/
login.go
executable file
·134 lines (114 loc) · 3.15 KB
/
login.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
package githubexample
import (
"fmt"
"io"
"net/http"
"net/url"
"strings"
"encoding/json"
"github.com/nu7hatch/gouuid"
"golang.org/x/net/context"
"google.golang.org/appengine"
"google.golang.org/appengine/urlfetch"
"io/ioutil"
)
// change redirectURI for deployment; eg, http://<yourAppId>.appspot.com/oauth2callback
const redirectURI = "http://localhost:8080/oauth2callback"
const githubAPIURL = "https://api.github.com"
func init() {
http.HandleFunc("/", handleIndex)
http.HandleFunc("/github-login", handleGithubLogin)
http.HandleFunc("/oauth2callback", handleOauth2Callback)
}
func handleIndex(res http.ResponseWriter, req *http.Request) {
io.WriteString(res, `<!DOCTYPE html>
<html>
<head></head>
<body>
<a href="/github-login">LOGIN WITH GITHUB</a>
</body>
</html>`)
}
var githubScopes = []string{
"user:email",
"read:org",
}
func handleGithubLogin(res http.ResponseWriter, req *http.Request) {
ctx := appengine.NewContext(req)
// get the session
session := getSession(ctx, req)
id, _ := uuid.NewV4()
values := make(url.Values)
values.Add("client_id", "fbbaa8ce5c394b7c3198")
values.Add("redirect_uri", redirectURI)
values.Add("scope", strings.Join(githubScopes, ","))
values.Add("state", id.String())
// save the session
session.State = id.String()
putSession(ctx, res, session)
http.Redirect(res, req, fmt.Sprintf(
"https://github.com/login/oauth/authorize?%s",
values.Encode(),
), 302)
}
func handleOauth2Callback(res http.ResponseWriter, req *http.Request) {
ctx := appengine.NewContext(req)
// get the session
session := getSession(ctx, req)
state := req.FormValue("state")
code := req.FormValue("code")
if state != session.State {
http.Error(res, "invalid state", 401)
return
}
fmt.Fprintln(res, "AUTHORIZATION CODE "+code)
accessToken, err := getAccessToken(ctx, state, code)
if err != nil {
http.Error(res, err.Error(), 500)
return
}
fmt.Fprintln(res, "ACCESS TOKEN "+accessToken)
email, err := getEmail(ctx, accessToken)
if err != nil {
http.Error(res, err.Error(), 500)
return
}
fmt.Fprintln(res, "EMAIL "+email)
}
func getAccessToken(ctx context.Context, state, code string) (string, error) {
values := make(url.Values)
values.Add("client_id", "fbbaa8ce5c394b7c3198")
values.Add("client_secret", "1b450ffb26982847d1c92eadd8a6d4932a79f225")
values.Add("code", code)
values.Add("state", state)
client := urlfetch.Client(ctx)
response, err := client.PostForm("https://github.com/login/oauth/access_token", values)
if err != nil {
return "", err
}
defer response.Body.Close()
bs, _ := ioutil.ReadAll(response.Body)
v, _ := url.ParseQuery(string(bs))
return v.Get("access_token"), nil
}
func getEmail(ctx context.Context, accessToken string) (string, error) {
client := urlfetch.Client(ctx)
response, err := client.Get("https://api.github.com/user/emails?access_token=" + accessToken)
if err != nil {
return "", nil
}
defer response.Body.Close()
var data []struct {
Email string
Verified bool
Primary bool
}
err = json.NewDecoder(response.Body).Decode(&data)
if err != nil {
return "", nil
}
if len(data) == 0 {
return "", fmt.Errorf("no email found")
}
return data[0].Email, nil
}