Compare commits
3 Commits
54bf239e38
...
6eba2b1879
Author | SHA1 | Date | |
---|---|---|---|
6eba2b1879 | |||
bd3308f9a6 | |||
5e0de4041c |
@ -25,10 +25,24 @@ var (
|
|||||||
Providers []OAuth2Provider
|
Providers []OAuth2Provider
|
||||||
)
|
)
|
||||||
|
|
||||||
|
// LoginModel is login page model
|
||||||
|
type LoginModel struct {
|
||||||
|
Model
|
||||||
|
Providers []OAuth2Provider
|
||||||
|
}
|
||||||
|
|
||||||
|
// NewLoginModel constructor for LoginModel
|
||||||
|
func (app *Bouquins) NewLoginModel(req *http.Request) *LoginModel {
|
||||||
|
return &LoginModel{*app.NewModel("Authentification", "provider", req), Providers}
|
||||||
|
}
|
||||||
|
|
||||||
// OAuth2Provider allows to get a user from an OAuth2 token
|
// OAuth2Provider allows to get a user from an OAuth2 token
|
||||||
type OAuth2Provider interface {
|
type OAuth2Provider interface {
|
||||||
GetUser(token *oauth2.Token) (string, error)
|
GetUser(token *oauth2.Token) (string, error)
|
||||||
|
Config(conf *BouquinsConf) *oauth2.Config
|
||||||
Name() string
|
Name() string
|
||||||
|
Label() string
|
||||||
|
Icon() string
|
||||||
}
|
}
|
||||||
|
|
||||||
// generates a 16 characters long random string
|
// generates a 16 characters long random string
|
||||||
@ -71,11 +85,12 @@ func (app *Bouquins) LoginPage(res http.ResponseWriter, req *http.Request) error
|
|||||||
state := securedRandString()
|
state := securedRandString()
|
||||||
app.SessionSet(sessionOAuthState, state, res, req)
|
app.SessionSet(sessionOAuthState, state, res, req)
|
||||||
url := oauth.AuthCodeURL(state)
|
url := oauth.AuthCodeURL(state)
|
||||||
|
log.Println("OAuth redirect", url)
|
||||||
http.Redirect(res, req, url, http.StatusTemporaryRedirect)
|
http.Redirect(res, req, url, http.StatusTemporaryRedirect)
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
// choose provider
|
// choose provider
|
||||||
return app.render(res, tplProvider, app.NewModel("Authentification", "provider", req))
|
return app.render(res, tplProvider, app.NewLoginModel(req))
|
||||||
}
|
}
|
||||||
|
|
||||||
// LogoutPage logout connected user
|
// LogoutPage logout connected user
|
||||||
@ -113,7 +128,7 @@ func (app *Bouquins) CallbackPage(res http.ResponseWriter, req *http.Request) er
|
|||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
// FIXME list allowed users
|
// FIXME list allowed users
|
||||||
if userEmail == "meutel+github@meutel.net" {
|
if userEmail == "meutel@gmail.com" || userEmail == "meutel+github@meutel.net" {
|
||||||
app.SessionSet(sessionUser, "Meutel", res, req)
|
app.SessionSet(sessionUser, "Meutel", res, req)
|
||||||
log.Println("User logged in", userEmail)
|
log.Println("User logged in", userEmail)
|
||||||
return RedirectHome(res, req)
|
return RedirectHome(res, req)
|
||||||
|
@ -65,6 +65,14 @@ const (
|
|||||||
URLCalibre = "/calibre/"
|
URLCalibre = "/calibre/"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
// BouquinsConf App configuration
|
||||||
|
type BouquinsConf struct {
|
||||||
|
BindAddress string `json:"bind-address"`
|
||||||
|
DbPath string `json:"db-path"`
|
||||||
|
CalibrePath string `json:"calibre-path"`
|
||||||
|
Prod bool `json:"prod"`
|
||||||
|
}
|
||||||
|
|
||||||
// Bouquins contains application common resources: templates, database
|
// Bouquins contains application common resources: templates, database
