The great documentation and exported interface cleanup.
Modify all our *Store interfaces to be unexported, as there's no real good
reason they need to be exported, especially as they can be implemented without
being exported. The interfaces shouldn't matter to 99% of users of the package,
so let's not pollute our package API.
Further, all methods of the interfaces are now unexported, for pretty much the
same reasoning.
Add a doc.go file with documentation explaining the choices the package is
making and what it provides.
Implement documentation on all our exported types and methods and functions,
which makes golint happy. The only remaining golint warning is about
NewMemstore, which will stay the way it is. The memstore type is useful outside
tests for things like standing up a server quickly when we don't care about the
storage, and because the type is unexported, we _need_ a New function to create
an instance that can be passed to the Context.
6 "code.secondbit.org/uuid"
9 const getGrantTemplateName = "get_grant"
11 // GetGrantHandler presents and processes the page for asking a user to grant access
12 // to their data. See RFC 6749, Section 4.1.
13 func GetGrantHandler(w http.ResponseWriter, r *http.Request, context Context) {
14 if r.URL.Query().Get("client_id") == "" {
15 w.WriteHeader(http.StatusBadRequest)
16 context.Render(w, getGrantTemplateName, map[string]interface{}{
17 "error": "Client ID must be specified in the request.",
21 clientID, err := uuid.Parse(r.URL.Query().Get("client_id"))
23 w.WriteHeader(http.StatusBadRequest)
24 context.Render(w, getGrantTemplateName, map[string]interface{}{
25 "error": "client_id is not a valid Client ID.",
29 client, err := context.GetClient(clientID)
31 w.WriteHeader(http.StatusInternalServerError)
32 context.Render(w, getGrantTemplateName, map[string]interface{}{
33 "internal_error": err,
37 // whether a redirect URI is valid or not depends on the number of endpoints
38 // the client has registered
39 numEndpoints, err := context.CountEndpoints(clientID)
41 w.WriteHeader(http.StatusInternalServerError)
42 context.Render(w, getGrantTemplateName, map[string]interface{}{
43 "internal_error": err,
47 redirectURI := r.URL.Query().Get("redirect_uri")
49 if redirectURI != "" && numEndpoints > 1 {
50 // if there's more than one registered endpoint, we need to match the
51 // entire thing, character for character. So use strict checking.
52 validURI, err = context.CheckEndpoint(clientID, redirectURI, true)
54 w.WriteHeader(http.StatusInternalServerError)
55 context.Render(w, getGrantTemplateName, map[string]interface{}{
56 "internal_error": err,
60 } else if redirectURI != "" && numEndpoints == 1 {
61 // if there's exactly one endpoint, we can match only the prefix of it,
62 // so don't use strict checking.
63 validURI, err = context.CheckEndpoint(clientID, redirectURI, false)
65 w.WriteHeader(http.StatusInternalServerError)
66 context.Render(w, getGrantTemplateName, map[string]interface{}{
67 "internal_error": err,
71 } else if redirectURI == "" && numEndpoints == 1 {
72 // if we don't specify the endpoint and there's only one endpoint, the
73 // request is valid, and we're redirecting to that one endpoint
75 endpoints, err := context.ListEndpoints(clientID, 1, 0)
77 w.WriteHeader(http.StatusInternalServerError)
78 context.Render(w, getGrantTemplateName, map[string]interface{}{
79 "internal_error": err,
83 if len(endpoints) != 1 {
86 redirectURI = endpoints[0].URI.String()
92 w.WriteHeader(http.StatusBadRequest)
93 context.Render(w, getGrantTemplateName, map[string]interface{}{
94 "error": "The redirect_uri specified is not valid.",
98 if r.URL.Query().Get("response_type") != "code" {
99 // TODO: redirect error
101 //scope := r.URL.Query().Get("scope")
102 //state := r.URL.Query().Get("state")
103 if r.Method == "POST" {
104 // TODO: CSRF protection
105 if r.PostFormValue("grant") == "approved" {
108 // TODO: redirect error
111 w.WriteHeader(http.StatusOK)
112 context.Render(w, getGrantTemplateName, map[string]interface{}{