Moved server packages to a separate folder

server/auth/Facebook.go

@@ -0,0 +1,178 @@
+package auth
+
+import (
+	"context"
+	"errors"
+	"io/ioutil"
+	"net/http"
+	"strings"
+
+	"github.com/aerogo/aero"
+	"github.com/aerogo/log"
+	"github.com/animenotifier/notify.moe/arn"
+	"github.com/animenotifier/notify.moe/assets"
+	jsoniter "github.com/json-iterator/go"
+	"golang.org/x/oauth2"
+	"golang.org/x/oauth2/facebook"
+)
+
+// FacebookUser is the user data we receive from Facebook
+type FacebookUser struct {
+	ID        string `json:"id"`
+	Email     string `json:"email"`
+	FirstName string `json:"first_name"`
+	LastName  string `json:"last_name"`
+	Gender    string `json:"gender"`
+}
+
+// Facebook enables Facebook login for the app.
+func Facebook(app *aero.Application, authLog *log.Log) {
+	// OAuth2 configuration defines the API keys,
+	// scopes of required data and the redirect URL
+	// that Facebook should send the user to after
+	// a successful login on their pages.
+	config := &oauth2.Config{
+		ClientID:     arn.APIKeys.Facebook.ID,
+		ClientSecret: arn.APIKeys.Facebook.Secret,
+		RedirectURL:  "https://" + assets.Domain + "/auth/facebook/callback",
+		Scopes: []string{
+			"public_profile",
+			"email",
+		},
+		Endpoint: facebook.Endpoint,
+	}
+
+	// When a user visits /auth/facebook, we ask OAuth2 config for a URL
+	// to redirect the user to. Once the user has logged in on that page,
+	// he'll be redirected back to our servers to the callback page.
+	app.Get("/auth/facebook", func(ctx aero.Context) error {
+		state := ctx.Session().ID()
+		url := config.AuthCodeURL(state)
+		return ctx.Redirect(http.StatusTemporaryRedirect, url)
+	})
+
+	// This is the redirect URL that we specified in the OAuth2 config.
+	// The user has successfully completed the login on Facebook servers.
+	// Now we have to check for fraud requests and request user information.
+	// If both Facebook ID and email can't be found in our DB, register a new user.
+	// Otherwise, log in the user with the given Facebook ID or email.
+	app.Get("/auth/facebook/callback", func(ctx aero.Context) error {
+		if !ctx.HasSession() {
+			return ctx.Error(http.StatusUnauthorized, "Facebook login failed", errors.New("Session does not exist"))
+		}
+
+		session := ctx.Session()
+
+		if session.ID() != ctx.Query("state") {
+			return ctx.Error(http.StatusUnauthorized, "Facebook login failed", errors.New("Incorrect state"))
+		}
+
+		// Handle the exchange code to initiate a transport
+		token, err := config.Exchange(context.Background(), ctx.Query("code"))
+
+		if err != nil {
+			return ctx.Error(http.StatusBadRequest, "Could not obtain OAuth token", err)
+		}
+
+		// Construct the OAuth client
+		client := config.Client(context.Background(), token)
+
+		// Fetch user data from Facebook
+		response, err := client.Get("https://graph.facebook.com/me?fields=email,first_name,last_name,gender")
+
+		if err != nil {
+			return ctx.Error(http.StatusBadRequest, "Failed requesting user data from Facebook", err)
+		}
+
+		defer response.Body.Close()
+		body, _ := ioutil.ReadAll(response.Body)
+
+		// Construct a FacebookUser object
+		fbUser := FacebookUser{}
+		err = jsoniter.Unmarshal(body, &fbUser)
+
+		if err != nil {
+			return ctx.Error(http.StatusBadRequest, "Failed parsing user data (JSON)", err)
+		}
+
+		// Change googlemail.com to gmail.com
+		fbUser.Email = strings.Replace(fbUser.Email, "googlemail.com", "gmail.com", 1)
+
+		// Is this an existing user connecting another social account?
+		user := arn.GetUserFromContext(ctx)
+
+		if user != nil {
+			// Add FacebookToUser reference
+			user.ConnectFacebook(fbUser.ID)
+
+			// Save in DB
+			user.Save()
+
+			// Log
+			authLog.Info("Added Facebook ID to existing account | %s | %s | %s | %s | %s", user.Nick, user.ID, ctx.IP(), user.Email, user.RealName())
+
+			return ctx.Redirect(http.StatusTemporaryRedirect, "/")
+		}
+
+		var getErr error
+
+		// Try to find an existing user via the Facebook user ID
+		user, getErr = arn.GetUserByFacebookID(fbUser.ID)
+
+		if getErr == nil && user != nil {
+			authLog.Info("User logged in via Facebook ID | %s | %s | %s | %s | %s", user.Nick, user.ID, ctx.IP(), user.Email, user.RealName())
+
+			// Add FacebookToUser reference
+			user.ConnectFacebook(fbUser.ID)
+
+			user.LastLogin = arn.DateTimeUTC()
+			user.Save()
+
+			session.Set("userId", user.ID)
+			return ctx.Redirect(http.StatusTemporaryRedirect, "/")
+		}
+
+		// Try to find an existing user via the associated e-mail address
+		user, getErr = arn.GetUserByEmail(fbUser.Email)
+
+		if getErr == nil && user != nil {
+			authLog.Info("User logged in via Email | %s | %s | %s | %s | %s", user.Nick, user.ID, ctx.IP(), user.Email, user.RealName())
+
+			user.LastLogin = arn.DateTimeUTC()
+			user.Save()
+
+			session.Set("userId", user.ID)
+			return ctx.Redirect(http.StatusTemporaryRedirect, "/")
+		}
+
+		// Register new user
+		user = arn.NewUser()
+		user.Nick = "fb" + fbUser.ID
+		user.Email = fbUser.Email
+		user.FirstName = fbUser.FirstName
+		user.LastName = fbUser.LastName
+		user.Gender = fbUser.Gender
+		user.LastLogin = arn.DateTimeUTC()
+
+		// Save basic user info already to avoid data inconsistency problems
+		user.Save()
+
+		// Register user
+		arn.RegisterUser(user)
+
+		// Connect account to a Facebook account
+		user.ConnectFacebook(fbUser.ID)
+
+		// Save user object again with updated data
+		user.Save()
+
+		// Login
+		session.Set("userId", user.ID)
+
+		// Log
+		authLog.Info("Registered new user via Facebook | %s | %s | %s | %s | %s", user.Nick, user.ID, ctx.IP(), user.Email, user.RealName())
+
+		// Redirect to starting page for new users
+		return ctx.Redirect(http.StatusTemporaryRedirect, newUserStartRoute)
+	})
+}

