Merge pull request #2 from hiendv/add-oauth

Add OAuth driver

Gopkg.toml

@@ -32,3 +32,7 @@
 [[constraint]]
   name = "github.com/satori/go.uuid"
   version = "1.1.0"
+
+[[constraint]]
+  branch = "master"
+  name = "golang.org/x/oauth2"

README.md

@@ -15,7 +15,7 @@
 
 ### Supported authentication drivers
 - Password-based authentication
-- OAuth2 (coming soon)
+- OAuth2
 
 ### Installation
 ```bash
@@ -25,24 +25,47 @@ go get github.com/hiendv/gate
 ### Usage
 Quick example to get a taste of Gate
 ```go
-
 var auth gate.Auth
 var user gate.User
 var err error
 
-// some codes go here
+// some construction codes go here
 
-// Login using password-based authentication & Issue the JWT
+// Login using password-based authentication
 user, err = auth.Login(map[string]string{"email": "email", "password": "password"})
+if err != nil {
+	log.Fatal("oops")
+}
+
+// Login using OAuth
+// Redirect users to the authentication code URL
+url, err := auth.LoginURL("state")
+
+// Receive the code and exchange it
+user, err = auth.Login(map[string]string{"code": "received-code"})
+if err != nil {
+	log.Fatal("oops")
+}
+
+// Issue the JWT for the user
 jwt, err := auth.IssueJWT(user)
+if err != nil {
+	log.Fatal("oops")
+}
 
