auth

Paddy 2015-01-18 Parent:d46d22e5b5d6 Child:bc842183181d

125:dcd2125c4f57 Go to Latest

auth/request.go

Remove refresh token expiration, update implicit token. Refresh tokens no longer expire, because they're supposed to be long-lived, and we have no way to communicate to the user exactly how long-lived they are. Instead, they are invalidated after a single use, which should prevent too much abuse. It gives them an effective lifespan of "default token expiration, or until used", which I think is Good Enough. Also updated our implicit token to set the CreatedFrom to "implicit" and the ClientID to the client ID, which is important, I guess. It's really annoying that we have that logic in two different places.

Download raw file
View source Diff to previous Annotate
History
1 package auth
2
3 import (
4 "encoding/json"
5 "log"
6 "net/http"
7
8 "bitbucket.org/ww/goautoneg"
9 )
10
11 const (
12 requestErrAccessDenied = "access_denied"
13 requestErrInsufficient = "insufficient"
14 requestErrOverflow = "overflow"
15 requestErrInvalidValue = "invalid_value"
16 requestErrInvalidFormat = "invalid_format"
17 requestErrMissing = "missing"
18 requestErrNotFound = "not_found"
19 requestErrConflict = "conflict"
20 requestErrActOfGod = "act_of_god"
21 )
22
23 var (
24 actOfGodResponse = response{Errors: []requestError{requestError{Slug: requestErrActOfGod}}}
25 invalidFormatResponse = response{Errors: []requestError{requestError{Slug: requestErrInvalidFormat, Field: "/"}}}
26
27 encoders = []string{"application/json"}
28 )
29
30 type response struct {
31 Errors []requestError `json:"errors,omitempty"`
32 Logins []Login `json:"logins,omitempty"`
33 Profiles []Profile `json:"profiles,omitempty"`
34 Clients []Client `json:"clients,omitempty"`
35 Endpoints []Endpoint `json:"endpoints,omitempty"`
36 }
37
38 type requestError struct {
39 Slug string `json:"error,omitempty"`
40 Field string `json:"field,omitempty"`
41 Param string `json:"param,omitempty"`
42 Header string `json:"header,omitempty"`
43 }
44
45 func negotiate(h http.Handler) http.Handler {
46 return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
47 if r.Header.Get("Accept") != "" {
48 contentType := goautoneg.Negotiate(r.Header.Get("Accept"), encoders)
49 if contentType == "" {
50 w.WriteHeader(http.StatusNotAcceptable)
51 w.Write([]byte("Unsupported content type requested: " + r.Header.Get("Accept")))
52 return
53 }
54 }
55 h.ServeHTTP(w, r)
56 })
57 }
58
59 func encode(w http.ResponseWriter, r *http.Request, status int, resp response) {
60 contentType := goautoneg.Negotiate(r.Header.Get("Accept"), encoders)
61 w.Header().Set("content-type", contentType)
62 w.WriteHeader(status)
63 var err error
64 switch contentType {
65 case "application/json":
66 enc := json.NewEncoder(w)
67 err = enc.Encode(resp)
68 default:
69 enc := json.NewEncoder(w)
70 err = enc.Encode(resp)
71 }
72 if err != nil {
73 log.Println(err)
74 }
75 }
76
77 func wrap(context Context, f func(w http.ResponseWriter, r *http.Request, context Context)) http.Handler {
78 return negotiate(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
79 f(w, r, context)
80 }))
81 }