// targetService implements a "target service", representing
// an arbitrary web service that wants to delegate authorization
// to third parties.
//
func targetService(endpoint, authEndpoint string, authPK *bakery.PublicKey) (http.Handler, error) {
key, err := bakery.GenerateKey()
if err != nil {
return nil, err
}
pkLocator := bakery.NewPublicKeyRing()
svc, err := httpbakery.NewService(bakery.NewServiceParams{
Key: key,
Location: endpoint,
Locator: pkLocator,
})
if err != nil {
return nil, err
}
log.Printf("adding public key for location %s: %x", authEndpoint, authPK[:])
pkLocator.AddPublicKeyForLocation(authEndpoint, true, authPK)
mux := http.NewServeMux()
srv := &targetServiceHandler{
svc: svc,
authEndpoint: authEndpoint,
}
mux.HandleFunc("/gold/", srv.serveGold)
mux.HandleFunc("/silver/", srv.serveSilver)
return mux, nil
}
// New returns a new handler that services an identity-providing
// service. This acts as a login service and can discharge third-party caveats
// for users.
func New(p Params) (http.Handler, error) {
svc, err := httpbakery.NewService(p.Service)
if err != nil {
return nil, err
}
h := &handler{
svc: svc,
users: p.Users,
place: &place{meeting.New()},
}
mux := http.NewServeMux()
svc.AddDischargeHandler("/", mux, h.checkThirdPartyCaveat)
mux.Handle("/user/", handleJSON(h.userHandler))
mux.HandleFunc("/login", h.loginHandler)
mux.Handle("/question", handleJSON(h.questionHandler))
mux.Handle("/wait", handleJSON(h.waitHandler))
mux.HandleFunc("/loginattempt", h.loginAttemptHandler)
return mux, nil
}