// loginHandlerはサードパーティへのログインの処理を受け持ちます
// パスの形式: /auth/{action}/{provider}
func loginHandler(w http.ResponseWriter, r *http.Request) {
action := r.URL.Query().Get(":action")
provider := r.URL.Query().Get(":provider")
switch action {
case "login":
gothic.BeginAuthHandler(w, r)
log.Println("TODO: ログイン処理", provider)
case "callback":
// print our state string to the console. Ideally, you should verify
// that it's the same string as the one you set in `setState`
fmt.Println("State: ", gothic.GetState(r))
user, err := gothic.CompleteUserAuth(w, r)
if err != nil {
log.Fatal("CompleteUserAuth error: ", err)
return
}
authCookieValue := base64.StdEncoding.EncodeToString([]byte(user.Name))
http.SetCookie(w, &http.Cookie{
Name: "auth",
Value: authCookieValue,
Path: "/",
})
fmt.Println(user)
w.Header().Set("Location", "/chat")
w.WriteHeader(http.StatusTemporaryRedirect)
default:
w.WriteHeader(http.StatusNotFound)
fmt.Fprintf(w, "アクション%sには非対応です", action)
}
}
func authCallback(res http.ResponseWriter, req *http.Request) {
// print our state string to the console. Ideally, you should verify
// that it's the same string as the one you set in `setState`
fmt.Println("State: ", gothic.GetState(req))
fmt.Println("request method: " + req.Method)
user, err := gothic.CompleteUserAuth(res, req)
if err != nil {
fmt.Fprintln(res, err)
return
}
//t, _ := template.New("foo").Parse(userTemplate)
account := &models.Account{user.Email, ""}
fmt.Println(account.CheckExist())
//if everything is fine, set the session for the current user
sess, err := globalSessions.SessionStart(res, req)
if err != nil {
fmt.Println("set error,", err)
}
defer sess.SessionRelease(res)
err = sess.Set("username", user.Email)
if err != nil {
fmt.Println("set error,", err)
}
//set the status of the user
sess.Set("logged", "true")
http.Redirect(res, req, "/user/"+user.Email, http.StatusFound)
//t.Execute(res, user)
}
func CallbackHandler(response http.ResponseWriter, request *http.Request) {
session, err := Store.Get(request, "brewlog")
if err != nil {
http.Error(response, err.Error(), 500)
return
}
fmt.Println(gothic.GetState(request))
gUser, err := gothic.CompleteUserAuth(response, request)
if err != nil {
fmt.Println(response, err)
return
}
user, err := models.FindOrCreateUser(&gUser)
if err != nil {
fmt.Println(err.Error())
}
fmt.Println(user.Name)
session.Values["user"] = user
err = session.Save(request, response)
if err != nil {
fmt.Println(err.Error())
}
http.Redirect(response, request, "/", http.StatusFound)
}
func AuthCallback(w http.ResponseWriter, r *http.Request) {
observedState := []byte(gothic.GetState(r))
expectedState := state_hash
if subtle.ConstantTimeCompare(observedState, expectedState) != 1 {
http.Error(w, "State sent did not match state received.", http.StatusBadRequest)
log.Info("Observed and expected states do not match.")
return
}
user, err := gothic.CompleteUserAuth(w, r)
if err != nil {
log.Warn(w, err)
return
}
t, err := template.ParseFiles("oauth/templates/user.html.tmpl")
if err != nil {
log.Warn(w, err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
t.Execute(w, user)
}
// loginHandlerはサードパーティへのログインの処理を受け持ちます
// パスの形式: /auth/{action}/{provider}
func loginHandler(w http.ResponseWriter, r *http.Request) {
action := r.URL.Query().Get(":action")
// provider := r.URL.Query().Get(":provider")
switch action {
case "login":
gothic.BeginAuthHandler(w, r)
case "callback":
// print our state string to the console. Ideally, you should verify
// that it's the same string as the one you set in `setState`
fmt.Println("State: ", gothic.GetState(r))
githubUser, err := gothic.CompleteUserAuth(w, r)
if err != nil {
log.Fatal("CompleteUserAuth error: ", err)
return
}
// ユーザーの保存
var user User
err = mapstructure.Decode(githubUser.RawData, &user)
if err != nil {
log.Fatal("mapstructure error: ", err)
return
}
session, err := mgo.Dial("mongodb://localhost")
if err != nil {
log.Fatal("mgo database dial error:", err)
return
}
defer session.Close()
session.SetMode(mgo.Monotonic, true)
c := session.DB("donuts_tech_calendar").C("users")
err = user.FindOrCreate(c)
if err != nil {
log.Fatal("user.FindOrCreate error:", err)
return
}
authCookieValue := base64.StdEncoding.EncodeToString([]byte(user.UserName))
http.SetCookie(w, &http.Cookie{
Name: "auth",
Value: authCookieValue,
Path: "/",
})
w.Header().Set("Location", "/index#/chat")
w.WriteHeader(http.StatusTemporaryRedirect)
default:
w.WriteHeader(http.StatusNotFound)
fmt.Fprintf(w, "アクション%sには非対応です", action)
}
}
func callbackPageHandler(res http.ResponseWriter, req *http.Request) {
// print our state string to the console
fmt.Println("State: " + gothic.GetState(req))
user, err := gothic.CompleteUserAuth(res, req)
if err != nil {
fmt.Fprintln(res, err)
return
}
t, _ := template.New("foo").Parse(userTemplate)
t.Execute(res, user)
}
func handleSocialLogin(rw http.ResponseWriter, req *http.Request) {
log.Println(gothic.GetState(req))
socialUser, err := gothic.CompleteUserAuth(rw, req)
if err != nil {
log.Println(err)
http.Error(rw, err.Error(), http.StatusBadRequest)
return
}
user := auth.User{}
user.UserID = socialUser.UserID
user.Email = socialUser.Email
log.Println(socialUser.UserID)
log.Println(socialUser.AccessToken)
log.Println(socialUser.NickName)
}
func main() {
goth.UseProviders(
twitter.New(os.Getenv("TWITTER_KEY"), os.Getenv("TWITTER_SECRET"), "http://localhost:3000/auth/twitter/callback"),
// If you'd like to use authenticate instead of authorize in Twitter provider, use this instead.
