Wannabe oauth implementation

2019-10-20 12:59:50 -06:00
commit 6dc2e074fb
11 changed files with 548 additions and 0 deletions
--- a/oauth2server/server/users.go
+++ b/oauth2server/server/users.go
@@ -0,0 +1,82 @@
+package server
+
+import (
+	"crypto/hmac"
+	"crypto/md5"
+	"crypto/sha256"
+	"encoding/hex"
+	"fmt"
+	"local/oauth2/oauth2server/config"
+	"net/http"
+
+	"github.com/google/uuid"
+)
+
+func (s *Server) usersLog(w http.ResponseWriter, r *http.Request) {
+	fmt.Fprintln(w, `
+      <html>
+         <body>
+            <form method="post" action="/authorize">
+               <input type="text" name="username"></input>
+               <input type="submit"></input>
+            </form>
+         </body>
+      </html>
+   `)
+}
+
+func (s *Server) usersRegister(w http.ResponseWriter, r *http.Request) {
+	fmt.Fprintln(w, `
+      <html>
+         <body>
+            <form method="post" action="/users/submit">
+               <input type="text" name="username"></input>
+               <input type="submit"></input>
+            </form>
+         </body>
+      </html>
+   `)
+}
+
+func (s *Server) usersSubmit(w http.ResponseWriter, r *http.Request) {
+	if r.Method != "POST" {
+		http.NotFound(w, r)
+		return
+	}
+	id := r.FormValue("username")
+	if _, ok := s.getUser(id); ok {
+		http.Error(w, "user already exists", http.StatusConflict)
+		return
+	}
+	s.genUser(id)
+}
+
+func (s *Server) genUser(id string) {
+	user := uuid.New().String()
+	salt := uuid.New().String()
+	s.store.Set(id, []byte(salt), SALT)
+	obscured := s.obscureID(id)
+	s.store.Set(obscured, []byte(user), USERS)
+}
+
+func (s *Server) getUser(id string) (string, bool) {
+	obscured := s.obscureID(id)
+	user, err := s.store.Get(obscured, USERS)
+	return string(user), err == nil
+}
+
+func (s *Server) obscureID(id string) string {
+	salt, _ := s.store.Get(id, SALT)
+	a := s.obscure(string(salt)+id, config.SecretA)
+	b := s.obscure(string(salt)+id, config.SecretB)
+	return a + b
+}
+
+func (s *Server) obscure(payload, secret string) string {
+	hash := md5.New()
+	hash.Write([]byte(secret))
+	key := hash.Sum(nil)
+	sig := hmac.New(sha256.New, key)
+	sig.Write([]byte(payload))
+	return hex.EncodeToString(sig.Sum(nil))
+}