-
Notifications
You must be signed in to change notification settings - Fork 0
/
auth3rd.go
154 lines (127 loc) · 4.88 KB
/
auth3rd.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
package auth
import (
"os"
"strings"
"golang.org/x/net/context"
"github.com/gorilla/sessions"
jwt "github.com/appleboy/gin-jwt"
"github.com/si9ma/KillOJ-backend/config"
"github.com/si9ma/KillOJ-backend/gbl"
"github.com/si9ma/KillOJ-backend/kerror"
"github.com/si9ma/KillOJ-common/model"
"github.com/si9ma/KillOJ-common/mysql"
"github.com/si9ma/KillOJ-common/utils"
otgorm "github.com/smacker/opentracing-gorm"
"github.com/si9ma/KillOJ-common/log"
"go.uber.org/zap"
"github.com/gin-gonic/gin"
"github.com/markbates/goth"
"github.com/markbates/goth/gothic"
"github.com/markbates/goth/providers/github"
"github.com/si9ma/KillOJ-common/constants"
)
var supportProvider = []string{"github"}
func Setup3rdAuth(r *gin.Engine, cfg config.AuthConfig) {
// use goauth,
// repo : https://github.com/markbates/goth
useGoAuth(r, cfg)
}
func getCallback(cfg config.AuthConfig, provider string) string {
if url := os.Getenv(constants.Env3rdAuthCallBackUrl); url != "" {
return strings.Join([]string{url, provider, "callback"}, "/")
}
return strings.Join([]string{cfg.CallbackBaseURL, provider, "callback"}, "/")
}
func useGoAuth(r *gin.Engine, cfg config.AuthConfig) {
// set up session
key := os.Getenv(constants.EnvSessionSecret)
if key == "" {
log.Bg().Fatal("Please define environment", zap.String("env", constants.EnvSessionSecret))
}
maxAge := 60 // 1 minute
isProd := false // Set to true when serving over https
store := sessions.NewCookieStore([]byte(key))
store.MaxAge(maxAge)
store.Options.Path = "/"
store.Options.HttpOnly = true // HttpOnly should always be enabled
store.Options.Secure = isProd
gothic.Store = store
goth.UseProviders(
github.New(os.Getenv(constants.EnvGithubAuthKey), os.Getenv(constants.EnvGithubAuthSecret), getCallback(cfg, "github")), // github
)
r.GET("/auth3rd/:provider/callback", jwtMiddleware.LoginHandler) // integration 3rd auth to jwt
r.GET("/auth3rd/:provider", func(c *gin.Context) {
ctx := c.Request.Context()
provider := c.Param("provider")
if !utils.ContainsString(supportProvider, provider) {
log.For(ctx).Error("provider is not supported", zap.String("provider", provider))
_ = c.Error(kerror.EmptyError).SetType(gin.ErrorTypePublic).
SetMeta(kerror.ErrNotSupportProvider.WithArgs(provider))
return
}
// Compatible with goauth
ctxWithProvider := context.WithValue(c.Request.Context(), "provider", provider)
// todo remove this code, because some strange error
//// try to get the user without re-authenticating
//if gothUser, err := gothic.CompleteUserAuth(c.Writer, c.Request.WithContext(ctxWithProvider)); err == nil {
// log.For(ctx).Info("provider already auth", zap.String("provider", provider), zap.Error(err),
// zap.String("userId", gothUser.Name))
//
// // redirect to callback
// redirectTo := fmt.Sprintf("/auth3rd/%s/callback", provider)
// c.Redirect(http.StatusPermanentRedirect, redirectTo) // integration 3rd auth to jwt
// return
//} else {
log.For(ctx).Info("auth provider", zap.String("provider", provider))
gothic.BeginAuthHandler(c.Writer, c.Request.WithContext(ctxWithProvider)) // auth github
return
//}
})
}
// third party auth
func thirdAuthenticate(c *gin.Context) (interface{}, error) {
ctx := c.Request.Context()
provider := c.Param("provider")
db := otgorm.SetSpanToGorm(ctx, gbl.DB)
if !utils.ContainsString(supportProvider, provider) {
log.For(ctx).Error("provider is not supported", zap.String("provider", provider))
_ = c.Error(kerror.EmptyError).SetType(gin.ErrorTypePublic).
SetMeta(kerror.ErrNotSupportProvider.WithArgs(provider))
return "", jwt.ErrFailedAuthentication
}
// Compatible with goauth
ctxWithProvider := context.WithValue(c.Request.Context(), "provider", provider)
u, err := gothic.CompleteUserAuth(c.Writer, c.Request.WithContext(ctxWithProvider))
if err != nil {
log.For(ctx).Error("auth user fail", zap.String("provider", provider), zap.Error(err))
_ = c.Error(kerror.EmptyError).SetType(gin.ErrorTypePublic).
SetMeta(kerror.Err3rdAuthFail.WithArgs(provider))
return "", jwt.ErrFailedAuthentication
}
// github
user := model.User{}
if provider == "github" {
err := db.Where("github_user_id = ?", u.UserID).First(&user).Error
if res := mysql.ErrorHandleAndLog(c, err, false,
"get user by github_user_id", u.UserID); res == mysql.NotFound {
log.For(ctx).Error("user not signup", zap.String("provider", provider))
resp := authUserInfo{
Provider: u.Provider,
Name: u.Name,
UserID: u.UserID,
}
_ = c.Error(kerror.EmptyError).SetType(gin.ErrorTypePublic).
SetMeta(kerror.ErrNoSignUp.With(resp))
return "", jwt.ErrFailedAuthentication
} else if res != mysql.Success {
return "", jwt.ErrFailedAuthentication
}
return user, nil
}
return "", jwt.ErrFailedAuthentication
}
type authUserInfo struct {
Provider string `json:"provider"`
Name string `json:"name"`
UserID string `json:"userID"`
}