	if err != nil {
+		log.Println("Error reading github API response", err)
+		return fmt.Errorf("Error reading github API response")
+	}
+	fmt.Printf("Content: %s\n", emails)
+	var userEmail string
+	for _, email := range emails {
+		if email.Primary && email.Verified {
+			userEmail = email.Email
+		}
+	}
+	log.Println("User email:", userEmail)
+	// FIXME list allowed users
+	if userEmail == "meutel+github@meutel.net" {
+		app.SessionSet(sessionUser, "Meutel", res, req)
+		log.Println("User logged in", userEmail)
+		return RedirectHome(res, req)
+	} else {
+		return fmt.Errorf("Unknown user")
+	}
+}
--- a/bouquins/bouquins.go
+++ b/bouquins/bouquins.go
@ -7,7 +7,6 @@ import (
 	"fmt"
 	"html/template"
 	"log"
-	"math/rand"
 	"net/http"
 	"net/url"
 	"strconv"
@ -22,11 +21,6 @@ import (
 const (
 	Version = "master"

-	alphanums         = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
-	sessionName       = "bouquins"
-	sessionOAuthState = "oauthState"
-	sessionUser       = "username"
-
 	tplBooks   = "book.html"
 	tplAuthors = "author.html"
 	tplSeries  = "series.html"
@ -291,37 +285,6 @@ func RedirectHome(res http.ResponseWriter, req *http.Request) error {
 	return nil
 }

-// generates a 16 characters long random string
-func securedRandString() string {
-	b := make([]byte, 16)
-	for i := range b {
-		b[i] = alphanums[rand.Intn(len(alphanums))]
-	}
-	return string(b)
-}
-
-// current session
-func (app *Bouquins) Session(req *http.Request) *sessions.Session {
-	session, _ := app.Cookies.Get(req, sessionName)
-	return session
-}
-
-// logged in username
-func (app *Bouquins) Username(req *http.Request) string {
-	username := app.Session(req).Values[sessionUser]
-	if username != nil {
-		return username.(string)
-	}
-	return ""
-}
-
-// sets value in session
-func (app *Bouquins) SessionSet(name string, value string, res http.ResponseWriter, req *http.Request) {
-	session := app.Session(req)
-	session.Values[name] = value
-	session.Save(req, res)
-}
-
 // output page with template
 func (app *Bouquins) render(res http.ResponseWriter, tpl string, model interface{}) error {
 	return app.Tpl.ExecuteTemplate(res, tpl, model)
@ -489,77 +452,8 @@ func (app *Bouquins) AboutPage(res http.ResponseWriter, req *http.Request) error
 	return app.render(res, tplAbout, app.NewModel("A propos", "about", req))
 }

-// LoginPage redirects to OAuth login page (github)
-func (app *Bouquins) LoginPage(res http.ResponseWriter, req *http.Request) error {
-	// TODO choose provider
-	state := securedRandString()
-	app.SessionSet(sessionOAuthState, state, res, req)
-	url := app.OAuthConf.AuthCodeURL(state)
-	http.Redirect(res, req, url, http.StatusTemporaryRedirect)
-	return nil
-}
-
-// LogoutPage logout connected user
-func (app *Bouquins) LogoutPage(res http.ResponseWriter, req *http.Request) error {
-	app.SessionSet(sessionUser, "", res, req)
-	return RedirectHome(res, req)
-}
-
-// CallbackPage handle OAuth 2 callback
-func (app *Bouquins) CallbackPage(res http.ResponseWriter, req *http.Request) error {
-	savedState := app.Session(req).Values[sessionOAuthState]
-	if savedState == "" {
-		return fmt.Errorf("missing saved oauth state")
-	}
-	app.SessionSet(sessionOAuthState, "", res, req)
-	state := req.FormValue("state")
-	if state != savedState {
-		return fmt.Errorf("invalid oauth state, expected '%s', got '%s'", "state", state)
-	}
-	code := req.FormValue("code")
-	token, err := app.OAuthConf.Exchange(oauth2.NoContext, code)
-	if err != nil {
-		return fmt.Errorf("Code exchange failed with '%s'", err)
-	}
-	apiReq, err := http.NewRequest("GET", "https://api.github.com/user/emails", nil)
-	apiReq.Header.Add("Accept", "application/vnd.github.v3+json")
-	apiReq.Header.Add("Authorization", "token "+token.AccessToken)
-	client := &http.Client{}
-	response, err := client.Do(apiReq)
-	defer response.Body.Close()
-	if err != nil {
-		log.Println("Auth error", err)
-		return fmt.Errorf("Authentification error")
-	}
-
-	dec := json.NewDecoder(response.Body)
-	var emails []GitHubEmail
-	err = dec.Decode(&emails)
-	if err != nil {
-		log.Println("Error reading github API response", err)
-		return fmt.Errorf("Error reading github API response")
-	}
-	fmt.Printf("Content: %s\n", emails)
-	var userEmail string
-	for _, email := range emails {
-		if email.Primary && email.Verified {
-			userEmail = email.Email
-		}
-	}
-	log.Println("User email:", userEmail)
-	// FIXME list allowed users
-	if userEmail == "meutel+github@meutel.net" {
-		app.SessionSet(sessionUser, "Meutel", res, req)
-		log.Println("User logged in", userEmail)
-		return RedirectHome(res, req)
-	} else {
-		return fmt.Errorf("Unknown user")
-	}
-}
-
 // IndexPage displays index page: list of books/authors/series
 func (app *Bouquins) IndexPage(res http.ResponseWriter, req *http.Request) error {
-	// TODO display logged in/link login
 	count, err := app.BookCount()
 	if err != nil {
 		return err