You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
273 lines
6.5 KiB
273 lines
6.5 KiB
package indieauth
|
|
|
|
import (
|
|
"bytes"
|
|
"context"
|
|
"encoding/json"
|
|
"fmt"
|
|
"io"
|
|
"log"
|
|
"net"
|
|
"net/http"
|
|
"net/url"
|
|
"strings"
|
|
|
|
"p83.nl/go/ekster/pkg/util"
|
|
"willnorris.com/go/microformats"
|
|
)
|
|
|
|
type AuthResponse struct {
|
|
Me string `json:"me"`
|
|
}
|
|
|
|
type Endpoints struct {
|
|
AuthorizationEndpoint string `json:"authorization_endpoint"`
|
|
TokenEndpoint string `json:"token_endpoint"`
|
|
MicropubEndpoint string `json:"micropub_endpoint"`
|
|
MicrosubEndpoint string `json:"microsub_endpoint"`
|
|
}
|
|
|
|
type TokenResponse struct {
|
|
Me string `json:"me"`
|
|
AccessToken string `json:"access_token"`
|
|
TokenType string `json:"token_type"`
|
|
Scope string `json:"scope"`
|
|
}
|
|
|
|
func GetEndpoints(me *url.URL) (Endpoints, error) {
|
|
var endpoints Endpoints
|
|
|
|
baseURL := me
|
|
|
|
res, err := http.Get(me.String())
|
|
if err != nil {
|
|
return endpoints, err
|
|
}
|
|
defer res.Body.Close()
|
|
|
|
var links Links
|
|
|
|
if headers, e := res.Header["Link"]; e {
|
|
links = ParseMultiple(headers)
|
|
for _, link := range links {
|
|
if link.Rel == "authorization_endpoint" {
|
|
endpoints.AuthorizationEndpoint = link.URL
|
|
} else if link.Rel == "token_endpoint" {
|
|
endpoints.TokenEndpoint = link.URL
|
|
} else if link.Rel == "micropub" {
|
|
endpoints.MicropubEndpoint = link.URL
|
|
} else if link.Rel == "microsub" {
|
|
endpoints.MicrosubEndpoint = link.URL
|
|
} else {
|
|
log.Printf("Skipping unsupported rels in Link header: %s %s\n", link.Rel, link.URL)
|
|
}
|
|
}
|
|
}
|
|
|
|
data := microformats.Parse(res.Body, baseURL)
|
|
|
|
if auth, e := data.Rels["authorization_endpoint"]; e && endpoints.AuthorizationEndpoint == "" {
|
|
endpoints.AuthorizationEndpoint = auth[0]
|
|
}
|
|
if token, e := data.Rels["token_endpoint"]; e && endpoints.TokenEndpoint == "" {
|
|
endpoints.TokenEndpoint = token[0]
|
|
}
|
|
if micropub, e := data.Rels["micropub"]; e && endpoints.MicropubEndpoint == "" {
|
|
endpoints.MicropubEndpoint = micropub[0]
|
|
}
|
|
if microsub, e := data.Rels["microsub"]; e && endpoints.MicrosubEndpoint == "" {
|
|
endpoints.MicrosubEndpoint = microsub[0]
|
|
}
|
|
|
|
return endpoints, nil
|
|
}
|
|
|
|
func Authorize(me *url.URL, endpoints Endpoints, clientID, scope string) (TokenResponse, error) {
|
|
var tokenResponse TokenResponse
|
|
|
|
authURL, err := url.Parse(endpoints.AuthorizationEndpoint)
|
|
if err != nil {
|
|
return tokenResponse, err
|
|
}
|
|
|
|
ln, err := net.Listen("tcp", "127.0.0.1:0")
|
|
if err != nil {
|
|
return tokenResponse, err
|
|
}
|
|
|
|
local := ln.Addr().String()
|
|
redirectURI := fmt.Sprintf("http://%s/", local)
|
|
state := util.RandStringBytes(16)
|
|
|
|
authorizationURL := CreateAuthorizationURL(*authURL, me.String(), clientID, redirectURI, state, scope)
|
|
|
|
log.Printf("Browse to %s\n", authorizationURL)
|
|
|
|
shutdown := make(chan struct{}, 1)
|
|
|
|
code := ""
|
|
|
|
handler := func(w http.ResponseWriter, r *http.Request) {
|
|
code = r.URL.Query().Get("code")
|
|
responseState := r.URL.Query().Get("state")
|
|
if state != responseState {
|
|
log.Println("Wrong state response")
|
|
}
|
|
fmt.Fprintln(w, `<div style="width:100%;height:100%;display: flex; align-items: center; justify-content: center;">You can close this window, proceed on the command line</div>`)
|
|
close(shutdown)
|
|
}
|
|
|
|
var srv http.Server
|
|
srv.Handler = http.HandlerFunc(handler)
|
|
|
|
idleConnsClosed := make(chan struct{})
|
|
|
|
go func() {
|
|
<-shutdown
|
|
|
|
// We received an interrupt signal, shut down.