|
||||||
type Bouquins struct {
|
type Bouquins struct {
|
||||||
Tpl *template.Template
|
Tpl *template.Template
|
||||||
@ -157,7 +165,7 @@ type Model struct {
|
|||||||
Username string
|
Username string
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewModel constuctor for Model
|
// NewModel constructor for Model
|
||||||
func (app *Bouquins) NewModel(title, page string, req *http.Request) *Model {
|
func (app *Bouquins) NewModel(title, page string, req *http.Request) *Model {
|
||||||
return &Model{
|
return &Model{
|
||||||
Title: title,
|
Title: title,
|
||||||
|
@ -7,12 +7,13 @@ import (
|
|||||||
"net/http"
|
"net/http"
|
||||||
|
|
||||||
"golang.org/x/oauth2"
|
"golang.org/x/oauth2"
|
||||||
|
"golang.org/x/oauth2/github"
|
||||||
)
|
)
|
||||||
|
|
||||||
// GithubProvider implements OAuth2 client with github.com
|
// GithubProvider implements OAuth2 client with github.com
|
||||||
type GithubProvider string
|
type GithubProvider string
|
||||||
|
|
||||||
type gitHubEmail struct {
|
type githubEmail struct {
|
||||||
Email string `json:"email"`
|
Email string `json:"email"`
|
||||||
Primary bool `json:"primary"`
|
Primary bool `json:"primary"`
|
||||||
Verified bool `json:"verified"`
|
Verified bool `json:"verified"`
|
||||||
@ -28,6 +29,26 @@ func (p GithubProvider) Name() string {
|
|||||||
return string(p)
|
return string(p)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Label returns label of provider
|
||||||
|
func (p GithubProvider) Label() string {
|
||||||
|
return "Github"
|
||||||
|
}
|
||||||
|
|
||||||
|
// Icon returns icon path for provider
|
||||||
|
func (p GithubProvider) Icon() string {
|
||||||
|
return "" // TODO
|
||||||
|
}
|
||||||
|
|
||||||
|
func (p GithubProvider) Config(conf *BouquinsConf) *oauth2.Config {
|
||||||
|
// FIXME client ID and secret in conf file
|
||||||
|
return &oauth2.Config{
|
||||||
|
ClientID: "8b0aedf07828f06918a0",
|
||||||
|
ClientSecret: "eb26ec9c986fc28bd169bdddf169b794861e0d65",
|
||||||
|
Scopes: []string{"user:email"},
|
||||||
|
Endpoint: github.Endpoint,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// GetUser returns github primary email
|
// GetUser returns github primary email
|
||||||
func (p GithubProvider) GetUser(token *oauth2.Token) (string, error) {
|
func (p GithubProvider) GetUser(token *oauth2.Token) (string, error) {
|
||||||
apiReq, err := http.NewRequest("GET", "https://api.github.com/user/emails", nil)
|
apiReq, err := http.NewRequest("GET", "https://api.github.com/user/emails", nil)
|
||||||
@ -42,13 +63,12 @@ func (p GithubProvider) GetUser(token *oauth2.Token) (string, error) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
dec := json.NewDecoder(response.Body)
|
dec := json.NewDecoder(response.Body)
|
||||||
var emails []gitHubEmail
|
var emails []githubEmail
|
||||||
err = dec.Decode(&emails)
|
err = dec.Decode(&emails)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Println("Error reading github API response", err)
|
log.Println("Error reading github API response", err)
|
||||||
return "", fmt.Errorf("Error reading github API response")
|
return "", fmt.Errorf("Error reading github API response")
|
||||||
}
|
}
|
||||||
fmt.Printf("Content: %s\n", emails)
|
|
||||||
var userEmail string
|
var userEmail string
|
||||||
for _, email := range emails {
|
for _, email := range emails {
|
||||||
