pocketbase/tools/auth/github.go

package auth

import (
	"encoding/json"
	"io"
	"strconv"

	"golang.org/x/oauth2"
	"golang.org/x/oauth2/github"
)

var _ Provider = (*Github)(nil)

// NameGithub is the unique name of the Github provider.
const NameGithub string = "github"

// Github allows authentication via Github OAuth2.
type Github struct {
	*baseProvider
}

// NewGithubProvider creates new Github provider instance with some defaults.
func NewGithubProvider() *Github {
	return &Github{&baseProvider{
		scopes:     []string{"read:user", "user:email"},
		authUrl:    github.Endpoint.AuthURL,
		tokenUrl:   github.Endpoint.TokenURL,
		userApiUrl: "https://api.github.com/user",
	}}
}

// FetchAuthUser returns an AuthUser instance based the Github's user api.
//
// API reference: https://docs.github.com/en/rest/reference/users#get-the-authenticated-user
func (p *Github) FetchAuthUser(token *oauth2.Token) (*AuthUser, error) {
	data, err := p.FetchRawUserData(token)
	if err != nil {
		return nil, err
	}

	rawUser := map[string]any{}
	if err := json.Unmarshal(data, &rawUser); err != nil {
		return nil, err
	}

	extracted := struct {
		Login     string `json:"login"`
		Id        int    `json:"id"`
		Name      string `json:"name"`
		Email     string `json:"email"`
		AvatarUrl string `json:"avatar_url"`
	}{}
	if err := json.Unmarshal(data, &extracted); err != nil {
		return nil, err
	}

	user := &AuthUser{
		Id:          strconv.Itoa(extracted.Id),
		Name:        extracted.Name,
		Username:    extracted.Login,
		Email:       extracted.Email,
		AvatarUrl:   extracted.AvatarUrl,
		RawUser:     rawUser,
		AccessToken: token.AccessToken,
	}

	// in case user has set "Keep my email address private", send an
	// **optional** API request to retrieve the verified primary email
	if user.Email == "" {
		client := p.Client(token)

		response, err := client.Get(p.userApiUrl + "/emails")
		if err != nil {
			return user, err
		}
		defer response.Body.Close()

		// ignore not found errors caused by unsufficient scope permissions
		// (the email field is optional, return the auth user without it)
		if response.StatusCode == 404 {
			return user, nil
		}

		content, err := io.ReadAll(response.Body)
		if err != nil {
			return user, err
		}

		emails := []struct {
			Email    string
			Verified bool
			Primary  bool
		}{}
		if err := json.Unmarshal(content, &emails); err != nil {
			return user, err
		}

		// extract the verified primary email
		for _, email := range emails {
			if email.Verified && email.Primary {
				user.Email = email.Email
				break
			}
		}
	}

	return user, nil
}
initial public commit 2022-07-06 23:19:05 +02:00			`package auth`

			`import (`
			`"encoding/json"`
updated linter 2022-12-16 17:06:03 +02:00			`"io"`
initial public commit 2022-07-06 23:19:05 +02:00			`"strconv"`

			`"golang.org/x/oauth2"`
updated the oauth2 providers to use the existing oauth2 endpoints and removed the email from spotify 2022-11-13 13:25:14 +02:00			`"golang.org/x/oauth2/github"`
initial public commit 2022-07-06 23:19:05 +02:00			`)`

			`var _ Provider = (*Github)(nil)`

			`// NameGithub is the unique name of the Github provider.`
			`const NameGithub string = "github"`

			`// Github allows authentication via Github OAuth2.`
			`type Github struct {`
			`*baseProvider`
			`}`

