generated from resonatecoop/id-server-template
-
Notifications
You must be signed in to change notification settings - Fork 1
/
client.go
122 lines (100 loc) · 3.4 KB
/
client.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
package oauth
import (
"context"
"errors"
"strings"
"github.com/resonatecoop/id/util"
"github.com/resonatecoop/id/util/password"
"github.com/resonatecoop/user-api/model"
"github.com/uptrace/bun"
)
var (
// ErrClientNotFound ...
ErrClientNotFound = errors.New("Client not found")
// ErrInvalidClientSecret ...
ErrInvalidClientSecret = errors.New("Invalid client secret")
// ErrClientIDTaken ...
ErrClientIDTaken = errors.New("Client ID taken")
)
// ClientExists returns true if client exists
func (s *Service) ClientExists(clientID string) bool {
_, err := s.FindClientByClientID(clientID)
return err == nil
}
// FindClientByClientID looks up a client by client ID
func (s *Service) FindClientByClientID(clientID string) (*model.Client, error) {
// Client IDs are case insensitive
ctx := context.Background()
client := new(model.Client)
err := s.db.NewSelect().
Model(client).
Where("key = LOWER(?)", clientID).
Limit(1).
Scan(ctx)
// Not Found!
if err != nil {
return nil, ErrClientNotFound
}
return client, nil
}
// FindClientByRedirectURI looks up a client by redirect URI
func (s *Service) FindClientByApplicationURL(applicationURL string) (*model.Client, error) {
ctx := context.Background()
client := new(model.Client)
err := s.db.NewSelect().
Model(client).
Where("application_url = ? AND application_hostname IN (?)", applicationURL, bun.In(s.cnf.Origins)).
Limit(1).
Scan(ctx)
// Not Found!
if err != nil {
return nil, ErrClientNotFound
}
return client, nil
}
// CreateClient saves a new client to database
func (s *Service) CreateClient(clientID, secret, redirectURI, applicationName, applicationHostname, applicationURL string) (*model.Client, error) {
return s.createClientCommon(s.db, clientID, secret, redirectURI, applicationName, applicationHostname, applicationURL)
}
// CreateClientTx saves a new client to database using injected db object
func (s *Service) CreateClientTx(tx *bun.DB, clientID, secret, redirectURI, applicationName, applicationHostname, applicationURL string) (*model.Client, error) {
return s.createClientCommon(tx, clientID, secret, redirectURI, applicationName, applicationHostname, applicationURL)
}
// AuthClient authenticates client
func (s *Service) AuthClient(clientID, secret string) (*model.Client, error) {
// Fetch the client
client, err := s.FindClientByClientID(clientID)
if err != nil {
return nil, ErrClientNotFound
}
// Verify the secret
if password.VerifyPassword(client.Secret, secret) != nil {
return nil, ErrInvalidClientSecret
}
return client, nil
}
func (s *Service) createClientCommon(db *bun.DB, clientID, secret, redirectURI, applicationName, applicationHostname, applicationURL string) (*model.Client, error) {
ctx := context.Background()
// Check client ID
if s.ClientExists(clientID) {
return nil, ErrClientIDTaken
}
// Hash password
secretHash, err := password.HashPassword(secret)
if err != nil {
return nil, err
}
client := &model.Client{
Key: strings.ToLower(clientID),
Secret: string(secretHash),
RedirectURI: util.StringOrNull(redirectURI),
ApplicationName: util.StringOrNull(applicationName),
ApplicationHostname: util.StringOrNull(strings.ToLower(applicationHostname)),
ApplicationURL: util.StringOrNull(strings.ToLower(applicationURL)),
}
_, err = s.db.NewInsert().Model(client).Exec(ctx)
if err != nil {
return nil, err
}
return client, nil
}