-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.go
158 lines (132 loc) · 3.83 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
package main
import (
"encoding/base64"
"encoding/json"
"io/ioutil"
"log"
"net/http"
"os"
"time"
"github.com/gorilla/mux"
"github.com/gorilla/securecookie"
"github.com/joho/godotenv"
"golang.org/x/oauth2"
_ "github.com/go-sql-driver/mysql"
_ "github.com/lib/pq"
)
// User ...
type User struct {
id int
username string
password string
email string
}
func main() {
// Load env variables
godotenv.Load()
// Initialize OAuth config
auth.init()
// Initialize Redis config
redisClient.init()
// Initialize OpenID config
if err := openid.init(); err != nil {
log.Fatal(err)
}
// Initialize Database config
if err := db.init(); err != nil {
log.Fatal(err)
}
// Init Router
router := mux.NewRouter()
// Routes
router.HandleFunc("/api/sign-in-with-google", handleSignInRequest).Methods("GET")
router.HandleFunc("/api/auth/google/callback", handleCallback).Methods("GET")
router.HandleFunc("/api/profile", getProfile).Methods("GET")
log.Fatal(http.ListenAndServe(os.Getenv("HTTP_PORT"), router))
}
func handleSignInRequest(w http.ResponseWriter, r *http.Request) {
// Create an anti-forgery state token
securekey := securecookie.GenerateRandomKey(32)
state := base64.URLEncoding.EncodeToString(securekey)
url := auth.config.AuthCodeURL(state)
// Store state token for validation
redisClient.client.Set(state, state, time.Minute)
http.Redirect(w, r, url, 302)
}
func handleCallback(w http.ResponseWriter, r *http.Request) {
// Get code and state from query parameter
code := r.FormValue("code")
state := r.FormValue("state")
// Validate state token
if err := redisClient.client.Get(state).Err(); err != nil {
http.Redirect(w, r, os.Getenv("APP_URL"), 302)
return
}
// Exchange authorization code for token
token, err := auth.config.Exchange(oauth2.NoContext, code)
if err != nil {
http.Redirect(w, r, os.Getenv("APP_URL"), 302)
return
}
// Fetch userinfo
client := auth.config.Client(oauth2.NoContext, token)
response, err := client.Get(openid.get("userinfo_endpoint"))
if err != nil {
http.Redirect(w, r, os.Getenv("APP_URL"), 302)
return
}
defer response.Body.Close()
data, _ := ioutil.ReadAll(response.Body)
var userinfo map[string]interface{}
json.Unmarshal(data, &userinfo)
// Authenticate user
var user User
if err := db.client.PingContext(oauth2.NoContext); err != nil {
http.Redirect(w, r, os.Getenv("APP_URL"), 302)
return
}
row := db.client.QueryRow("SELECT id, email FROM user WHERE email=?", userinfo["email"])
row.Scan(&user.id, &user.email)
if user.email == "" {
http.Redirect(w, r, os.Getenv("APP_URL"), 302)
return
}
// Set access token key in cookie and key-value pair in Redis
securekey := base64.URLEncoding.EncodeToString(securecookie.GenerateRandomKey(32))
expires := time.Now().Add(time.Hour)
cookie := http.Cookie{
Name: os.Getenv("SESSION_NAME"),
Value: securekey,
Path: "/",
Expires: expires,
HttpOnly: true,
}
redisClient.client.Set(securekey, token.AccessToken, time.Hour)
http.SetCookie(w, &cookie)
http.Redirect(w, r, os.Getenv("APP_URL"), 302)
}
func getProfile(w http.ResponseWriter, r *http.Request) {
cookie, err := r.Cookie(os.Getenv("SESSION_NAME"))
if err != nil {
http.Redirect(w, r, os.Getenv("APP_URL"), 302)
return
}
// Exchange cookie value with access token
accessToken, err := redisClient.client.Get(cookie.Value).Result()
if err != nil {
http.Redirect(w, r, os.Getenv("APP_URL"), 302)
return
}
// Fetch userinfo
response, err := http.Get(openid.get("userinfo_endpoint") + "?access_token=" + accessToken)
if err != nil {
http.Redirect(w, r, os.Getenv("APP_URL"), 302)
return
}
defer response.Body.Close()
data, _ := ioutil.ReadAll(response.Body)
var userinfo map[string]interface{}
json.Unmarshal(data, &userinfo)
w.Header().Set("Content-Type", "application/json")
json.NewEncoder(w).Encode(userinfo)
}