auth/google.go

package auth

import (
	"context"
	"errors"
	"io/ioutil"
	"net/http"
	"strings"

	"github.com/aerogo/aero"
	"github.com/animenotifier/notify.moe/arn"
	"github.com/animenotifier/notify.moe/assets"
	"github.com/animenotifier/notify.moe/utils"
	jsoniter "github.com/json-iterator/go"
	"golang.org/x/oauth2"
	"golang.org/x/oauth2/google"
)

// GoogleUser is the user data we receive from Google
type GoogleUser struct {
	Sub        string `json:"sub"`
	GivenName  string `json:"given_name"`
	FamilyName string `json:"family_name"`
	Email      string `json:"email"`
	Gender     string `json:"gender"`

	// Name          string `json:"name"`
	// Profile       string `json:"profile"`
	// Picture       string `json:"picture"`
	// EmailVerified bool   `json:"email_verified"`
}

// InstallGoogleAuth enables Google login for the app.
func InstallGoogleAuth(app *aero.Application) {
	// OAuth2 configuration defines the API keys,
	// scopes of required data and the redirect URL
	// that Google should send the user to after
	// a successful login on their pages.
	config := &oauth2.Config{
		ClientID:     arn.APIKeys.Google.ID,
		ClientSecret: arn.APIKeys.Google.Secret,
		RedirectURL:  "https://" + assets.Domain + "/auth/google/callback",
		Scopes: []string{
			"https://www.googleapis.com/auth/userinfo.email",
			"https://www.googleapis.com/auth/userinfo.profile",
			// "https://www.googleapis.com/auth/plus.me",
			// "https://www.googleapis.com/auth/plus.login",
		},
		Endpoint: google.Endpoint,
	}

	// When a user visits /auth/google, we ask OAuth2 config for a URL
	// to redirect the user to. Once the user has logged in on that page,
	// he'll be redirected back to our servers to the callback page.
	app.Get("/auth/google", func(ctx aero.Context) error {
		state := ctx.Session().ID()
		url := config.AuthCodeURL(state)
		return ctx.Redirect(http.StatusTemporaryRedirect, url)
	})

	// This is the redirect URL that we specified in the OAuth2 config.
	// The user has successfully completed the login on Google servers.
	// Now we have to check for fraud requests and request user information.
	// If both Google ID and email can't be found in our DB, register a new user.
	// Otherwise, log in the user with the given Google ID or email.
	app.Get("/auth/google/callback", func(ctx aero.Context) error {
		if !ctx.HasSession() {
			return ctx.Error(http.StatusUnauthorized, "Google login failed", errors.New("Session does not exist"))
		}

		session := ctx.Session()

		if session.ID() != ctx.Query("state") {
			return ctx.Error(http.StatusUnauthorized, "Google login failed", errors.New("Incorrect state"))
		}

		// Handle the exchange code to initiate a transport
		token, err := config.Exchange(context.Background(), ctx.Query("code"))

		if err != nil {
			return ctx.Error(http.StatusBadRequest, "Could not obtain OAuth token", err)
		}

		// Construct the OAuth client
		client := config.Client(context.Background(), token)

		// Fetch user data from Google
		response, err := client.Get("https://www.googleapis.com/oauth2/v3/userinfo")

		if err != nil {
			return ctx.Error(http.StatusBadRequest, "Failed requesting user data from Google", err)
		}

		defer response.Body.Close()
		data, _ := ioutil.ReadAll(response.Body)

		// Construct a GoogleUser object
		var googleUser GoogleUser
		err = jsoniter.Unmarshal(data, &googleUser)

		if err != nil {
			return ctx.Error(http.StatusBadRequest, "Failed parsing user data (JSON)", err)
		}

		if googleUser.Sub == "" {
			return ctx.Error(http.StatusBadRequest, "Failed retrieving Google data", errors.New("Empty ID"))
		}

		// Change googlemail.com to gmail.com
		googleUser.Email = strings.Replace(googleUser.Email, "googlemail.com", "gmail.com", 1)

