// LoadAccess retrieves access data by token. Client information MUST be loaded together.
// AuthorizeData and AccessData DON'T NEED to be loaded if not easily available.
// Optionally can return error if expired.
func (s *Storage) LoadAccess(token string) (*osin.AccessData, error) {
access_token, err := data.GetAccessTokenWithAccessToken(s.db, token)
if err != nil {
return nil, err
}
if access_token == nil {
return nil, fmt.Errorf("no such access token")
}
client, err := s.getClientWithId(access_token.ApplicationId)
if err != nil {
return nil, err
}
ad := &osin.AccessData{
Client: client,
AccessToken: access_token.AccessToken,
RefreshToken: access_token.RefreshToken.String,
ExpiresIn: access_token.ExpiresIn,
Scope: access_token.Scope,
RedirectUri: access_token.RedirectURI,
CreatedAt: access_token.CreatedAt,
UserData: access_token,
}
return ad, nil
}
func may_authenticate(c martini.Context, sess sessions.Session, db *sqlx.DB, r *http.Request) {
var (
interactive = true
token string
identity_id int64
identity *data.Identity
err error
)
// Attempt with Authorization header
if v := r.Header.Get("Authorization"); v != "" {
parts := strings.SplitN(v, " ", 2)
if len(parts) == 2 && strings.ToLower(parts[0]) == "bearer" {
interactive = false
token = parts[1]
}
// Attempt with access_token parameter
} else if v := r.URL.Query().Get("access_token"); v != "" {
interactive = false
token = v
// Attempt with session.identity_id
} else if id, ok := sess.Get("identity_id").(int64); ok {
interactive = true
identity_id = id
}
if token != "" {
at, err := data.GetAccessTokenWithAccessToken(db, token)
if err != nil {
panic(err)
}
identity_id = at.IdentityId
}
if identity_id > 0 {
identity, err = data.GetIdentity(db, identity_id)
if err != nil {
panic(err)
}
}
if interactive {
r.Header.Set("x-interactive", "true")
}
c.Map(identity)
}
