hackathon/db/oauth.go

package db

import (
	"context"
	"fmt"
	"os"
	"sync"
	"time"

	"golang.org/x/oauth2"
	"golang.org/x/oauth2/google"
)

const (
	base         = "https://www.googleapis.com"
	scopeEmail   = base + "/auth/userinfo.email"
	scopeProfile = base + "/auth/userinfo.profile"
)

type OAuthState struct {
	*oauth2.Config
	states map[string]oauthEntry
	m      sync.Mutex
}

type oauthEntry struct {
	created  time.Time
	callback string
}

func NewOAuthState(path string) (*OAuthState, error) {
	key, err := os.ReadFile(path)
	if err != nil {
		return nil, fmt.Errorf("could not open file: %w", err)
	}

	config, err := google.ConfigFromJSON(key, scopeEmail, scopeProfile)
	if err != nil {
		return nil, fmt.Errorf("could not load config: %w", err)
	}

	return &OAuthState{
		Config: config,
		states: make(map[string]oauthEntry),
		m:      sync.Mutex{},
	}, nil
}

func (o *OAuthState) Create(callback string) string {
	o.m.Lock()
	defer o.m.Unlock()

	var state string

	ok := true
	for ok {
		state = createToken(32)
		_, ok = o.states[state]
	}

	o.states[state] = oauthEntry{
		created:  time.Now(),
		callback: callback,
	}
	return o.Config.AuthCodeURL(state, oauth2.AccessTypeOffline)
}

func (o *OAuthState) Validate(state string) (string, bool) {
	o.m.Lock()
	defer o.m.Unlock()

	entry, ok := o.states[state]
	if !ok {
		return "", false
	}
	return entry.callback, true
}

func (o *OAuthState) Exchange(ctx context.Context, code string) (*oauth2.Token, error) {
	tk, err := o.Config.Exchange(ctx, code, oauth2.AccessTypeOffline)
	return tk, err
}

func (o *OAuthState) Remove(code string) {
	o.m.Lock()
	defer o.m.Unlock()

	delete(o.states, code)
}

func (o *OAuthState) GarbageCycle(period time.Duration, duration time.Duration) {
	tick := time.NewTicker(period)

	clean := func() {
		o.m.Lock()
		defer o.m.Unlock()

		now := time.Now()
		for state, entry := range o.states {
			if now.After(entry.created.Add(duration)) {
				delete(o.states, state)
			}
		}
	}

	for {
		select {
		case <-tick.C:
			clean()
		}
	}
}