|
|
if err := srv.Shutdown(context.Background()); err != nil {
|
|
// Error from closing listeners, or context timeout:
|
|
log.Printf("HTTP server Shutdown: %v", err)
|
|
}
|
|
close(idleConnsClosed)
|
|
}()
|
|
|
|
if err := srv.Serve(ln); err != http.ErrServerClosed {
|
|
// Error starting or closing listener:
|
|
log.Printf("HTTP server ListenAndServe: %v", err)
|
|
}
|
|
|
|
<-idleConnsClosed
|
|
|
|
reqValues := url.Values{}
|
|
reqValues.Add("grant_type", "authorization_code")
|
|
reqValues.Add("code", code)
|
|
reqValues.Add("redirect_uri", redirectURI)
|
|
reqValues.Add("client_id", clientID)
|
|
reqValues.Add("me", me.String())
|
|
|
|
res, err := http.PostForm(endpoints.TokenEndpoint, reqValues)
|
|
if err != nil {
|
|
return tokenResponse, err
|
|
}
|
|
|
|
defer res.Body.Close()
|
|
|
|
dec := json.NewDecoder(res.Body)
|
|
err = dec.Decode(&tokenResponse)
|
|
if err != nil {
|
|
return tokenResponse, err
|
|
}
|
|
|
|
return tokenResponse, nil
|
|
}
|
|
|
|
func CreateAuthenticationURL(authURL url.URL, meURL, clientID, redirectURI, state string) string {
|
|
q := authURL.Query()
|
|
|
|
q.Add("response_type", "id")
|
|
q.Add("me", meURL)
|
|
q.Add("client_id", clientID)
|
|
q.Add("redirect_uri", redirectURI)
|
|
q.Add("state", state)
|
|
|
|
authURL.RawQuery = q.Encode()
|
|
|
|
return authURL.String()
|
|
}
|
|
|
|
func CreateAuthorizationURL(authURL url.URL, meURL, clientID, redirectURI, state, scope string) string {
|
|
q := authURL.Query()
|
|
q.Add("response_type", "code")
|
|
q.Add("me", meURL)
|
|
q.Add("client_id", clientID)
|
|
q.Add("redirect_uri", redirectURI)
|
|
q.Add("state", state)
|
|
q.Add("scope", scope)
|
|
authURL.RawQuery = q.Encode()
|
|
return authURL.String()
|
|
}
|
|
|
|
func VerifyAuthCode(clientID, code, redirectURI, authEndpoint string) (bool, *AuthResponse, error) {
|
|
reqData := url.Values{}
|
|
reqData.Set("code", code)
|
|
reqData.Set("client_id", clientID)
|
|
reqData.Set("redirect_uri", redirectURI)
|
|
|
|
req, err := http.NewRequest(http.MethodPost, authEndpoint, strings.NewReader(reqData.Encode()))
|
|
if err != nil {
|
|
return false, nil, err
|
|
}
|
|
|
|
req.Header.Add("Accept", "application/json")
|
|
req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
|
|
|
|
client := http.Client{}
|
|
resp, err := client.Do(req)
|
|
if err != nil {
|
|
return false, nil, err
|
|
}
|
|
|
|
defer resp.Body.Close()
|
|
|
|
if resp.StatusCode == 200 {
|
|
var buf bytes.Buffer
|
|
input := io.TeeReader(resp.Body, &buf)
|
|
dec := json.NewDecoder(input)
|
|
var authResponse AuthResponse
|
|
err = dec.Decode(&authResponse)
|
|
if err != nil {
|
|
return false, nil, fmt.Errorf("error while decoding body=%q: %s", &buf, err)
|
|
}
|
|
|
|
return true, &authResponse, nil
|
|
}
|
|
|
|
return false, nil, fmt.Errorf("HTTP response code from authorization_endpoint (%s) %d", authEndpoint, resp.StatusCode)
|
|
}
|
|
|
|
|
|
type App struct {
|
|
Name string
|
|
IconURL string
|
|
}
|
|
|
|
func getPropString(mf *microformats.Microformat, prop string) string {
|
|
if v, e := mf.Properties[prop]; e {
|
|
if len(v) > 0 {
|
|
if val, ok := v[0].(string); ok {
|
|
return val
|
|
}
|
|
}
|
|
}
|
|
|
|
return ""
|
|
}
|
|
|
|
func GetAppInfo(clientID string) (App, error) {
|
|
var app App
|
|
clientURL, err := url.Parse(clientID)
|
|
if err != nil {
|
|
return app, err
|
|
}
|
|
resp, err := http.Get(clientID)
|
|
if err != nil {
|
|
return app, err
|
|
}
|
|
defer resp.Body.Close()
|
|
|
|
md := microformats.Parse(resp.Body, clientURL)
|
|
|
|
if len(md.Items) > 0 {
|
|
mf := md.Items[0]
|
|
|
|
if mf.Type[0] == "h-x-app" || mf.Type[0] == "h-app" {
|
|
app.Name = getPropString(mf, "name")
|
|
app.IconURL = getPropString(mf, "logo")
|
|
}
|
|
}
|
|
|
|
return app, nil
|
|
}
|