// authCallbackHandler handles redirect from Facebook OAuth2 authorization page. func authCallbackHandler(req *web.Request) { code := req.Param.Get("code") if code == "" { // should display error_reason req.Redirect("/", false) return } f, err := getUrlEncodedForm("https://graph.facebook.com/oauth/access_token", web.NewValues( "client_id", appID, // defined in settings.go "client_secret", appSecret, // defined in settings.go "redirect_uri", req.URL.Scheme+"://"+req.URL.Host+"/callback", "code", code)) if err != nil { req.Error(web.StatusInternalServerError, err) return } token := f.Get("access_token") expires := f.Get("expires") if expires == "" { expires = "3600" } maxAge, err := strconv.Atoi(expires) if err != nil { maxAge = 3600 } else { maxAge -= 30 // fudge } req.Redirect("/", false, web.HeaderSetCookie, web.NewCookie("fbtok", token). MaxAge(maxAge-30).String()) }
// home handles requests to the home page. func homeHandler(req *web.Request) { token, err := accessToken(req) if err != nil { loggedOutHandler(req) return } feed, err := getJSON("https://graph.facebook.com/me/home", web.NewValues("access_token", token)) if err != nil { req.Error(web.StatusInternalServerError, err, web.HeaderSetCookie, web.NewCookie("fbtok", "").Delete().String()) return } homeTemplate.respond(req, web.StatusOK, feed) }
// the mandatory serveWeb method func (h *sessionHandler) ServeWeb(req *web.Request) { sess := h.manager.Load(req) req.Env["session"] = sess web.FilterRespond(req, func(status int, header web.Header) (int, web.Header) { sess, ok := req.Env["session"].(*Session) if !ok { return status, header } h.manager.Save(req, sess) c := web.NewCookie(sessionCookieName, sess.id).String() header.Add(web.HeaderSetCookie, c) return status, header }) h.h.ServeWeb(req) }
// authCallback handles OAuth callbacks from Twitter. func authCallback(req *web.Request) { temporaryCredentials, err := credentials(req, "tmp") if err != nil { req.Error(web.StatusNotFound, err) return } s := req.Param.Get("oauth_token") if s == "" { req.Error(web.StatusNotFound, os.NewError("main: no token")) return } if s != temporaryCredentials.Token { req.Error(web.StatusNotFound, os.NewError("main: token mismatch")) return } tokenCredentials, _, err := oauthClient.RequestToken(http.DefaultClient, temporaryCredentials, req.Param.Get("oauth_verifier")) if err != nil { req.Error(web.StatusNotFound, err) return } req.Redirect("/", false, web.HeaderSetCookie, credentialsCookie("tok", tokenCredentials, 30), web.HeaderSetCookie, web.NewCookie("tmp", "").Delete().String()) }
// logoutHandler logs the user out by clearing the access token cookie. func logoutHandler(req *web.Request) { req.Redirect("/", false, web.HeaderSetCookie, web.NewCookie("fbtok", "").Delete().String()) }
// credentialsCookie encodes OAuth credentials to a Set-Cookie header value. func credentialsCookie(name string, c *oauth.Credentials, maxAgeDays int) string { return web.NewCookie(name, url.QueryEscape(c.Token)+"/"+url.QueryEscape(c.Secret)). MaxAgeDays(maxAgeDays). String() }