-
Notifications
You must be signed in to change notification settings - Fork 0
/
token.go
65 lines (53 loc) · 1.84 KB
/
token.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
package v1beta
import (
"context"
"errors"
"fmt"
"github.com/choral-io/gommerce-server-aio/data/models"
"github.com/uptrace/bun"
"golang.org/x/crypto/bcrypt"
)
const (
LOGIN_PROVIDER_FORM_PASSWORD = models.LOGIN_PROVIDER_FORM_PASSWORD
LOGIN_PROVIDER_SMS_OTP_CODE = models.LOGIN_PROVIDER_SMS_OTP_CODE
)
type LoginProvider interface {
Name() string
Login(ctx context.Context, realm, username, password, idToken string, scope []string) (*models.Login, error)
}
type formPasswordLoginProvider struct {
bdb bun.IDB
}
func NewFormPasswordLoginProvider(bdb bun.IDB) LoginProvider {
return &formPasswordLoginProvider{bdb: bdb}
}
func (p *formPasswordLoginProvider) Name() string {
return LOGIN_PROVIDER_FORM_PASSWORD
}
func (p *formPasswordLoginProvider) Login(ctx context.Context, realmId, username, password, idToken string, scope []string) (*models.Login, error) {
login := &models.Login{}
if err := p.bdb.NewSelect().Model(login).
Where(`"login"."provider" = ?`, LOGIN_PROVIDER_FORM_PASSWORD).
Where(`"login"."identifier" = ?`, username).
Where(`"user"."realm_id" = ?`, realmId).
Relation("User").Scan(ctx); err != nil {
return nil, err
}
if !login.Credential.Valid {
return nil, errors.New("password not set")
}
if err := bcrypt.CompareHashAndPassword([]byte(login.Credential.String), []byte(password)); err != nil {
return nil, errors.New("password not match")
}
return login, nil
}
type smsOTPCodeLoginProvider struct{}
func NewSMSOTPCodeLoginProvider() LoginProvider {
return &smsOTPCodeLoginProvider{}
}
func (p *smsOTPCodeLoginProvider) Name() string {
return LOGIN_PROVIDER_SMS_OTP_CODE
}
func (p *smsOTPCodeLoginProvider) Login(ctx context.Context, realmId, username, password, idToken string, scope []string) (*models.Login, error) {
return nil, fmt.Errorf("login provider '%s' not implemented", LOGIN_PROVIDER_SMS_OTP_CODE)
}