		// Is this an existing user connecting another social account?
		user := utils.GetUser(ctx)

		if user != nil {
			// Add GoogleToUser reference
			user.ConnectGoogle(googleUser.Sub)

			// Save in DB
			user.Save()

			// Log
			authLog.Info("Added Google ID to existing account | %s | %s | %s | %s | %s", user.Nick, user.ID, ctx.IP(), user.Email, user.RealName())

			return ctx.Redirect(http.StatusTemporaryRedirect, "/")
		}

		var getErr error

		// Try to find an existing user via the Google user ID
		user, getErr = arn.GetUserByGoogleID(googleUser.Sub)

		if getErr == nil && user != nil {
			authLog.Info("User logged in via Google ID | %s | %s | %s | %s | %s", user.Nick, user.ID, ctx.IP(), user.Email, user.RealName())

			user.LastLogin = arn.DateTimeUTC()
			user.Save()

			session.Set("userId", user.ID)
			return ctx.Redirect(http.StatusTemporaryRedirect, "/")
		}

		// Try to find an existing user via the associated e-mail address
		user, getErr = arn.GetUserByEmail(googleUser.Email)

		if getErr == nil && user != nil {
			authLog.Info("User logged in via Email | %s | %s | %s | %s | %s", user.Nick, user.ID, ctx.IP(), user.Email, user.RealName())

			// Add GoogleToUser reference
			user.ConnectGoogle(googleUser.Sub)

			user.LastLogin = arn.DateTimeUTC()
			user.Save()

			session.Set("userId", user.ID)
			return ctx.Redirect(http.StatusTemporaryRedirect, "/")
		}

		// Register new user
		user = arn.NewUser()
		user.Nick = "g" + googleUser.Sub
		user.Email = googleUser.Email
		user.FirstName = googleUser.GivenName
		user.LastName = googleUser.FamilyName
		user.Gender = googleUser.Gender
		user.LastLogin = arn.DateTimeUTC()

		// Save basic user info already to avoid data inconsistency problems
		user.Save()

		// Register user
		arn.RegisterUser(user)

		// Connect account to a Google account
		user.ConnectGoogle(googleUser.Sub)

		// Save user object again with updated data
		user.Save()

		// Login
		session.Set("userId", user.ID)

		// Log
		authLog.Info("Registered new user via Google | %s | %s | %s | %s | %s", user.Nick, user.ID, ctx.IP(), user.Email, user.RealName())

		// Redirect to starting page for new users
		return ctx.Redirect(http.StatusTemporaryRedirect, newUserStartRoute)
	})
}
Authentication code is in auth now 2017-06-16 23:32:47 +00:00			`package auth`
Basics of Google login are implemented 2017-06-07 16:06:57 +00:00
			`import (`
Applied suggested linter changes 2018-04-25 23:14:23 +00:00			`"context"`
Basics of Google login are implemented 2017-06-07 16:06:57 +00:00			`"errors"`
			`"io/ioutil"`
			`"net/http"`
Facebook login 2017-07-02 21:42:46 +00:00			`"strings"`
Basics of Google login are implemented 2017-06-07 16:06:57 +00:00
			`"github.com/aerogo/aero"`
Added arn to the main repository 2019-06-03 09:32:43 +00:00			`"github.com/animenotifier/notify.moe/arn"`
Upgraded to latest aero version 2019-06-01 04:55:49 +00:00			`"github.com/animenotifier/notify.moe/assets"`
Implemented new user registrations 2017-06-22 20:26:52 +00:00			`"github.com/animenotifier/notify.moe/utils"`
Use jsoniter to improve performance 2018-07-02 00:39:25 +00:00			`jsoniter "github.com/json-iterator/go"`
Basics of Google login are implemented 2017-06-07 16:06:57 +00:00			`"golang.org/x/oauth2"`
			`"golang.org/x/oauth2/google"`
			`)`

