-
Notifications
You must be signed in to change notification settings - Fork 0
/
default.go
92 lines (78 loc) · 2.85 KB
/
default.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
// Copyright 2015 The LUCI Authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package server
import (
"context"
"google.golang.org/appengine"
"github.com/TriggerMail/luci-go/server/auth"
"github.com/TriggerMail/luci-go/server/auth/openid"
"github.com/TriggerMail/luci-go/server/router"
"github.com/TriggerMail/luci-go/server/warmup"
"github.com/TriggerMail/luci-go/appengine/gaeauth/server/internal/authdbimpl"
)
// CookieAuth is default cookie-based auth method to use on GAE.
//
// On dev server it is based on dev server cookies, in prod it is based on
// OpenID. Works only if appropriate handlers have been installed into
// the router. See InstallHandlers.
var CookieAuth auth.Method
// InstallHandlers installs HTTP handlers for various default routes related
// to authentication system.
//
// Must be installed in server HTTP router for authentication to work.
func InstallHandlers(r *router.Router, base router.MiddlewareChain) {
m := CookieAuth.(cookieAuthMethod)
if oid, ok := m.Method.(*openid.AuthMethod); ok {
oid.InstallHandlers(r, base)
}
auth.InstallHandlers(r, base)
authdbimpl.InstallHandlers(r, base)
}
func init() {
warmup.Register("appengine/gaeauth/server", func(c context.Context) error {
m := CookieAuth.(cookieAuthMethod)
if oid, ok := m.Method.(*openid.AuthMethod); ok {
return oid.Warmup(c)
}
return nil
})
}
///
// cookieAuthMethod implements union of openid.AuthMethod and UsersAPIAuthMethod
// methods, routing calls appropriately.
type cookieAuthMethod struct {
auth.Method
}
func (m cookieAuthMethod) LoginURL(c context.Context, dest string) (string, error) {
return m.Method.(auth.UsersAPI).LoginURL(c, dest)
}
func (m cookieAuthMethod) LogoutURL(c context.Context, dest string) (string, error) {
return m.Method.(auth.UsersAPI).LogoutURL(c, dest)
}
func init() {
// Flip to true to enable OpenID login on devserver for debugging. Requires
// a configuration (see /admin/portal/openid_auth page).
const useOIDOnDevServer = false
if appengine.IsDevAppServer() && !useOIDOnDevServer {
CookieAuth = cookieAuthMethod{UsersAPIAuthMethod{}}
} else {
CookieAuth = cookieAuthMethod{
&openid.AuthMethod{
SessionStore: &SessionStore{Prefix: "openid"},
IncompatibleCookies: []string{"SACSID", "dev_appserver_login"},
Insecure: appengine.IsDevAppServer(), // for http:// cookie
},
}
}
}