OAuth client google provider

bouquins/auth.go

@@ -25,10 +25,24 @@ var (
 	Providers []OAuth2Provider
 )
 
+// LoginModel is login page model
+type LoginModel struct {
+	Model
+	Providers []OAuth2Provider
+}
+
+// NewLoginModel constructor for LoginModel
+func (app *Bouquins) NewLoginModel(req *http.Request) *LoginModel {
+	return &LoginModel{*app.NewModel("Authentification", "provider", req), Providers}
+}
+
 // OAuth2Provider allows to get a user from an OAuth2 token
 type OAuth2Provider interface {
 	GetUser(token *oauth2.Token) (string, error)
+	Config(conf *BouquinsConf) *oauth2.Config
 	Name() string
+	Label() string
+	Icon() string
 }
 
 // generates a 16 characters long random string
@@ -71,11 +85,12 @@ func (app *Bouquins) LoginPage(res http.ResponseWriter, req *http.Request) error
 		state := securedRandString()
 		app.SessionSet(sessionOAuthState, state, res, req)
 		url := oauth.AuthCodeURL(state)
+		log.Println("OAuth redirect", url)
 		http.Redirect(res, req, url, http.StatusTemporaryRedirect)
 		return nil
 	}
 	// choose provider
-	return app.render(res, tplProvider, app.NewModel("Authentification", "provider", req))
+	return app.render(res, tplProvider, app.NewLoginModel(req))
 }
 
 // LogoutPage logout connected user
@@ -113,7 +128,7 @@ func (app *Bouquins) CallbackPage(res http.ResponseWriter, req *http.Request) er
 		return err
 	}
 	// FIXME list allowed users
-	if userEmail == "meutel+github@meutel.net" {
+	if userEmail == "meutel@gmail.com" || userEmail == "meutel+github@meutel.net" {
 		app.SessionSet(sessionUser, "Meutel", res, req)
 		log.Println("User logged in", userEmail)
 		return RedirectHome(res, req)

bouquins/bouquins.go

@@ -65,6 +65,14 @@ const (
 	URLCalibre = "/calibre/"
 )
 
+// BouquinsConf App configuration
+type BouquinsConf struct {
+	BindAddress string `json:"bind-address"`
+	DbPath      string `json:"db-path"`
+	CalibrePath string `json:"calibre-path"`
+	Prod        bool   `json:"prod"`
+}
+
 // Bouquins contains application common resources: templates, database
 type Bouquins struct {
 	Tpl       *template.Template
@@ -157,7 +165,7 @@ type Model struct {
 	Username string
 }
 
-// NewModel constuctor for Model
+// NewModel constructor for Model
 func (app *Bouquins) NewModel(title, page string, req *http.Request) *Model {
 	return &Model{
 		Title:    title,

bouquins/github.go

@@ -7,12 +7,13 @@ import (
 	"net/http"
 
 	"golang.org/x/oauth2"
+	"golang.org/x/oauth2/github"
 )
 
 // GithubProvider implements OAuth2 client with github.com
 type GithubProvider string
 
-type gitHubEmail struct {
+type githubEmail struct {
 	Email      string `json:"email"`
 	Primary    bool   `json:"primary"`
 	Verified   bool   `json:"verified"`
@@ -28,6 +29,26 @@ func (p GithubProvider) Name() string {
 	return string(p)
 }
 
+// Label returns label of provider
+func (p GithubProvider) Label() string {
+	return "Github"
+}
+
+// Icon returns icon path for provider
+func (p GithubProvider) Icon() string {
+	return "" // TODO
+}
+
+func (p GithubProvider) Config(conf *BouquinsConf) *oauth2.Config {
+	// FIXME client ID and secret in conf file
+	return &oauth2.Config{
+		ClientID:     "8b0aedf07828f06918a0",
+		ClientSecret: "eb26ec9c986fc28bd169bdddf169b794861e0d65",
+		Scopes:       []string{"user:email"},
+		Endpoint:     github.Endpoint,
+	}
+}
+
 // GetUser returns github primary email
 func (p GithubProvider) GetUser(token *oauth2.Token) (string, error) {
 	apiReq, err := http.NewRequest("GET", "https://api.github.com/user/emails", nil)
@@ -42,13 +63,12 @@ func (p GithubProvider) GetUser(token *oauth2.Token) (string, error) {
 	}
 
 	dec := json.NewDecoder(response.Body)
-	var emails []gitHubEmail
+	var emails []githubEmail
 	err = dec.Decode(&emails)
 	if err != nil {
 		log.Println("Error reading github API response", err)
 		return "", fmt.Errorf("Error reading github API response")
 	}
-	fmt.Printf("Content: %s\n", emails)
 	var userEmail string
 	for _, email := range emails {
 		if email.Primary && email.Verified {

