Ejemplo n.º 1
0
func DecodeToken(req *http.Request) *Token {
	authentication := req.Header.Get("Authentication")
	if len(authentication) < 7 || authentication[:7] != "Bearer " {
		return nil
	}
	tokenStr, err := base64.StdEncoding.DecodeString(authentication[7:])
	if err != nil {
		return nil
	}
	decrypted := encryption.AESByteDecrypt(tokenStr, encryption.ConfigKey("oauthtoken"))
	buff := bytes.NewBuffer(decrypted)
	t := new(Token)
	if err := gob.NewDecoder(buff).Decode(t); err != nil || t.ExpiresAt < time.Seconds() {
		return nil
	}
	return t
}
Ejemplo n.º 2
0
func tokenGet(w http.ResponseWriter, r *http.Request) {
	clientId, clientSecret := r.FormValue("client_id"), r.FormValue("client_secret")
	grantType, redirectUri, codeKey := r.FormValue("grant_type"), r.FormValue("redirect_uri"), r.FormValue("code")
	if clientId == "" || clientSecret == "" || grantType == "" || redirectUri == "" || codeKey == "" {
		invalidRequest("missing one of client_id, client_secret, grant_type, redirect_uri, or code").WriteTo(w)
		return
	}
	if grantType != "authorization_code" {
		invalidRequest("grant_type must be authorization_code").WriteTo(w)
		return
	}
	storedCode := new(codeStruct)
	context := appengine.NewContext(r)
	if _, err := memcache.Gob.Get(context, "oauth-code-"+codeKey, storedCode); err != nil {
		accessDenied("invalid code").WriteTo(w)
		return
	}
	memcache.Delete(context, "oauth-code-"+codeKey)

	if storedCode.ExpiresAt < time.Seconds() || storedCode.Client != clientId {
		accessDenied("invalid code").WriteTo(w)
		return
	}

	//  Make sure the clientID, secret, and redirect_uri are correct
	oauthClientKey := datastore.NewKey(context, "OAuthClient", clientId, 0, nil)
	client := new(Client)
	if err := datastore.Get(context, oauthClientKey, client); err != nil || base64.StdEncoding.EncodeToString(client.Secret) != clientSecret ||
		encryption.AESDecrypt(client.Redirect, "oauthclient.redirect") != redirectUri {
		accessDenied("invalid code").WriteTo(w)
		return
	}

	t := Token{storedCode.User, storedCode.Client, time.Seconds() + 60*60*24} //  lasts for 1 day
	var buff bytes.Buffer
	if err := gob.NewEncoder(&buff).Encode(&t); err != nil {
		panic(err)
		return
	}
	encrypted := encryption.AESByteEncrypt(buff.Bytes(), encryption.ConfigKey("oauthtoken"))
	fhttp.JsonResponse{tokenResp{encrypted}}.WriteTo(w)
}
Ejemplo n.º 3
0
func UserEmail(email string) string {
	return hash(strings.ToLower(email), encryption.ConfigKey("user.emailHash"))
}
Ejemplo n.º 4
0
func NewUser(email string) *User {
	return &User{
		encryption.AESEncrypt(email, "user.email"),
		hash(strings.ToLower(email), encryption.ConfigKey("user.emailHash")),
	}
}