auth
2014-08-16
Parent:fb2fd59f9930
auth/info.go
Implement CSRF prevention and pass info to confirmation. Implement CSRF prevention using the nosurf package. Note that the handler still needs to be wrapped before this will work. Pass info on the authorization being requested (namely the client and the scope) to the RenderConfirmation page so that the user can make an educated decision.
| paddy@6 | 1 package auth |
| paddy@0 | 2 |
| paddy@1 | 3 import ( |
| paddy@1 | 4 "net/http" |
| paddy@1 | 5 "time" |
| paddy@1 | 6 ) |
| paddy@0 | 7 |
| paddy@0 | 8 // HandleInfoRequest is an http.HandlerFunc for server information |
| paddy@0 | 9 // NOT an RFC specification. |
| paddy@0 | 10 func HandleInfoRequest(w http.ResponseWriter, r *http.Request, ctx Context) { |
| paddy@0 | 11 r.ParseForm() |
| paddy@0 | 12 |
| paddy@1 | 13 code := r.Form.Get("code") |
| paddy@0 | 14 |
| paddy@1 | 15 if code == "" { |
| paddy@0 | 16 // TODO: return error |
| paddy@0 | 17 return |
| paddy@0 | 18 } |
| paddy@0 | 19 |
| paddy@0 | 20 // load access data |
| paddy@1 | 21 accessData, err := ctx.Tokens.GetAccess(code) |
| paddy@0 | 22 if err != nil { |
| paddy@0 | 23 // TODO: return error |
| paddy@0 | 24 return |
| paddy@0 | 25 } |
| paddy@1 | 26 if accessData.IsExpired() { |
| paddy@0 | 27 // TODO: return error |
| paddy@0 | 28 return |
| paddy@0 | 29 } |
| paddy@1 | 30 |
| paddy@1 | 31 accessData.ExpiresIn = int32(accessData.CreatedAt.Add(time.Duration(accessData.ExpiresIn)*time.Second).Sub(time.Now()) / time.Second) |
| paddy@1 | 32 // TODO: write accessData |
| paddy@0 | 33 } |