103 lines
2.8 KiB
Go
Raw Normal View History

2017-06-07 16:06:57 +00:00
package main
import (
"encoding/json"
"errors"
"io/ioutil"
"net/http"
"github.com/aerogo/aero"
2017-06-07 19:12:59 +00:00
"github.com/animenotifier/arn"
2017-06-07 16:06:57 +00:00
"golang.org/x/oauth2"
"golang.org/x/oauth2/google"
)
2017-06-07 19:12:59 +00:00
// GoogleUser is the user data we receive from Google
type GoogleUser struct {
Sub string `json:"sub"`
Name string `json:"name"`
GivenName string `json:"given_name"`
FamilyName string `json:"family_name"`
Profile string `json:"profile"`
Picture string `json:"picture"`
Email string `json:"email"`
EmailVerified bool `json:"email_verified"`
Gender string `json:"gender"`
}
2017-06-07 16:06:57 +00:00
// EnableGoogleLogin enables Google login for the app.
func EnableGoogleLogin(app *aero.Application) {
conf := &oauth2.Config{
2017-06-15 13:50:39 +00:00
ClientID: apiKeys.Google.ID,
ClientSecret: apiKeys.Google.Secret,
2017-06-15 17:56:09 +00:00
RedirectURL: "https://" + app.Config.Domain + "/auth/google/callback",
2017-06-07 16:06:57 +00:00
Scopes: []string{
"https://www.googleapis.com/auth/userinfo.email",
},
Endpoint: google.Endpoint,
}
// Auth
app.Get("/auth/google", func(ctx *aero.Context) string {
2017-06-07 19:12:59 +00:00
sessionID := ctx.Session().ID()
url := conf.AuthCodeURL(sessionID)
2017-06-07 16:06:57 +00:00
ctx.Redirect(url)
return ""
})
// Auth Callback
app.Get("/auth/google/callback", func(ctx *aero.Context) string {
2017-06-08 21:26:58 +00:00
session := ctx.Session()
if session.ID() != ctx.Query("state") {
2017-06-07 19:12:59 +00:00
return ctx.Error(http.StatusUnauthorized, "Authorization not allowed for this session", errors.New("Google login failed: Incorrect state"))
2017-06-07 16:06:57 +00:00
}
// Handle the exchange code to initiate a transport
token, err := conf.Exchange(oauth2.NoContext, ctx.Query("code"))
2017-06-07 19:12:59 +00:00
2017-06-07 16:06:57 +00:00
if err != nil {
return ctx.Error(http.StatusBadRequest, "Could not obtain OAuth token", err)
}
// Construct the OAuth client
client := conf.Client(oauth2.NoContext, token)
2017-06-15 13:50:39 +00:00
// Fetch user data from Google
2017-06-07 16:06:57 +00:00
resp, err := client.Get("https://www.googleapis.com/oauth2/v3/userinfo")
2017-06-07 19:12:59 +00:00
2017-06-07 16:06:57 +00:00
if err != nil {
return ctx.Error(http.StatusBadRequest, "Failed requesting user data from Google", err)
}
2017-06-07 19:12:59 +00:00
2017-06-07 16:06:57 +00:00
defer resp.Body.Close()
2017-06-07 19:12:59 +00:00
data, _ := ioutil.ReadAll(resp.Body)
2017-06-15 13:50:39 +00:00
// Construct a GoogleUser object
2017-06-07 19:12:59 +00:00
var googleUser GoogleUser
err = json.Unmarshal(data, &googleUser)
if err != nil {
return ctx.Error(http.StatusBadRequest, "Failed parsing user data (JSON)", err)
}
2017-06-15 19:59:14 +00:00
// Try to find an existing user by the Google user ID
user, getErr := arn.GetUserFromTable("GoogleToUser", googleUser.Sub)
2017-06-07 19:12:59 +00:00
2017-06-15 19:59:14 +00:00
if getErr == nil && user != nil {
session.Set("userId", user.ID)
return ctx.Redirect("/")
2017-06-07 19:12:59 +00:00
}
2017-06-15 19:59:14 +00:00
// Try to find an existing user by the associated e-mail address
user, getErr = arn.GetUserByEmail(googleUser.Email)
if getErr == nil && user != nil {
session.Set("userId", user.ID)
return ctx.Redirect("/")
}
2017-06-07 16:06:57 +00:00
2017-06-15 19:59:14 +00:00
return ctx.Error(http.StatusForbidden, "Account does not exist", err)
2017-06-07 16:06:57 +00:00
})
}