// AuthenticateHandler returns a web handler function that redirects to a
// session-specific authentication link.
func AuthenticateHandler(auth evesso.Authenticator, sess server.Sessionizer) web.HandlerFunc {
return func(c web.C, w http.ResponseWriter, r *http.Request) {
s := sess.GetSession(&c, w, r)
url := auth.URL(s.State)
http.Redirect(w, r, url, http.StatusFound)
}
}
// CRESTCallbackListener returns a web handler function that listens for a CREST
// SSO callback and accepts the results of authentication.
func CRESTCallbackListener(localdb db.LocalDB, auth evesso.Authenticator, sess server.Sessionizer) web.HandlerFunc {
return func(c web.C, w http.ResponseWriter, r *http.Request) {
// Verify state value.
s := sess.GetSession(&c, w, r)
passedState := r.FormValue("state")
if passedState != s.State {
// CSRF attempt or session expired; reject.
http.Error(w, "Returned state not valid for this user.", http.StatusBadRequest)
log.Printf("Got state %#v, expected state %#v", passedState, s.State)
w.Write([]byte(`{"status": "Error"}`))
return
}
// Extract code from query parameters.
code := r.FormValue("code")
// Exchange it for a token.
tok, err := auth.Exchange(code)
if err != nil {
http.Error(w, `{"status": "Error"}`, http.StatusInternalServerError)
log.Printf("Error exchanging token: %v", err)
return
}
// Get character information.
charInfo, err := auth.CharacterInfo(tok)
if err != nil {
http.Error(w, `{"status": "Error"}`, http.StatusInternalServerError)
log.Printf("Error getting character information: %v; token was %+v", err, tok)
return
}
// Update session in database.
err = localdb.AuthenticateSession(s.Cookie, tok, charInfo)
if err != nil {
http.Error(w, `{"status": "Error"}`, http.StatusInternalServerError)
log.Printf("Unable to update session post-auth: %v; info was %+v", err, charInfo)
return
}
w.Header().Set("Content-Type", "text/html; charset=utf-8")
w.WriteHeader(http.StatusOK)
w.Write([]byte(`
<html>
<head>
<title>Authenticated</title>
</head>
<body>
<p>OK.</p>
<script type="text/javascript">
window.onload = function() {
window.opener.hasAuthenticated();
window.close();
}
</script>
</body>
</html>
`))
}
}
// SessionInfo returns a web handler function that returns information about the
// current session.
func SessionInfo(auth evesso.Authenticator, sess server.Sessionizer, localdb db.LocalDB) web.HandlerFunc {
return func(c web.C, w http.ResponseWriter, r *http.Request) {
curSession := sess.GetSession(&c, w, r)
returnInfo := sessionInfo{
Authenticated: curSession.User != 0,
OAuthURL: auth.URL(curSession.State),
}
if curSession.Token != nil {
returnInfo.OAuthExpiry = curSession.Token.Expiry
}
if curSession.User != 0 {
// We're authenticated - also pass in the API keys registered to this
// user.
keys, err := localdb.APIKeys(curSession.User)
if err != nil {
log.Fatalf("Error - unable to retrieve API keys from database.")
}
returnInfo.APIKeys = keys
}
returnJSON, _ := json.Marshal(&returnInfo)
w.Write(returnJSON)
}
}