71 lines
1.6 KiB
Go
71 lines
1.6 KiB
Go
package server
|
|
|
|
import (
|
|
"fmt"
|
|
"local/oauth2"
|
|
"local/router"
|
|
"local/storage"
|
|
"net/http"
|
|
"net/url"
|
|
|
|
"github.com/google/uuid"
|
|
)
|
|
|
|
func (s *Server) authorize(w http.ResponseWriter, r *http.Request) {
|
|
scope := ""
|
|
router.Params(r, &scope)
|
|
s.limiter.Wait(r.Context())
|
|
if r.Method != "POST" {
|
|
http.NotFound(w, r)
|
|
return
|
|
}
|
|
id := scope + "." + r.FormValue("username")
|
|
user, ok := s.getUser(id)
|
|
if !ok {
|
|
http.Error(w, "unknown user", http.StatusForbidden)
|
|
return
|
|
}
|
|
access, ok := s.getAccess(scope, user)
|
|
if !ok {
|
|
http.Error(w, "no oauth for user", http.StatusForbidden)
|
|
return
|
|
}
|
|
q := r.URL.Query()
|
|
redirect := q.Get(oauth2.REDIRECT)
|
|
q.Del(oauth2.REDIRECT)
|
|
r.URL.RawQuery = q.Encode()
|
|
if redirect != "" {
|
|
url, _ := url.Parse(redirect)
|
|
if url.Scheme == "" {
|
|
url.Scheme = "http"
|
|
}
|
|
values := url.Query()
|
|
values.Set(oauth2.COOKIE, access)
|
|
url.RawQuery = values.Encode()
|
|
http.Redirect(w, r, url.String(), http.StatusSeeOther)
|
|
} else {
|
|
fmt.Fprintln(w, "OK")
|
|
}
|
|
}
|
|
|
|
func (s *Server) genAuth(scope, user string) {
|
|
access := uuid.New().String()
|
|
token := uuid.New().String()
|
|
s.store.Set(user, []byte(access), ACCESS)
|
|
s.store.Set(scope+"."+access, []byte(token), TOKEN)
|
|
}
|
|
|
|
func (s *Server) getAccess(scope, user string) (string, bool) {
|
|
access, err := s.store.Get(user, ACCESS)
|
|
if err == storage.ErrNotFound {
|
|
s.genAuth(scope, user)
|
|
access, err = s.store.Get(user, ACCESS)
|
|
}
|
|
return string(access), err == nil
|
|
}
|
|
|
|
func (s *Server) getToken(scope, access string) (string, bool) {
|
|
token, err := s.store.Get(scope+"."+access, TOKEN)
|
|
return string(token), err == nil
|
|
}
|