forked from jarias/stormpath-sdk-go
/
cookie.go
145 lines (116 loc) · 4.09 KB
/
cookie.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
package stormpathweb
import (
"net/http"
"strings"
"time"
"github.com/jarias/stormpath-sdk-go"
)
func isAccessTokenCookieSecure(r *http.Request) bool {
if Config.AccessTokenCookieSecure == nil {
return r.URL.Scheme == "https"
}
return *Config.AccessTokenCookieSecure
}
func accessTokenCookiePath() string {
if Config.AccessTokenCookiePath == "" {
if Config.BasePath == "" {
return "/"
}
return Config.BasePath
}
return Config.AccessTokenCookiePath
}
func accesstokenCookieDomain(r *http.Request) string {
if Config.AccessTokenCookieDomain == "" {
if r.Host != "" {
if strings.Contains(r.Host, ":") {
return r.Host[:strings.Index(r.Host, ":")]
}
return r.Host
}
}
return Config.AccessTokenCookieDomain
}
func getAccessTokenCookie(accessToken string, expires time.Time, r *http.Request) *http.Cookie {
cookie := &http.Cookie{Value: accessToken, Name: Config.AccessTokenCookieName, Expires: expires}
cookie.HttpOnly = Config.AccessTokenCookieHTTPOnly
cookie.Secure = isAccessTokenCookieSecure(r)
cookie.Path = accessTokenCookiePath()
cookie.Domain = accesstokenCookieDomain(r)
return cookie
}
func isRefreshTokenCookieSecure(r *http.Request) bool {
if Config.RefreshTokenCookieSecure == nil {
return r.URL.Scheme == "https"
}
return *Config.RefreshTokenCookieSecure
}
func refreshTokenCookiePath() string {
if Config.RefreshTokenCookiePath == "" {
if Config.BasePath == "" {
return "/"
}
return Config.BasePath
}
return Config.RefreshTokenCookiePath
}
func refreshTokenCookieDomain(r *http.Request) string {
if Config.RefreshTokenCookieDomain == "" {
if r.Host != "" {
if strings.Contains(r.Host, ":") {
return r.Host[:strings.Index(r.Host, ":")]
}
return r.Host
}
}
return Config.RefreshTokenCookieDomain
}
func getRefreshTokenCookie(refreshToken string, expires time.Time, r *http.Request) *http.Cookie {
cookie := &http.Cookie{Value: refreshToken, Name: Config.RefreshTokenCookieName, Expires: expires}
cookie.HttpOnly = Config.RefreshTokenCookieHTTPOnly
cookie.Secure = isRefreshTokenCookieSecure(r)
cookie.Path = refreshTokenCookiePath()
cookie.Domain = refreshTokenCookieDomain(r)
return cookie
}
func saveAuthenticationResult(w http.ResponseWriter, r *http.Request, authenticationResult stormpath.AuthResult, application *stormpath.Application) error {
var err error
oauthAccessTokenResult, ok := authenticationResult.(*stormpath.OAuthAccessTokenResult)
if !ok {
account := authenticationResult.GetAccount()
oauthAccessTokenResult, err = exchangeToken(account, application)
if err != nil {
return err
}
}
http.SetCookie(w, getAccessTokenCookie(oauthAccessTokenResult.AccessToken, getJwtExpiration(oauthAccessTokenResult.AccessToken), r))
http.SetCookie(w, getRefreshTokenCookie(oauthAccessTokenResult.RefreshToken, getJwtExpiration(oauthAccessTokenResult.RefreshToken), r))
return nil
}
func getJwtExpiration(jwtString string) time.Time {
claims := &stormpath.AccessTokenClaims{}
stormpath.ParseJWT(jwtString, claims)
exp := time.Duration(claims.ExpiresAt) * time.Second
return time.Unix(0, exp.Nanoseconds())
}
func getJwtID(jwtString string) string {
claims := &stormpath.AccessTokenClaims{}
stormpath.ParseJWT(jwtString, claims)
return claims.Id
}
func clearAuthentication(w http.ResponseWriter, r *http.Request, application *stormpath.Application) {
accessTokenCookie, err := r.Cookie(Config.AccessTokenCookieName)
if err == nil {
accessToken := &stormpath.OAuthToken{}
accessToken.Href = stormpath.GetClient().ClientConfiguration.BaseURL + "accessTokens/" + getJwtID(accessTokenCookie.Value)
accessToken.Delete()
}
refreshTokenCookie, err := r.Cookie(Config.RefreshTokenCookieName)
if err == nil {
refreshToken := &stormpath.OAuthToken{}
refreshToken.Href = stormpath.GetClient().ClientConfiguration.BaseURL + "refreshTokens/" + getJwtID(refreshTokenCookie.Value)
refreshToken.Delete()
}
http.SetCookie(w, &http.Cookie{Name: Config.AccessTokenCookieName, Expires: time.Now().Add(-1 * time.Second)})
http.SetCookie(w, &http.Cookie{Name: Config.RefreshTokenCookieName, Expires: time.Now().Add(-1 * time.Second)})
}