server/auth/Google.go

@@ -0,0 +1,189 @@
+package auth
+
+import (
+	"context"
+	"errors"
+	"io/ioutil"
+	"net/http"
+	"strings"
+
+	"github.com/aerogo/aero"
+	"github.com/aerogo/log"
+	"github.com/animenotifier/notify.moe/arn"
+	"github.com/animenotifier/notify.moe/assets"
+	jsoniter "github.com/json-iterator/go"
+	"golang.org/x/oauth2"
+	"golang.org/x/oauth2/google"
+)
+
+// GoogleUser is the user data we receive from Google
+type GoogleUser struct {
+	Sub        string `json:"sub"`
+	GivenName  string `json:"given_name"`
+	FamilyName string `json:"family_name"`
+	Email      string `json:"email"`
+	Gender     string `json:"gender"`
+
+	// Name          string `json:"name"`
+	// Profile       string `json:"profile"`
+	// Picture       string `json:"picture"`
+	// EmailVerified bool   `json:"email_verified"`
+}
+
+// Google enables Google login for the app.
+func Google(app *aero.Application, authLog *log.Log) {
+	// OAuth2 configuration defines the API keys,
+	// scopes of required data and the redirect URL
+	// that Google should send the user to after
+	// a successful login on their pages.
+	config := &oauth2.Config{
+		ClientID:     arn.APIKeys.Google.ID,
+		ClientSecret: arn.APIKeys.Google.Secret,
+		RedirectURL:  "https://" + assets.Domain + "/auth/google/callback",
+		Scopes: []string{
+			"https://www.googleapis.com/auth/userinfo.email",
+			"https://www.googleapis.com/auth/userinfo.profile",
+			// "https://www.googleapis.com/auth/plus.me",
+			// "https://www.googleapis.com/auth/plus.login",
+		},
+		Endpoint: google.Endpoint,
+	}
+
+	// When a user visits /auth/google, we ask OAuth2 config for a URL
+	// to redirect the user to. Once the user has logged in on that page,
+	// he'll be redirected back to our servers to the callback page.
+	app.Get("/auth/google", func(ctx aero.Context) error {
+		state := ctx.Session().ID()
+		url := config.AuthCodeURL(state)
+		return ctx.Redirect(http.StatusTemporaryRedirect, url)
+	})
+
+	// This is the redirect URL that we specified in the OAuth2 config.
+	// The user has successfully completed the login on Google servers.
+	// Now we have to check for fraud requests and request user information.
+	// If both Google ID and email can't be found in our DB, register a new user.
+	// Otherwise, log in the user with the given Google ID or email.
+	app.Get("/auth/google/callback", func(ctx aero.Context) error {
+		if !ctx.HasSession() {
+			return ctx.Error(http.StatusUnauthorized, "Google login failed", errors.New("Session does not exist"))
+		}
+
+		session := ctx.Session()
+
+		if session.ID() != ctx.Query("state") {
+			return ctx.Error(http.StatusUnauthorized, "Google login failed", errors.New("Incorrect state"))
+		}
+
+		// Handle the exchange code to initiate a transport
+		token, err := config.Exchange(context.Background(), ctx.Query("code"))
+
+		if err != nil {
+			return ctx.Error(http.StatusBadRequest, "Could not obtain OAuth token", err)
+		}
+
+		// Construct the OAuth client
+		client := config.Client(context.Background(), token)
+
+		// Fetch user data from Google
+		response, err := client.Get("https://www.googleapis.com/oauth2/v3/userinfo")
+
+		if err != nil {
+			return ctx.Error(http.StatusBadRequest, "Failed requesting user data from Google", err)
+		}
+
+		defer response.Body.Close()
+		data, _ := ioutil.ReadAll(response.Body)
+
+		// Construct a GoogleUser object
+		var googleUser GoogleUser
+		err = jsoniter.Unmarshal(data, &googleUser)
+
+		if err != nil {
+			return ctx.Error(http.StatusBadRequest, "Failed parsing user data (JSON)", err)
+		}
+
+		if googleUser.Sub == "" {
+			return ctx.Error(http.StatusBadRequest, "Failed retrieving Google data", errors.New("Empty ID"))
+		}
+
+		// Change googlemail.com to gmail.com
+		googleUser.Email = strings.Replace(googleUser.Email, "googlemail.com", "gmail.com", 1)
+
+		// Is this an existing user connecting another social account?
+		user := arn.GetUserFromContext(ctx)
+
+		if user != nil {
+			// Add GoogleToUser reference
+			user.ConnectGoogle(googleUser.Sub)
+
+			// Save in DB
+			user.Save()
+
+			// Log
+			authLog.Info("Added Google ID to existing account | %s | %s | %s | %s | %s", user.Nick, user.ID, ctx.IP(), user.Email, user.RealName())
+
+			return ctx.Redirect(http.StatusTemporaryRedirect, "/")
+		}
+
+		var getErr error
+
+		// Try to find an existing user via the Google user ID
+		user, getErr = arn.GetUserByGoogleID(googleUser.Sub)
+
+		if getErr == nil && user != nil {
+			authLog.Info("User logged in via Google ID | %s | %s | %s | %s | %s", user.Nick, user.ID, ctx.IP(), user.Email, user.RealName())
+
+			user.LastLogin = arn.DateTimeUTC()
+			user.Save()
+
+			session.Set("userId", user.ID)
+			return ctx.Redirect(http.StatusTemporaryRedirect, "/")
+		}
+
+		// Try to find an existing user via the associated e-mail address
+		user, getErr = arn.GetUserByEmail(googleUser.Email)
+
+		if getErr == nil && user != nil {
+			authLog.Info("User logged in via Email | %s | %s | %s | %s | %s", user.Nick, user.ID, ctx.IP(), user.Email, user.RealName())
+
+			// Add GoogleToUser reference
+			user.ConnectGoogle(googleUser.Sub)
+
+			user.LastLogin = arn.DateTimeUTC()
+			user.Save()
+
+			session.Set("userId", user.ID)
+			return ctx.Redirect(http.StatusTemporaryRedirect, "/")
+		}
+
+		// Register new user
+		user = arn.NewUser()
+		user.Nick = "g" + googleUser.Sub
+		user.Email = googleUser.Email
+		user.FirstName = googleUser.GivenName
+		user.LastName = googleUser.FamilyName
+		user.Gender = googleUser.Gender
+		user.LastLogin = arn.DateTimeUTC()
+
+		// Save basic user info already to avoid data inconsistency problems
+		user.Save()
+
+		// Register user
+		arn.RegisterUser(user)
+
+		// Connect account to a Google account
+		user.ConnectGoogle(googleUser.Sub)
+
+		// Save user object again with updated data
+		user.Save()
+
+		// Login
+		session.Set("userId", user.ID)
+
+		// Log
+		authLog.Info("Registered new user via Google | %s | %s | %s | %s | %s", user.Nick, user.ID, ctx.IP(), user.Email, user.RealName())
+
+		// Redirect to starting page for new users
+		return ctx.Redirect(http.StatusTemporaryRedirect, newUserStartRoute)
+	})
+}

