2022-07-06 23:19:05 +02:00
|
|
|
package auth
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
2022-07-15 17:52:37 +02:00
|
|
|
"fmt"
|
2022-12-16 17:06:03 +02:00
|
|
|
"io"
|
2022-07-06 23:19:05 +02:00
|
|
|
"net/http"
|
|
|
|
|
|
|
|
"golang.org/x/oauth2"
|
|
|
|
)
|
|
|
|
|
|
|
|
// baseProvider defines common fields and methods used by OAuth2 client providers.
|
|
|
|
type baseProvider struct {
|
2023-03-01 23:29:45 +02:00
|
|
|
ctx context.Context
|
2022-07-06 23:19:05 +02:00
|
|
|
scopes []string
|
|
|
|
clientId string
|
|
|
|
clientSecret string
|
|
|
|
redirectUrl string
|
|
|
|
authUrl string
|
|
|
|
tokenUrl string
|
|
|
|
userApiUrl string
|
|
|
|
}
|
|
|
|
|
2023-03-01 23:29:45 +02:00
|
|
|
// Context implements Provider.Context() interface method.
|
|
|
|
func (p *baseProvider) Context() context.Context {
|
|
|
|
return p.ctx
|
|
|
|
}
|
|
|
|
|
|
|
|
// SetContext implements Provider.SetContext() interface method.
|
|
|
|
func (p *baseProvider) SetContext(ctx context.Context) {
|
|
|
|
p.ctx = ctx
|
|
|
|
}
|
|
|
|
|
|
|
|
// Scopes implements Provider.Scopes() interface method.
|
2022-07-06 23:19:05 +02:00
|
|
|
func (p *baseProvider) Scopes() []string {
|
|
|
|
return p.scopes
|
|
|
|
}
|
|
|
|
|
2023-03-01 23:29:45 +02:00
|
|
|
// SetScopes implements Provider.SetScopes() interface method.
|
2022-07-06 23:19:05 +02:00
|
|
|
func (p *baseProvider) SetScopes(scopes []string) {
|
|
|
|
p.scopes = scopes
|
|
|
|
}
|
|
|
|
|
2023-03-01 23:29:45 +02:00
|
|
|
// ClientId implements Provider.ClientId() interface method.
|
2022-07-06 23:19:05 +02:00
|
|
|
func (p *baseProvider) ClientId() string {
|
|
|
|
return p.clientId
|
|
|
|
}
|
|
|
|
|
2023-03-01 23:29:45 +02:00
|
|
|
// SetClientId implements Provider.SetClientId() interface method.
|
2022-07-06 23:19:05 +02:00
|
|
|
func (p *baseProvider) SetClientId(clientId string) {
|
|
|
|
p.clientId = clientId
|
|
|
|
}
|
|
|
|
|
2023-03-01 23:29:45 +02:00
|
|
|
// ClientSecret implements Provider.ClientSecret() interface method.
|
2022-07-06 23:19:05 +02:00
|
|
|
func (p *baseProvider) ClientSecret() string {
|
|
|
|
return p.clientSecret
|
|
|
|
}
|
|
|
|
|
2023-03-01 23:29:45 +02:00
|
|
|
// SetClientSecret implements Provider.SetClientSecret() interface method.
|
2022-07-06 23:19:05 +02:00
|
|
|
func (p *baseProvider) SetClientSecret(secret string) {
|
|
|
|
p.clientSecret = secret
|
|
|
|
}
|
|
|
|
|
2023-03-01 23:29:45 +02:00
|
|
|
// RedirectUrl implements Provider.RedirectUrl() interface method.
|
2022-07-06 23:19:05 +02:00
|
|
|
func (p *baseProvider) RedirectUrl() string {
|
|
|
|
return p.redirectUrl
|
|
|
|
}
|
|
|
|
|
2023-03-01 23:29:45 +02:00
|
|
|
// SetRedirectUrl implements Provider.SetRedirectUrl() interface method.
|
2022-07-06 23:19:05 +02:00
|
|
|
func (p *baseProvider) SetRedirectUrl(url string) {
|
|
|
|
p.redirectUrl = url
|
|
|
|
}
|
|
|
|
|
2023-03-01 23:29:45 +02:00
|
|
|
// AuthUrl implements Provider.AuthUrl() interface method.
|
2022-07-06 23:19:05 +02:00
|
|
|
func (p *baseProvider) AuthUrl() string {
|
|
|
|
return p.authUrl
|
|
|
|
}
|
|
|
|
|
2023-03-01 23:29:45 +02:00
|
|
|
// SetAuthUrl implements Provider.SetAuthUrl() interface method.
|
2022-07-06 23:19:05 +02:00
|
|
|
func (p *baseProvider) SetAuthUrl(url string) {
|
|
|
|
p.authUrl = url
|
|
|
|
}
|
|
|
|
|
2023-03-01 23:29:45 +02:00
|
|
|
// TokenUrl implements Provider.TokenUrl() interface method.
|
2022-07-06 23:19:05 +02:00
|
|
|
func (p *baseProvider) TokenUrl() string {
|
|
|
|
return p.tokenUrl
|
|
|
|
}
|
|
|
|
|
2023-03-01 23:29:45 +02:00
|
|
|
// SetTokenUrl implements Provider.SetTokenUrl() interface method.
|
2022-07-06 23:19:05 +02:00
|
|
|
func (p *baseProvider) SetTokenUrl(url string) {
|
|
|
|
p.tokenUrl = url
|
|
|
|
}
|
|
|
|
|
2023-03-01 23:29:45 +02:00
|
|
|
// UserApiUrl implements Provider.UserApiUrl() interface method.
