Scoped oauth

2019-11-02 08:03:54 -06:00
parent ba44094eb9
commit 08add4b521
7 changed files with 48 additions and 31 deletions
--- a/oauth2server/server/authorize.go
+++ b/oauth2server/server/authorize.go
@@ -3,6 +3,7 @@ package server
 import (
 	"fmt"
 	"local/oauth2"
+	"local/router"
 	"local/storage"
 	"net/http"
 	"net/url"
@@ -11,18 +12,20 @@ import (
 )

 func (s *Server) authorize(w http.ResponseWriter, r *http.Request) {
+	scope := ""
+	router.Params(r, &scope)
 	s.limiter.Wait(r.Context())
 	if r.Method != "POST" {
 		http.NotFound(w, r)
 		return
 	}
-	id := r.FormValue("username")
+	id := scope + "." + r.FormValue("username")
 	user, ok := s.getUser(id)
 	if !ok {
 		http.Error(w, "unknown user", http.StatusForbidden)
 		return
 	}
-	access, ok := s.getAccess(user)
+	access, ok := s.getAccess(scope, user)
 	if !ok {
 		http.Error(w, "no oauth for user", http.StatusForbidden)
 		return
@@ -45,23 +48,23 @@ func (s *Server) authorize(w http.ResponseWriter, r *http.Request) {
 	}
 }

-func (s *Server) genAuth(user string) {
+func (s *Server) genAuth(scope, user string) {
 	access := uuid.New().String()
 	token := uuid.New().String()
 	s.store.Set(user, []byte(access), ACCESS)
-	s.store.Set(access, []byte(token), TOKEN)
+	s.store.Set(scope+"."+access, []byte(token), TOKEN)
 }

-func (s *Server) getAccess(user string) (string, bool) {
+func (s *Server) getAccess(scope, user string) (string, bool) {
 	access, err := s.store.Get(user, ACCESS)
 	if err == storage.ErrNotFound {
-		s.genAuth(user)
+		s.genAuth(scope, user)
 		access, err = s.store.Get(user, ACCESS)
 	}
 	return string(access), err == nil
 }

-func (s *Server) getToken(access string) (string, bool) {
-	token, err := s.store.Get(access, TOKEN)
+func (s *Server) getToken(scope, access string) (string, bool) {
+	token, err := s.store.Get(scope+"."+access, TOKEN)
 	return string(token), err == nil
 }