server/auth/Install.go

@@ -0,0 +1,25 @@
+package auth
+
+import (
+	"os"
+
+	"github.com/aerogo/aero"
+	"github.com/aerogo/log"
+)
+
+const newUserStartRoute = "/welcome"
+
+// Install installs all authentication routes in the application.
+func Install(app *aero.Application) {
+	authLog := log.New()
+	authLog.AddWriter(os.Stdout)
+	authLog.AddWriter(log.File("logs/auth.log"))
+
+	// Login
+	Google(app, authLog)
+	Facebook(app, authLog)
+	Twitter(app, authLog)
+
+	// Logout
+	Logout(app, authLog)
+}

server/auth/Logout.go

@@ -0,0 +1,27 @@
+package auth
+
+import (
+	"net/http"
+
+	"github.com/aerogo/aero"
+	"github.com/aerogo/log"
+	"github.com/animenotifier/notify.moe/arn"
+)
+
+// Logout is called when the user clicks the logout button.
+// It deletes the "userId" from the session.
+func Logout(app *aero.Application, authLog *log.Log) {
+	app.Get("/logout", func(ctx aero.Context) error {
+		if ctx.HasSession() {
+			user := arn.GetUserFromContext(ctx)
+
+			if user != nil {
+				authLog.Info("%s logged out | %s | %s | %s | %s", user.Nick, user.ID, ctx.IP(), user.Email, user.RealName())
+			}
+
+			ctx.Session().Delete("userId")
+		}
+
+		return ctx.Redirect(http.StatusTemporaryRedirect, "/")
+	})
+}