if email.Primary && email.Verified {
|
if email.Primary && email.Verified {
|
||||||
|
79
bouquins/google.go
Normal file
79
bouquins/google.go
Normal file
@ -0,0 +1,79 @@
|
|||||||
|
package bouquins
|
||||||
|
|
||||||
|
import (
|
||||||
|
"encoding/json"
|
||||||
|
"fmt"
|
||||||
|
"log"
|
||||||
|
"net/http"
|
||||||
|
|
||||||
|
"golang.org/x/oauth2"
|
||||||
|
"golang.org/x/oauth2/google"
|
||||||
|
)
|
||||||
|
|
||||||
|
// GoogleProvider implements OAuth2 client with google account
|
||||||
|
type GoogleProvider string
|
||||||
|
|
||||||
|
type GoogleTokenInfo struct {
|
||||||
|
IssuedTo string `json:"issued_to"`
|
||||||
|
Audience string `json:"audience"`
|
||||||
|
UserId string `json:"user_id"`
|
||||||
|
Scope string `json:"scope"`
|
||||||
|
ExpiresIn int64 `json:"expires_in"`
|
||||||
|
Email string `json:"email"`
|
||||||
|
VerifiedEmail bool `json:"verified_email"`
|
||||||
|
AccessType string `json:"access_type"`
|
||||||
|
}
|
||||||
|
|
||||||
|
func init() {
|
||||||
|
Providers = append(Providers, GoogleProvider("google"))
|
||||||
|
}
|
||||||
|
|
||||||
|
// Name returns name of provider
|
||||||
|
func (p GoogleProvider) Name() string {
|
||||||
|
return string(p)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Label returns label of provider
|
||||||
|
func (p GoogleProvider) Label() string {
|
||||||
|
return "Google"
|
||||||
|
}
|
||||||
|
|
||||||
|
// Icon returns icon path for provider
|
||||||
|
func (p GoogleProvider) Icon() string {
|
||||||
|
return "" // TODO
|
||||||
|
}
|
||||||
|
|
||||||
|
func (p GoogleProvider) Config(conf *BouquinsConf) *oauth2.Config {
|
||||||
|
// FIXME client ID and secret in conf file
|
||||||
|
return &oauth2.Config{
|
||||||
|
ClientID: "51149464161-8mu7ohfujn655p0qas5uj1echn36m9uu.apps.googleusercontent.com",
|
||||||
|
ClientSecret: "5IWFxm_9NoWb5hfGt6Wj1oSV",
|
||||||
|
Scopes: []string{"https://www.googleapis.com/auth/userinfo.email"},
|
||||||
|
Endpoint: google.Endpoint,
|
||||||
|
RedirectURL: "http://localhost:9000" + URLCallback, // FIXME
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// GetUser returns github primary email
|
||||||
|
func (p GoogleProvider) GetUser(token *oauth2.Token) (string, error) {
|
||||||
|
// POST https://www.googleapis.com/oauth2/v2/tokeninfo access_token
|
||||||
|
apiRes, err := http.Post("https://www.googleapis.com/oauth2/v2/tokeninfo?access_token="+token.AccessToken, "application/json", nil)
|
||||||
|
defer apiRes.Body.Close()
|
||||||
|
if err != nil {
|
||||||
|
log.Println("Auth error", err)
|
||||||
|
return "", fmt.Errorf("Authentification error")
|
||||||
|
}
|
||||||
|
dec := json.NewDecoder(apiRes.Body)
|
||||||
|
var tokenInfo GoogleTokenInfo
|
||||||
|
err = dec.Decode(&tokenInfo)
|
||||||
|
if err != nil {
|
||||||
|
log.Println("Error reading google API response", err)
|
||||||
|
return "", fmt.Errorf("Error reading google API response")
|
||||||
|
}
|
||||||
|
var userEmail string
|
||||||
|
if tokenInfo.VerifiedEmail {
|
||||||
|
userEmail = tokenInfo.Email
|
||||||
|
}
|
||||||
|
log.Println("User email:", userEmail)
|
||||||
|
return userEmail, nil
|
||||||
|
}
|
24
main.go
24
main.go
@ -8,7 +8,6 @@ import (
|
|||||||
"os"
|
"os"
|
||||||
|
|
||||||
"golang.org/x/oauth2"
|
"golang.org/x/oauth2"
|
||||||
"golang.org/x/oauth2/github"
|
|
||||||
|
|
||||||
"github.com/gorilla/sessions"
