-
Notifications
You must be signed in to change notification settings - Fork 4
/
auth.go
111 lines (97 loc) · 2.73 KB
/
auth.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
package actions
import (
"fmt"
"os"
"strings"
"github.com/devrelcollective/xela/models"
"github.com/gobuffalo/buffalo"
"github.com/gobuffalo/pop"
"github.com/gobuffalo/pop/nulls"
"github.com/markbates/going/defaults"
"github.com/markbates/goth"
"github.com/markbates/goth/gothic"
"github.com/markbates/goth/providers/google"
"github.com/pkg/errors"
)
func init() {
gothic.Store = App().SessionStore
goth.UseProviders(
google.New(os.Getenv("GOOGLE_KEY"), os.Getenv("GOOGLE_SECRET"), fmt.Sprintf("%s%s", App().Host, "/auth/google/callback")),
)
}
func AuthCallback(c buffalo.Context) error {
gu, err := gothic.CompleteUserAuth(c.Response(), c.Request())
if err != nil {
return c.Error(401, err)
}
tx := c.Value("tx").(*pop.Connection)
q := tx.Where("provider = ? and provider_id = ?", gu.Provider, gu.UserID)
exists, err := q.Exists("users")
if err != nil {
return errors.WithStack(err)
}
u := &models.User{}
if exists {
if err = q.First(u); err != nil {
return errors.WithStack(err)
}
}
u.Name = defaults.String(gu.Name, gu.NickName)
u.Provider = gu.Provider
u.ProviderID = gu.UserID
u.Email = nulls.NewString(gu.Email)
if userDomain := strings.SplitAfter(gu.Email, "@"); IsAuthorizedDomain(userDomain[1]) == false {
c.Session().Clear()
c.Flash().Add("danger", "You are not authorized to log in")
return c.Redirect(302, "/")
}
if err = tx.Save(u); err != nil {
return errors.WithStack(err)
}
c.Session().Set("current_user_id", u.ID)
if err = c.Session().Save(); err != nil {
return errors.WithStack(err)
}
c.Flash().Add("success", "You have been logged in")
return c.Redirect(302, "/")
}
func IsAuthorizedDomain(userDomain string) bool {
authorizedDomains := splitDomains(os.Getenv("AUTHORIZED_LOGIN_DOMAINS"))
for _, domain := range authorizedDomains {
if userDomain == string(domain) {
return true
}
}
return false
}
func splitDomains(domain string) []string {
domains := strings.Split(domain, ",")
return domains
}
func AuthDestroy(c buffalo.Context) error {
c.Session().Clear()
c.Flash().Add("success", "You have been logged out")
return c.Redirect(302, "/")
}
func SetCurrentUser(next buffalo.Handler) buffalo.Handler {
return func(c buffalo.Context) error {
if uid := c.Session().Get("current_user_id"); uid != nil {
u := &models.User{}
tx := c.Value("tx").(*pop.Connection)
if err := tx.Find(u, uid); err != nil {
return errors.WithStack(err)
}
c.Set("current_user", u)
}
return next(c)
}
}
func Authorize(next buffalo.Handler) buffalo.Handler {
return func(c buffalo.Context) error {
if uid := c.Session().Get("current_user_id"); uid == nil {
c.Flash().Add("danger", "You must be authorized to see that page")
return c.Redirect(302, "/")
}
return next(c)
}
}