server/auth/Twitter.go

@@ -0,0 +1,194 @@
+package auth
+
+import (
+	"errors"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"strings"
+
+	"github.com/aerogo/aero"
+	"github.com/aerogo/log"
+	"github.com/animenotifier/notify.moe/arn"
+	"github.com/animenotifier/notify.moe/assets"
+	"github.com/gomodule/oauth1/oauth"
+	jsoniter "github.com/json-iterator/go"
+)
+
+// TwitterUser is the user data we receive from Twitter
+type TwitterUser struct {
+	ID          string `json:"id_str"`
+	Email       string `json:"email"`
+	Name        string `json:"name"`
+	Description string `json:"description"`
+	ScreenName  string `json:"screen_name"`
+}
+
+// Twitter enables Twitter login for the app.
+func Twitter(app *aero.Application, authLog *log.Log) {
+	// oauth1 configuration defines the API keys,
+	// the url for the request token, the access token and the authorisation.
+	config := &oauth.Client{
+		TemporaryCredentialRequestURI: "https://api.twitter.com/oauth/request_token",
+		ResourceOwnerAuthorizationURI: "https://api.twitter.com/oauth/authenticate",
+		TokenRequestURI:               "https://api.twitter.com/oauth/access_token",
+		Credentials: oauth.Credentials{
+			Token:  arn.APIKeys.Twitter.ID,
+			Secret: arn.APIKeys.Twitter.Secret,
+		},
+	}
+
+	// When a user visits /auth/twitter, we ask OAuth1 to give us
+	// a request token and give us a URL to redirect the user to.
+	// Once the user has approved the application on that page,
+	// he'll be redirected back to our servers to the callback page.
+	app.Get("/auth/twitter", func(ctx aero.Context) error {
+		callback := "https://" + assets.Domain + "/auth/twitter/callback"
+		tempCred, err := config.RequestTemporaryCredentials(nil, callback, nil)
+
+		if err != nil {
+			fmt.Printf("Error: %s", err)
+		}
+
+		ctx.Session().Set("tempCred", tempCred)
+		url := config.AuthorizationURL(tempCred, nil)
+		return ctx.Redirect(http.StatusTemporaryRedirect, url)
+	})
+
+	// This is the redirect URL that we specified in /auth/twitter.
+	// The user has allowed the application to have access to his data.
+	// Now we have to check for fraud requests and request user information.
+	// If both Twitter ID and email can't be found in our DB, register a new user.
+	// Otherwise, log in the user with the given Twitter ID or email.
+	app.Get("/auth/twitter/callback", func(ctx aero.Context) error {
+		if !ctx.HasSession() {
+			return ctx.Error(http.StatusUnauthorized, "Twitter login failed", errors.New("Session does not exist"))
+		}
+
+		session := ctx.Session()
+
+		// Get back the request token to get the access token
+		tempCred, _ := session.Get("tempCred").(*oauth.Credentials)
+		session.Delete("tempCred")
+
+		if tempCred == nil || tempCred.Token != ctx.Query("oauth_token") {
+			return ctx.Error(http.StatusBadRequest, "Unknown OAuth request token", nil)
+		}
+
+		// Get the request token from twitter
+		tokenCred, _, err := config.RequestToken(nil, tempCred, ctx.Query("oauth_verifier"))
+
+		if err != nil {
+			return ctx.Error(http.StatusBadRequest, "Could not obtain OAuth access token", err)
+		}
+
+		// Fetch user data from Twitter
+		params := url.Values{
+			"include_email": {"true"},
