Authentication code is in auth now
This commit is contained in:
102
auth/google.go
Normal file
102
auth/google.go
Normal file
@ -0,0 +1,102 @@
|
||||
package auth
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"io/ioutil"
|
||||
"net/http"
|
||||
|
||||
"github.com/aerogo/aero"
|
||||
"github.com/animenotifier/arn"
|
||||
"golang.org/x/oauth2"
|
||||
"golang.org/x/oauth2/google"
|
||||
)
|
||||
|
||||
// GoogleUser is the user data we receive from Google
|
||||
type GoogleUser struct {
|
||||
Sub string `json:"sub"`
|
||||
Name string `json:"name"`
|
||||
GivenName string `json:"given_name"`
|
||||
FamilyName string `json:"family_name"`
|
||||
Profile string `json:"profile"`
|
||||
Picture string `json:"picture"`
|
||||
Email string `json:"email"`
|
||||
EmailVerified bool `json:"email_verified"`
|
||||
Gender string `json:"gender"`
|
||||
}
|
||||
|
||||
// InstallGoogleAuth enables Google login for the app.
|
||||
func InstallGoogleAuth(app *aero.Application) {
|
||||
conf := &oauth2.Config{
|
||||
ClientID: apiKeys.Google.ID,
|
||||
ClientSecret: apiKeys.Google.Secret,
|
||||
RedirectURL: "https://" + app.Config.Domain + "/auth/google/callback",
|
||||
Scopes: []string{
|
||||
"https://www.googleapis.com/auth/userinfo.email",
|
||||
},
|
||||
Endpoint: google.Endpoint,
|
||||
}
|
||||
|
||||
// Auth
|
||||
app.Get("/auth/google", func(ctx *aero.Context) string {
|
||||
sessionID := ctx.Session().ID()
|
||||
url := conf.AuthCodeURL(sessionID)
|
||||
ctx.Redirect(url)
|
||||
return ""
|
||||
})
|
||||
|
||||
// Auth Callback
|
||||
app.Get("/auth/google/callback", func(ctx *aero.Context) string {
|
||||
session := ctx.Session()
|
||||
|
||||
if session.ID() != ctx.Query("state") {
|
||||
return ctx.Error(http.StatusUnauthorized, "Authorization not allowed for this session", errors.New("Google login failed: Incorrect state"))
|
||||
}
|
||||
|
||||
// Handle the exchange code to initiate a transport
|
||||
token, err := conf.Exchange(oauth2.NoContext, ctx.Query("code"))
|
||||
|
||||
if err != nil {
|
||||
return ctx.Error(http.StatusBadRequest, "Could not obtain OAuth token", err)
|
||||
}
|
||||
|
||||
// Construct the OAuth client
|
||||
client := conf.Client(oauth2.NoContext, token)
|
||||
|
||||
// Fetch user data from Google
|
||||
resp, err := client.Get("https://www.googleapis.com/oauth2/v3/userinfo")
|
||||
|
||||
if err != nil {
|
||||
return ctx.Error(http.StatusBadRequest, "Failed requesting user data from Google", err)
|
||||
}
|
||||
|
||||
defer resp.Body.Close()
|
||||
data, _ := ioutil.ReadAll(resp.Body)
|
||||
|
||||
// Construct a GoogleUser object
|
||||
var googleUser GoogleUser
|
||||
err = json.Unmarshal(data, &googleUser)
|
||||
|
||||
if err != nil {
|
||||
return ctx.Error(http.StatusBadRequest, "Failed parsing user data (JSON)", err)
|
||||
}
|
||||
|
||||
// Try to find an existing user by the Google user ID
|
||||
user, getErr := arn.GetUserFromTable("GoogleToUser", googleUser.Sub)
|
||||
|
||||
if getErr == nil && user != nil {
|
||||
session.Set("userId", user.ID)
|
||||
return ctx.Redirect("/")
|
||||
}
|
||||
|
||||
// Try to find an existing user by the associated e-mail address
|
||||
user, getErr = arn.GetUserByEmail(googleUser.Email)
|
||||
|
||||
if getErr == nil && user != nil {
|
||||
session.Set("userId", user.ID)
|
||||
return ctx.Redirect("/")
|
||||
}
|
||||
|
||||
return ctx.Error(http.StatusForbidden, "Account does not exist", err)
|
||||
})
|
||||
}
|
||||
Reference in New Issue
Block a user