-
Notifications
You must be signed in to change notification settings - Fork 0
/
gAuth.go
172 lines (160 loc) · 4.25 KB
/
gAuth.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
/*
Nging is a toolbox for webmasters
Copyright (C) 2018-present Wenhui Shen <swh@admpub.com>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published
by the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
package user
import (
"encoding/gob"
"strings"
GAuth "github.com/admpub/dgoogauth"
"github.com/admpub/nging/application/dbschema"
"github.com/admpub/nging/application/handler"
"github.com/admpub/nging/application/model"
"github.com/admpub/qrcode"
"github.com/webx-top/echo"
)
func init() {
GAuth.Issuer = `nging`
GAuth.Size = `300x300`
handler.Register(func(e echo.RouteRegister) {
e.Route("GET,POST", `/gauth_check`, GAuthCheck)
e.Route("GET", `/qrcode`, QrCode)
})
}
func QrCode(ctx echo.Context) error {
data := ctx.Form("data")
size := ctx.Form("size")
var (
width = 300
height = 300
)
siz := strings.SplitN(size, `x`, 2)
switch len(siz) {
case 2:
if i := ctx.Atop(siz[1]).Int(); i > 0 {
height = i
}
fallthrough
case 1:
if i := ctx.Atop(siz[0]).Int(); i > 0 {
width = i
}
}
ctx.Response().Header().Set("Content-Type", "image/png")
return qrcode.EncodeToWriter(data, width, height, ctx.Response())
}
func init() {
gob.Register(&GAuth.KeyData{})
}
func GAuthBind(ctx echo.Context) error {
var err error
user := handler.User(ctx)
if user == nil {
return ctx.E(`登录信息获取失败,请重新登录`)
}
var (
binded bool
u2f *dbschema.NgingUserU2f
typ = `google`
)
m := model.NewUser(ctx)
u2f, _ = m.U2F(user.Id, typ)
if u2f.Id > 0 {
binded = true
}
if !binded {
if ctx.IsPost() {
err = GAuthVerify(ctx, ``, true)
if err == nil {
binded = true
}
}
var qrCodeUrl string
keyData, ok := ctx.Session().Get(`GAuthKeyData`).(*GAuth.KeyData)
if !ok {
keyData, qrCodeUrl = GAuth.GenQrCode(user.Username, handler.URLFor("/qrcode")+"?size=%s&data=%s")
ctx.Session().Set(`GAuthKeyData`, keyData)
} else {
qrCodeUrl = GAuth.QrCode(user.Username, keyData.Encoded, handler.URLFor("/qrcode")+"?size=%s&data=%s")
}
ctx.Set(`keyData`, keyData)
ctx.Set(`qrCodeUrl`, qrCodeUrl)
}
ctx.Set(`binded`, binded)
return ctx.Render(`gauth/bind`, handler.Err(ctx, err))
}
func GAuthCheck(ctx echo.Context) error {
//直接从session中读取
user, _ := ctx.Session().Get(`user`).(*dbschema.NgingUser)
if user == nil {
return ctx.Redirect(handler.URLFor(`/login`))
}
ctx.Set(`user`, user)
var err error
if ctx.IsPost() {
err = GAuthVerify(ctx, ``)
if err == nil {
ctx.Session().Delete(`auth2ndURL`)
returnTo := ctx.Form(`return_to`)
if len(returnTo) == 0 {
returnTo = handler.URLFor(`/`)
}
return ctx.Redirect(returnTo)
}
}
return ctx.Render(`gauth/check`, handler.Err(ctx, err))
}
func GAuthVerify(ctx echo.Context, fieldName string, test ...bool) error {
var keyData *GAuth.KeyData
user := handler.User(ctx)
if user == nil {
return ctx.E(`登录信息获取失败,请重新登录`)
}
testAndBind := len(test) > 0 && test[0]
if testAndBind {
var ok bool
keyData, ok = ctx.Session().Get(`GAuthKeyData`).(*GAuth.KeyData)
if !ok {
return ctx.E(`从session获取GAuthKeyData失败`)
}
} else {
m := model.NewUser(ctx)
u2f, err := m.U2F(user.Id, `google`)
if err != nil && u2f.Id < 1 {
return ctx.E(`从用户资料中获取token失败`)
}
keyData = &GAuth.KeyData{
Original: u2f.Token,
Encoded: u2f.Extra,
}
}
if len(fieldName) == 0 {
fieldName = `code`
}
ok, err := GAuth.VerifyFrom(keyData, ctx.Form(fieldName))
if !ok {
return ctx.E(`验证码不正确`)
}
if err != nil {
return err
}
if testAndBind {
u2f := &dbschema.NgingUserU2f{}
u2f.Uid = user.Id
u2f.Token = keyData.Original
u2f.Extra = keyData.Encoded
u2f.Type = `google`
_, err = u2f.Add()
}
return err
}