oauth2

package
v1.9.9 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 16, 2024 License: Apache-2.0 Imports: 20 Imported by: 18

Documentation

Overview

Copyright 2016 Wenhui Shen <www.webx.top>

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright 2016 Wenhui Shen <www.webx.top>

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright 2016 Wenhui Shen <www.webx.top>

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Index

Constants

View Source
const (
	// DefaultPath /oauth
	DefaultPath = "/oauth"

	// DefaultContextKey oauth_user
	DefaultContextKey = "oauth_user"
)
View Source
const SessionName = "EchoGoth"

SessionName is the key used to access the session store. we could use the echo's sessions default, but this session should be not confict with the cookie session name defined by the sessions manager

View Source
const StateSessionName = "EchoGothState"

Variables

View Source
var CompleteUserAuth = func(ctx echo.Context) (goth.User, error) {
	providerName, err := GetProviderName(ctx)
	if err != nil {
		return EmptyUser, err
	}

	provider, err := goth.GetProvider(providerName)
	if err != nil {
		return EmptyUser, err
	}

	errorDescription := ctx.Query(`error_description`)
	if len(errorDescription) > 0 {
		return EmptyUser, errors.New(providerName + `: ` + errorDescription)
	}

	sv, ok := ctx.Session().Get(SessionName).(string)
	if !ok || len(sv) == 0 {
		return EmptyUser, errors.New("could not find a matching session for this request")
	}

	defer func() {
		if err != nil {
			ctx.Session().Delete(SessionName).Save()
		}
	}()

	var sess goth.Session
	sess, err = provider.UnmarshalSession(sv)
	if err != nil {
		return EmptyUser, err
	}

	if cr, ok := sess.(echo.ContextRegister); ok {
		cr.SetContext(ctx)
	}

	err = validateState(ctx, sess)
	if err != nil {
		return EmptyUser, err
	}

	var user goth.User
	user, err = provider.FetchUser(sess)
	if err == nil {

		return user, err
	}

	params := ctx.Queries()
	if len(params) == 0 && ctx.IsPost() {
		params = ctx.Request().PostForm().All()
	}

	_, err = sess.Authorize(provider, url.Values(params))
	if err != nil {
		return EmptyUser, err
	}

	err = ctx.Session().Set(SessionName, sess.Marshal()).Save()
	if err != nil {
		return EmptyUser, err
	}

	user, err = provider.FetchUser(sess)
	return user, err
}

CompleteUserAuth does what it says on the tin. It completes the authentication process and fetches all of the basic information about the user from the provider. It expects to be able to get the name of the provider from the named parameters as either "provider" or url query parameter ":provider".

View Source
var (
	EmptyUser = goth.User{}
)
View Source
var ErrStateTokenMismatch = errors.New("state token mismatch")
View Source
var GetProviderName = getProviderName

GetProviderName is a function used to get the name of a provider for a given request. By default, this provider is fetched from the URL query string. If you provide it in a different way, assign your own function to this variable that returns the provider name for your request.

View Source
var GetState = func(ctx echo.Context) string {
	state := ctx.Query("state")
	if len(state) == 0 && ctx.IsPost() {
		state = ctx.Request().FormValue("state")
	}
	return state
}

GetState gets the state returned by the provider during the callback. This is used to prevent CSRF attacks, see http://tools.ietf.org/html/rfc6749#section-10.12

View Source
var SetState = func(ctx echo.Context) (string, error) {
	state := ctx.Query("state")
	if len(state) > 0 {
		return state, nil
	}

	nonceBytes := make([]byte, 64)
	_, err := io.ReadFull(rand.Reader, nonceBytes)
	if err != nil {
		err = errors.New("gothic: source of randomness unavailable: " + err.Error())
		return state, err
	}
	return base64.URLEncoding.EncodeToString(nonceBytes), nil
}

SetState sets the state string associated with the given request. If no state string is associated with the request, one will be generated. This state is sent to the provider and can be retrieved during the callback.

Functions

func BeginAuthHandler

func BeginAuthHandler(ctx echo.Context) error

BeginAuthHandler is a convienence handler for starting the authentication process. It expects to be able to get the name of the provider from the named parameters as either "provider" or url query parameter ":provider". BeginAuthHandler will redirect the user to the appropriate authentication end-point for the requested provider.

func GetAuthURL

func GetAuthURL(ctx echo.Context) (string, error)

GetAuthURL starts the authentication process with the requested provided. It will return a URL that should be used to send users to. It expects to be able to get the name of the provider from the query parameters as either "provider" or url query parameter ":provider". I would recommend using the BeginAuthHandler instead of doing all of these steps yourself, but that's entirely up to you.