Implemented Google login 2017-06-07 19:12:59 +00:00			`// GoogleUser is the user data we receive from Google`
			`type GoogleUser struct {`
Disabled unused identifiers 2018-12-07 01:06:01 +00:00			Sub string `json:"sub"`
			GivenName string `json:"given_name"`
			FamilyName string `json:"family_name"`
			Email string `json:"email"`
			Gender string `json:"gender"`

			// Name string `json:"name"`
			// Profile string `json:"profile"`
			// Picture string `json:"picture"`
			// EmailVerified bool `json:"email_verified"`
Implemented Google login 2017-06-07 19:12:59 +00:00			`}`

Authentication code is in auth now 2017-06-16 23:32:47 +00:00			`// InstallGoogleAuth enables Google login for the app.`
			`func InstallGoogleAuth(app *aero.Application) {`
Improved documentation of authorization code 2018-06-04 08:28:16 +00:00			`// OAuth2 configuration defines the API keys,`
			`// scopes of required data and the redirect URL`
			`// that Google should send the user to after`
			`// a successful login on their pages.`
Minor changes 2017-06-17 17:50:30 +00:00			`config := &oauth2.Config{`
Implemented music page 2017-06-27 14:23:57 +00:00			`ClientID: arn.APIKeys.Google.ID,`
			`ClientSecret: arn.APIKeys.Google.Secret,`
Upgraded to latest aero version 2019-06-01 04:55:49 +00:00			`RedirectURL: "https://" + assets.Domain + "/auth/google/callback",`
Basics of Google login are implemented 2017-06-07 16:06:57 +00:00			`Scopes: []string{`
			`"https://www.googleapis.com/auth/userinfo.email",`
Minor changes 2017-06-17 17:50:30 +00:00			`"https://www.googleapis.com/auth/userinfo.profile",`
			`// "https://www.googleapis.com/auth/plus.me",`
			`// "https://www.googleapis.com/auth/plus.login",`
Basics of Google login are implemented 2017-06-07 16:06:57 +00:00			`},`
			`Endpoint: google.Endpoint,`
			`}`

Improved documentation of authorization code 2018-06-04 08:28:16 +00:00			`// When a user visits /auth/google, we ask OAuth2 config for a URL`
			`// to redirect the user to. Once the user has logged in on that page,`
			`// he'll be redirected back to our servers to the callback page.`
Upgraded to latest aero version 2019-06-01 04:55:49 +00:00			`app.Get("/auth/google", func(ctx aero.Context) error {`
Facebook login 2017-07-02 21:42:46 +00:00			`state := ctx.Session().ID()`
			`url := config.AuthCodeURL(state)`
Use temporary redirects 2019-06-03 06:06:57 +00:00			`return ctx.Redirect(http.StatusTemporaryRedirect, url)`
Basics of Google login are implemented 2017-06-07 16:06:57 +00:00			`})`

Improved documentation of authorization code 2018-06-04 08:28:16 +00:00			`// This is the redirect URL that we specified in the OAuth2 config.`
			`// The user has successfully completed the login on Google servers.`
			`// Now we have to check for fraud requests and request user information.`
			`// If both Google ID and email can't be found in our DB, register a new user.`
			`// Otherwise, log in the user with the given Google ID or email.`
Upgraded to latest aero version 2019-06-01 04:55:49 +00:00			`app.Get("/auth/google/callback", func(ctx aero.Context) error {`
Heavily improved sessions 2017-06-17 20:19:26 +00:00			`if !ctx.HasSession() {`
Better error messages 2017-06-17 21:43:57 +00:00			`return ctx.Error(http.StatusUnauthorized, "Google login failed", errors.New("Session does not exist"))`
Heavily improved sessions 2017-06-17 20:19:26 +00:00			`}`

Persistent sessions are working now 2017-06-08 21:26:58 +00:00			`session := ctx.Session()`

			`if session.ID() != ctx.Query("state") {`
Better error messages 2017-06-17 21:43:57 +00:00			`return ctx.Error(http.StatusUnauthorized, "Google login failed", errors.New("Incorrect state"))`
Basics of Google login are implemented 2017-06-07 16:06:57 +00:00			`}`

