auth

Paddy 2014-08-16 Parent:fb2fd59f9930

17:1f04b1146cad Go to Latest

auth/info.go

Implement CSRF prevention and pass info to confirmation. Implement CSRF prevention using the nosurf package. Note that the handler still needs to be wrapped before this will work. Pass info on the authorization being requested (namely the client and the scope) to the RenderConfirmation page so that the user can make an educated decision.

Download raw file
View source Diff to previous Annotate
History
1 package auth
2
3 import (
4 "net/http"
5 "time"
6 )
7
8 // HandleInfoRequest is an http.HandlerFunc for server information
9 // NOT an RFC specification.
10 func HandleInfoRequest(w http.ResponseWriter, r *http.Request, ctx Context) {
11 r.ParseForm()
12
13 code := r.Form.Get("code")
14
15 if code == "" {
16 // TODO: return error
17 return
18 }
19
20 // load access data
21 accessData, err := ctx.Tokens.GetAccess(code)
22 if err != nil {
23 // TODO: return error
24 return
25 }
26 if accessData.IsExpired() {
27 // TODO: return error
28 return
29 }
30
31 accessData.ExpiresIn = int32(accessData.CreatedAt.Add(time.Duration(accessData.ExpiresIn)*time.Second).Sub(time.Now()) / time.Second)
32 // TODO: write accessData
33 }