// twitter.NewAuthenticate(os.Getenv("TWITTER_KEY"), os.Getenv("TWITTER_SECRET"), "http://localhost:3000/auth/twitter/callback"),
facebook.New(os.Getenv("FACEBOOK_KEY"), os.Getenv("FACEBOOK_SECRET"), "http://localhost:3000/auth/facebook/callback"),
gplus.New(os.Getenv("GPLUS_KEY"), os.Getenv("GPLUS_SECRET"), "http://localhost:3000/auth/gplus/callback"),
github.New(os.Getenv("GITHUB_KEY"), os.Getenv("GITHUB_SECRET"), "http://localhost:3000/auth/github/callback"),
spotify.New(os.Getenv("SPOTIFY_KEY"), os.Getenv("SPOTIFY_SECRET"), "http://localhost:3000/auth/spotify/callback"),
linkedin.New(os.Getenv("LINKEDIN_KEY"), os.Getenv("LINKEDIN_SECRET"), "http://localhost:3000/auth/linkedin/callback"),
lastfm.New(os.Getenv("LASTFM_KEY"), os.Getenv("LASTFM_SECRET"), "http://localhost:3000/auth/lastfm/callback"),
twitch.New(os.Getenv("TWITCH_KEY"), os.Getenv("TWITCH_SECRET"), "http://localhost:3000/auth/twitch/callback"),
dropbox.New(os.Getenv("DROPBOX_KEY"), os.Getenv("DROPBOX_SECRET"), "http://localhost:3000/auth/dropbox/callback"),
)
// Assign the GetState function variable so we can return the
// state string we want to get back at the end of the oauth process.
// Only works with facebook and gplus providers.
gothic.GetState = func(req *http.Request) string {
// Get the state string from the query parameters.
return req.URL.Query().Get("state")
}
p := pat.New()
p.Get("/auth/{provider}/callback", func(res http.ResponseWriter, req *http.Request) {
// print our state string to the console
fmt.Println(gothic.GetState(req))
user, err := gothic.CompleteUserAuth(res, req)
if err != nil {
fmt.Fprintln(res, err)
return
}
t, _ := template.New("foo").Parse(userTemplate)
t.Execute(res, user)
})
p.Get("/auth/{provider}", gothic.BeginAuthHandler)
p.Get("/", func(res http.ResponseWriter, req *http.Request) {
t, _ := template.New("foo").Parse(indexTemplate)
t.Execute(res, nil)
})
http.ListenAndServe(":3000", p)
}
func main() {
goth.UseProviders(
twitter.New(os.Getenv("TWITTER_KEY"), os.Getenv("TWITTER_SECRET"), "http://localhost:3000/auth/twitter/callback"),
// If you'd like to use authenticate instead of authorize in Twitter provider, use this instead.
