Documentation ¶
Index ¶
Constants ¶
const ( // SessionAuthorizedToken is the key set in the gin context for the Token // of a User who has successfully passed Bearer token authorization. // The interface returned from grabbing this key should be parsed as oauth2.TokenInfo SessionAuthorizedToken = "authorized_token" // SessionAuthorizedUser is the key set in the gin context for the id of // a User who has successfully passed Bearer token authorization. // The interface returned from grabbing this key should be parsed as a *gtsmodel.User SessionAuthorizedUser = "authorized_user" // SessionAuthorizedAccount is the key set in the gin context for the Account // of a User who has successfully passed Bearer token authorization. // The interface returned from grabbing this key should be parsed as a *gtsmodel.Account SessionAuthorizedAccount = "authorized_account" // SessionAuthorizedApplication is the key set in the gin context for the Application // of a Client who has successfully passed Bearer token authorization. // The interface returned from grabbing this key should be parsed as a *gtsmodel.Application SessionAuthorizedApplication = "authorized_app" // OOBURI is the out-of-band oauth token uri OOBURI = "urn:ietf:wg:oauth:2.0:oob" // OOBTokenPath is the path to redirect out-of-band token requests to. OOBTokenPath = "/oauth/oob" // #nosec G101 else we get a hardcoded credentials warning // HelpfulAdvice is a handy hint to users; // particularly important during the login flow HelpfulAdvice = "" /* 188-byte string literal not displayed */ HelpfulAdviceGrant = "" /* 231-byte string literal not displayed */ )
Variables ¶
This section is empty.
Functions ¶
func DBTokenToToken ¶
DBTokenToToken is a lil util function that takes a database token and gives back a gotosocial token
func InvalidRequest ¶ added in v0.3.5
func InvalidRequest() error
InvalidRequest returns an oauth spec compliant 'invalid_request' error.
func NewClientStore ¶
NewClientStore returns an implementation of the oauth2 ClientStore interface, using the given db as a storage backend.
Types ¶
type Auth ¶
type Auth struct { Token oauth2.TokenInfo Application *gtsmodel.Application User *gtsmodel.User Account *gtsmodel.Account }
Auth wraps an authorized token, application, user, and account. It is used in the functions GetAuthed and MustAuth. Because the user might *not* be authed, any of the fields in this struct might be nil, so make sure to check that when you're using this struct anywhere.
func Authed ¶
func Authed(c *gin.Context, requireToken bool, requireApp bool, requireUser bool, requireAccount bool) (*Auth, error)
Authed is a convenience function for returning an Authed struct from a gin context. In essence, it tries to extract a token, application, user, and account from the context, and then sets them on a struct for convenience.
If any are not present in the context, they will be set to nil on the returned Authed struct.
If *ALL* are not present, then nil and an error will be returned.
If something goes wrong during parsing, then nil and an error will be returned (consider this not authed). Authed is like GetAuthed, but will fail if one of the requirements is not met.
type Server ¶
type Server interface { HandleTokenRequest(r *http.Request) (map[string]interface{}, gtserror.WithCode) HandleAuthorizeRequest(w http.ResponseWriter, r *http.Request) gtserror.WithCode ValidationBearerToken(r *http.Request) (oauth2.TokenInfo, error) GenerateUserAccessToken(ctx context.Context, ti oauth2.TokenInfo, clientSecret string, userID string) (accessToken oauth2.TokenInfo, err error) LoadAccessToken(ctx context.Context, access string) (accessToken oauth2.TokenInfo, err error) }
Server wraps some oauth2 server functions in an interface, exposing only what is needed