// authCallbackHandler handles redirect from Facebook OAuth2 authorization page.
func authCallbackHandler(req *web.Request) {
code := req.Param.Get("code")
if code == "" {
// should display error_reason
req.Redirect("/", false)
return
}
f, err := getUrlEncodedForm("https://graph.facebook.com/oauth/access_token",
web.NewValues(
"client_id", appID, // defined in settings.go
"client_secret", appSecret, // defined in settings.go
"redirect_uri", req.URL.Scheme+"://"+req.URL.Host+"/callback",
"code", code))
if err != nil {
req.Error(web.StatusInternalServerError, err)
return
}
token := f.Get("access_token")
expires := f.Get("expires")
if expires == "" {
expires = "3600"
}
maxAge, err := strconv.Atoi(expires)
if err != nil {
maxAge = 3600
} else {
maxAge -= 30 // fudge
}
req.Redirect("/", false,
web.HeaderSetCookie, web.NewCookie("fbtok", token).
MaxAge(maxAge-30).String())
}
// home handles requests to the home page.
func homeHandler(req *web.Request) {
token, err := accessToken(req)
if err != nil {
loggedOutHandler(req)
return
}
feed, err := getJSON("https://graph.facebook.com/me/home", web.NewValues("access_token", token))
if err != nil {
req.Error(web.StatusInternalServerError, err,
web.HeaderSetCookie, web.NewCookie("fbtok", "").Delete().String())
return
}
homeTemplate.respond(req, web.StatusOK, feed)
}
// the mandatory serveWeb method
func (h *sessionHandler) ServeWeb(req *web.Request) {
sess := h.manager.Load(req)
req.Env["session"] = sess
web.FilterRespond(req, func(status int, header web.Header) (int, web.Header) {
sess, ok := req.Env["session"].(*Session)
if !ok {
return status, header
}
h.manager.Save(req, sess)
c := web.NewCookie(sessionCookieName, sess.id).String()
header.Add(web.HeaderSetCookie, c)
return status, header
})
h.h.ServeWeb(req)
}
// authCallback handles OAuth callbacks from Twitter.
func authCallback(req *web.Request) {
temporaryCredentials, err := credentials(req, "tmp")
if err != nil {
req.Error(web.StatusNotFound, err)
return
}
s := req.Param.Get("oauth_token")
if s == "" {
req.Error(web.StatusNotFound, os.NewError("main: no token"))
return
}
if s != temporaryCredentials.Token {
req.Error(web.StatusNotFound, os.NewError("main: token mismatch"))
return
}
tokenCredentials, _, err := oauthClient.RequestToken(http.DefaultClient, temporaryCredentials, req.Param.Get("oauth_verifier"))
if err != nil {
req.Error(web.StatusNotFound, err)
return
}
req.Redirect("/", false,
web.HeaderSetCookie, credentialsCookie("tok", tokenCredentials, 30),
web.HeaderSetCookie, web.NewCookie("tmp", "").Delete().String())
}
// logoutHandler logs the user out by clearing the access token cookie.
func logoutHandler(req *web.Request) {
req.Redirect("/", false,
web.HeaderSetCookie, web.NewCookie("fbtok", "").Delete().String())
}
// credentialsCookie encodes OAuth credentials to a Set-Cookie header value.
func credentialsCookie(name string, c *oauth.Credentials, maxAgeDays int) string {
return web.NewCookie(name, url.QueryEscape(c.Token)+"/"+url.QueryEscape(c.Secret)).
MaxAgeDays(maxAgeDays).
String()
}
