// targetService implements a "target service", representing // an arbitrary web service that wants to delegate authorization // to third parties. // func targetService(endpoint, authEndpoint string, authPK *bakery.PublicKey) (http.Handler, error) { key, err := bakery.GenerateKey() if err != nil { return nil, err } pkLocator := bakery.NewPublicKeyRing() svc, err := httpbakery.NewService(bakery.NewServiceParams{ Key: key, Location: endpoint, Locator: pkLocator, }) if err != nil { return nil, err } log.Printf("adding public key for location %s: %x", authEndpoint, authPK[:]) pkLocator.AddPublicKeyForLocation(authEndpoint, true, authPK) mux := http.NewServeMux() srv := &targetServiceHandler{ svc: svc, authEndpoint: authEndpoint, } mux.HandleFunc("/gold/", srv.serveGold) mux.HandleFunc("/silver/", srv.serveSilver) return mux, nil }
// New returns a new handler that services an identity-providing // service. This acts as a login service and can discharge third-party caveats // for users. func New(p Params) (http.Handler, error) { svc, err := httpbakery.NewService(p.Service) if err != nil { return nil, err } h := &handler{ svc: svc, users: p.Users, place: &place{meeting.New()}, } mux := http.NewServeMux() svc.AddDischargeHandler("/", mux, h.checkThirdPartyCaveat) mux.Handle("/user/", handleJSON(h.userHandler)) mux.HandleFunc("/login", h.loginHandler) mux.Handle("/question", handleJSON(h.questionHandler)) mux.Handle("/wait", handleJSON(h.waitHandler)) mux.HandleFunc("/loginattempt", h.loginAttemptHandler) return mux, nil }