hackathon/api/auth.go

package api

import (
	"context"
	"encoding/json"
	"fmt"
	"io"
	"log"
	"net/http"
	"time"

	"github.com/hhhapz/hackathon/auth"
	"golang.org/x/oauth2"
)

type AuthService struct {
	oauthConfig auth.OAuthConfig
	oauthStore  OAuthStore
	userStore   UserStore
}

func (as *AuthService) GenOauth(w http.ResponseWriter, r *http.Request, params GenOauthParams) {
	// We enforce callback field in production.
	if inProd && params.Callback != "https://hackathon.teamortix.com" {
		serverError(w, http.StatusUnprocessableEntity, "invalid callback provided")
	}

	page := as.oauthConfig.AuthCodeURL(as.oauthStore, params.Callback)
	w.WriteHeader(http.StatusOK)

	w.Header().Set("Content-Type", "application/json")
	json.NewEncoder(w).Encode(ConsentPage{page})
}

var couldNotValidate = "Unable to authorize. Please try again.\nIf this issue persists, please contact an admin."

func (as *AuthService) AuthorizeCallback(w http.ResponseWriter, r *http.Request, params AuthorizeCallbackParams) {
	callback, token, err := as.oauthConfig.Exchange(r.Context(), as.oauthStore, params.State, params.Code)
	if err == auth.ErrInvalidState {
		serverError(w, http.StatusUnprocessableEntity, "Invalid state provided")
		return
	}
	if err != nil {
		log.Printf("error: could not perform token: %v", err)
		serverError(w, http.StatusInternalServerError, couldNotValidate)
		return
	}

	accessToken, err := as.consumeToken(r.Context(), token)
	if err != nil {
		log.Printf("error: could not consume oauth token: %v", err)
		http.Redirect(w, r, callback+"/fail", http.StatusFound)
		return
	}

	http.SetCookie(w, &http.Cookie{
		Name:     "token",
		Value:    accessToken,
		Path:     "/",
		Expires:  time.Now().Add(time.Hour * 24 * 14), // 2 weeks
		SameSite: http.SameSiteNoneMode,               // handled via CSRF
		Secure:   inProd,
	})
	http.Redirect(w, r, callback+"/success", http.StatusFound)
}

const userinfoEndpoint = "https://www.googleapis.com/oauth2/v2/userinfo?access_token="

func (as *AuthService) consumeToken(ctx context.Context, token *oauth2.Token) (string, error) {
	endpoint := userinfoEndpoint + token.AccessToken
	client := as.oauthConfig.Client(ctx, token)

	res, err := client.Get(endpoint)
	if err != nil {
		return "", fmt.Errorf("could not get userinfo: %v", err)
	}
	defer res.Body.Close()

	buf, err := io.ReadAll(res.Body)
	if err != nil {
		return "", fmt.Errorf("could not read request body: %v", err)
	}

	user, err := as.userStore.DecodeUser(ctx, buf)
	if err != nil {
		return "", fmt.Errorf("could not create or get user from body: %v", err)
	}

	tk, err := as.userStore.CreateToken(ctx, user)
	if err != nil {
		return "", fmt.Errorf("could not create user token: %v", err)
	}

	return tk.Token, nil
}

func (as *AuthService) DeleteToken(w http.ResponseWriter, r *http.Request, params DeleteTokenParams) {
	var all bool
	if params.All != nil {
		all = *params.All
	}

	var err error
	if all {
		user, err := as.userStore.UserByToken(r.Context(), params.Token)
		if err != nil {
			serverError(w, http.StatusUnauthorized, "Invalid token provided.")
			return
		}

		_, err = as.userStore.RevokeUserTokens(r.Context(), user)
	} else {
		err = as.userStore.RevokeToken(r.Context(), params.Token)
	}

	if err != nil {
		log.Printf("Could not revoke user token %#v: %v", params, err)
		serverError(w, http.StatusInternalServerError, "Could not revoke token.")
		return
	}

	w.WriteHeader(http.StatusNoContent)
}
feat: add project scaffolding alongside /auth/{\|code\|authorize\|token} 2021-09-28 23:57:59 +07:00			`package api`

			`import (`
			`"context"`
			`"encoding/json"`
			`"fmt"`
			`"io"`
			`"log"`
			`"net/http"`
			`"time"`