// twitter.NewAuthenticate(os.Getenv("TWITTER_KEY"), os.Getenv("TWITTER_SECRET"), "http://localhost:3000/auth/twitter/callback"),
facebook.New(os.Getenv("FACEBOOK_KEY"), os.Getenv("FACEBOOK_SECRET"), "http://localhost:3000/auth/facebook/callback"),
gplus.New(os.Getenv("GPLUS_KEY"), os.Getenv("GPLUS_SECRET"), "http://localhost:3000/auth/gplus/callback"),
github.New(os.Getenv("GITHUB_KEY"), os.Getenv("GITHUB_SECRET"), "http://localhost:3000/auth/github/callback"),
spotify.New(os.Getenv("SPOTIFY_KEY"), os.Getenv("SPOTIFY_SECRET"), "http://localhost:3000/auth/spotify/callback"),
linkedin.New(os.Getenv("LINKEDIN_KEY"), os.Getenv("LINKEDIN_SECRET"), "http://localhost:3000/auth/linkedin/callback"),
lastfm.New(os.Getenv("LASTFM_KEY"), os.Getenv("LASTFM_SECRET"), "http://localhost:3000/auth/lastfm/callback"),
twitch.New(os.Getenv("TWITCH_KEY"), os.Getenv("TWITCH_SECRET"), "http://localhost:3000/auth/twitch/callback"),
dropbox.New(os.Getenv("DROPBOX_KEY"), os.Getenv("DROPBOX_SECRET"), "http://localhost:3000/auth/dropbox/callback"),
digitalocean.New(os.Getenv("DIGITALOCEAN_KEY"), os.Getenv("DIGITALOCEAN_SECRET"), "http://localhost:3000/auth/digitalocean/callback", "read"),
bitbucket.New(os.Getenv("BITBUCKET_KEY"), os.Getenv("BITBUCKET_SECRET"), "http://localhost:3000/auth/bitbucket/callback"),
instagram.New(os.Getenv("INSTAGRAM_KEY"), os.Getenv("INSTAGRAM_SECRET"), "http://localhost:3000/auth/instagram/callback"),
)
p := pat.New()
p.Get("/auth/{provider}/callback", func(res http.ResponseWriter, req *http.Request) {
// print our state string to the console. Ideally, you should verify
// that it's the same string as the one you set in `setState`
fmt.Println("State: ", gothic.GetState(req))
user, err := gothic.CompleteUserAuth(res, req)
if err != nil {
fmt.Fprintln(res, err)
return
}
t, _ := template.New("foo").Parse(userTemplate)
t.Execute(res, user)
})
p.Get("/auth/{provider}", gothic.BeginAuthHandler)
p.Get("/", func(res http.ResponseWriter, req *http.Request) {
t, _ := template.New("foo").Parse(indexTemplate)
t.Execute(res, nil)
})
http.ListenAndServe(":3000", p)
}
func startAuthHandler(res http.ResponseWriter, req *http.Request) {
fmt.Println("Start Auth Handler: " + gothic.GetState(req))
gothic.BeginAuthHandler(res, req)
}
func (oa OAuthenticator) OAuthCallback() http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
log.Debugf("Incoming Auth request: %s", r)
sess, err := gothic.Store.Get(r, gothic.SessionName)
if err != nil {
log.Errorf("Error retrieving session info: %s", err)
w.WriteHeader(500)
return
}
log.Debugf("Processing oauth callback for '%s'", sess.ID)
if gothic.GetState(r) != sess.Values["state"] {
w.WriteHeader(403)
w.Write([]byte("Unauthorized"))
return
}
if r.URL.Query().Get("code") == "" {
log.Errorf("No code detected in oauth callback: %v", r)
w.WriteHeader(403)
w.Write([]byte("No oauth code issued from provider"))
return
}
user, err := gothic.CompleteUserAuth(w, r)
if err != nil {
log.Errorf("Error verifying oauth success: %s. Request: %v", err, r)
w.WriteHeader(403)
w.Write([]byte("UnOAuthorized"))
return
}
log.Debugf("Authenticated user %#v", user)
ts := oauth2.StaticTokenSource(&oauth2.Token{AccessToken: user.AccessToken})
ctx := context.WithValue(oauth2.NoContext, oauth2.HTTPClient, oa.Cfg.Client)
tc := oauth2.NewClient(ctx, ts)
log.Debugf("Checking authorization...")
membership, err := OAuthVerifier.Membership(user, tc)
if err != nil {
log.Errorf("Error retreiving user membership: %s", err)
w.WriteHeader(403)
w.Write([]byte("Unable to verify your membership"))
return
}
if !OAuthVerifier.Verify(user.NickName, membership) {
log.Debugf("Authorization denied")
w.WriteHeader(403)
w.Write([]byte("You are not authorized to view this content"))
return
}
log.Infof("Successful login for %s", user.NickName)
redirect := "/"
if flashes := sess.Flashes(); len(flashes) > 0 {
if flash, ok := flashes[0].(string); ok {
// don't redirect back to api calls, to prevent auth redirection loops
if !apiCall.MatchString(flash) || cliAuthCall.MatchString(flash) {
redirect = flash
}
}
}
sess.Values["User"] = user.NickName
sess.Values["Membership"] = membership
err = sess.Save(r, w)
if err != nil {
log.Errorf("Error saving session: %s", err)
w.WriteHeader(500)
w.Write([]byte("Unable to save authentication data. Check the SHIELD logs for more info."))
return
}
http.Redirect(w, r, redirect, 302) // checks auth
})
}
