func (a *Endpoints) NewAPIKey(ctx context.Context, w webhelp.ResponseWriter,
req *http.Request, user *UserInfo) error {
_, err := a.Data.NewAPIKey(user.Id)
if err != nil {
return err
}
return webhelp.Redirect(w, req, fmt.Sprintf("/account/apikeys"))
}
func (lr loginRequired) HandleHTTP(ctx context.Context,
w webhelp.ResponseWriter, r *http.Request) error {
user, err := lr.a.LoadUser(ctx, r)
if err != nil {
return err
}
if user == nil {
return webhelp.Redirect(w, r, oauth2.LoginURL(r.RequestURI, false))
}
return lr.h.HandleHTTP(context.WithValue(ctx, userKey, user), w, r)
}
func (g *ProviderGroup) logoutAll(ctx context.Context,
w webhelp.ResponseWriter, r *http.Request) error {
err := g.LogoutAll(ctx, w)
if err != nil {
return err
}
redirect_to := r.FormValue("redirect_to")
if redirect_to == "" {
redirect_to = g.urls.DefaultLogoutURL
}
return webhelp.Redirect(w, r, redirect_to)
}
func (lr loginRequired) HandleHTTP(ctx context.Context,
w webhelp.ResponseWriter, r *http.Request) error {
token, err := lr.o.Token(ctx)
if err != nil {
return err
}
if token != nil {
return lr.h.HandleHTTP(ctx, w, r)
} else {
return webhelp.Redirect(w, r, lr.o.LoginURL(r.RequestURI, false))
}
}
// LoginRequired is a middleware for redirecting users to a login page if
// they aren't logged in yet. login_redirect should take the URL to redirect
// to after logging in and return a URL that will actually do the logging in.
// If you already know which provider a user should use, consider using
// (*ProviderHandler).LoginRequired instead, which doesn't require a
// login_redirect URL.
func (g *ProviderGroup) LoginRequired(h webhelp.Handler,
login_redirect func(redirect_to string) (url string)) webhelp.Handler {
return webhelp.HandlerFunc(func(ctx context.Context,
w webhelp.ResponseWriter, r *http.Request) error {
tokens, err := g.Tokens(ctx)
if err != nil {
return err
}
if len(tokens) > 0 {
return h.HandleHTTP(ctx, w, r)
} else {
return webhelp.Redirect(w, r, login_redirect(r.RequestURI))
}
})
}
func (o *ProviderHandler) login(ctx context.Context, w webhelp.ResponseWriter,
r *http.Request) error {
session, err := o.Session(ctx)
if err != nil {
return err
}
redirect_to := r.FormValue("redirect_to")
if redirect_to == "" {
redirect_to = o.urls.DefaultLoginURL
}
force_prompt, err := strconv.ParseBool(r.FormValue("force_prompt"))
if err != nil {
force_prompt = false
}
if !force_prompt && o.token(session) != nil {
return webhelp.Redirect(w, r, redirect_to)
}
state := newState()
session.Values["_state"] = state
session.Values["_redirect_to"] = redirect_to
err = session.Save(w)
if err != nil {
return err
}
opts := []oauth2.AuthCodeOption{oauth2.AccessTypeOnline}
if force_prompt {
opts = append(opts, oauth2.ApprovalForce)
}
return webhelp.Redirect(w, r, o.provider.AuthCodeURL(state, opts...))
}
func (a *Endpoints) NewProject(ctx context.Context, w webhelp.ResponseWriter,
req *http.Request, user *UserInfo) error {
proj_id, err := a.Data.NewProject(user.Id, req.FormValue("name"),
func(deliver func(dim string) error) error {
for _, dim := range strings.Fields(req.FormValue("dimensions")) {
err := deliver(dim)
if err != nil {
return err
}
}
return nil
})
if err != nil {
return err
}
return webhelp.Redirect(w, req, fmt.Sprintf("/project/%d", proj_id))
}
func (a *Endpoints) newSample(ctx context.Context, w webhelp.ResponseWriter,
req *http.Request, user *UserInfo, proj_id, control_id int64) error {
sample_id, err := a.Data.NewSample(user.Id, proj_id, control_id,
req.FormValue("name"),
func(deliver func(dim_id int64, value float64) error) error {
dimlookup, err := a.Data.DimLookup(proj_id)
if err != nil {
return err
}
for _, row := range strings.Split(req.FormValue("values"), "\n") {
fields := strings.Fields(row)
if len(fields) == 0 {
continue
}
if len(fields) != 2 {
return webhelp.ErrBadRequest.New("malformed data: %#v", row)
}
id, err := dimlookup.LookupId(fields[0])
if err != nil {
return err
}
val, err := strconv.ParseFloat(fields[1], 64)
if err != nil {
return webhelp.ErrBadRequest.New("malformed data: %#v", row)
}
err = deliver(id, val)
if err != nil {
return err
}
}
return nil
})
if err != nil {
return err
}
return webhelp.Redirect(w, req, fmt.Sprintf("/project/%d/sample/%d",
proj_id, sample_id))
}
func (o *ProviderHandler) cb(ctx context.Context, w webhelp.ResponseWriter,
r *http.Request) error {
session, err := o.Session(ctx)
if err != nil {
return err
}
val, exists := session.Values["_state"]
existing_state, correct := val.(string)
if !exists || !correct {
return webhelp.ErrBadRequest.New("invalid session storage state")
}
val, exists = session.Values["_redirect_to"]
redirect_to, correct := val.(string)
if !exists || !correct {
return webhelp.ErrBadRequest.New("invalid redirect_to")
}
if existing_state != r.FormValue("state") {
return webhelp.ErrBadRequest.New("csrf detected")
}
token, err := o.provider.Exchange(context.Background(), r.FormValue("code"))
if err != nil {
return err
}
session.Values["_token"] = token
err = session.Save(w)
if err != nil {
return err
}
return webhelp.Redirect(w, r, redirect_to)
}
func main() {
flag.Parse()
secret, err := hex.DecodeString(*cookieSecret)
if err != nil {
panic(err)
}
store := sessions.NewCookieStore(secret)
group, err := oauth2.NewProviderGroup(
"oauth", "/auth", oauth2.RedirectURLs{},
oauth2.Github(oauth2.Config{
ClientID: *githubClientId,
ClientSecret: *githubClientSecret}),
oauth2.Facebook(oauth2.Config{
ClientID: *facebookClientId,
ClientSecret: *facebookClientSecret,
RedirectURL: "http://localhost:8080/auth/facebook/_cb"}))
if err != nil {
panic(err)
}
webhelp.ListenAndServe(*listenAddr,
webhelp.LoggingHandler(
sessions.HandlerWithStore(store,
webhelp.DirMux{
"": &SampleHandler{Group: group, Restricted: false},
"login": &LoginHandler{Group: group},
"logout": webhelp.HandlerFunc(func(ctx context.Context,
w webhelp.ResponseWriter, r *http.Request) error {
return webhelp.Redirect(w, r, "/auth/all/logout")
}),
"restricted": group.LoginRequired(
&SampleHandler{Group: group, Restricted: true}, loginurl),
"auth": group})))
}