			`// NewGithubProvider creates new Github provider instance with some defaults.`
			`func NewGithubProvider() *Github {`
			`return &Github{&baseProvider{`
[#207] use read-only scopes for the GitHub OAuth2 provider 2022-07-24 17:04:53 +02:00			`scopes: []string{"read:user", "user:email"},`
updated the oauth2 providers to use the existing oauth2 endpoints and removed the email from spotify 2022-11-13 13:25:14 +02:00			`authUrl: github.Endpoint.AuthURL,`
			`tokenUrl: github.Endpoint.TokenURL,`
initial public commit 2022-07-06 23:19:05 +02:00			`userApiUrl: "https://api.github.com/user",`
			`}}`
			`}`

			`// FetchAuthUser returns an AuthUser instance based the Github's user api.`
[#654] updated OAuth2 providers to return the access token and raw user data 2022-11-30 15:16:09 +02:00			`//`
			`// API reference: https://docs.github.com/en/rest/reference/users#get-the-authenticated-user`
initial public commit 2022-07-06 23:19:05 +02:00			`func (p Github) FetchAuthUser(token oauth2.Token) (*AuthUser, error) {`
[#654] updated OAuth2 providers to return the access token and raw user data 2022-11-30 15:16:09 +02:00			`data, err := p.FetchRawUserData(token)`
			`if err != nil {`
			`return nil, err`
			`}`

			`rawUser := map[string]any{}`
			`if err := json.Unmarshal(data, &rawUser); err != nil {`
			`return nil, err`
			`}`

			`extracted := struct {`
[#385] added username to the OAuth2 AuthUser model 2022-09-05 15:15:27 +02:00			Login string `json:"login"`
initial public commit 2022-07-06 23:19:05 +02:00			Id int `json:"id"`
			Name string `json:"name"`
			Email string `json:"email"`
			AvatarUrl string `json:"avatar_url"`
			`}{}`
[#654] updated OAuth2 providers to return the access token and raw user data 2022-11-30 15:16:09 +02:00			`if err := json.Unmarshal(data, &extracted); err != nil {`
initial public commit 2022-07-06 23:19:05 +02:00			`return nil, err`
			`}`

			`user := &AuthUser{`
[#654] updated OAuth2 providers to return the access token and raw user data 2022-11-30 15:16:09 +02:00			`Id: strconv.Itoa(extracted.Id),`
			`Name: extracted.Name,`
			`Username: extracted.Login,`
			`Email: extracted.Email,`
			`AvatarUrl: extracted.AvatarUrl,`
			`RawUser: rawUser,`
			`AccessToken: token.AccessToken,`
initial public commit 2022-07-06 23:19:05 +02:00			`}`

updated the GitHub provider to ignore extra emails request errors in case of unsufficient custom scopes 2022-12-31 14:58:30 +02:00			`// in case user has set "Keep my email address private", send an`
			`// optional API request to retrieve the verified primary email`
initial public commit 2022-07-06 23:19:05 +02:00			`if user.Email == "" {`
			`client := p.Client(token)`

			`response, err := client.Get(p.userApiUrl + "/emails")`
			`if err != nil {`
			`return user, err`
			`}`
			`defer response.Body.Close()`

updated the GitHub provider to ignore extra emails request errors in case of unsufficient custom scopes 2022-12-31 14:58:30 +02:00			`// ignore not found errors caused by unsufficient scope permissions`
			`// (the email field is optional, return the auth user without it)`
			`if response.StatusCode == 404 {`
			`return user, nil`
			`}`

updated linter 2022-12-16 17:06:03 +02:00			`content, err := io.ReadAll(response.Body)`
initial public commit 2022-07-06 23:19:05 +02:00			`if err != nil {`
			`return user, err`
			`}`

			`emails := []struct {`
			`Email string`
			`Verified bool`
			`Primary bool`
			`}{}`
			`if err := json.Unmarshal(content, &emails); err != nil {`
			`return user, err`
			`}`

			`// extract the verified primary email`
			`for _, email := range emails {`
			`if email.Verified && email.Primary {`
			`user.Email = email.Email`
			`break`
			`}`
			`}`
			`}`

			`return user, nil`
			`}`