too much effort into the garbage
This commit is contained in:
bel
@@ -3,12 +3,13 @@ package oauth2client
|
||||
import (
|
||||
"crypto/tls"
|
||||
"errors"
|
||||
"gitea.inhome.blapointe.com/local/oauth2"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"strconv"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"gitea.inhome.blapointe.com/local/oauth2"
|
||||
)
|
||||
|
||||
type cached struct {
|
||||
@@ -25,7 +26,7 @@ func Authenticate(server, scope string, w http.ResponseWriter, r *http.Request)
|
||||
}
|
||||
access, exists := findAccess(w, r)
|
||||
if !exists {
|
||||
return login(oauth2server, scope, w, r)
|
||||
return login(scope, w, r)
|
||||
}
|
||||
return verify(access, oauth2server, scope, w, r)
|
||||
}
|
||||
@@ -44,12 +45,20 @@ func findAccessFresh(w http.ResponseWriter, r *http.Request) (string, bool) {
|
||||
if !found {
|
||||
access, found = findAccessFreshCookie(w, r)
|
||||
}
|
||||
if !found {
|
||||
access, found = findAccessFreshBasicAuth(w, r)
|
||||
}
|
||||
if found {
|
||||
setCookie(oauth2.COOKIE, access, "", w)
|
||||
}
|
||||
return access, found
|
||||
}
|
||||
|
||||
func findAccessFreshBasicAuth(w http.ResponseWriter, r *http.Request) (string, bool) {
|
||||
_, p, ok := r.BasicAuth()
|
||||
return p, ok
|
||||
}
|
||||
|
||||
func findAccessFreshQueryParam(w http.ResponseWriter, r *http.Request) (string, bool) {
|
||||
q := r.URL.Query()
|
||||
access := q.Get(oauth2.NEWCOOKIE)
|
||||
@@ -88,21 +97,17 @@ func findAccessStable(w http.ResponseWriter, r *http.Request) (string, bool) {
|
||||
return access.Value, true
|
||||
}
|
||||
|
||||
func login(oauth2server *url.URL, scope string, w http.ResponseWriter, r *http.Request) error {
|
||||
oauth2server.Path = "/users/log/" + scope
|
||||
url := *r.URL
|
||||
url.Host = r.Host
|
||||
if url.Scheme == "" {
|
||||
url.Scheme = oauth2server.Scheme
|
||||
}
|
||||
if url.Scheme == "" {
|
||||
url.Scheme = "https"
|
||||
}
|
||||
q := oauth2server.Query()
|
||||
q.Set(oauth2.REDIRECT, url.String())
|
||||
oauth2server.RawQuery = q.Encode()
|
||||
http.Redirect(w, r, oauth2server.String(), http.StatusSeeOther)
|
||||
return errors.New("logging in")
|
||||
func login(scope string, w http.ResponseWriter, r *http.Request) error {
|
||||
w.Header().Set("WWW-Authenticate", "Basic")
|
||||
w.WriteHeader(403)
|
||||
return errors.New("login pls")
|
||||
}
|
||||
|
||||
var HTTPClient = &http.Client{
|
||||
Timeout: 5 * time.Second,
|
||||
Transport: &http.Transport{
|
||||
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
|
||||
},
|
||||
}
|
||||
|
||||
func verify(access string, oauth2server *url.URL, scope string, w http.ResponseWriter, r *http.Request) error {
|
||||
@@ -118,19 +123,14 @@ func verify(access string, oauth2server *url.URL, scope string, w http.ResponseW
|
||||
}
|
||||
req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
|
||||
req.Header.Add("Content-Length", strconv.Itoa(len(data.Encode())))
|
||||
c := &http.Client{
|
||||
Timeout: 5 * time.Second,
|
||||
Transport: &http.Transport{
|
||||
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
|
||||
},
|
||||
}
|
||||
c := HTTPClient
|
||||
resp, err := c.Do(req)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
if resp.StatusCode != http.StatusOK {
|
||||
return login(oauth2server, scope, w, r)
|
||||
return login(scope, w, r)
|
||||
}
|
||||
cache[scope] = cached{
|
||||
access: access,
|
||||
|
||||
Reference in New Issue
Block a user