Compare commits
3 Commits
54bf239e38
...
6eba2b1879
Author | SHA1 | Date | |
---|---|---|---|
6eba2b1879 | |||
bd3308f9a6 | |||
5e0de4041c |
@ -25,10 +25,24 @@ var (
|
||||
Providers []OAuth2Provider
|
||||
)
|
||||
|
||||
// LoginModel is login page model
|
||||
type LoginModel struct {
|
||||
Model
|
||||
Providers []OAuth2Provider
|
||||
}
|
||||
|
||||
// NewLoginModel constructor for LoginModel
|
||||
func (app *Bouquins) NewLoginModel(req *http.Request) *LoginModel {
|
||||
return &LoginModel{*app.NewModel("Authentification", "provider", req), Providers}
|
||||
}
|
||||
|
||||
// OAuth2Provider allows to get a user from an OAuth2 token
|
||||
type OAuth2Provider interface {
|
||||
GetUser(token *oauth2.Token) (string, error)
|
||||
Config(conf *BouquinsConf) *oauth2.Config
|
||||
Name() string
|
||||
Label() string
|
||||
Icon() string
|
||||
}
|
||||
|
||||
// generates a 16 characters long random string
|
||||
@ -71,11 +85,12 @@ func (app *Bouquins) LoginPage(res http.ResponseWriter, req *http.Request) error
|
||||
state := securedRandString()
|
||||
app.SessionSet(sessionOAuthState, state, res, req)
|
||||
url := oauth.AuthCodeURL(state)
|
||||
log.Println("OAuth redirect", url)
|
||||
http.Redirect(res, req, url, http.StatusTemporaryRedirect)
|
||||
return nil
|
||||
}
|
||||
// choose provider
|
||||
return app.render(res, tplProvider, app.NewModel("Authentification", "provider", req))
|
||||
return app.render(res, tplProvider, app.NewLoginModel(req))
|
||||
}
|
||||
|
||||
// LogoutPage logout connected user
|
||||
@ -113,7 +128,7 @@ func (app *Bouquins) CallbackPage(res http.ResponseWriter, req *http.Request) er
|
||||
return err
|
||||
}
|
||||
// FIXME list allowed users
|
||||
if userEmail == "meutel+github@meutel.net" {
|
||||
if userEmail == "meutel@gmail.com" || userEmail == "meutel+github@meutel.net" {
|
||||
app.SessionSet(sessionUser, "Meutel", res, req)
|
||||
log.Println("User logged in", userEmail)
|
||||
return RedirectHome(res, req)
|
||||
|
@ -65,6 +65,14 @@ const (
|
||||
URLCalibre = "/calibre/"
|
||||
)
|
||||
|
||||
// BouquinsConf App configuration
|
||||
type BouquinsConf struct {
|
||||
BindAddress string `json:"bind-address"`
|
||||
DbPath string `json:"db-path"`
|
||||
CalibrePath string `json:"calibre-path"`
|
||||
Prod bool `json:"prod"`
|
||||
}
|
||||
|
||||
// Bouquins contains application common resources: templates, database
|
||||
type Bouquins struct {
|
||||
Tpl *template.Template
|
||||
@ -157,7 +165,7 @@ type Model struct {
|
||||
Username string
|
||||
}
|
||||
|
||||
// NewModel constuctor for Model
|
||||
// NewModel constructor for Model
|
||||
func (app *Bouquins) NewModel(title, page string, req *http.Request) *Model {
|
||||
return &Model{
|
||||
Title: title,
|
||||
|
@ -7,12 +7,13 @@ import (
|
||||
"net/http"
|
||||
|
||||
"golang.org/x/oauth2"
|
||||
"golang.org/x/oauth2/github"
|
||||
)
|
||||
|
||||
// GithubProvider implements OAuth2 client with github.com
|
||||
type GithubProvider string
|
||||
|
||||
type gitHubEmail struct {
|
||||
type githubEmail struct {
|
||||
Email string `json:"email"`
|
||||
Primary bool `json:"primary"`
|
||||
Verified bool `json:"verified"`
|
||||
@ -28,6 +29,26 @@ func (p GithubProvider) Name() string {
|
||||
return string(p)
|
||||
}
|
||||
|
||||
// Label returns label of provider
