package db import ( "context" "fmt" "os" "sync" "time" "golang.org/x/oauth2" "golang.org/x/oauth2/google" ) const ( base = "https://www.googleapis.com" scopeEmail = base + "/auth/userinfo.email" scopeProfile = base + "/auth/userinfo.profile" ) type OAuthState struct { *oauth2.Config states map[string]oauthEntry m sync.Mutex } type oauthEntry struct { created time.Time callback string } func NewOAuthState(path string) (*OAuthState, error) { key, err := os.ReadFile(path) if err != nil { return nil, fmt.Errorf("could not open file: %w", err) } config, err := google.ConfigFromJSON(key, scopeEmail, scopeProfile) if err != nil { return nil, fmt.Errorf("could not load config: %w", err) } return &OAuthState{ Config: config, states: make(map[string]oauthEntry), m: sync.Mutex{}, }, nil } func (o *OAuthState) Create(callback string) string { o.m.Lock() defer o.m.Unlock() var state string ok := true for ok { state = createToken(32) _, ok = o.states[state] } o.states[state] = oauthEntry{ created: time.Now(), callback: callback, } return o.Config.AuthCodeURL(state, oauth2.AccessTypeOffline) } func (o *OAuthState) Validate(state string) (string, bool) { o.m.Lock() defer o.m.Unlock() entry, ok := o.states[state] if !ok { return "", false } return entry.callback, true } func (o *OAuthState) Exchange(ctx context.Context, code string) (*oauth2.Token, error) { tk, err := o.Config.Exchange(ctx, code, oauth2.AccessTypeOffline) return tk, err } func (o *OAuthState) Remove(code string) { o.m.Lock() defer o.m.Unlock() delete(o.states, code) } func (o *OAuthState) GarbageCycle(period time.Duration, duration time.Duration) { tick := time.NewTicker(period) clean := func() { o.m.Lock() defer o.m.Unlock() now := time.Now() for state, entry := range o.states { if now.After(entry.created.Add(duration)) { delete(o.states, state) } } } for { select { case <-tick.C: clean() } } }