137 lines
2.7 KiB
Go
137 lines
2.7 KiB
Go
|
package providers
|
||
|
|
|
||
|
|
import (
|
||
|
|
"encoding/json"
|
||
|
|
"io/ioutil"
|
||
|
|
"net/http"
|
||
|
|
"net/url"
|
||
|
|
)
|
||
|
|
|
||
|
|
type GitHubProvider struct {
|
||
|
|
*ProviderData
|
||
|
|
Org string
|
||
|
|
Team string
|
||
|
|
}
|
||
|
|
|
||
|
|
func NewGitHubProvider(p *ProviderData) *GitHubProvider {
|
||
|
|
p.ProviderName = "GitHub"
|
||
|
|
if p.LoginUrl.String() == "" {
|
||
|
|
p.LoginUrl = &url.URL{
|
||
|
|
Scheme: "https",
|
||
|
|
Host: "github.com",
|
||
|
|
Path: "/login/oauth/authorize",
|
||
|
|
}
|
||
|
|
}
|
||
|
|
if p.RedeemUrl.String() == "" {
|
||
|
|
p.RedeemUrl = &url.URL{
|
||
|
|
Scheme: "https",
|
||
|
|
Host: "github.com",
|
||
|
|
Path: "/login/oauth/access_token",
|
||
|
|
}
|
||
|
|
}
|
||
|
|
if p.ValidateUrl.String() == "" {
|
||
|
|
p.ValidateUrl = &url.URL{
|
||
|
|
Scheme: "https",
|
||
|
|
Host: "api.github.com",
|
||
|
|
Path: "/user/emails",
|
||
|
|
}
|
||
|
|
}
|
||
|
|
if p.Scope == "" {
|
||
|
|
p.Scope = "user:email"
|
||
|
|
}
|
||
|
|
return &GitHubProvider{ProviderData: p}
|
||
|
|
}
|
||
|
|
func (p *GitHubProvider) SetOrgTeam(org, team string) {
|
||
|
|
p.Org = org
|
||
|
|
p.Team = team
|
||
|
|
if org != "" || team != "" {
|
||
|
|
p.Scope += " read:org"
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
func (p *GitHubProvider) hasOrgAndTeam(accessToken string) (bool, error) {
|
||
|
|
|
||
|
|
var teams []struct {
|
||
|
|
Name string `json:"name"`
|
||
|
|
Slug string `json:"slug"`
|
||
|
|
Org struct {
|
||
|
|
Login string `json:"login"`
|
||
|
|
} `json:"organization"`
|
||
|
|
}
|
||
|
|
|
||
|
|
params := url.Values{
|
||
|
|
"access_token": {accessToken},
|
||
|
|
}
|
||
|
|
|
||
|
|
req, _ := http.NewRequest("GET", "https://api.github.com/user/teams?"+params.Encode(), nil)
|
||
|
|
req.Header.Set("Accept", "application/vnd.github.moondragon+json")
|
||
|
|
resp, err := http.DefaultClient.Do(req)
|
||
|
|
if err != nil {
|
||
|
|
return false, err
|
||
|
|
}
|
||
|
|
|
||
|
|
body, err := ioutil.ReadAll(resp.Body)
|
||
|
|
resp.Body.Close()
|
||
|
|
if err != nil {
|
||
|
|
return false, err
|
||
|
|
}
|
||
|
|
|
||
|
|
if err := json.Unmarshal(body, &teams); err != nil {
|
||
|
|
return false, err
|
||
|
|
}
|
||
|
|
|
||
|
|
for _, team := range teams {
|
||
|
|
if p.Org == team.Org.Login {
|
||
|
|
if p.Team == "" || p.Team == team.Slug {
|
||
|
|
return true, nil
|
||
|
|
}
|
||
|
|
}
|
||
|
|
}
|
||
|
|
return false, nil
|
||
|
|
}
|
||
|
|
|
||
|
|
func (p *GitHubProvider) GetEmailAddress(body []byte, access_token string) (string, error) {
|
||
|
|
|
||
|
|
var emails []struct {
|
||
|
|
Email string `json:"email"`
|
||
|
|
Primary bool `json:"primary"`
|
||
|
|
}
|
||
|
|
|
||
|
|
params := url.Values{
|
||
|
|
"access_token": {access_token},
|
||
|
|
}
|
||
|
|
|
||
|
|
// if we require an Org or Team, check that first
|
||
|
|
if p.Org != "" || p.Team != "" {
|
||
|
|
if ok, err := p.hasOrgAndTeam(access_token); err != nil || !ok {
|
||
|
|
return "", err
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
resp, err := http.DefaultClient.Get("https://api.github.com/user/emails?" + params.Encode())
|
||
|
|
if err != nil {
|
||
|
|
return "", err
|
||
|
|
}
|
||
|
|
body, err = ioutil.ReadAll(resp.Body)
|
||
|
|
resp.Body.Close()
|
||
|
|
if err != nil {
|
||
|
|
return "", err
|
||
|
|
}
|
||
|
|
|
||
|
|
if err := json.Unmarshal(body, &emails); err != nil {
|
||
|
|
return "", err
|
||
|
|
}
|
||
|
|
|
||
|
|
for _, email := range emails {
|
||
|
|
if email.Primary {
|
||
|
|
return email.Email, nil
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
return "", nil
|
||
|
|
}
|
||
|
|
|
||
|
|
func (p *GitHubProvider) ValidateToken(access_token string) bool {
|
||
|
|
return validateToken(p, access_token, nil)
|
||
|
|
}
|