|
2022-07-06 23:19:05 +02:00
|
|
|
func (p *baseProvider) UserApiUrl() string {
|
|
|
|
return p.userApiUrl
|
|
|
|
}
|
|
|
|
|
2023-03-01 23:29:45 +02:00
|
|
|
// SetUserApiUrl implements Provider.SetUserApiUrl() interface method.
|
2022-07-06 23:19:05 +02:00
|
|
|
func (p *baseProvider) SetUserApiUrl(url string) {
|
|
|
|
p.userApiUrl = url
|
|
|
|
}
|
|
|
|
|
2023-03-01 23:29:45 +02:00
|
|
|
// BuildAuthUrl implements Provider.BuildAuthUrl() interface method.
|
2022-07-06 23:19:05 +02:00
|
|
|
func (p *baseProvider) BuildAuthUrl(state string, opts ...oauth2.AuthCodeOption) string {
|
|
|
|
return p.oauth2Config().AuthCodeURL(state, opts...)
|
|
|
|
}
|
|
|
|
|
2023-03-01 23:29:45 +02:00
|
|
|
// FetchToken implements Provider.FetchToken() interface method.
|
2022-07-06 23:19:05 +02:00
|
|
|
func (p *baseProvider) FetchToken(code string, opts ...oauth2.AuthCodeOption) (*oauth2.Token, error) {
|
2023-03-01 23:29:45 +02:00
|
|
|
return p.oauth2Config().Exchange(p.ctx, code, opts...)
|
2022-07-06 23:19:05 +02:00
|
|
|
}
|
|
|
|
|
2023-03-01 23:29:45 +02:00
|
|
|
// Client implements Provider.Client() interface method.
|
2022-07-06 23:19:05 +02:00
|
|
|
func (p *baseProvider) Client(token *oauth2.Token) *http.Client {
|
2023-03-01 23:29:45 +02:00
|
|
|
return p.oauth2Config().Client(p.ctx, token)
|
2022-07-06 23:19:05 +02:00
|
|
|
}
|
|
|
|
|
2023-03-01 23:29:45 +02:00
|
|
|
// FetchRawUserData implements Provider.FetchRawUserData() interface method.
|
2022-11-30 15:16:09 +02:00
|
|
|
func (p *baseProvider) FetchRawUserData(token *oauth2.Token) ([]byte, error) {
|
2023-03-01 23:29:45 +02:00
|
|
|
req, err := http.NewRequestWithContext(p.ctx, "GET", p.userApiUrl, nil)
|
2022-11-13 14:20:11 +02:00
|
|
|
if err != nil {
|
2022-11-30 15:16:09 +02:00
|
|
|
return nil, err
|
2022-11-13 14:20:11 +02:00
|
|
|
}
|
|
|
|
|
2022-11-30 15:16:09 +02:00
|
|
|
return p.sendRawUserDataRequest(req, token)
|
2022-11-13 14:20:11 +02:00
|
|
|
}
|
|
|
|
|
2022-11-30 15:16:09 +02:00
|
|
|
// sendRawUserDataRequest sends the specified user data request and return its raw response body.
|
|
|
|
func (p *baseProvider) sendRawUserDataRequest(req *http.Request, token *oauth2.Token) ([]byte, error) {
|
2022-07-06 23:19:05 +02:00
|
|
|
client := p.Client(token)
|
|
|
|
|
2023-03-01 23:29:45 +02:00
|
|
|
res, err := client.Do(req)
|
2022-07-06 23:19:05 +02:00
|
|
|
if err != nil {
|
2022-11-30 15:16:09 +02:00
|
|
|
return nil, err
|
2022-07-06 23:19:05 +02:00
|
|
|
}
|
2023-03-01 23:29:45 +02:00
|
|
|
defer res.Body.Close()
|
2022-07-06 23:19:05 +02:00
|
|
|
|
2023-03-01 23:29:45 +02:00
|
|
|
result, err := io.ReadAll(res.Body)
|
2022-07-06 23:19:05 +02:00
|
|
|
if err != nil {
|
2022-11-30 15:16:09 +02:00
|
|
|
return nil, err
|
2022-07-06 23:19:05 +02:00
|
|
|
}
|
|
|
|
|
2022-07-15 17:52:37 +02:00
|
|
|
// http.Client.Get doesn't treat non 2xx responses as error
|
2023-03-01 23:29:45 +02:00
|
|
|
if res.StatusCode >= 400 {
|
2022-11-30 15:16:09 +02:00
|
|
|
return nil, fmt.Errorf(
|
2023-03-01 23:29:45 +02:00
|
|
|
"failed to fetch OAuth2 user profile via %s (%d):\n%s",
|
2022-07-15 17:52:37 +02:00
|
|
|
p.userApiUrl,
|
2023-03-01 23:29:45 +02:00
|
|
|
res.StatusCode,
|
2022-11-30 15:16:09 +02:00
|
|
|
string(result),
|
2022-07-15 17:52:37 +02:00
|
|
|
)
|
|
|
|
}
|
|
|
|
|
2022-11-30 15:16:09 +02:00
|
|
|
return result, nil
|
2022-07-06 23:19:05 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
// oauth2Config constructs a oauth2.Config instance based on the provider settings.
|
|
|
|
func (p *baseProvider) oauth2Config() *oauth2.Config {
|
|
|
|
return &oauth2.Config{
|
|
|
|
RedirectURL: p.redirectUrl,
|
|
|
|
ClientID: p.clientId,
|
|
|
|
ClientSecret: p.clientSecret,
|
|
|
|
Scopes: p.scopes,
|
|
|
|
Endpoint: oauth2.Endpoint{
|
|
|
|
AuthURL: p.authUrl,
|
|
|
|
TokenURL: p.tokenUrl,
|
|
|
|
},
|
|
|
|
}
|
|
|
|
}
|