			`"github.com/hhhapz/hackathon/auth"`
			`"golang.org/x/oauth2"`
			`)`

			`type AuthService struct {`
			`oauthConfig auth.OAuthConfig`
			`oauthStore OAuthStore`
			`userStore UserStore`
			`}`

			`func (as AuthService) GenOauth(w http.ResponseWriter, r http.Request, params GenOauthParams) {`
			`// We enforce callback field in production.`
			`if inProd && params.Callback != "https://hackathon.teamortix.com" {`
			`serverError(w, http.StatusUnprocessableEntity, "invalid callback provided")`
			`}`

			`page := as.oauthConfig.AuthCodeURL(as.oauthStore, params.Callback)`
			`w.WriteHeader(http.StatusOK)`

			`w.Header().Set("Content-Type", "application/json")`
			`json.NewEncoder(w).Encode(ConsentPage{page})`
			`}`

			`var couldNotValidate = "Unable to authorize. Please try again.\nIf this issue persists, please contact an admin."`

			`func (as AuthService) AuthorizeCallback(w http.ResponseWriter, r http.Request, params AuthorizeCallbackParams) {`
			`callback, token, err := as.oauthConfig.Exchange(r.Context(), as.oauthStore, params.State, params.Code)`
			`if err == auth.ErrInvalidState {`
			`serverError(w, http.StatusUnprocessableEntity, "Invalid state provided")`
			`return`
			`}`
			`if err != nil {`
			`log.Printf("error: could not perform token: %v", err)`
			`serverError(w, http.StatusInternalServerError, couldNotValidate)`
			`return`
			`}`

			`accessToken, err := as.consumeToken(r.Context(), token)`
			`if err != nil {`
			`log.Printf("error: could not consume oauth token: %v", err)`
			`http.Redirect(w, r, callback+"/fail", http.StatusFound)`
			`return`
			`}`

			`http.SetCookie(w, &http.Cookie{`
			`Name: "token",`
			`Value: accessToken,`
			`Path: "/",`
			`Expires: time.Now().Add(time.Hour * 24 * 14), // 2 weeks`
			`SameSite: http.SameSiteNoneMode, // handled via CSRF`
			`Secure: inProd,`
			`})`
			`http.Redirect(w, r, callback+"/success", http.StatusFound)`
			`}`

			`const userinfoEndpoint = "https://www.googleapis.com/oauth2/v2/userinfo?access_token="`

			`func (as AuthService) consumeToken(ctx context.Context, token oauth2.Token) (string, error) {`
			`endpoint := userinfoEndpoint + token.AccessToken`
			`client := as.oauthConfig.Client(ctx, token)`

			`res, err := client.Get(endpoint)`
			`if err != nil {`
			`return "", fmt.Errorf("could not get userinfo: %v", err)`
			`}`
			`defer res.Body.Close()`

			`buf, err := io.ReadAll(res.Body)`
			`if err != nil {`
			`return "", fmt.Errorf("could not read request body: %v", err)`
			`}`

			`user, err := as.userStore.DecodeUser(ctx, buf)`
			`if err != nil {`
			`return "", fmt.Errorf("could not create or get user from body: %v", err)`
			`}`

			`tk, err := as.userStore.CreateToken(ctx, user)`
			`if err != nil {`
			`return "", fmt.Errorf("could not create user token: %v", err)`
			`}`

			`return tk.Token, nil`
			`}`

			`func (as AuthService) DeleteToken(w http.ResponseWriter, r http.Request, params DeleteTokenParams) {`
			`var all bool`
			`if params.All != nil {`
			`all = *params.All`
			`}`

			`var err error`
			`if all {`
			`user, err := as.userStore.UserByToken(r.Context(), params.Token)`
			`if err != nil {`
			`serverError(w, http.StatusUnauthorized, "Invalid token provided.")`
			`return`
			`}`

			`_, err = as.userStore.RevokeUserTokens(r.Context(), user)`
			`} else {`
			`err = as.userStore.RevokeToken(r.Context(), params.Token)`
			`}`

			`if err != nil {`
			`log.Printf("Could not revoke user token %#v: %v", params, err)`
			`serverError(w, http.StatusInternalServerError, "Could not revoke token.")`
			`return`
			`}`

			`w.WriteHeader(http.StatusNoContent)`
			`}`