Skip to content
Permalink
Browse files

move to URL-based sign in flow, support GitHub profile URLs

This change is a first step towards implementing support for signing
in via IndieAuth on the site. It implements a new sign in flow that
is based on URLs.

For now, only URLs like "https://github.com/dmitshur" are supported.
As a result, there is no functional change; people can still sign in
via their GitHub accounts as before. They just need to enter their
GitHub profile URL as a first step.

Move authentication code into new auth.go file, and remove the legacy
ad-hoc sessionsHandler. That handler was created a long time ago, and
is now very different from all other handlers. It is quite inflexible.
It has now been replaced by more standard handlers.

Start keeping track of state in-memory, rather than via cookies.
This should be simpler overall. I didn't do this earlier because
I hadn't thought of this idea back when implementing the original
GitHub-based sign in flow.

Updates #34.
  • Loading branch information
dmitshur committed Nov 29, 2019
1 parent aba3cf9 commit ebebcaa7af0b3ca608f7b431ab797db35828c790
Showing with 546 additions and 340 deletions.
  1. +530 −0 auth.go
  2. +1 −1 changes.go
  3. +1 −1 issues.go
  4. +2 −6 main.go
  5. +1 −1 notifications.go
  6. +1 −1 notificationsv2.go
  7. +1 −330 sessions.go
  8. +9 −0 users.go
530 auth.go

Large diffs are not rendered by default.

@@ -385,7 +385,7 @@ func (h changesHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) erro
if s := req.Context().Value(sessionContextKey).(*session); rr.Code == http.StatusForbidden && s == nil {
loginURL := (&url.URL{
Path: "/login",
RawQuery: url.Values{returnQueryName: {returnURL}}.Encode(),
RawQuery: url.Values{returnParameterName: {returnURL}}.Encode(),
}).String()
return httperror.Redirect{URL: loginURL}
}
@@ -312,7 +312,7 @@ func (h issuesHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) error
if s := req.Context().Value(sessionContextKey).(*session); rr.Code == http.StatusForbidden && s == nil {
loginURL := (&url.URL{
Path: "/login",
RawQuery: url.Values{returnQueryName: {returnURL}}.Encode(),
RawQuery: url.Values{returnParameterName: {returnURL}}.Encode(),
}).String()
return httperror.Redirect{URL: loginURL}
}
@@ -38,6 +38,7 @@ var (
stateFileFlag = flag.String("state-file", "", "Optional path to file to save/load state (file is deleted after loading).")
analyticsFileFlag = flag.String("analytics-file", "", "Optional path to file containing analytics HTML to insert at the beginning of <head>.")
noRobotsFlag = flag.Bool("no-robots", false, "Disallow all robots on all pages.")
siteNameFlag = flag.String("site-name", "home (local devel)", "Name of site, displayed on sign in page.")
redLogoFlag = flag.Bool("red-logo", false, "Display the logo in red.")
)

@@ -180,12 +181,7 @@ func run(ctx context.Context, cancel context.CancelFunc, storeDir, stateFile, an
}
changeService := newChangeService(reactions, users, githubRouter)

sessionsHandler := &sessionsHandler{users, userStore}
http.Handle("/login/github", sessionsHandler)
http.Handle("/callback/github", sessionsHandler)
http.Handle("/logout", sessionsHandler)
http.Handle("/login", sessionsHandler)
http.Handle("/sessions", sessionsHandler)
initAuth(users, userStore)

usersAPIHandler := httphandler.Users{Users: users}
http.Handle("/api/userspec", cookieAuth{httputil.ErrorHandler(users, usersAPIHandler.GetAuthenticatedSpec)})
@@ -134,7 +134,7 @@ func initNotifications(
if s := req.Context().Value(sessionContextKey).(*session); rr.Code == http.StatusForbidden && s == nil {
loginURL := (&url.URL{
Path: "/login",
RawQuery: url.Values{returnQueryName: {returnURL}}.Encode(),
RawQuery: url.Values{returnParameterName: {returnURL}}.Encode(),
}).String()
return httperror.Redirect{URL: loginURL}
}
@@ -170,7 +170,7 @@ func initNotificationsV2(
if s := req.Context().Value(sessionContextKey).(*session); os.IsPermission(err) && s == nil {
loginURL := (&url.URL{
Path: "/login",
RawQuery: url.Values{returnQueryName: {returnURL}}.Encode(),
RawQuery: url.Values{returnParameterName: {returnURL}}.Encode(),
}).String()
return httperror.Redirect{URL: loginURL}
}

0 comments on commit ebebcaa

Please sign in to comment.
You can’t perform that action at this time.