Beispiel #1
0
func githubOauthHandler(w http.ResponseWriter, r *http.Request) {
	if r.Method == "GET" {
		Clientid := global.OAuthClientID
		clientsecret := global.OAuthClientSecret

		getvalues := r.URL.Query()

		code := getvalues.Get("code")
		errstr := getvalues.Get("error")

		if len(errstr) > 0 {
			log.Println("OAuth error: " + errstr)
			http.Redirect(w, r, pages.FRONTPAGE, 307)
			return
		}

		postdata := []byte("client_id=" + Clientid + "&client_secret=" + clientsecret + "&code=" + code)
		requrl := "https://github.com/login/oauth/access_token"
		req, err := http.NewRequest("POST", requrl, bytes.NewBuffer(postdata))
		if err != nil {
			log.Println("Echange error with github: ", err)
			http.Redirect(w, r, pages.FRONTPAGE, 307)
			return
		}
		req.Header.Set("Content-Type", "application/x-www-form-urlencoded")

		client := &http.Client{}
		resp, err := client.Do(req)
		if err != nil {
			log.Println("Echange error with github: ", err)
			http.Redirect(w, r, pages.FRONTPAGE, 307)
			return
		}

		data, err := ioutil.ReadAll(resp.Body)
		if err != nil {
			log.Println("Read error: ", err)
			http.Redirect(w, r, pages.FRONTPAGE, 307)
			return
		}

		q, err := url.ParseQuery(string(data))
		if err != nil {
			log.Println("Data error from github: ", err)
			http.Redirect(w, r, pages.FRONTPAGE, 307)
			return
		}

		accessToken := q.Get("access_token")
		errstr = q.Get("error")
		approved := false

		if len(errstr) > 0 {
			log.Println("Access token error: " + errstr)
			http.Redirect(w, r, pages.FRONTPAGE, 307)
			return
		}

		approved = true

		scope := q.Get("scope")

		if scope != "" {
			m, err := git.NewMember(accessToken, false)
			if err != nil {
				log.Println("Could not open Member object:", err)
				http.Redirect(w, r, pages.FRONTPAGE, 307)
				return
			}

			m.Scope = scope
			err = m.Save()
			if err != nil {
				m.Unlock()
			}
		}

		sessions.SetSessions(w, r, sessions.AuthSession, sessions.ApprovedSessionKey, approved)
		sessions.SetSessionsAndRedirect(w, r, sessions.AuthSession, sessions.AccessTokenSessionKey, accessToken, pages.HOMEPAGE)
	} else {
		http.Redirect(w, r, pages.FRONTPAGE, 400)
	}
}
Beispiel #2
0
// RemoveApprovalHandler is a http handler which will revoke the login
// approval in the session of the user and then redirect to the front page.
func RemoveApprovalHandler(w http.ResponseWriter, r *http.Request) {
	sessions.SetSessions(w, r, sessions.AuthSession, sessions.ApprovedSessionKey, false)
	sessions.SetSessionsAndRedirect(w, r, sessions.AuthSession, sessions.AccessTokenSessionKey, "", "/")
}