bouquins/google.go

@@ -0,0 +1,79 @@
+package bouquins
+
+import (
+	"encoding/json"
+	"fmt"
+	"log"
+	"net/http"
+
+	"golang.org/x/oauth2"
+	"golang.org/x/oauth2/google"
+)
+
+// GoogleProvider implements OAuth2 client with google account
+type GoogleProvider string
+
+type GoogleTokenInfo struct {
+	IssuedTo      string `json:"issued_to"`
+	Audience      string `json:"audience"`
+	UserId        string `json:"user_id"`
+	Scope         string `json:"scope"`
+	ExpiresIn     int64  `json:"expires_in"`
+	Email         string `json:"email"`
+	VerifiedEmail bool   `json:"verified_email"`
+	AccessType    string `json:"access_type"`
+}
+
+func init() {
+	Providers = append(Providers, GoogleProvider("google"))
+}
+
+// Name returns name of provider
+func (p GoogleProvider) Name() string {
+	return string(p)
+}
+
+// Label returns label of provider
+func (p GoogleProvider) Label() string {
+	return "Google"
+}
+
+// Icon returns icon path for provider
+func (p GoogleProvider) Icon() string {
+	return "" // TODO
+}
+
+func (p GoogleProvider) Config(conf *BouquinsConf) *oauth2.Config {
+	// FIXME client ID and secret in conf file
+	return &oauth2.Config{
+		ClientID:     "51149464161-8mu7ohfujn655p0qas5uj1echn36m9uu.apps.googleusercontent.com",
+		ClientSecret: "5IWFxm_9NoWb5hfGt6Wj1oSV",
+		Scopes:       []string{"https://www.googleapis.com/auth/userinfo.email"},
+		Endpoint:     google.Endpoint,
+		RedirectURL:  "http://localhost:9000" + URLCallback, // FIXME
+	}
+}
+
+// GetUser returns github primary email
+func (p GoogleProvider) GetUser(token *oauth2.Token) (string, error) {
+	// POST https://www.googleapis.com/oauth2/v2/tokeninfo access_token
+	apiRes, err := http.Post("https://www.googleapis.com/oauth2/v2/tokeninfo?access_token="+token.AccessToken, "application/json", nil)
+	defer apiRes.Body.Close()
+	if err != nil {
+		log.Println("Auth error", err)
+		return "", fmt.Errorf("Authentification error")
+	}
+	dec := json.NewDecoder(apiRes.Body)
+	var tokenInfo GoogleTokenInfo
+	err = dec.Decode(&tokenInfo)
+	if err != nil {
+		log.Println("Error reading google API response", err)
+		return "", fmt.Errorf("Error reading google API response")
+	}
+	var userEmail string
+	if tokenInfo.VerifiedEmail {
+		userEmail = tokenInfo.Email
+	}
+	log.Println("User email:", userEmail)
+	return userEmail, nil
+}

main.go

@@ -8,7 +8,6 @@ import (
 	"os"
 
 	"golang.org/x/oauth2"
-	"golang.org/x/oauth2/github"
 
 	"github.com/gorilla/sessions"
 	_ "github.com/mattn/go-sqlite3"
@@ -16,19 +15,11 @@ import (
 	"meutel.net/meutel/go-bouquins/bouquins"
 )
 
-// BouquinsConf App configuration
-type BouquinsConf struct {
-	BindAddress string `json:"bind-address"`
-	DbPath      string `json:"db-path"`
-	CalibrePath string `json:"calibre-path"`
-	Prod        bool   `json:"prod"`
-}
-
 var db *sql.DB
 
 // ReadConfig loads configuration file and initialize default value
-func ReadConfig() (*BouquinsConf, error) {
+func ReadConfig() (*bouquins.BouquinsConf, error) {
-	conf := new(BouquinsConf)
+	conf := new(bouquins.BouquinsConf)
 	confPath := "bouquins.json"
 	if len(os.Args) > 1 {
 		confPath = os.Args[1]
@@ -54,7 +45,7 @@ func ReadConfig() (*BouquinsConf, error) {
 	return conf, err
 }
 
-func initApp() *BouquinsConf {
+func initApp() *bouquins.BouquinsConf {
 	log.SetFlags(log.LstdFlags | log.Lshortfile)
 	conf, err := ReadConfig()
 	if err != nil {
@@ -70,15 +61,10 @@ func initApp() *BouquinsConf {
 		log.Fatalln(err)
 	}
 
-	// TODO conf by provider, client ID and secret in conf file
 	oauthConf := make(map[string]*oauth2.Config)
-	oauthConf["github"] = &oauth2.Config{
+	for _, provider := range bouquins.Providers {
-		ClientID:     "8b0aedf07828f06918a0",
+		oauthConf[provider.Name()] = provider.Config(conf)
-		ClientSecret: "eb26ec9c986fc28bd169bdddf169b794861e0d65",
-		Scopes:       []string{"user:email"},
-		Endpoint:     github.Endpoint,
 	}
-
 	// FIXME constructor, conf cookies secret
 	app := &bouquins.Bouquins{Tpl: tpl, DB: db, OAuthConf: oauthConf, Cookies: sessions.NewCookieStore([]byte("flQ6QzM/c3Jtdl9ycDx6OXRIfFgK"))}
 	err = app.PrepareAll()

templates/provider.html

@@ -2,8 +2,10 @@
 <div class="container" id="provider">
   <p>Veuillez sélectionner un mode d'authentification:<p>
   <ul>
-    <!-- TODO list providers, icon -->
+{{ range .Providers }}
-    <li><a href="/login?provider=github">Github</a></li>
+    <!-- TODO icon -->
+    <li><a href="/login?provider={{ .Name }}">{{ .Label }}</a></li>
+{{ end }}
   </ul>
 </div>
 {{ template "footer.html" . }}