-
Notifications
You must be signed in to change notification settings - Fork 315
/
introspect.go
125 lines (108 loc) · 3.24 KB
/
introspect.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
package oauth
import (
"errors"
"net/http"
"github.com/RichardKnop/go-oauth2-server/models"
"github.com/RichardKnop/go-oauth2-server/oauth/tokentypes"
)
const (
// AccessTokenHint ...
AccessTokenHint = "access_token"
// RefreshTokenHint ...
RefreshTokenHint = "refresh_token"
)
var (
// ErrTokenMissing ...
ErrTokenMissing = errors.New("Token missing")
// ErrTokenHintInvalid ...
ErrTokenHintInvalid = errors.New("Invalid token hint")
)
func (s *Service) introspectToken(r *http.Request, client *models.OauthClient) (*IntrospectResponse, error) {
// Parse the form so r.Form becomes available
if err := r.ParseForm(); err != nil {
return nil, err
}
// Get token from the query
token := r.Form.Get("token")
if token == "" {
return nil, ErrTokenMissing
}
// Get token type hint from the query
tokenTypeHint := r.Form.Get("token_type_hint")
// Default to access token hint
if tokenTypeHint == "" {
tokenTypeHint = AccessTokenHint
}
switch tokenTypeHint {
case AccessTokenHint:
accessToken, err := s.Authenticate(token)
if err != nil {
return nil, err
}
return s.NewIntrospectResponseFromAccessToken(accessToken)
case RefreshTokenHint:
refreshToken, err := s.GetValidRefreshToken(token, client)
if err != nil {
return nil, err
}
return s.NewIntrospectResponseFromRefreshToken(refreshToken)
default:
return nil, ErrTokenHintInvalid
}
}
// NewIntrospectResponseFromAccessToken ...
func (s *Service) NewIntrospectResponseFromAccessToken(accessToken *models.OauthAccessToken) (*IntrospectResponse, error) {
var introspectResponse = &IntrospectResponse{
Active: true,
Scope: accessToken.Scope,
TokenType: tokentypes.Bearer,
ExpiresAt: int(accessToken.ExpiresAt.Unix()),
}
if accessToken.ClientID.Valid {
client := new(models.OauthClient)
notFound := s.db.Select("key").First(client, accessToken.ClientID.String).
RecordNotFound()
if notFound {
return nil, ErrClientNotFound
}
introspectResponse.ClientID = client.Key
}
if accessToken.UserID.Valid {
user := new(models.OauthUser)
notFound := s.db.Select("username").Where("id = ?", accessToken.UserID.String).
First(user, accessToken.UserID.String).RecordNotFound()
if notFound {
return nil, ErrUserNotFound
}
introspectResponse.Username = user.Username
}
return introspectResponse, nil
}
// NewIntrospectResponseFromRefreshToken ...
func (s *Service) NewIntrospectResponseFromRefreshToken(refreshToken *models.OauthRefreshToken) (*IntrospectResponse, error) {
var introspectResponse = &IntrospectResponse{
Active: true,
Scope: refreshToken.Scope,
TokenType: tokentypes.Bearer,
ExpiresAt: int(refreshToken.ExpiresAt.Unix()),
}
if refreshToken.ClientID.Valid {
client := new(models.OauthClient)
notFound := s.db.Select("key").First(client, refreshToken.ClientID.String).
RecordNotFound()
if notFound {
return nil, ErrClientNotFound
}
introspectResponse.ClientID = client.Key
}
if refreshToken.UserID.Valid {
user := new(models.OauthUser)
notFound := s.db.Select("username").Where("id = ?", refreshToken.UserID.String).
First(user, refreshToken.UserID.String).RecordNotFound()
if notFound {
return nil, ErrUserNotFound
}
introspectResponse.Username = user.Username
}
return introspectResponse, nil
}