Esempio n. 1
0
// Error is an error/panic handler middleware.
// Any error/panic is recovered and logged and the error response is returned to the user (auto-generated if none was set).
func Error(ctx *neptulon.ReqCtx) error {
	errored := false

	if err := ctx.Next(); err != nil {
		errored = true
		log.Printf("mw: error: error handling response: %v", err)
	}

	if err := recover(); err != nil {
		errored = true
		const size = 64 << 10
		buf := make([]byte, size)
		buf = buf[:runtime.Stack(buf, false)]
		log.Printf("mw: error: panic handling response: %v\nstack trace: %s", err, buf)
	}

	if errored {
		if ctx.Err == nil {
			ctx.Err = &neptulon.ResError{
				Code:    500,
				Message: "Internal server error.",
			}
		}

		return ctx.Next()
	}

	return nil
}
Esempio n. 2
0
// googleAuth authenticates a user with Google+ using provided OAuth 2.0 access token.
// If authenticated successfully, user profile is retrieved from Google+ and user is given a JWT token in return.
func googleAuth(ctx *neptulon.ReqCtx, db DB, pass string) error {
	var r tokenContainer
	if err := ctx.Params(&r); err != nil || r.Token == "" {
		ctx.Err = &neptulon.ResError{Code: 666, Message: "Malformed or null Google oauth access token was provided."}
		return fmt.Errorf("auth: google: malformed or null Google oauth token '%v' was provided: %v", r.Token, err)
	}

	p, err := getTokenInfo(r.Token)
	if err != nil {
		ctx.Err = &neptulon.ResError{Code: 666, Message: "Failed to authenticated with the given Google oauth access token."}
		return fmt.Errorf("auth: google: error during Google API call using provided token: %v with error: %v", r.Token, err)
	}

	// retrieve user information
	user, ok := db.GetByMail(p.Email)
	if !ok {
		// this is a first-time registration so create user profile via Google+ profile info
		user = &User{Email: p.Email, Name: p.Name, Picture: p.Picture, Registered: time.Now()}

		// save the user information for user ID to be generated by the database
		if err := db.SaveUser(user); err != nil {
			return fmt.Errorf("auth: google: failed to persist user information: %v", err)
		}

		// create the JWT token
		token := jwt.New(jwt.SigningMethodHS256)
		token.Claims["userid"] = user.ID
		token.Claims["created"] = user.Registered.Unix()
		user.JWTToken, err = token.SignedString([]byte(pass))
		if err != nil {
			return fmt.Errorf("auth: google: jwt signing error: %v", err)
		}

		// now save the full user info
		if err := db.SaveUser(user); err != nil {
			return fmt.Errorf("auth: google: failed to persist user information: %v", err)
		}

		// store user ID in session so user can make authenticated call after this
		ctx.Conn.Session.Set("userid", user.ID)
	}

	ctx.Res = gAuthRes{ID: user.ID, Token: user.JWTToken, Name: user.Name, Email: user.Email, Picture: user.Picture}
	ctx.Session.Set(middleware.CustResLogDataKey, gAuthRes{ID: user.ID, Token: user.JWTToken, Name: user.Name, Email: user.Email})
	log.Printf("auth: google: logged in: %v, %v", p.Name, p.Email)
	return nil
}