added oauth flow to get authorization code
This commit is contained in:
@@ -6,6 +6,8 @@ import (
|
||||
"git.haelnorr.com/h/golib/hws"
|
||||
"git.haelnorr.com/h/golib/hwsauth"
|
||||
"git.haelnorr.com/h/oslstats/internal/db"
|
||||
"git.haelnorr.com/h/oslstats/internal/discord"
|
||||
"git.haelnorr.com/h/oslstats/pkg/oauth"
|
||||
"github.com/joho/godotenv"
|
||||
"github.com/pkg/errors"
|
||||
)
|
||||
@@ -15,6 +17,8 @@ type Config struct {
|
||||
HWS *hws.Config
|
||||
HWSAuth *hwsauth.Config
|
||||
HLOG *hlog.Config
|
||||
Discord *discord.Config
|
||||
OAuth *oauth.Config
|
||||
Flags *Flags
|
||||
}
|
||||
|
||||
@@ -32,6 +36,8 @@ func GetConfig(flags *Flags) (*Config, *ezconf.ConfigLoader, error) {
|
||||
hws.NewEZConfIntegration(),
|
||||
hwsauth.NewEZConfIntegration(),
|
||||
db.NewEZConfIntegration(),
|
||||
discord.NewEZConfIntegration(),
|
||||
oauth.NewEZConfIntegration(),
|
||||
)
|
||||
if err := loader.ParseEnvVars(); err != nil {
|
||||
return nil, nil, errors.Wrap(err, "loader.ParseEnvVars")
|
||||
@@ -65,11 +71,23 @@ func GetConfig(flags *Flags) (*Config, *ezconf.ConfigLoader, error) {
|
||||
return nil, nil, errors.New("DB Config not loaded")
|
||||
}
|
||||
|
||||
discordcfg, ok := loader.GetConfig("discord")
|
||||
if !ok {
|
||||
return nil, nil, errors.New("Dicord Config not loaded")
|
||||
}
|
||||
|
||||
oauthcfg, ok := loader.GetConfig("oauth")
|
||||
if !ok {
|
||||
return nil, nil, errors.New("OAuth Config not loaded")
|
||||
}
|
||||
|
||||
config := &Config{
|
||||
DB: dbcfg.(*db.Config),
|
||||
HWS: hwscfg.(*hws.Config),
|
||||
HWSAuth: hwsauthcfg.(*hwsauth.Config),
|
||||
HLOG: hlogcfg.(*hlog.Config),
|
||||
Discord: discordcfg.(*discord.Config),
|
||||
OAuth: oauthcfg.(*oauth.Config),
|
||||
Flags: flags,
|
||||
}
|
||||
|
||||
|
||||
@@ -37,5 +37,5 @@ func (e EZConfIntegration) GroupName() string {
|
||||
|
||||
// NewEZConfIntegration creates a new EZConf integration helper
|
||||
func NewEZConfIntegration() EZConfIntegration {
|
||||
return EZConfIntegration{name: "db", configFunc: ConfigFromEnv}
|
||||
return EZConfIntegration{name: "DB", configFunc: ConfigFromEnv}
|
||||
}
|
||||
|
||||
50
internal/discord/config.go
Normal file
50
internal/discord/config.go
Normal file
@@ -0,0 +1,50 @@
|
||||
package discord
|
||||
|
||||
import (
|
||||
"strings"
|
||||
|
||||
"git.haelnorr.com/h/golib/env"
|
||||
"github.com/pkg/errors"
|
||||
)
|
||||
|
||||
type Config struct {
|
||||
ClientID string // ENV DISCORD_CLIENT_ID: Discord application client ID (required)
|
||||
ClientSecret string // ENV DISCORD_CLIENT_SECRET: Discord application client secret (required)
|
||||
OAuthScopes string // Authorisation scopes for OAuth
|
||||
RedirectPath string // ENV DISCORD_REDIRECT_PATH: Path for the OAuth redirect handler (required)
|
||||
}
|
||||
|
||||
func ConfigFromEnv() (any, error) {
|
||||
cfg := &Config{
|
||||
ClientID: env.String("DISCORD_CLIENT_ID", ""),
|
||||
ClientSecret: env.String("DISCORD_CLIENT_SECRET", ""),
|
||||
OAuthScopes: getOAuthScopes(),
|
||||
RedirectPath: env.String("DISCORD_REDIRECT_PATH", ""),
|
||||
}
|
||||
|
||||
// Check required fields
|
||||
if cfg.ClientID == "" {
|
||||
return nil, errors.New("Envar not set: DISCORD_CLIENT_ID")
|
||||
}
|
||||
if cfg.ClientSecret == "" {
|
||||
return nil, errors.New("Envar not set: DISCORD_CLIENT_SECRET")