|
||||
func (p GithubProvider) Label() string {
|
||||
return "Github"
|
||||
}
|
||||
|
||||
// Icon returns icon path for provider
|
||||
func (p GithubProvider) Icon() string {
|
||||
return "" // TODO
|
||||
}
|
||||
|
||||
func (p GithubProvider) Config(conf *BouquinsConf) *oauth2.Config {
|
||||
// FIXME client ID and secret in conf file
|
||||
return &oauth2.Config{
|
||||
ClientID: "8b0aedf07828f06918a0",
|
||||
ClientSecret: "eb26ec9c986fc28bd169bdddf169b794861e0d65",
|
||||
Scopes: []string{"user:email"},
|
||||
Endpoint: github.Endpoint,
|
||||
}
|
||||
}
|
||||
|
||||
// GetUser returns github primary email
|
||||
func (p GithubProvider) GetUser(token *oauth2.Token) (string, error) {
|
||||
apiReq, err := http.NewRequest("GET", "https://api.github.com/user/emails", nil)
|
||||
@ -42,13 +63,12 @@ func (p GithubProvider) GetUser(token *oauth2.Token) (string, error) {
|
||||
}
|
||||
|
||||
dec := json.NewDecoder(response.Body)
|
||||
var emails []gitHubEmail
|
||||
var emails []githubEmail
|
||||
err = dec.Decode(&emails)
|
||||
if err != nil {
|
||||
log.Println("Error reading github API response", err)
|
||||
return "", fmt.Errorf("Error reading github API response")
|
||||
}
|
||||
fmt.Printf("Content: %s\n", emails)
|
||||
var userEmail string
|
||||
for _, email := range emails {
|
||||
if email.Primary && email.Verified {
|
||||
|
79
bouquins/google.go
Normal file
79
bouquins/google.go
Normal file
@ -0,0 +1,79 @@
|
||||
package bouquins
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"log"
|
||||
"net/http"
|
||||
|
||||
"golang.org/x/oauth2"
|
||||
"golang.org/x/oauth2/google"
|
||||
)
|
||||
|
||||
// GoogleProvider implements OAuth2 client with google account
|
||||
type GoogleProvider string
|
||||
|
||||
type GoogleTokenInfo struct {
|
||||
IssuedTo string `json:"issued_to"`
|
||||
Audience string `json:"audience"`
|
||||
UserId string `json:"user_id"`
|
||||
Scope string `json:"scope"`
|
||||
ExpiresIn int64 `json:"expires_in"`
|
||||
Email string `json:"email"`
|
||||
VerifiedEmail bool `json:"verified_email"`
|
||||
AccessType string `json:"access_type"`
|
||||
}
|
||||
|
||||
func init() {
|
||||
Providers = append(Providers, GoogleProvider("google"))
|
||||
}
|
||||
|
||||
// Name returns name of provider
|
||||
func (p GoogleProvider) Name() string {
|
||||
return string(p)
|
||||
}
|
||||
|
||||
// Label returns label of provider
|
||||
func (p GoogleProvider) Label() string {
|
||||
return "Google"
|
||||
}
|
||||
|
||||
// Icon returns icon path for provider
|
||||
func (p GoogleProvider) Icon() string {
|
||||
return "" // TODO
|
||||
}
|
||||
|
||||
func (p GoogleProvider) Config(conf *BouquinsConf) *oauth2.Config {
|
||||
// FIXME client ID and secret in conf file
|
||||
return &oauth2.Config{
|
||||
ClientID: "51149464161-8mu7ohfujn655p0qas5uj1echn36m9uu.apps.googleusercontent.com",
|
||||
ClientSecret: "5IWFxm_9NoWb5hfGt6Wj1oSV",
|
||||
Scopes: []string{"https://www.googleapis.com/auth/userinfo.email"},
|
||||
Endpoint: google.Endpoint,
|
||||
RedirectURL: "http://localhost:9000" + URLCallback, // FIXME
|
||||
}
|
||||
}
|
||||
|
||||
// GetUser returns github primary email
|
||||
func (p GoogleProvider) GetUser(token *oauth2.Token) (string, error) {
|
||||
// POST https://www.googleapis.com/oauth2/v2/tokeninfo access_token
