auth

Paddy 2014-08-16 Parent:13568ac73ac3 Child:9fe684b33b3d

17:1f04b1146cad Go to Latest

auth/context.go

Implement CSRF prevention and pass info to confirmation. Implement CSRF prevention using the nosurf package. Note that the handler still needs to be wrapped before this will work. Pass info on the authorization being requested (namely the client and the scope) to the RenderConfirmation page so that the user can make an educated decision.

Download raw file
View source Diff to previous Annotate
History
1 package auth
2
3 import (
4 "encoding/json"
5 "html/template"
6 "io"
7 "log"
8 "net/http"
9
10 "github.com/justinas/nosurf"
11 )
12
13 type Context struct {
14 Config ServerConfig
15 Clients ClientStore
16 Tokens TokenStore
17 Profiles ProfileStore
18 Log *log.Logger
19 Templates Templates
20 }
21
22 type Templates struct {
23 Error *template.Template
24 Confirmation *template.Template
25 Login *template.Template
26 }
27
28 type jsonError struct {
29 Error string `json:"error,omitempty"`
30 Description string `json:"error_description,omitempty"`
31 URI string `json:"error_uri,omitempty"`
32 State string `json:"state,omitempty"`
33 }
34
35 func (c Context) RenderError(w io.Writer, err error) {
36 if c.Templates.Error == nil {
37 log.Println("Error template is nil, can't render error.")
38 return
39 }
40 renderErr := c.Templates.Error.Execute(w, map[string]interface{}{
41 "err": err,
42 })
43 if renderErr != nil {
44 log.Printf("Error executing error template (oh, the irony): %s\n", renderErr)
45 return
46 }
47 }
48
49 func (c Context) RenderJSONError(w io.Writer, code, description, baseURI string) {
50 d, err := json.Marshal(jsonError{
51 Error: code,
52 Description: description,
53 URI: baseURI,
54 })
55 if err != nil {
56 log.Printf("Error marshalling json error (oh, the irony): %s\n", err)
57 return
58 }
59 _, err = w.Write(d)
60 if err != nil {
61 log.Printf("Error writing json error: %s\n", err)
62 return
63 }
64 }
65
66 func (c Context) RenderConfirmation(w io.Writer, r *http.Request, req AuthRequest) {
67 if c.Templates.Confirmation == nil {
68 log.Println("Confirmation template is nil, can't render confirmation.")
69 return
70 }
71 err := c.Templates.Confirmation.Execute(w, map[string]interface{}{
72 "scope": req.Scope,
73 "client": req.Client,
74 "csrf_token": nosurf.Token(r),
75 })
76 if err != nil {
77 log.Printf("Error executing confirmation template: %s\n", err)
78 return
79 }
80 }
81
82 func (c Context) RenderLogin(w io.Writer, r *http.Request) {
83 if c.Templates.Login == nil {
84 log.Println("Login template is nil, can't render confirmation.")
85 return
86 }
87 err := c.Templates.Login.Execute(w, map[string]interface{}{
88 "csrf_token": nosurf.Token(r),
89 })
90 if err != nil {
91 log.Printf("Error executing login template: %s\n", err)
92 return
93 }
94 }
95
96 func (c Context) RenderJSONToken(w io.Writer, data AccessData) {
97 d, err := json.Marshal(data)
98 if err != nil {
99 log.Printf("Error marshalling json token: %s\n", err)
100 return
101 }
102 _, err = w.Write(d)
103 if err != nil {
104 log.Printf("Error writing json token: %s\n", err)
105 return
106 }
107 }