			`// Handle the exchange code to initiate a transport`
Applied suggested linter changes 2018-04-25 23:14:23 +00:00			`token, err := config.Exchange(context.Background(), ctx.Query("code"))`
Implemented Google login 2017-06-07 19:12:59 +00:00
Basics of Google login are implemented 2017-06-07 16:06:57 +00:00			`if err != nil {`
			`return ctx.Error(http.StatusBadRequest, "Could not obtain OAuth token", err)`
			`}`

			`// Construct the OAuth client`
Applied suggested linter changes 2018-04-25 23:14:23 +00:00			`client := config.Client(context.Background(), token)`
Basics of Google login are implemented 2017-06-07 16:06:57 +00:00
Improved auth and logging 2017-06-15 13:50:39 +00:00			`// Fetch user data from Google`
Improved code readability 2019-03-04 02:33:08 +00:00			`response, err := client.Get("https://www.googleapis.com/oauth2/v3/userinfo")`
Implemented Google login 2017-06-07 19:12:59 +00:00
Basics of Google login are implemented 2017-06-07 16:06:57 +00:00			`if err != nil {`
			`return ctx.Error(http.StatusBadRequest, "Failed requesting user data from Google", err)`
			`}`
Implemented Google login 2017-06-07 19:12:59 +00:00
Improved code readability 2019-03-04 02:33:08 +00:00			`defer response.Body.Close()`
			`data, _ := ioutil.ReadAll(response.Body)`
Implemented Google login 2017-06-07 19:12:59 +00:00
Improved auth and logging 2017-06-15 13:50:39 +00:00			`// Construct a GoogleUser object`
Implemented Google login 2017-06-07 19:12:59 +00:00			`var googleUser GoogleUser`
Use jsoniter to improve performance 2018-07-02 00:39:25 +00:00			`err = jsoniter.Unmarshal(data, &googleUser)`
Implemented Google login 2017-06-07 19:12:59 +00:00
			`if err != nil {`
			`return ctx.Error(http.StatusBadRequest, "Failed parsing user data (JSON)", err)`
			`}`

Added status messages 2017-07-12 18:37:34 +00:00			`if googleUser.Sub == "" {`
			`return ctx.Error(http.StatusBadRequest, "Failed retrieving Google data", errors.New("Empty ID"))`
			`}`

Facebook login 2017-07-02 21:42:46 +00:00			`// Change googlemail.com to gmail.com`
			`googleUser.Email = strings.Replace(googleUser.Email, "googlemail.com", "gmail.com", 1)`

Implemented new user registrations 2017-06-22 20:26:52 +00:00			`// Is this an existing user connecting another social account?`
			`user := utils.GetUser(ctx)`

			`if user != nil {`
Started working on new user registration 2017-06-22 18:51:11 +00:00			`// Add GoogleToUser reference`
Refactor to use aerogo/database 2017-10-27 07:11:56 +00:00			`user.ConnectGoogle(googleUser.Sub)`
Implemented new user registrations 2017-06-22 20:26:52 +00:00
Fixed account connect 2017-07-02 22:00:41 +00:00			`// Save in DB`
			`user.Save()`

			`// Log`
Upgraded to latest aero version 2019-06-01 04:55:49 +00:00			`authLog.Info("Added Google ID to existing account \| %s \| %s \| %s \| %s \| %s", user.Nick, user.ID, ctx.IP(), user.Email, user.RealName())`
Facebook login 2017-07-02 21:42:46 +00:00
Use temporary redirects 2019-06-03 06:06:57 +00:00			`return ctx.Redirect(http.StatusTemporaryRedirect, "/")`
Implemented new user registrations 2017-06-22 20:26:52 +00:00			`}`