|
||||
}
|
||||
if cfg.RedirectPath == "" {
|
||||
return nil, errors.New("Envar not set: DISCORD_REDIRECT_PATH")
|
||||
}
|
||||
|
||||
return cfg, nil
|
||||
}
|
||||
|
||||
func getOAuthScopes() string {
|
||||
list := []string{
|
||||
"connections",
|
||||
"email",
|
||||
"guilds",
|
||||
"gdm.join",
|
||||
"guilds.members.read",
|
||||
"identify",
|
||||
}
|
||||
scopes := strings.Join(list, "+")
|
||||
return scopes
|
||||
}
|
||||
41
internal/discord/ezconf.go
Normal file
41
internal/discord/ezconf.go
Normal file
@@ -0,0 +1,41 @@
|
||||
package discord
|
||||
|
||||
import (
|
||||
"runtime"
|
||||
"strings"
|
||||
)
|
||||
|
||||
// EZConfIntegration provides integration with ezconf for automatic configuration
|
||||
type EZConfIntegration struct {
|
||||
configFunc func() (any, error)
|
||||
name string
|
||||
}
|
||||
|
||||
// PackagePath returns the path to the config package for source parsing
|
||||
func (e EZConfIntegration) PackagePath() string {
|
||||
_, filename, _, _ := runtime.Caller(0)
|
||||
// Return directory of this file
|
||||
return filename[:len(filename)-len("/ezconf.go")]
|
||||
}
|
||||
|
||||
// ConfigFunc returns the ConfigFromEnv function for ezconf
|
||||
func (e EZConfIntegration) ConfigFunc() func() (any, error) {
|
||||
return func() (any, error) {
|
||||
return e.configFunc()
|
||||
}
|
||||
}
|
||||
|
||||
// Name returns the name to use when registering with ezconf
|
||||
func (e EZConfIntegration) Name() string {
|
||||
return strings.ToLower(e.name)
|
||||
}
|
||||
|
||||
// GroupName returns the display name for grouping environment variables
|
||||
func (e EZConfIntegration) GroupName() string {
|
||||
return e.name
|
||||
}
|
||||
|
||||
// NewEZConfIntegration creates a new EZConf integration helper
|
||||
func NewEZConfIntegration() EZConfIntegration {
|
||||
return EZConfIntegration{name: "Discord", configFunc: ConfigFromEnv}
|
||||
}
|
||||
39
internal/discord/oauth.go
Normal file
39
internal/discord/oauth.go
Normal file
@@ -0,0 +1,39 @@
|
||||
package discord
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"net/url"
|
||||
|
||||
"github.com/pkg/errors"
|
||||
)
|
||||
|
||||
type Token struct {
|
||||
AccessToken string
|
||||
TokenType string
|
||||
ExpiresIn int
|
||||
RefreshToken string
|
||||
Scope string
|
||||
}
|
||||
|
||||
const oauthurl string = "https://discord.com/oauth2/authorize"
|
||||
|
||||
func GetOAuthLink(cfg *Config, state string, trustedHost string) (string, error) {
|
||||
if cfg == nil {
|
||||
return "", errors.New("cfg cannot be nil")
|
||||
}
|
||||
if state == "" {
|
||||
return "", errors.New("state cannot be empty")
|
||||
}
|
||||
if trustedHost == "" {
|
||||
return "", errors.New("trustedHost cannot be empty")
|
||||
}
|
||||
values := url.Values{}
|
||||
values.Add("response_type", "code")
|
||||
values.Add("client_id", cfg.ClientID)
|
||||
values.Add("scope", cfg.OAuthScopes)
|
||||
values.Add("state", state)
|
||||
values.Add("redirect_uri", fmt.Sprintf("%s/%s", trustedHost, cfg.RedirectPath))
|
||||
values.Add("prompt", "none")
|
||||
|
||||
return fmt.Sprintf("%s?%s", oauthurl, values.Encode()), nil
|
||||
}
|
||||
61
internal/handlers/callback.go
Normal file
61
internal/handlers/callback.go
Normal file
@@ -0,0 +1,61 @@
|
||||
package handlers
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
