aiden
/
synctv
mirror of https://github.com/synctv-org/synctv
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
main
helm
docker-build-arm
dependabot/go_modules/gorm.io/driver/postgres-1.5.11
cache
build
api-v2
dependabot/go_modules/gorm.io/gorm-1.25.12
folder
zijiren233-patch-1
dev
v0.1.0
v0.1.1
v0.1.2
v0.1.3
v0.1.4
v0.1.5
v0.1.6
v0.2.0
v0.2.1
v0.2.2
v0.2.3
v0.2.4
v0.3.0
v0.3.0-alpha-1
v0.3.0-alpha-2
v0.3.0-alpha-3
v0.3.0-beta-1
v0.3.1
v0.3.1-beta.1
v0.3.1-beta.2
v0.3.1-rc.2
v0.3.2
v0.3.2-alpha.2
v0.3.4
v0.3.5
v0.3.6
v0.4.0
v0.4.1
v0.4.2
v0.4.3
v0.4.4
v0.4.5
v0.5.0
v0.5.0-alpha.1
v0.5.0-alpha.2
v0.5.1
v0.5.2
v0.5.3
v0.5.4
v0.6.0
v0.6.1
v0.6.10
v0.6.11
v0.6.12
v0.6.13
v0.6.14
v0.6.2
v0.6.3
v0.6.4
v0.6.5
v0.6.6
v0.6.7
v0.6.8
v0.6.9
v0.6.9-beta.1
v0.7.0
v0.7.1
v0.7.10
v0.7.11
v0.7.12
v0.7.2
v0.7.3
v0.7.4
v0.7.5
v0.7.6
v0.7.7
v0.7.8
v0.7.9
v0.8.0
v0.8.2
v0.8.3
v0.8.4
v0.8.5
v0.9.0
v0.9.0-beta.1
v0.9.0-beta.2
v0.9.1
v0.9.10
v0.9.2
v0.9.3
v0.9.4
v0.9.5
v0.9.6
v0.9.7
v0.9.7-beta.1
v0.9.7-beta.2
v0.9.7-beta.3
v0.9.7-beta.4
v0.9.7-beta.5
v0.9.7-beta.6
v0.9.7-beta.7
v0.9.7-beta.8
v0.9.8
v0.9.9
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'dependabot/go_modules/gorm.io/driver/postgres-1.5.11'
${ noResults }
synctv/server/oauth2/auth.go

216 lines
6.3 KiB
Go
Raw Permalink Blame History

package auth
import (
"errors"
"fmt"
"net/http"
"time"
"github.com/gin-gonic/gin"
"github.com/sirupsen/logrus"
"github.com/synctv-org/synctv/internal/bootstrap"
"github.com/synctv-org/synctv/internal/db"
dbModel "github.com/synctv-org/synctv/internal/model"
"github.com/synctv-org/synctv/internal/op"
"github.com/synctv-org/synctv/internal/provider"
"github.com/synctv-org/synctv/internal/provider/providers"
"github.com/synctv-org/synctv/internal/settings"
"github.com/synctv-org/synctv/server/middlewares"
"github.com/synctv-org/synctv/server/model"
"github.com/synctv-org/synctv/utils"
)
// GET
// /oauth2/login/:type
func OAuth2(ctx *gin.Context) {
log := ctx.MustGet("log").(*logrus.Entry)
pi, err := providers.GetProvider(ctx.Param("type"))
if err != nil {
log.Errorf("failed to get provider: %v", err)
ctx.AbortWithStatusJSON(http.StatusBadRequest, model.NewAPIErrorResp(err))
return
}
state := utils.RandString(16)
url, err := pi.NewAuthURL(ctx, state)
if err != nil {
log.Errorf("failed to get auth url: %v", err)
ctx.AbortWithStatusJSON(http.StatusBadRequest, model.NewAPIErrorResp(err))
return
}
states.Store(state, newAuthFunc(ctx.Query("redirect")), time.Minute*5)
err = RenderRedirect(ctx, url)
if err != nil {
log.Errorf("failed to render redirect: %v", err)
}
}
// POST
func OAuth2Api(ctx *gin.Context) {
log := ctx.MustGet("log").(*logrus.Entry)
pi, err := providers.GetProvider(ctx.Param("type"))
if err != nil {
log.Errorf("failed to get provider: %v", err)
ctx.AbortWithStatusJSON(http.StatusBadRequest, model.NewAPIErrorResp(err))
}
meta := model.OAuth2Req{}
if err := model.Decode(ctx, &meta); err != nil {
log.Errorf("failed to decode request: %v", err)
ctx.AbortWithStatusJSON(http.StatusBadRequest, model.NewAPIErrorResp(err))
return
}
state := utils.RandString(16)
url, err := pi.NewAuthURL(ctx, state)
if err != nil {
log.Errorf("failed to get auth url: %v", err)
ctx.AbortWithStatusJSON(http.StatusBadRequest, model.NewAPIErrorResp(err))
return
}
states.Store(state, newAuthFunc(meta.Redirect), time.Minute*5)
ctx.JSON(http.StatusOK, model.NewAPIDataResp(gin.H{
"url": url,
}))
}
// GET
// /oauth2/callback/:type
func OAuth2Callback(ctx *gin.Context) {
log := ctx.MustGet("log").(*logrus.Entry)
code := ctx.Query("code")
if code == "" {
log.Errorf("invalid oauth2 code")
ctx.AbortWithStatusJSON(http.StatusBadRequest, model.NewAPIErrorStringResp("invalid oauth2 code"))
return
}
