-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathauthui.go
140 lines (124 loc) · 4.16 KB
/
authui.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
package main
import (
"fmt"
"html/template"
"io/ioutil"
"net/http"
"github.com/Microkubes/authorization-server/app"
"github.com/Microkubes/authorization-server/security"
"github.com/Microkubes/microservice-security/auth"
"github.com/Microkubes/microservice-security/oauth2"
"github.com/keitaroinc/goa"
)
// AuthUIController implements the authUI resource.
type AuthUIController struct {
*goa.Controller
oauth2.ClientService
security.SessionStore
}
// NewAuthUIController creates a authUI controller.
func NewAuthUIController(service *goa.Service, sessionStore security.SessionStore, clientService oauth2.ClientService) *AuthUIController {
return &AuthUIController{
Controller: service.NewController("AuthUIController"),
SessionStore: sessionStore,
ClientService: clientService,
}
}
// ConfirmAuthorization runs the confirmAuthorization action.
func (c *AuthUIController) ConfirmAuthorization(ctx *app.ConfirmAuthorizationAuthUIContext) error {
rw := ctx.ResponseWriter
req := ctx.Request
confirmation := security.AuthorizeClientData{}
err := c.SessionStore.GetAs("confirmation", &confirmation, ctx.Request)
if err != nil {
c.showError("Invalid parameters. Your confirmation is missing. Please use a browser to login to the system and authroize the client app.", 400, rw, req)
return nil
}
if ctx.Confirmed != nil && *ctx.Confirmed {
confirmation.Confirmed = true
c.SessionStore.SetValue("confirmation", confirmation, ctx.ResponseWriter, ctx.Request)
// Go back to the original authorization URL
ctx.ResponseWriter.Header().Set("Location", confirmation.AuthorizeRequest)
ctx.ResponseWriter.WriteHeader(302)
return nil
}
client, err := c.ClientService.GetClient(confirmation.ClientID)
if err != nil {
return ctx.InternalServerError(err)
}
// clear the session here
c.SessionStore.Clear("confirmation", ctx.ResponseWriter, ctx.Request)
// redirect to the client website?
ctx.ResponseWriter.Header().Set("Location", client.Website)
ctx.ResponseWriter.WriteHeader(302)
return nil
}
// PromptAuthorization runs the promptAuthorization action.
func (c *AuthUIController) PromptAuthorization(ctx *app.PromptAuthorizationAuthUIContext) error {
// AuthUIController_PromptAuthorization: start_implement
rw := ctx.ResponseWriter
req := ctx.Request
authObj := auth.GetAuth(ctx.Context)
clientID, err := c.SessionStore.Get("clientId", ctx.Request)
if err != nil {
c.showError(fmt.Sprintf("A server error has occured. %s", err.Error()), 500, rw, req)
return nil
}
if clientID == nil {
c.showError("We haven't received the ID of the app.", 400, rw, req)
return nil
}
client, err := c.ClientService.GetClient(*clientID)
if err != nil {
c.showError(fmt.Sprintf("A server error has occured. %s", err.Error()), 500, rw, req)
return nil
}
if client == nil {
c.showError("It seems that you're using a wrong app ID. Please try with the correct app id.", 400, rw, req)
return nil
}
c.renderTemplate("public/auth/prompt-auth.html", map[interface{}]interface{}{
"client": client,
"user": authObj,
}, ctx.ResponseWriter, ctx.Request)
// AuthUIController_PromptAuthorization: end_implement
return nil
}
func (c *AuthUIController) renderTemplate(templateFile string, data interface{}, rw http.ResponseWriter, req *http.Request) error {
tplContent, err := loadTemplateFile(templateFile)
if err != nil {
return err
}
t, err := template.New(templateFile).Parse(tplContent)
if err != nil {
return err
}
rw.WriteHeader(200)
rw.Header().Set("Content-Type", "text/html")
t.Execute(rw, data)
return nil
}
func (c *AuthUIController) showError(errMsg string, errCode int, rw http.ResponseWriter, req *http.Request) {
tplContent, err := loadTemplateFile("public/error.html")
if err != nil {
rw.Write([]byte(err.Error()))
rw.WriteHeader(500)
}
t, err := template.New("public/error.html").Parse(tplContent)
if err != nil {
rw.Write([]byte(err.Error()))
rw.WriteHeader(500)
}
rw.WriteHeader(errCode)
rw.Header().Set("Content-Type", "text/html")
t.Execute(rw, map[string]string{
"message": errMsg,
})
}
func loadTemplateFile(fileName string) (string, error) {
b, err := ioutil.ReadFile(fileName)
if err != nil {
return "", err
}
return string(b), nil
}