auth

Paddy 2014-10-26 Parent:a5987795707e Child:b3cd7765a7c8

57:e45bfa2abc00 Go to Latest

auth/http.go

The great documentation and exported interface cleanup. Modify all our *Store interfaces to be unexported, as there's no real good reason they need to be exported, especially as they can be implemented without being exported. The interfaces shouldn't matter to 99% of users of the package, so let's not pollute our package API. Further, all methods of the interfaces are now unexported, for pretty much the same reasoning. Add a doc.go file with documentation explaining the choices the package is making and what it provides. Implement documentation on all our exported types and methods and functions, which makes golint happy. The only remaining golint warning is about NewMemstore, which will stay the way it is. The memstore type is useful outside tests for things like standing up a server quickly when we don't care about the storage, and because the type is unexported, we _need_ a New function to create an instance that can be passed to the Context.

Download raw file
View source Diff to previous Annotate
History
paddy@51 1 package auth
paddy@51 2
paddy@51 3 import (
paddy@51 4 "net/http"
paddy@56 5
paddy@56 6 "code.secondbit.org/uuid"
paddy@51 7 )
paddy@51 8
paddy@51 9 const getGrantTemplateName = "get_grant"
paddy@51 10
paddy@57 11 // GetGrantHandler presents and processes the page for asking a user to grant access
paddy@57 12 // to their data. See RFC 6749, Section 4.1.
paddy@51 13 func GetGrantHandler(w http.ResponseWriter, r *http.Request, context Context) {
paddy@56 14 if r.URL.Query().Get("client_id") == "" {
paddy@56 15 w.WriteHeader(http.StatusBadRequest)
paddy@56 16 context.Render(w, getGrantTemplateName, map[string]interface{}{
paddy@56 17 "error": "Client ID must be specified in the request.",
paddy@56 18 })
paddy@56 19 return
paddy@56 20 }
paddy@56 21 clientID, err := uuid.Parse(r.URL.Query().Get("client_id"))
paddy@56 22 if err != nil {
paddy@56 23 w.WriteHeader(http.StatusBadRequest)
paddy@56 24 context.Render(w, getGrantTemplateName, map[string]interface{}{
paddy@56 25 "error": "client_id is not a valid Client ID.",
paddy@56 26 })
paddy@56 27 return
paddy@56 28 }
paddy@56 29 client, err := context.GetClient(clientID)
paddy@56 30 if err != nil {
paddy@56 31 w.WriteHeader(http.StatusInternalServerError)
paddy@56 32 context.Render(w, getGrantTemplateName, map[string]interface{}{
paddy@56 33 "internal_error": err,
paddy@56 34 })
paddy@56 35 return
paddy@56 36 }
paddy@56 37 // whether a redirect URI is valid or not depends on the number of endpoints
paddy@56 38 // the client has registered
paddy@56 39 numEndpoints, err := context.CountEndpoints(clientID)
paddy@56 40 if err != nil {
paddy@56 41 w.WriteHeader(http.StatusInternalServerError)
paddy@56 42 context.Render(w, getGrantTemplateName, map[string]interface{}{
paddy@56 43 "internal_error": err,
paddy@56 44 })
paddy@56 45 return
paddy@56 46 }
paddy@56 47 redirectURI := r.URL.Query().Get("redirect_uri")
paddy@56 48 var validURI bool
paddy@56 49 if redirectURI != "" && numEndpoints > 1 {
paddy@56 50 // if there's more than one registered endpoint, we need to match the
paddy@56 51 // entire thing, character for character. So use strict checking.
paddy@56 52 validURI, err = context.CheckEndpoint(clientID, redirectURI, true)
paddy@56 53 if err != nil {
paddy@56 54 w.WriteHeader(http.StatusInternalServerError)
paddy@56 55 context.Render(w, getGrantTemplateName, map[string]interface{}{
paddy@56 56 "internal_error": err,
paddy@56 57 })
paddy@56 58 return
paddy@56 59 }
paddy@56 60 } else if redirectURI != "" && numEndpoints == 1 {
paddy@56 61 // if there's exactly one endpoint, we can match only the prefix of it,
paddy@56 62 // so don't use strict checking.
paddy@56 63 validURI, err = context.CheckEndpoint(clientID, redirectURI, false)
paddy@56 64 if err != nil {
paddy@56 65 w.WriteHeader(http.StatusInternalServerError)
paddy@56 66 context.Render(w, getGrantTemplateName, map[string]interface{}{
paddy@56 67 "internal_error": err,
paddy@56 68 })
paddy@56 69 return
paddy@56 70 }
paddy@56 71 } else if redirectURI == "" && numEndpoints == 1 {
paddy@56 72 // if we don't specify the endpoint and there's only one endpoint, the
paddy@56 73 // request is valid, and we're redirecting to that one endpoint
paddy@56 74 validURI = true
paddy@56 75 endpoints, err := context.ListEndpoints(clientID, 1, 0)
paddy@56 76 if err != nil {
paddy@56 77 w.WriteHeader(http.StatusInternalServerError)
paddy@56 78 context.Render(w, getGrantTemplateName, map[string]interface{}{
paddy@56 79 "internal_error": err,
paddy@56 80 })
paddy@56 81 return
paddy@56 82 }
paddy@56 83 if len(endpoints) != 1 {
paddy@56 84 validURI = false
paddy@56 85 } else {
paddy@56 86 redirectURI = endpoints[0].URI.String()
paddy@56 87 }
paddy@56 88 } else {
paddy@56 89 validURI = false
paddy@56 90 }
paddy@56 91 if !validURI {
paddy@56 92 w.WriteHeader(http.StatusBadRequest)
paddy@56 93 context.Render(w, getGrantTemplateName, map[string]interface{}{
paddy@56 94 "error": "The redirect_uri specified is not valid.",
paddy@56 95 })
paddy@56 96 return
paddy@56 97 }
paddy@56 98 if r.URL.Query().Get("response_type") != "code" {
paddy@56 99 // TODO: redirect error
paddy@56 100 }
paddy@56 101 //scope := r.URL.Query().Get("scope")
paddy@56 102 //state := r.URL.Query().Get("state")
paddy@56 103 if r.Method == "POST" {
paddy@56 104 // TODO: CSRF protection
paddy@56 105 if r.PostFormValue("grant") == "approved" {
paddy@56 106 // TODO: redirect
paddy@56 107 } else {
paddy@56 108 // TODO: redirect error
paddy@56 109 }
paddy@56 110 }
paddy@51 111 w.WriteHeader(http.StatusOK)
paddy@56 112 context.Render(w, getGrantTemplateName, map[string]interface{}{
paddy@56 113 "client": client,
paddy@56 114 })
paddy@51 115 }