pi, err := providers.GetProvider(ctx.Param("type"))
if err != nil {
log.Errorf("failed to get provider: %v", err)
ctx.AbortWithStatusJSON(http.StatusBadRequest, model.NewAPIErrorResp(err))
return
}
meta, loaded := states.LoadAndDelete(ctx.Query("state"))
if !loaded {
log.Errorf("invalid oauth2 state")
ctx.AbortWithStatusJSON(http.StatusBadRequest, model.NewAPIErrorStringResp("invalid oauth2 state"))
return
}
if meta.Value() != nil {
meta.Value()(ctx, pi, code)
} else {
log.Errorf("invalid oauth2 handler")
ctx.AbortWithStatusJSON(http.StatusInternalServerError, model.NewAPIErrorStringResp("invalid oauth2 handler"))
}
}
// POST
// /oauth2/callback/:type
func OAuth2CallbackAPI(ctx *gin.Context) {
log := ctx.MustGet("log").(*logrus.Entry)
req := model.OAuth2CallbackReq{}
if err := req.Decode(ctx); err != nil {
log.Errorf("failed to decode request: %v", err)
ctx.AbortWithStatusJSON(http.StatusBadRequest, model.NewAPIErrorResp(err))
return
}
pi, err := providers.GetProvider(ctx.Param("type"))
if err != nil {
log.Errorf("failed to get provider: %v", err)
ctx.AbortWithStatusJSON(http.StatusBadRequest, model.NewAPIErrorResp(err))
}
meta, loaded := states.LoadAndDelete(req.State)
if !loaded {
log.Errorf("invalid oauth2 state")
ctx.AbortWithStatusJSON(http.StatusBadRequest, model.NewAPIErrorStringResp("invalid oauth2 state"))
return
}
if meta.Value() != nil {
meta.Value()(ctx, pi, req.Code)
} else {
log.Errorf("invalid oauth2 handler")
ctx.AbortWithStatusJSON(http.StatusInternalServerError, model.NewAPIErrorStringResp("invalid oauth2 handler"))
}
}
func newAuthFunc(redirect string) stateHandler {
return func(ctx *gin.Context, pi provider.Interface, code string) {
log := ctx.MustGet("log").(*logrus.Entry)
ctx.Header("X-OAuth2-Type", CallbackTypeAuth)
ui, err := pi.GetUserInfo(ctx, code)
if err != nil {
log.Errorf("failed to get user info: %v", err)
ctx.AbortWithStatusJSON(http.StatusBadRequest, model.NewAPIErrorResp(err))
return
}
pgs, loaded := bootstrap.ProviderGroupSettings[fmt.Sprintf("%s_%s", dbModel.SettingGroupOauth2, pi.Provider())]
if !loaded {
log.Errorf("invalid oauth2 provider")
ctx.AbortWithStatusJSON(http.StatusBadRequest, model.NewAPIErrorStringResp("invalid oauth2 provider"))
return
}
var userE *op.UserEntry
if settings.DisableUserSignup.Get() || pgs.DisableUserSignup.Get() {
userE, err = op.GetUserByProvider(pi.Provider(), ui.ProviderUserID)
} else {
if settings.SignupNeedReview.Get() || pgs.SignupNeedReview.Get() {
userE, err = op.CreateOrLoadUserWithProvider(ui.Username, utils.RandString(16), pi.Provider(), ui.ProviderUserID, db.WithRole(dbModel.RolePending))
} else {
userE, err = op.CreateOrLoadUserWithProvider(ui.Username, utils.RandString(16), pi.Provider(), ui.ProviderUserID)
}
}
if err != nil {
log.Errorf("failed to create or load user: %v", err)
ctx.AbortWithStatusJSON(http.StatusBadRequest, model.NewAPIErrorResp(err))
return
}
user := userE.Value()
token, err := middlewares.NewAuthUserToken(user)
if err != nil {
if errors.Is(err, middlewares.ErrUserBanned) ||
errors.Is(err, middlewares.ErrUserPending) {
ctx.AbortWithStatusJSON(http.StatusOK, model.NewAPIDataResp(gin.H{
"type": CallbackTypeAuth,
"message": err.Error(),
"role": user.Role,
}))
return
}
log.Errorf("failed to generate token: %v", err)
ctx.AbortWithStatusJSON(http.StatusBadRequest, model.NewAPIErrorResp(err))
return
}
switch ctx.Request.Method {
case http.MethodGet:
err = RenderToken(ctx, redirect, token)
if err != nil {
log.Errorf("failed to render token: %v", err)
}
case http.MethodPost:
ctx.JSON(http.StatusOK, model.NewAPIDataResp(gin.H{
"type": CallbackTypeAuth,
"role": user.Role,
"token": token,
"redirect": redirect,
}))
}
}
}
Reference in New Issue View Git Blame Copy Permalink