oauth2_proxy/providers/github.go

195 lines
4.1 KiB
Go
Raw Permalink Normal View History

2015-05-21 03:23:48 +00:00
package providers
import (
"encoding/json"
"errors"
2015-06-06 18:15:43 +00:00
"fmt"
2015-05-21 03:23:48 +00:00
"io/ioutil"
"log"
2015-05-21 03:23:48 +00:00
"net/http"
"net/url"
)
type GitHubProvider struct {
*ProviderData
Org string
Team string
}
func NewGitHubProvider(p *ProviderData) *GitHubProvider {
p.ProviderName = "GitHub"
if p.LoginUrl.String() == "" {
p.LoginUrl = &url.URL{
Scheme: "https",
Host: "github.com",
Path: "/login/oauth/authorize",
}
}
if p.RedeemUrl.String() == "" {
p.RedeemUrl = &url.URL{
Scheme: "https",
Host: "github.com",
Path: "/login/oauth/access_token",
}
}
if p.ValidateUrl.String() == "" {
p.ValidateUrl = &url.URL{
Scheme: "https",
Host: "api.github.com",
Path: "/user/emails",
}
}
if p.Scope == "" {
p.Scope = "user:email"
}
return &GitHubProvider{ProviderData: p}
}
func (p *GitHubProvider) SetOrgTeam(org, team string) {
p.Org = org
p.Team = team
if org != "" || team != "" {
p.Scope += " read:org"
}
}
func (p *GitHubProvider) hasOrg(accessToken string) (bool, error) {
// https://developer.github.com/v3/orgs/#list-your-organizations
var orgs []struct {
Login string `json:"login"`
}
params := url.Values{
"access_token": {accessToken},
2015-06-06 18:15:43 +00:00
"limit": {"100"},
}
2015-06-06 18:15:43 +00:00
endpoint := "https://api.github.com/user/orgs?" + params.Encode()
req, _ := http.NewRequest("GET", endpoint, nil)
req.Header.Set("Accept", "application/vnd.github.moondragon+json")
resp, err := http.DefaultClient.Do(req)
if err != nil {
return false, err
}
body, err := ioutil.ReadAll(resp.Body)
resp.Body.Close()
if err != nil {
return false, err
}
2015-06-06 18:15:43 +00:00
if resp.StatusCode != 200 {
return false, fmt.Errorf("got %d from %q %s", resp.StatusCode, endpoint, body)
}
if err := json.Unmarshal(body, &orgs); err != nil {
return false, err
}
for _, org := range orgs {
if p.Org == org.Login {
return true, nil
}
}
return false, nil
}
2015-05-21 03:23:48 +00:00
func (p *GitHubProvider) hasOrgAndTeam(accessToken string) (bool, error) {
// https://developer.github.com/v3/orgs/teams/#list-user-teams
2015-05-21 03:23:48 +00:00
var teams []struct {
Name string `json:"name"`
Slug string `json:"slug"`
Org struct {
Login string `json:"login"`
} `json:"organization"`
}
params := url.Values{
"access_token": {accessToken},
2015-06-06 18:15:43 +00:00
"limit": {"100"},
2015-05-21 03:23:48 +00:00
}
2015-06-06 18:15:43 +00:00
endpoint := "https://api.github.com/user/teams?" + params.Encode()
req, _ := http.NewRequest("GET", endpoint, nil)
2015-05-21 03:23:48 +00:00
req.Header.Set("Accept", "application/vnd.github.moondragon+json")
resp, err := http.DefaultClient.Do(req)
if err != nil {
return false, err
}
body, err := ioutil.ReadAll(resp.Body)
resp.Body.Close()
if err != nil {
return false, err
}
2015-06-06 18:15:43 +00:00
if resp.StatusCode != 200 {
return false, fmt.Errorf("got %d from %q %s", resp.StatusCode, endpoint, body)
}
2015-05-21 03:23:48 +00:00
if err := json.Unmarshal(body, &teams); err != nil {
2015-06-06 18:15:43 +00:00
return false, fmt.Errorf("%s unmarshaling %s", err, body)
2015-05-21 03:23:48 +00:00
}
for _, team := range teams {
if p.Org == team.Org.Login {
if p.Team == "" || p.Team == team.Slug {
return true, nil
}
}
}
return false, nil
}
func (p *GitHubProvider) GetEmailAddress(s *SessionState) (string, error) {
2015-05-21 03:23:48 +00:00
var emails []struct {
Email string `json:"email"`
Primary bool `json:"primary"`
}
// if we require an Org or Team, check that first
if p.Org != "" {
if p.Team != "" {
if ok, err := p.hasOrgAndTeam(s.AccessToken); err != nil || !ok {
return "", err
}
} else {
if ok, err := p.hasOrg(s.AccessToken); err != nil || !ok {
return "", err
}
2015-05-21 03:23:48 +00:00
}
}
params := url.Values{
"access_token": {s.AccessToken},
}
2015-06-06 18:15:43 +00:00
endpoint := "https://api.github.com/user/emails?" + params.Encode()
resp, err := http.DefaultClient.Get(endpoint)
2015-05-21 03:23:48 +00:00
if err != nil {
return "", err
}
body, err := ioutil.ReadAll(resp.Body)
2015-05-21 03:23:48 +00:00
resp.Body.Close()
if err != nil {
return "", err
}
2015-06-06 18:15:43 +00:00
if resp.StatusCode != 200 {
return "", fmt.Errorf("got %d from %q %s", resp.StatusCode, endpoint, body)
} else {
log.Printf("got %d from %q %s", resp.StatusCode, endpoint, body)
2015-06-06 18:15:43 +00:00
}
2015-05-21 03:23:48 +00:00
if err := json.Unmarshal(body, &emails); err != nil {
2015-06-06 18:15:43 +00:00
return "", fmt.Errorf("%s unmarshaling %s", err, body)
2015-05-21 03:23:48 +00:00
}
for _, email := range emails {
if email.Primary {
return email.Email, nil
}
}
return "", errors.New("no email address found")
2015-05-21 03:23:48 +00:00
}