			`var getErr error`

			`// Try to find an existing user via the Google user ID`
Refactor to use aerogo/database 2017-10-27 07:11:56 +00:00			`user, getErr = arn.GetUserByGoogleID(googleUser.Sub)`
Implemented new user registrations 2017-06-22 20:26:52 +00:00
			`if getErr == nil && user != nil {`
Upgraded to latest aero version 2019-06-01 04:55:49 +00:00			`authLog.Info("User logged in via Google ID \| %s \| %s \| %s \| %s \| %s", user.Nick, user.ID, ctx.IP(), user.Email, user.RealName())`
Implemented new user registrations 2017-06-22 20:26:52 +00:00
			`user.LastLogin = arn.DateTimeUTC()`
			`user.Save()`
Started working on new user registration 2017-06-22 18:51:11 +00:00
Implemented logout 2017-06-15 19:59:14 +00:00			`session.Set("userId", user.ID)`
Use temporary redirects 2019-06-03 06:06:57 +00:00			`return ctx.Redirect(http.StatusTemporaryRedirect, "/")`
Implemented Google login 2017-06-07 19:12:59 +00:00			`}`

Implemented new user registrations 2017-06-22 20:26:52 +00:00			`// Try to find an existing user via the associated e-mail address`
Implemented logout 2017-06-15 19:59:14 +00:00			`user, getErr = arn.GetUserByEmail(googleUser.Email)`

			`if getErr == nil && user != nil {`
Upgraded to latest aero version 2019-06-01 04:55:49 +00:00			`authLog.Info("User logged in via Email \| %s \| %s \| %s \| %s \| %s", user.Nick, user.ID, ctx.IP(), user.Email, user.RealName())`
Implemented new user registrations 2017-06-22 20:26:52 +00:00
Connect accounts when logging in via email 2019-03-05 06:26:48 +00:00			`// Add GoogleToUser reference`
			`user.ConnectGoogle(googleUser.Sub)`

Implemented new user registrations 2017-06-22 20:26:52 +00:00			`user.LastLogin = arn.DateTimeUTC()`
			`user.Save()`

Implemented logout 2017-06-15 19:59:14 +00:00			`session.Set("userId", user.ID)`
Use temporary redirects 2019-06-03 06:06:57 +00:00			`return ctx.Redirect(http.StatusTemporaryRedirect, "/")`
Implemented logout 2017-06-15 19:59:14 +00:00			`}`
Basics of Google login are implemented 2017-06-07 16:06:57 +00:00
Implemented new user registrations 2017-06-22 20:26:52 +00:00			`// Register new user`
Started working on new user registration 2017-06-22 18:51:11 +00:00			`user = arn.NewUser()`
			`user.Nick = "g" + googleUser.Sub`
			`user.Email = googleUser.Email`
			`user.FirstName = googleUser.GivenName`
			`user.LastName = googleUser.FamilyName`
			`user.Gender = googleUser.Gender`
			`user.LastLogin = arn.DateTimeUTC()`

Implemented new user registrations 2017-06-22 20:26:52 +00:00			`// Save basic user info already to avoid data inconsistency problems`
			`user.Save()`

			`// Register user`
Refactor to use aerogo/database 2017-10-27 07:11:56 +00:00			`arn.RegisterUser(user)`
Implemented new user registrations 2017-06-22 20:26:52 +00:00
			`// Connect account to a Google account`
Refactor to use aerogo/database 2017-10-27 07:11:56 +00:00			`user.ConnectGoogle(googleUser.Sub)`
Implemented new user registrations 2017-06-22 20:26:52 +00:00
			`// Save user object again with updated data`
			`user.Save()`

			`// Login`
			`session.Set("userId", user.ID)`

			`// Log`
Upgraded to latest aero version 2019-06-01 04:55:49 +00:00			`authLog.Info("Registered new user via Google \| %s \| %s \| %s \| %s \| %s", user.Nick, user.ID, ctx.IP(), user.Email, user.RealName())`
Started working on new user registration 2017-06-22 18:51:11 +00:00
Fixed comment in auth 2018-06-04 08:18:07 +00:00			`// Redirect to starting page for new users`
Use temporary redirects 2019-06-03 06:06:57 +00:00			`return ctx.Redirect(http.StatusTemporaryRedirect, newUserStartRoute)`
Basics of Google login are implemented 2017-06-07 16:06:57 +00:00			`})`
			`}`