+			"skip_status":   {"true"},
+		}
+
+		response, err := config.Get(nil, tokenCred, "https://api.twitter.com/1.1/account/verify_credentials.json", params)
+
+		if err != nil {
+			return ctx.Error(http.StatusBadRequest, "Failed requesting user data from Twitter", err)
+		}
+
+		defer response.Body.Close()
+		body, _ := ioutil.ReadAll(response.Body)
+		fmt.Println(string(body))
+
+		// Construct a TwitterUser object
+		twUser := TwitterUser{}
+		err = jsoniter.Unmarshal(body, &twUser)
+
+		if err != nil {
+			return ctx.Error(http.StatusBadRequest, "Failed parsing user data (JSON)", err)
+		}
+
+		// Change googlemail.com to gmail.com
+		twUser.Email = strings.Replace(twUser.Email, "googlemail.com", "gmail.com", 1)
+
+		// Is this an existing user connecting another social account?
+		user := arn.GetUserFromContext(ctx)
+
+		if user != nil {
+			// Add TwitterToUser reference
+			user.ConnectTwitter(twUser.ID)
+
+			// Save in DB
+			user.Accounts.Twitter.Nick = twUser.ScreenName
+			user.Save()
+
+			// Log
+			authLog.Info("Added Twitter ID to existing account | %s | %s | %s | %s | %s", user.Nick, user.ID, ctx.IP(), user.Email, user.RealName())
+
+			return ctx.Redirect(http.StatusTemporaryRedirect, "/")
+		}
+
+		var getErr error
+
+		// Try to find an existing user via the Twitter user ID
+		user, getErr = arn.GetUserByTwitterID(twUser.ID)
+
+		if getErr == nil && user != nil {
+			authLog.Info("User logged in via Twitter ID | %s | %s | %s | %s | %s", user.Nick, user.ID, ctx.IP(), user.Email, user.RealName())
+
+			user.LastLogin = arn.DateTimeUTC()
+			user.Save()
+
+			session.Set("userId", user.ID)
+			return ctx.Redirect(http.StatusTemporaryRedirect, "/")
+		}
+
+		// Try to find an existing user via the associated e-mail address
+		user, getErr = arn.GetUserByEmail(twUser.Email)
+
+		if getErr == nil && user != nil {
+			authLog.Info("User logged in via Email | %s | %s | %s | %s | %s", user.Nick, user.ID, ctx.IP(), user.Email, user.RealName())
+
+			// Add TwitterToUser reference
+			user.ConnectTwitter(twUser.ID)
+
+			user.Accounts.Twitter.Nick = twUser.ScreenName
+			user.LastLogin = arn.DateTimeUTC()
+			user.Save()
+
+			session.Set("userId", user.ID)
+			return ctx.Redirect(http.StatusTemporaryRedirect, "/")
+		}
+
+		// Register new user
+		user = arn.NewUser()
+		user.Nick = "tw" + twUser.ID
+		user.Email = twUser.Email
+		user.LastLogin = arn.DateTimeUTC()
+		user.FirstName = twUser.Name
+
+		// Save basic user info already to avoid data inconsistency problems
+		user.Save()
+
+		// Register user
+		arn.RegisterUser(user)
+
+		// Connect account to a Twitter account
+		user.ConnectTwitter(twUser.ID)
+
+		// Copy fields
+		user.Accounts.Twitter.Nick = twUser.ScreenName
+		user.Introduction = twUser.Description
+
+		// Save user object again with updated data
+		user.Save()
+
+		// Login
+		session.Set("userId", user.ID)
+
+		// Log
+		authLog.Info("Registered new user via Twitter | %s | %s | %s | %s | %s", user.Nick, user.ID, ctx.IP(), user.Email, user.RealName())
+
+		// Redirect to starting page for new users
+		return ctx.Redirect(http.StatusTemporaryRedirect, newUserStartRoute)
+	})
+}