func getWebrtcToken(sessionId string) (string, *model.AppError) {
if !*utils.Cfg.WebrtcSettings.Enable {
return "", model.NewLocAppError("WebRTC.getWebrtcToken", "api.webrtc.disabled.app_error", nil, "")
}
token := base64.StdEncoding.EncodeToString([]byte(sessionId))
data := make(map[string]string)
data["janus"] = "add_token"
data["token"] = token
data["transaction"] = model.NewId()
data["admin_secret"] = *utils.Cfg.WebrtcSettings.GatewayAdminSecret
rq, _ := http.NewRequest("POST", *utils.Cfg.WebrtcSettings.GatewayAdminUrl, strings.NewReader(model.MapToJson(data)))
rq.Header.Set("Content-Type", "application/json")
tr := &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: *utils.Cfg.ServiceSettings.EnableInsecureOutgoingConnections},
}
httpClient := &http.Client{Transport: tr}
if rp, err := httpClient.Do(rq); err != nil {
return "", model.NewLocAppError("WebRTC.Token", "model.client.connecting.app_error", nil, err.Error())
} else if rp.StatusCode >= 300 {
defer closeBody(rp)
return "", model.AppErrorFromJson(rp.Body)
} else {
janusResponse := model.GatewayResponseFromJson(rp.Body)
if janusResponse.Status != "success" {
return "", model.NewLocAppError("getWebrtcToken", "api.webrtc.register_token.app_error", nil, "")
}
}
return token, nil
}
func authorizeOAuth(c *Context, w http.ResponseWriter, r *http.Request) {
if !utils.Cfg.ServiceSettings.EnableOAuthServiceProvider {
c.Err = model.NewLocAppError("authorizeOAuth", "api.oauth.authorize_oauth.disabled.app_error", nil, "")
c.Err.StatusCode = http.StatusNotImplemented
return
}
responseType := r.URL.Query().Get("response_type")
clientId := r.URL.Query().Get("client_id")
redirect := r.URL.Query().Get("redirect_uri")
scope := r.URL.Query().Get("scope")
state := r.URL.Query().Get("state")
if len(scope) == 0 {
scope = model.DEFAULT_SCOPE
}
if len(responseType) == 0 || len(clientId) == 0 || len(redirect) == 0 {
c.Err = model.NewLocAppError("authorizeOAuth", "api.oauth.authorize_oauth.missing.app_error", nil, "")
return
}
var app *model.OAuthApp
if result := <-Srv.Store.OAuth().GetApp(clientId); result.Err != nil {
c.Err = result.Err
return
} else {
app = result.Data.(*model.OAuthApp)
}
// here we should check if the user is logged in
if len(c.Session.UserId) == 0 {
http.Redirect(w, r, c.GetSiteURL()+"/login?redirect_to="+url.QueryEscape(r.RequestURI), http.StatusFound)
return
}
isAuthorized := false
if result := <-Srv.Store.Preference().Get(c.Session.UserId, model.PREFERENCE_CATEGORY_AUTHORIZED_OAUTH_APP, clientId); result.Err == nil {
// when we support scopes we should check if the scopes match
isAuthorized = true
}
// Automatically allow if the app is trusted
if app.IsTrusted || isAuthorized {
closeBody := func(r *http.Response) {
if r.Body != nil {
ioutil.ReadAll(r.Body)
r.Body.Close()
}
}
doAllow := func() (*http.Response, *model.AppError) {
HttpClient := &http.Client{}
url := c.GetSiteURL() + "/api/v3/oauth/allow?response_type=" + model.AUTHCODE_RESPONSE_TYPE + "&client_id=" + clientId + "&redirect_uri=" + url.QueryEscape(redirect) + "&scope=" + scope + "&state=" + url.QueryEscape(state)
rq, _ := http.NewRequest("GET", url, strings.NewReader(""))
rq.Header.Set(model.HEADER_AUTH, model.HEADER_BEARER+" "+c.Session.Token)
if rp, err := HttpClient.Do(rq); err != nil {
return nil, model.NewLocAppError(url, "model.client.connecting.app_error", nil, err.Error())
} else if rp.StatusCode == 304 {
return rp, nil
} else if rp.StatusCode >= 300 {
defer closeBody(rp)
return rp, model.AppErrorFromJson(rp.Body)
} else {
return rp, nil
}
}
if result, err := doAllow(); err != nil {
c.Err = err
return
} else {
//defer closeBody(result)
data := model.MapFromJson(result.Body)
redirectTo := data["redirect"]
http.Redirect(w, r, redirectTo, http.StatusFound)
return
}
}
w.Header().Set("Content-Type", "text/html")
w.Header().Set("Cache-Control", "no-cache, max-age=31556926, public")
http.ServeFile(w, r, utils.FindDir(model.CLIENT_DIR)+"root.html")
}