|
"github.com/gorilla/sessions"
|
||||||
_ "github.com/mattn/go-sqlite3"
|
_ "github.com/mattn/go-sqlite3"
|
||||||
@ -16,19 +15,11 @@ import (
|
|||||||
"meutel.net/meutel/go-bouquins/bouquins"
|
"meutel.net/meutel/go-bouquins/bouquins"
|
||||||
)
|
)
|
||||||
|
|
||||||
// BouquinsConf App configuration
|
|
||||||
type BouquinsConf struct {
|
|
||||||
BindAddress string `json:"bind-address"`
|
|
||||||
DbPath string `json:"db-path"`
|
|
||||||
CalibrePath string `json:"calibre-path"`
|
|
||||||
Prod bool `json:"prod"`
|
|
||||||
}
|
|
||||||
|
|
||||||
var db *sql.DB
|
var db *sql.DB
|
||||||
|
|
||||||
// ReadConfig loads configuration file and initialize default value
|
// ReadConfig loads configuration file and initialize default value
|
||||||
func ReadConfig() (*BouquinsConf, error) {
|
func ReadConfig() (*bouquins.BouquinsConf, error) {
|
||||||
conf := new(BouquinsConf)
|
conf := new(bouquins.BouquinsConf)
|
||||||
confPath := "bouquins.json"
|
confPath := "bouquins.json"
|
||||||
if len(os.Args) > 1 {
|
if len(os.Args) > 1 {
|
||||||
confPath = os.Args[1]
|
confPath = os.Args[1]
|
||||||
@ -54,7 +45,7 @@ func ReadConfig() (*BouquinsConf, error) {
|
|||||||
return conf, err
|
return conf, err
|
||||||
}
|
}
|
||||||
|
|
||||||
func initApp() *BouquinsConf {
|
func initApp() *bouquins.BouquinsConf {
|
||||||
log.SetFlags(log.LstdFlags | log.Lshortfile)
|
log.SetFlags(log.LstdFlags | log.Lshortfile)
|
||||||
conf, err := ReadConfig()
|
conf, err := ReadConfig()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -70,15 +61,10 @@ func initApp() *BouquinsConf {
|
|||||||
log.Fatalln(err)
|
log.Fatalln(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO conf by provider, client ID and secret in conf file
|
|
||||||
oauthConf := make(map[string]*oauth2.Config)
|
oauthConf := make(map[string]*oauth2.Config)
|
||||||
oauthConf["github"] = &oauth2.Config{
|
for _, provider := range bouquins.Providers {
|
||||||
ClientID: "8b0aedf07828f06918a0",
|
oauthConf[provider.Name()] = provider.Config(conf)
|
||||||
ClientSecret: "eb26ec9c986fc28bd169bdddf169b794861e0d65",
|
|
||||||
Scopes: []string{"user:email"},
|
|
||||||
Endpoint: github.Endpoint,
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// FIXME constructor, conf cookies secret
|
// FIXME constructor, conf cookies secret
|
||||||
app := &bouquins.Bouquins{Tpl: tpl, DB: db, OAuthConf: oauthConf, Cookies: sessions.NewCookieStore([]byte("flQ6QzM/c3Jtdl9ycDx6OXRIfFgK"))}
|
app := &bouquins.Bouquins{Tpl: tpl, DB: db, OAuthConf: oauthConf, Cookies: sessions.NewCookieStore([]byte("flQ6QzM/c3Jtdl9ycDx6OXRIfFgK"))}
|
||||||
err = app.PrepareAll()
|
err = app.PrepareAll()
|
||||||
|
@ -2,8 +2,10 @@
|
|||||||
<div class="container" id="provider">
|
<div class="container" id="provider">
|
||||||
<p>Veuillez sélectionner un mode d'authentification:<p>
|
<p>Veuillez sélectionner un mode d'authentification:<p>
|
||||||
<ul>
|
<ul>
|
||||||
<!-- TODO list providers, icon -->
|
{{ range .Providers }}
|
||||||
<li><a href="/login?provider=github">Github</a></li>
|
<!-- TODO icon -->
|
||||||
|
<li><a href="/login?provider={{ .Name }}">{{ .Label }}</a></li>
|
||||||
|
{{ end }}
|
||||||
</ul>
|
</ul>
|
||||||
</div>
|
</div>
|
||||||
{{ template "footer.html" . }}
|
{{ template "footer.html" . }}
|
||||||
|
Loading…
Reference in New Issue
Block a user