-// Authenticate with a given JWT
+// Send the JWT to the user and let them use it to authenticate
+// Authenticate a user using JWT
 user, err = auth.Authenticate("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjp7ImlkIjoiaWQiLCJ1c2VybmFtZSI6InVzZXJuYW1lIiwicm9sZXMiOlsicm9sZSJdfSwiZXhwIjoxNjA1MDUyODAwLCJqdGkiOiJjbGFpbXMtaWQiLCJpYXQiOjE2MDUwNDkyMDB9.b0gxC2uZRek-SPwHSqyLOoW_DjSYroSivLqJG96Zxl0")
+if err != nil {
+	log.Fatal("oops")
+}
+
 err = auth.Authorize(user, "action", "object")
 ```
 
 You may want to check these examples and tests:
-- Password-based authentication [examples](https://godoc.org/github.com/hiendv/gate/password#pkg-examples) & [tests](password/password_test.go)
+- Password-based authentication [examples](https://godoc.org/github.com/hiendv/gate/password#pkg-examples), [unit tests](password/password_test.go) & [integration tests](password/password_integration_test.go)
+- OAuth2 authentication [examples](https://godoc.org/github.com/hiendv/gate/oauth#pkg-examples), [unit tests](oauth/oauth_test.go) & [integration tests](oauth/oauth_integration_test.go)
 
 ## Development & Testing
 Please check the [Contributing Guidelines](https://github.com/hiendv/gate/blob/master/CONTRIBUTING.md).

auth.go

@@ -30,6 +30,7 @@ type Auth interface {
 type UserService interface {
 	FindOneByID(string) (User, error)
 	FindOrCreateOneByEmail(string) (User, error)
+	FindOneByEmail(string) (User, error)
 }
 
 // RoleService is the contract which offers queries on the role entity

internal/http.go

@@ -0,0 +1,10 @@
+package internal
+
+import (
+	"net/http"
+)
+
+// HTTPClient is the interface for the common HTTP client
+type HTTPClient interface {
+	Get(url string) (resp *http.Response, err error)
+}

internal/test/fixtures/oauth_provider.go

@@ -0,0 +1,108 @@
+package fixtures
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+
+	"github.com/hiendv/gate"
+	"github.com/hiendv/gate/internal"
+	"github.com/pkg/errors"
+	"golang.org/x/oauth2"
+)
+
+type contextKey string
+
+const noResponseKey contextKey = "no-response"
+const malformedResponseKey contextKey = "malformed-response"
+
+// OAuthClient is the mocking HTTP client for OAuth driver
+type OAuthClient struct {
+	ctx       context.Context
+	token     *oauth2.Token
+	responses map[string]gate.HasEmail
+}
+
+// Get makes a GET request with the given URL
+func (client OAuthClient) Get(url string) (resp *http.Response, err error) {
+	if noResponse, ok := client.ctx.Value(noResponseKey).(bool); ok && noResponse {
+		return nil, nil
+	}
+
+	if client.token == nil || client.token.AccessToken == "" {
+		err = errors.New("invalid token")
+		return
+	}
+
+	if malformedResponse, ok := client.ctx.Value(malformedResponseKey).(bool); ok && malformedResponse {
+		return &http.Response{
+			Body: ioutil.NopCloser(bytes.NewBufferString("malformed")),
+		}, nil
+	}
+
+	user := client.responses[client.token.AccessToken]
+
+	result, err := json.Marshal(user)
+	if err != nil {
+		return
+	}
+
+	return &http.Response{
+		Body: ioutil.NopCloser(bytes.NewBuffer(result)),
+	}, nil
+}
+
+// OAuthProvider is the mocking provider for OAuth driver
+type OAuthProvider struct {
+	Responses map[string]gate.HasEmail
+}
+
+// AuthCodeURL returns a URL to OAuth 2.0 provider's consent page
+func (config OAuthProvider) AuthCodeURL(state string, opts ...oauth2.AuthCodeOption) string {
+	return ""
+}
+
+// Exchange converts an authorization code into a token
+func (config OAuthProvider) Exchange(ctx context.Context, code string) (*oauth2.Token, error) {
+	if code == "" {
+		return nil, nil
+	}
+
+	token := &oauth2.Token{}
+	token.AccessToken = fmt.Sprintf("%s-token", code)
+
+	return token, nil
+}
+
+// Client returns an HTTP client using the provided token
+func (config OAuthProvider) Client(ctx context.Context, token *oauth2.Token) internal.HTTPClient {
+	return OAuthClient{ctx, token, config.Responses}
+}
+
+// BadOAuthProvider is the mocking provider with no client for OAuth driver
+type BadOAuthProvider struct {
+	NoClient          bool
+	NoResponse        bool
+	MalformedResponse bool
+	OAuthProvider
+}
+
+// Client returns an HTTP client using the provided token
+func (config BadOAuthProvider) Client(ctx context.Context, token *oauth2.Token) internal.HTTPClient {
+	if config.NoClient {
+		return nil
+	}
+
+	if config.NoResponse {
+		ctx = context.WithValue(ctx, noResponseKey, true)
+	}
+
+	if config.MalformedResponse {
+		ctx = context.WithValue(ctx, malformedResponseKey, true)
+	}
+
+	return config.OAuthProvider.Client(ctx, token)
+}

internal/test/fixtures/user.go

@@ -71,7 +71,18 @@ func (service MyUserService) FindOneByEmail(email string) (u gate.User, err erro
 	return
 }
 
-// FindOrCreateOneByEmail fetches the user with the given email or create a new one if the user doesn't exist
+// CreateOneByEmail creates the user with the given email
+func (service *MyUserService) CreateOneByEmail(email string) (u gate.User, err error) {
+	record := User{
+		ID:    service.GenerateMyUserID(),
+		Email: email,
+	}
+	service.records = append(service.records, record)
+	u = record
+	return
+}
+
+// FindOrCreateOneByEmail fetches the user with the given email or creates a new one if the user doesn't exist
 func (service *MyUserService) FindOrCreateOneByEmail(email string) (u gate.User, err error) {
 	u, err = service.FindOneByEmail(email)
 	if err == nil {
@@ -83,12 +94,6 @@ func (service *MyUserService) FindOrCreateOneByEmail(email string) (u gate.User,
 		return
 	}
 
-	err = nil
-	record := User{
-		ID:    service.GenerateMyUserID(),
-		Email: email,
-	}
-	service.records = append(service.records, record)
-	u = record
+	u, err = service.CreateOneByEmail(email)
 	return
 }

oauth/config.go

@@ -0,0 +1,45 @@
+package oauth
+
+import (
+	"github.com/hiendv/gate"
+	"golang.org/x/oauth2"
+	"golang.org/x/oauth2/facebook"
+	"golang.org/x/oauth2/google"
+)
+
+// Config is the configuration for OAuth authentication
+type Config struct {
+	gate.Config
+	ClientID     string
+	ClientSecret string
+	Scopes       []string
+	Endpoint     oauth2.Endpoint
+	RedirectURI  string
+	UserAPI      string
+}
+
+// NewGoogleConfig is the constructor for OAuth configuration using Google API
+func NewGoogleConfig(base gate.Config, id, secret, redirectURI string) Config {
+	return Config{
+		base,
+		id,
+		secret,
+		[]string{"https://www.googleapis.com/auth/userinfo.email"},
+		google.Endpoint,
+		redirectURI,
+		"https://www.googleapis.com/oauth2/v3/userinfo",
+	}
+}
+
+// NewFacebookConfig is the constructor for OAuth configuration using Facebook API
+func NewFacebookConfig(base gate.Config, id, secret, redirectURI string) Config {
+	return Config{
+		base,
+		id,
+		secret,
+		[]string{"email"},
+		facebook.Endpoint,
+		redirectURI,
+		"https://graph.facebook.com/v2.11/me?fields=id,name,email",
+	}
+}

oauth/doc.go

@@ -0,0 +1,2 @@
+// Package oauth is the OAuth2 authentication driver for github.com/hiendv/gate. It uses client implementations, not OAuth servers e.g. Google, Facebook, etc.
+package oauth