|
||||
"git.haelnorr.com/h/golib/hws"
|
||||
"git.haelnorr.com/h/oslstats/internal/config"
|
||||
"git.haelnorr.com/h/oslstats/pkg/oauth"
|
||||
"github.com/pkg/errors"
|
||||
)
|
||||
|
||||
func Callback(server *hws.Server, cfg *config.Config) http.Handler {
|
||||
return http.HandlerFunc(
|
||||
func(w http.ResponseWriter, r *http.Request) {
|
||||
state := r.URL.Query().Get("state")
|
||||
code := r.URL.Query().Get("code")
|
||||
if state == "" && code == "" {
|
||||
http.Redirect(w, r, "/", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
data, err := verifyState(cfg.OAuth, w, r, state)
|
||||
if err != nil {
|
||||
err = server.ThrowError(w, r, hws.HWSError{
|
||||
StatusCode: http.StatusForbidden,
|
||||
Message: "OAuth state verification failed",
|
||||
Error: err,
|
||||
Level: hws.ErrorLevel("debug"),
|
||||
RenderErrorPage: true,
|
||||
})
|
||||
if err != nil {
|
||||
server.ThrowFatal(w, err)
|
||||
}
|
||||
return
|
||||
}
|
||||
switch data {
|
||||
case "login":
|
||||
w.Write([]byte(code))
|
||||
return
|
||||
}
|
||||
},
|
||||
)
|
||||
}
|
||||
|
||||
func verifyState(cfg *oauth.Config, w http.ResponseWriter, r *http.Request, state string) (string, error) {
|
||||
if r == nil {
|
||||
return "", errors.New("request cannot be nil")
|
||||
}
|
||||
if state == "" {
|
||||
return "", errors.New("state param field is empty")
|
||||
}
|
||||
uak, err := oauth.GetStateCookie(r)
|
||||
if err != nil {
|
||||
return "", errors.Wrap(err, "oauth.GetStateCookie")
|
||||
}
|
||||
data, err := oauth.VerifyState(cfg, state, uak)
|
||||
if err != nil {
|
||||
return "", errors.Wrap(err, "oauth.VerifyState")
|
||||
}
|
||||
oauth.DeleteStateCookie(w)
|
||||
return data, nil
|
||||
}
|
||||
48
internal/handlers/login.go
Normal file
48
internal/handlers/login.go
Normal file
@@ -0,0 +1,48 @@
|
||||
package handlers
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
|
||||
"git.haelnorr.com/h/golib/hws"
|
||||
"git.haelnorr.com/h/oslstats/internal/config"
|
||||
"git.haelnorr.com/h/oslstats/internal/discord"
|
||||
"git.haelnorr.com/h/oslstats/pkg/oauth"
|
||||
)
|
||||
|
||||
func Login(server *hws.Server, cfg *config.Config) http.Handler {
|
||||
return http.HandlerFunc(
|
||||
func(w http.ResponseWriter, r *http.Request) {
|
||||
state, uak, err := oauth.GenerateState(cfg.OAuth, "login")
|
||||
if err != nil {
|
||||
err = server.ThrowError(w, r, hws.HWSError{
|
||||
StatusCode: http.StatusInternalServerError,
|
||||
Message: "Failed to generate state token",
|
||||
Error: err,
|
||||
Level: hws.ErrorLevel("error"),
|
||||
RenderErrorPage: true,
|
||||
})
|
||||
if err != nil {
|
||||
server.ThrowFatal(w, err)
|
||||
}
|
||||
return
|
||||
}
|
||||
oauth.SetStateCookie(w, uak, cfg.HWSAuth.SSL)
|
||||
|
||||
link, err := discord.GetOAuthLink(cfg.Discord, state, cfg.HWSAuth.TrustedHost)
|
||||
if err != nil {
|
||||
err = server.ThrowError(w, r, hws.HWSError{
|
||||
StatusCode: http.StatusInternalServerError,
|
||||
Message: "An error occured trying to generate the login link",
|
||||
Error: err,
|
||||
Level: hws.ErrorLevel("error"),
|
||||
RenderErrorPage: true,
|
||||
})
|
||||
if err != nil {
|
||||
server.ThrowFatal(w, err)
|
||||
}
|
||||
return
|
||||
}
|
||||
http.Redirect(w, r, link, http.StatusSeeOther)
|
||||
},
|
||||
)
|
||||
}
|
||||
Reference in New Issue
Block a user