func (u userImpl) CurrentOAuth(scopes ...string) (*gae_user.User, error) {
usr, err := user.CurrentOAuth(u.aeCtx, scopes...)
if err != nil {
return nil, err
}
return (*gae_user.User)(usr), nil
}
// populateOAuthResponse updates (overwrites) OAuth user data associated
// with this request and the given scope. It should only be called
// while the mutex is held.
func (ca *cachingAuthenticator) populateOAuthResponse(c context.Context, scope string) error {
// Only one scope should be cached at once, so we just destroy the cache
ca.oauthResponseCache = map[string]*user.User{}
u, err := user.CurrentOAuth(c, scope)
if err != nil {
return err
}
ca.oauthResponseCache[scope] = u
return nil
}
func welcomeOAuth(w http.ResponseWriter, r *http.Request) {
ctx := appengine.NewContext(r)
u, err := user.CurrentOAuth(ctx, "")
if err != nil {
http.Error(w, "OAuth Authorization header required", http.StatusUnauthorized)
return
}
if !u.Admin {
http.Error(w, "Admin login only", http.StatusUnauthorized)
return
}
fmt.Fprintf(w, `Welcome, admin user %s!`, u)
}
func handle(w http.ResponseWriter, req *http.Request) {
c := appengine.NewContext(req)
u := user.Current(c)
if u == nil {
u, _ = user.CurrentOAuth(c,
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/appengine.apis",
)
}
if u == nil || !u.Admin {
w.Header().Set("Content-Type", "text/plain; charset=utf-8")
w.WriteHeader(http.StatusUnauthorized)
io.WriteString(w, "You must be logged in as an administrator to access this.\n")
return
}
if req.Header.Get("X-Appcfg-Api-Version") == "" {
w.Header().Set("Content-Type", "text/plain; charset=utf-8")
w.WriteHeader(http.StatusForbidden)
io.WriteString(w, "This request did not contain a necessary header.\n")
return
}
if req.Method != "POST" {
// Response must be YAML.
rtok := req.FormValue("rtok")
if rtok == "" {
rtok = "0"
}
w.Header().Set("Content-Type", "text/yaml; charset=utf-8")
fmt.Fprintf(w, `{app_id: %q, rtok: %q}`, internal.FullyQualifiedAppID(c), rtok)
return
}
defer req.Body.Close()
body, err := ioutil.ReadAll(req.Body)
if err != nil {
w.WriteHeader(http.StatusBadRequest)
log.Errorf(c, "Failed reading body: %v", err)
return
}
remReq := &pb.Request{}
if err := proto.Unmarshal(body, remReq); err != nil {
w.WriteHeader(http.StatusBadRequest)
log.Errorf(c, "Bad body: %v", err)
return
}
service, method := *remReq.ServiceName, *remReq.Method
if !requestSupported(service, method) {
w.WriteHeader(http.StatusBadRequest)
log.Errorf(c, "Unsupported RPC /%s.%s", service, method)
return
}
rawReq := &rawMessage{remReq.Request}
rawRes := &rawMessage{}
err = internal.Call(c, service, method, rawReq, rawRes)
remRes := &pb.Response{}
if err == nil {
remRes.Response = rawRes.buf
} else if ae, ok := err.(*internal.APIError); ok {
remRes.ApplicationError = &pb.ApplicationError{
Code: &ae.Code,
Detail: &ae.Detail,
}
} else {
// This shouldn't normally happen.
log.Errorf(c, "appengine/remote_api: Unexpected error of type %T: %v", err, err)
remRes.ApplicationError = &pb.ApplicationError{
Code: proto.Int32(0),
Detail: proto.String(err.Error()),
}
}
out, err := proto.Marshal(remRes)
if err != nil {
// This should not be possible.
w.WriteHeader(500)
log.Errorf(c, "proto.Marshal: %v", err)
return
}
log.Infof(c, "Spooling %d bytes of response to /%s.%s", len(out), service, method)
w.Header().Set("Content-Type", "application/octet-stream")
w.Header().Set("Content-Length", strconv.Itoa(len(out)))
w.Write(out)
}