|
||||
apiRes, err := http.Post("https://www.googleapis.com/oauth2/v2/tokeninfo?access_token="+token.AccessToken, "application/json", nil)
|
||||
defer apiRes.Body.Close()
|
||||
if err != nil {
|
||||
log.Println("Auth error", err)
|
||||
return "", fmt.Errorf("Authentification error")
|
||||
}
|
||||
dec := json.NewDecoder(apiRes.Body)
|
||||
var tokenInfo GoogleTokenInfo
|
||||
err = dec.Decode(&tokenInfo)
|
||||
if err != nil {
|
||||
log.Println("Error reading google API response", err)
|
||||
return "", fmt.Errorf("Error reading google API response")
|
||||
}
|
||||
var userEmail string
|
||||
if tokenInfo.VerifiedEmail {
|
||||
userEmail = tokenInfo.Email
|
||||
}
|
||||
log.Println("User email:", userEmail)
|
||||
return userEmail, nil
|
||||
}
|
24
main.go
24
main.go
@ -8,7 +8,6 @@ import (
|
||||
"os"
|
||||
|
||||
"golang.org/x/oauth2"
|
||||
"golang.org/x/oauth2/github"
|
||||
|
||||
"github.com/gorilla/sessions"
|
||||
_ "github.com/mattn/go-sqlite3"
|
||||
@ -16,19 +15,11 @@ import (
|
||||
"meutel.net/meutel/go-bouquins/bouquins"
|
||||
)
|
||||
|
||||
// BouquinsConf App configuration
|
||||
type BouquinsConf struct {
|
||||
BindAddress string `json:"bind-address"`
|
||||
DbPath string `json:"db-path"`
|
||||
CalibrePath string `json:"calibre-path"`
|
||||
Prod bool `json:"prod"`
|
||||
}
|
||||
|
||||
var db *sql.DB
|
||||
|
||||
// ReadConfig loads configuration file and initialize default value
|
||||
func ReadConfig() (*BouquinsConf, error) {
|
||||
conf := new(BouquinsConf)
|
||||
func ReadConfig() (*bouquins.BouquinsConf, error) {
|
||||
conf := new(bouquins.BouquinsConf)
|
||||
confPath := "bouquins.json"
|
||||
if len(os.Args) > 1 {
|
||||
confPath = os.Args[1]
|
||||
@ -54,7 +45,7 @@ func ReadConfig() (*BouquinsConf, error) {
|
||||
return conf, err
|
||||
}
|
||||
|
||||
func initApp() *BouquinsConf {
|
||||
func initApp() *bouquins.BouquinsConf {
|
||||
log.SetFlags(log.LstdFlags | log.Lshortfile)
|
||||
conf, err := ReadConfig()
|
||||
if err != nil {
|
||||
@ -70,15 +61,10 @@ func initApp() *BouquinsConf {
|
||||
log.Fatalln(err)
|
||||
}
|
||||
|
||||
// TODO conf by provider, client ID and secret in conf file
|
||||
oauthConf := make(map[string]*oauth2.Config)
|
||||
oauthConf["github"] = &oauth2.Config{
|
||||
ClientID: "8b0aedf07828f06918a0",
|
||||
ClientSecret: "eb26ec9c986fc28bd169bdddf169b794861e0d65",
|
||||
Scopes: []string{"user:email"},
|
||||
Endpoint: github.Endpoint,
|
||||
for _, provider := range bouquins.Providers {
|
||||
oauthConf[provider.Name()] = provider.Config(conf)
|
||||
}
|
||||
|
||||
// FIXME constructor, conf cookies secret
|
||||
app := &bouquins.Bouquins{Tpl: tpl, DB: db, OAuthConf: oauthConf, Cookies: sessions.NewCookieStore([]byte("flQ6QzM/c3Jtdl9ycDx6OXRIfFgK"))}
|
||||
err = app.PrepareAll()
|
||||
|
@ -2,8 +2,10 @@
|
||||
<div class="container" id="provider">
|
||||
<p>Veuillez sélectionner un mode d'authentification:<p>
|
||||
<ul>
|
||||
<!-- TODO list providers, icon -->
|
||||
<li><a href="/login?provider=github">Github</a></li>
|
||||
{{ range .Providers }}
|
||||
<!-- TODO icon -->
|
||||
<li><a href="/login?provider={{ .Name }}">{{ .Label }}</a></li>
|
||||
{{ end }}
|
||||
</ul>
|
||||
</div>
|
||||
{{ template "footer.html" . }}
|
||||
|
Loading…
Reference in New Issue
Block a user