func MiddlewareVerifyProvider added in v1.6.0

func MiddlewareVerifyProvider(config *Config) echo.MiddlewareFuncd

Types

type Account added in v1.3.5

type Account struct {
	On          bool // on / off
	Name        string
	Key         string
	Secret      string `json:"-" xml:"-"`
	Extra       echo.H
	LoginURL    string
	CallbackURL string
	Scopes      []string
	Constructor func(*Account) goth.Provider `json:"-" xml:"-"`
}

func (*Account) Instance added in v1.3.5

func (a *Account) Instance() goth.Provider

func (*Account) SetConstructor added in v1.3.5

func (a *Account) SetConstructor(constructor func(*Account) goth.Provider) *Account

type Config

type Config struct {
	Host, Path string

	// defaults to 'oauth_user' used by plugin to give you the goth.User, but you can take this manually also by `context.Get(ContextKey).(goth.User)`
	ContextKey string
	// contains filtered or unexported fields
}

Config the configs for the gothic oauth/oauth2 authentication for third-party websites All Key and Secret values are empty by default strings. Non-empty will be registered as Goth Provider automatically, by Iris the users can still register their own providers using goth.UseProviders contains the providers' keys (& secrets) and the relative auth callback url path(ex: "/auth" will be registered as /auth/:provider/callback)

func DefaultConfig

func DefaultConfig() *Config

DefaultConfig returns OAuth config, the fields of the iteral are zero-values ( empty strings)

func NewConfig added in v1.6.0

func NewConfig() *Config

func (*Config) AddAccount added in v1.3.5

func (c *Config) AddAccount(accounts ...*Account) *Config

func (*Config) CallbackURL added in v1.3.5

func (c *Config) CallbackURL(providerName string) string

func (*Config) ClearAccounts added in v1.6.0

func (c *Config) ClearAccounts()

func (*Config) ClearProviders added in v1.6.0

func (c *Config) ClearProviders() *Config

func (*Config) DeleteAccount added in v1.6.0

func (c *Config) DeleteAccount(name string)

func (*Config) DeleteProvider added in v1.6.0

func (c *Config) DeleteProvider(names ...string) *Config

func (*Config) GenerateProviders

func (c *Config) GenerateProviders() *Config

GenerateProviders returns the valid goth providers and the relative url paths (because the goth.Provider doesn't have a public method to get the Auth path...) we do the hard-core/hand checking here at the configs.

receives one parameter which is the host from the server,ex: http://localhost:3000, will be used as prefix for the oauth callback

func (*Config) GetAccount added in v1.6.0

func (c *Config) GetAccount(name string) (account *Account)

func (*Config) LoginURL added in v1.3.5

func (c *Config) LoginURL(providerName string) string

func (*Config) MergeSingle

func (c *Config) MergeSingle(cfg *Config) (config Config)

MergeSingle merges the default with the given config and returns the result

func (*Config) NewProvider added in v1.3.5

func (c *Config) NewProvider(account *Account) goth.Provider

func (*Config) RangeAccounts added in v1.6.0

func (c *Config) RangeAccounts(cb func(*Account) bool) (ok bool)

func (*Config) SetAccount added in v1.3.5

func (c *Config) SetAccount(newAccount *Account) *Config

type OAuth

type OAuth struct {
	Config  *Config
	HostURL string
	// contains filtered or unexported fields
}

OAuth is a plugin which helps you to use OAuth/OAuth2 apis from famous websites

func New

func New(hostURL string, cfg *Config) *OAuth

New returns a new OAuth plugin receives one parameter of type 'Config'

func (*OAuth) AddSuccessHandler added in v1.3.5

func (p *OAuth) AddSuccessHandler(handlersFn ...interface{}) *OAuth

AddSuccessHandler registers handler(s) which fires when the user logged in successfully

func (*OAuth) MiddlewareAuth added in v1.6.0

func (p *OAuth) MiddlewareAuth(h echo.Handler) echo.Handler

func (*OAuth) SetBeginAuthHandler added in v1.3.5

func (p *OAuth) SetBeginAuthHandler(handler echo.Handler) *OAuth

func (*OAuth) SetCompleteAuthHandler added in v1.3.5

func (p *OAuth) SetCompleteAuthHandler(handler func(ctx echo.Context) (goth.User, error)) *OAuth

func (*OAuth) SetFailHandler added in v1.3.5

func (p *OAuth) SetFailHandler(handler echo.HTTPErrorHandler) *OAuth

SetFailHandler registers handler which fires when the user failed to logged in underhood it justs registers an error handler to the StatusUnauthorized(400 status code), same as 'iris.OnError(400,handler)'

func (*OAuth) SetSuccessHandler added in v1.3.5

func (p *OAuth) SetSuccessHandler(handlersFn ...interface{}) *OAuth

SetSuccessHandler registers handler(s) which fires when the user logged in successfully

func (*OAuth) User

func (p *OAuth) User(ctx echo.Context) (u goth.User)

User returns the user for the particular client if user is not validated or not found it returns nil same as 'ctx.Get(config's ContextKey field).(goth.User)'

func (*OAuth) Wrapper

func (p *OAuth) Wrapper(e *echo.Echo, middlewares ...interface{})

Wrapper register the oauth route

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL