commit
3326cd2db8
|
@ -11,6 +11,8 @@ import (
|
||||||
|
|
||||||
delivery "source.toby3d.me/website/indieauth/internal/client/delivery/http"
|
delivery "source.toby3d.me/website/indieauth/internal/client/delivery/http"
|
||||||
"source.toby3d.me/website/indieauth/internal/domain"
|
"source.toby3d.me/website/indieauth/internal/domain"
|
||||||
|
"source.toby3d.me/website/indieauth/internal/profile"
|
||||||
|
profilerepo "source.toby3d.me/website/indieauth/internal/profile/repository/memory"
|
||||||
"source.toby3d.me/website/indieauth/internal/session"
|
"source.toby3d.me/website/indieauth/internal/session"
|
||||||
sessionrepo "source.toby3d.me/website/indieauth/internal/session/repository/memory"
|
sessionrepo "source.toby3d.me/website/indieauth/internal/session/repository/memory"
|
||||||
"source.toby3d.me/website/indieauth/internal/testing/httptest"
|
"source.toby3d.me/website/indieauth/internal/testing/httptest"
|
||||||
|
@ -20,6 +22,7 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
type Dependencies struct {
|
type Dependencies struct {
|
||||||
|
profiles profile.Repository
|
||||||
client *domain.Client
|
client *domain.Client
|
||||||
config *domain.Config
|
config *domain.Config
|
||||||
matcher language.Matcher
|
matcher language.Matcher
|
||||||
|
@ -65,13 +68,19 @@ func TestRead(t *testing.T) {
|
||||||
func NewDependencies(tb testing.TB) Dependencies {
|
func NewDependencies(tb testing.TB) Dependencies {
|
||||||
tb.Helper()
|
tb.Helper()
|
||||||
|
|
||||||
|
store := new(sync.Map)
|
||||||
client := domain.TestClient(tb)
|
client := domain.TestClient(tb)
|
||||||
config := domain.TestConfig(tb)
|
config := domain.TestConfig(tb)
|
||||||
matcher := language.NewMatcher(message.DefaultCatalog.Languages())
|
matcher := language.NewMatcher(message.DefaultCatalog.Languages())
|
||||||
store := new(sync.Map)
|
|
||||||
sessions := sessionrepo.NewMemorySessionRepository(store, config)
|
sessions := sessionrepo.NewMemorySessionRepository(store, config)
|
||||||
tokens := tokenrepo.NewMemoryTokenRepository(store)
|
tokens := tokenrepo.NewMemoryTokenRepository(store)
|
||||||
tokenService := tokenucase.NewTokenUseCase(tokens, sessions, config)
|
profiles := profilerepo.NewMemoryProfileRepository(store)
|
||||||
|
tokenService := tokenucase.NewTokenUseCase(tokenucase.Config{
|
||||||
|
Config: config,
|
||||||
|
Profiles: profiles,
|
||||||
|
Sessions: sessions,
|
||||||
|
Tokens: tokens,
|
||||||
|
})
|
||||||
|
|
||||||
return Dependencies{
|
return Dependencies{
|
||||||
client: client,
|
client: client,
|
||||||
|
@ -79,6 +88,7 @@ func NewDependencies(tb testing.TB) Dependencies {
|
||||||
matcher: matcher,
|
matcher: matcher,
|
||||||
sessions: sessions,
|
sessions: sessions,
|
||||||
store: store,
|
store: store,
|
||||||
|
profiles: profiles,
|
||||||
tokens: tokens,
|
tokens: tokens,
|
||||||
tokenService: tokenService,
|
tokenService: tokenService,
|
||||||
}
|
}
|
||||||
|
|
|
@ -33,6 +33,10 @@ func TestProfile(tb testing.TB) *Profile {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (p Profile) HasName() bool {
|
||||||
|
return len(p.Name) > 0
|
||||||
|
}
|
||||||
|
|
||||||
// GetName safe returns first name, if any.
|
// GetName safe returns first name, if any.
|
||||||
func (p Profile) GetName() string {
|
func (p Profile) GetName() string {
|
||||||
if len(p.Name) == 0 {
|
if len(p.Name) == 0 {
|
||||||
|
@ -42,6 +46,10 @@ func (p Profile) GetName() string {
|
||||||
return p.Name[0]
|
return p.Name[0]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (p Profile) HasURL() bool {
|
||||||
|
return len(p.URL) > 0
|
||||||
|
}
|
||||||
|
|
||||||
// GetURL safe returns first URL, if any.
|
// GetURL safe returns first URL, if any.
|
||||||
func (p Profile) GetURL() *URL {
|
func (p Profile) GetURL() *URL {
|
||||||
if len(p.URL) == 0 {
|
if len(p.URL) == 0 {
|
||||||
|
@ -51,6 +59,10 @@ func (p Profile) GetURL() *URL {
|
||||||
return p.URL[0]
|
return p.URL[0]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (p Profile) HasPhoto() bool {
|
||||||
|
return len(p.Photo) > 0
|
||||||
|
}
|
||||||
|
|
||||||
// GetPhoto safe returns first photo, if any.
|
// GetPhoto safe returns first photo, if any.
|
||||||
func (p Profile) GetPhoto() *URL {
|
func (p Profile) GetPhoto() *URL {
|
||||||
if len(p.Photo) == 0 {
|
if len(p.Photo) == 0 {
|
||||||
|
@ -60,6 +72,10 @@ func (p Profile) GetPhoto() *URL {
|
||||||
return p.Photo[0]
|
return p.Photo[0]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (p Profile) HasEmail() bool {
|
||||||
|
return len(p.Email) > 0
|
||||||
|
}
|
||||||
|
|
||||||
// GetEmail safe returns first email, if any.
|
// GetEmail safe returns first email, if any.
|
||||||
func (p Profile) GetEmail() *Email {
|
func (p Profile) GetEmail() *Email {
|
||||||
if len(p.Email) == 0 {
|
if len(p.Email) == 0 {
|
||||||
|
|
|
@ -19,7 +19,6 @@ type (
|
||||||
Expiry time.Time
|
Expiry time.Time
|
||||||
ClientID *ClientID
|
ClientID *ClientID
|
||||||
Me *Me
|
Me *Me
|
||||||
Profile *Profile
|
|
||||||
Scope Scopes
|
Scope Scopes
|
||||||
AccessToken string
|
AccessToken string
|
||||||
RefreshToken string
|
RefreshToken string
|
||||||
|
@ -29,7 +28,6 @@ type (
|
||||||
NewTokenOptions struct {
|
NewTokenOptions struct {
|
||||||
Expiration time.Duration
|
Expiration time.Duration
|
||||||
Issuer *ClientID
|
Issuer *ClientID
|
||||||
Profile *Profile
|
|
||||||
Subject *Me
|
Subject *Me
|
||||||
Scope Scopes
|
Scope Scopes
|
||||||
Secret []byte
|
Secret []byte
|
||||||
|
@ -48,7 +46,6 @@ var DefaultNewTokenOptions = NewTokenOptions{
|
||||||
Secret: nil,
|
Secret: nil,
|
||||||
Algorithm: "HS256",
|
Algorithm: "HS256",
|
||||||
NonceLength: 32,
|
NonceLength: 32,
|
||||||
Profile: nil,
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewToken create a new token by provided options.
|
// NewToken create a new token by provided options.
|
||||||
|
@ -83,23 +80,6 @@ func NewToken(opts NewTokenOptions) (*Token, error) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if opts.Profile != nil {
|
|
||||||
for key, val := range map[string]interface{}{
|
|
||||||
"name": opts.Profile.GetName(),
|
|
||||||
"url": opts.Profile.GetURL(),
|
|
||||||
"photo": opts.Profile.GetPhoto(),
|
|
||||||
"email": opts.Profile.GetEmail(),
|
|
||||||
} {
|
|
||||||
if val == nil {
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
|
|
||||||
if err = tkn.Set(key, val); err != nil {
|
|
||||||
return nil, fmt.Errorf("failed to set JWT token claim: %w", err)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if opts.Issuer != nil {
|
if opts.Issuer != nil {
|
||||||
if err = tkn.Set(jwt.IssuerKey, opts.Issuer.String()); err != nil {
|
if err = tkn.Set(jwt.IssuerKey, opts.Issuer.String()); err != nil {
|
||||||
return nil, fmt.Errorf("failed to set JWT token field: %w", err)
|
return nil, fmt.Errorf("failed to set JWT token field: %w", err)
|
||||||
|
@ -123,7 +103,6 @@ func NewToken(opts NewTokenOptions) (*Token, error) {
|
||||||
CreatedAt: now,
|
CreatedAt: now,
|
||||||
Expiry: now.Add(opts.Expiration),
|
Expiry: now.Add(opts.Expiration),
|
||||||
Me: opts.Subject,
|
Me: opts.Subject,
|
||||||
Profile: opts.Profile,
|
|
||||||
RefreshToken: "", // TODO(toby3d)
|
RefreshToken: "", // TODO(toby3d)
|
||||||
Scope: opts.Scope,
|
Scope: opts.Scope,
|
||||||
}, nil
|
}, nil
|
||||||
|
@ -147,6 +126,8 @@ func TestToken(tb testing.TB) *Token {
|
||||||
ScopeCreate,
|
ScopeCreate,
|
||||||
ScopeDelete,
|
ScopeDelete,
|
||||||
ScopeUpdate,
|
ScopeUpdate,
|
||||||
|
ScopeProfile,
|
||||||
|
ScopeEmail,
|
||||||
}
|
}
|
||||||
|
|
||||||
for key, val := range map[string]interface{}{
|
for key, val := range map[string]interface{}{
|
||||||
|
@ -176,7 +157,6 @@ func TestToken(tb testing.TB) *Token {
|
||||||
ClientID: cid,
|
ClientID: cid,
|
||||||
Me: me,
|
Me: me,
|
||||||
Scope: scope,
|
Scope: scope,
|
||||||
Profile: TestProfile(tb),
|
|
||||||
AccessToken: string(accessToken),
|
AccessToken: string(accessToken),
|
||||||
RefreshToken: "", // TODO(toby3d)
|
RefreshToken: "", // TODO(toby3d)
|
||||||
}
|
}
|
||||||
|
|
|
@ -175,7 +175,7 @@ func (h *RequestHandler) handleIntrospect(ctx *http.RequestCtx) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
tkn, err := h.tokens.Verify(ctx, req.Token)
|
tkn, _, err := h.tokens.Verify(ctx, req.Token)
|
||||||
if err != nil || tkn == nil {
|
if err != nil || tkn == nil {
|
||||||
// WARN(toby3d): If the token is not valid, the endpoint still
|
// WARN(toby3d): If the token is not valid, the endpoint still
|
||||||
// MUST return a 200 Response.
|
// MUST return a 200 Response.
|
||||||
|
|
|
@ -12,6 +12,8 @@ import (
|
||||||
|
|
||||||
"source.toby3d.me/website/indieauth/internal/common"
|
"source.toby3d.me/website/indieauth/internal/common"
|
||||||
"source.toby3d.me/website/indieauth/internal/domain"
|
"source.toby3d.me/website/indieauth/internal/domain"
|
||||||
|
"source.toby3d.me/website/indieauth/internal/profile"
|
||||||
|
profilerepo "source.toby3d.me/website/indieauth/internal/profile/repository/memory"
|
||||||
"source.toby3d.me/website/indieauth/internal/session"
|
"source.toby3d.me/website/indieauth/internal/session"
|
||||||
sessionrepo "source.toby3d.me/website/indieauth/internal/session/repository/memory"
|
sessionrepo "source.toby3d.me/website/indieauth/internal/session/repository/memory"
|
||||||
"source.toby3d.me/website/indieauth/internal/testing/httptest"
|
"source.toby3d.me/website/indieauth/internal/testing/httptest"
|
||||||
|
@ -27,6 +29,7 @@ import (
|
||||||
type Dependencies struct {
|
type Dependencies struct {
|
||||||
client *http.Client
|
client *http.Client
|
||||||
config *domain.Config
|
config *domain.Config
|
||||||
|
profiles profile.Repository
|
||||||
sessions session.Repository
|
sessions session.Repository
|
||||||
store *sync.Map
|
store *sync.Map
|
||||||
tickets ticket.Repository
|
tickets ticket.Repository
|
||||||
|
@ -135,19 +138,26 @@ func TestRevocation(t *testing.T) {
|
||||||
func NewDependencies(tb testing.TB) Dependencies {
|
func NewDependencies(tb testing.TB) Dependencies {
|
||||||
tb.Helper()
|
tb.Helper()
|
||||||
|
|
||||||
|
store := new(sync.Map)
|
||||||
client := new(http.Client)
|
client := new(http.Client)
|
||||||
config := domain.TestConfig(tb)
|
config := domain.TestConfig(tb)
|
||||||
store := new(sync.Map)
|
|
||||||
token := domain.TestToken(tb)
|
token := domain.TestToken(tb)
|
||||||
|
profiles := profilerepo.NewMemoryProfileRepository(store)
|
||||||
sessions := sessionrepo.NewMemorySessionRepository(store, config)
|
sessions := sessionrepo.NewMemorySessionRepository(store, config)
|
||||||
tickets := ticketrepo.NewMemoryTicketRepository(store, config)
|
tickets := ticketrepo.NewMemoryTicketRepository(store, config)
|
||||||
tokens := tokenrepo.NewMemoryTokenRepository(store)
|
tokens := tokenrepo.NewMemoryTokenRepository(store)
|
||||||
ticketService := ticketucase.NewTicketUseCase(tickets, client, config)
|
ticketService := ticketucase.NewTicketUseCase(tickets, client, config)
|
||||||
tokenService := tokenucase.NewTokenUseCase(tokens, sessions, config)
|
tokenService := tokenucase.NewTokenUseCase(tokenucase.Config{
|
||||||
|
Config: config,
|
||||||
|
Profiles: profiles,
|
||||||
|
Sessions: sessions,
|
||||||
|
Tokens: tokens,
|
||||||
|
})
|
||||||
|
|
||||||
return Dependencies{
|
return Dependencies{
|
||||||
client: client,
|
client: client,
|
||||||
config: config,
|
config: config,
|
||||||
|
profiles: profiles,
|
||||||
sessions: sessions,
|
sessions: sessions,
|
||||||
store: store,
|
store: store,
|
||||||
tickets: tickets,
|
tickets: tickets,
|
||||||
|
|
|
@ -18,7 +18,7 @@ type (
|
||||||
Exchange(ctx context.Context, opts ExchangeOptions) (*domain.Token, *domain.Profile, error)
|
Exchange(ctx context.Context, opts ExchangeOptions) (*domain.Token, *domain.Profile, error)
|
||||||
|
|
||||||
// Verify checks the AccessToken and returns the associated information.
|
// Verify checks the AccessToken and returns the associated information.
|
||||||
Verify(ctx context.Context, accessToken string) (*domain.Token, error)
|
Verify(ctx context.Context, accessToken string) (*domain.Token, *domain.Profile, error)
|
||||||
|
|
||||||
// Revoke revokes the AccessToken and blocks its further use.
|
// Revoke revokes the AccessToken and blocks its further use.
|
||||||
Revoke(ctx context.Context, accessToken string) error
|
Revoke(ctx context.Context, accessToken string) error
|
||||||
|
|
|
@ -9,32 +9,41 @@ import (
|
||||||
"github.com/lestrrat-go/jwx/jwt"
|
"github.com/lestrrat-go/jwx/jwt"
|
||||||
|
|
||||||
"source.toby3d.me/website/indieauth/internal/domain"
|
"source.toby3d.me/website/indieauth/internal/domain"
|
||||||
|
"source.toby3d.me/website/indieauth/internal/profile"
|
||||||
"source.toby3d.me/website/indieauth/internal/session"
|
"source.toby3d.me/website/indieauth/internal/session"
|
||||||
"source.toby3d.me/website/indieauth/internal/token"
|
"source.toby3d.me/website/indieauth/internal/token"
|
||||||
)
|
)
|
||||||
|
|
||||||
type tokenUseCase struct {
|
type (
|
||||||
sessions session.Repository
|
Config struct {
|
||||||
tokens token.Repository
|
Config *domain.Config
|
||||||
config *domain.Config
|
Profiles profile.Repository
|
||||||
}
|
Sessions session.Repository
|
||||||
|
Tokens token.Repository
|
||||||
|
}
|
||||||
|
|
||||||
func NewTokenUseCase(tokens token.Repository, sessions session.Repository, config *domain.Config) token.UseCase {
|
tokenUseCase struct {
|
||||||
jwt.RegisterCustomField("email", new(domain.Email))
|
config *domain.Config
|
||||||
jwt.RegisterCustomField("photo", new(domain.URL))
|
profiles profile.Repository
|
||||||
|
sessions session.Repository
|
||||||
|
tokens token.Repository
|
||||||
|
}
|
||||||
|
)
|
||||||
|
|
||||||
|
func NewTokenUseCase(config Config) token.UseCase {
|
||||||
jwt.RegisterCustomField("scope", make(domain.Scopes, 0))
|
jwt.RegisterCustomField("scope", make(domain.Scopes, 0))
|
||||||
jwt.RegisterCustomField("url", new(domain.URL))
|
|
||||||
|
|
||||||
return &tokenUseCase{
|
return &tokenUseCase{
|
||||||
config: config,
|
config: config.Config,
|
||||||
sessions: sessions,
|
profiles: config.Profiles,
|
||||||
tokens: tokens,
|
sessions: config.Sessions,
|
||||||
|
tokens: config.Tokens,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (useCase *tokenUseCase) Exchange(ctx context.Context, opts token.ExchangeOptions) (*domain.Token, *domain.Profile,
|
func (uc *tokenUseCase) Exchange(ctx context.Context, opts token.ExchangeOptions) (*domain.Token, *domain.Profile,
|
||||||
error) {
|
error) {
|
||||||
session, err := useCase.sessions.GetAndDelete(ctx, opts.Code)
|
session, err := uc.sessions.GetAndDelete(ctx, opts.Code)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, nil, fmt.Errorf("cannot get session from store: %w", err)
|
return nil, nil, fmt.Errorf("cannot get session from store: %w", err)
|
||||||
}
|
}
|
||||||
|
@ -66,14 +75,13 @@ func (useCase *tokenUseCase) Exchange(ctx context.Context, opts token.ExchangeOp
|
||||||
}
|
}
|
||||||
|
|
||||||
tkn, err := domain.NewToken(domain.NewTokenOptions{
|
tkn, err := domain.NewToken(domain.NewTokenOptions{
|
||||||
Expiration: useCase.config.JWT.Expiry,
|
Expiration: uc.config.JWT.Expiry,
|
||||||
Issuer: session.ClientID,
|
Issuer: session.ClientID,
|
||||||
Subject: session.Me,
|
Subject: session.Me,
|
||||||
Scope: session.Scope,
|
Scope: session.Scope,
|
||||||
Secret: []byte(useCase.config.JWT.Secret),
|
Secret: []byte(uc.config.JWT.Secret),
|
||||||
Profile: session.Profile,
|
Algorithm: uc.config.JWT.Algorithm,
|
||||||
Algorithm: useCase.config.JWT.Algorithm,
|
NonceLength: uc.config.JWT.NonceLength,
|
||||||
NonceLength: useCase.config.JWT.NonceLength,
|
|
||||||
})
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, nil, fmt.Errorf("cannot generate a new access token: %w", err)
|
return nil, nil, fmt.Errorf("cannot generate a new access token: %w", err)
|
||||||
|
@ -82,24 +90,24 @@ func (useCase *tokenUseCase) Exchange(ctx context.Context, opts token.ExchangeOp
|
||||||
return tkn, session.Profile, nil
|
return tkn, session.Profile, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (useCase *tokenUseCase) Verify(ctx context.Context, accessToken string) (*domain.Token, error) {
|
func (uc *tokenUseCase) Verify(ctx context.Context, accessToken string) (*domain.Token, *domain.Profile, error) {
|
||||||
find, err := useCase.tokens.Get(ctx, accessToken)
|
find, err := uc.tokens.Get(ctx, accessToken)
|
||||||
if err != nil && !errors.Is(err, token.ErrNotExist) {
|
if err != nil && !errors.Is(err, token.ErrNotExist) {
|
||||||
return nil, fmt.Errorf("cannot check token in store: %w", err)
|
return nil, nil, fmt.Errorf("cannot check token in store: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
if find != nil {
|
if find != nil {
|
||||||
return nil, token.ErrRevoke
|
return nil, nil, token.ErrRevoke
|
||||||
}
|
}
|
||||||
|
|
||||||
tkn, err := jwt.ParseString(accessToken, jwt.WithVerify(jwa.SignatureAlgorithm(useCase.config.JWT.Algorithm),
|
tkn, err := jwt.ParseString(accessToken, jwt.WithVerify(jwa.SignatureAlgorithm(uc.config.JWT.Algorithm),
|
||||||
[]byte(useCase.config.JWT.Secret)))
|
[]byte(uc.config.JWT.Secret)))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("cannot parse JWT token: %w", err)
|
return nil, nil, fmt.Errorf("cannot parse JWT token: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
if err = jwt.Validate(tkn); err != nil {
|
if err = jwt.Validate(tkn); err != nil {
|
||||||
return nil, fmt.Errorf("cannot validate JWT token: %w", err)
|
return nil, nil, fmt.Errorf("cannot validate JWT token: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
result := &domain.Token{
|
result := &domain.Token{
|
||||||
|
@ -107,7 +115,6 @@ func (useCase *tokenUseCase) Verify(ctx context.Context, accessToken string) (*d
|
||||||
Expiry: tkn.Expiration(),
|
Expiry: tkn.Expiration(),
|
||||||
ClientID: nil,
|
ClientID: nil,
|
||||||
Me: nil,
|
Me: nil,
|
||||||
Profile: nil,
|
|
||||||
Scope: nil,
|
Scope: nil,
|
||||||
AccessToken: accessToken,
|
AccessToken: accessToken,
|
||||||
RefreshToken: "", // TODO(toby3d)
|
RefreshToken: "", // TODO(toby3d)
|
||||||
|
@ -120,49 +127,28 @@ func (useCase *tokenUseCase) Verify(ctx context.Context, accessToken string) (*d
|
||||||
}
|
}
|
||||||
|
|
||||||
if !result.Scope.Has(domain.ScopeProfile) {
|
if !result.Scope.Has(domain.ScopeProfile) {
|
||||||
return result, nil
|
return result, nil, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
result.Profile = domain.NewProfile()
|
profile, err := uc.profiles.Get(ctx, result.Me)
|
||||||
|
if err != nil {
|
||||||
if name, ok := tkn.Get("name"); ok {
|
return result, nil, nil
|
||||||
if n, ok := name.(string); ok {
|
|
||||||
result.Profile.Name = append(result.Profile.Name, n)
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if url, ok := tkn.Get("url"); ok {
|
if !result.Scope.Has(domain.ScopeEmail) && len(profile.Email) > 0 {
|
||||||
if u, ok := url.(*domain.URL); ok {
|
profile.Email = nil
|
||||||
result.Profile.URL = append(result.Profile.URL, u)
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if photo, ok := tkn.Get("photo"); ok {
|
return result, profile, nil
|
||||||
if p, ok := photo.(*domain.URL); ok {
|
|
||||||
result.Profile.Photo = append(result.Profile.Photo, p)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if !result.Scope.Has(domain.ScopeEmail) {
|
|
||||||
return result, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
if email, ok := tkn.Get("email"); ok {
|
|
||||||
if e, ok := email.(*domain.Email); ok {
|
|
||||||
result.Profile.Email = append(result.Profile.Email, e)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return result, nil
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func (useCase *tokenUseCase) Revoke(ctx context.Context, accessToken string) error {
|
func (uc *tokenUseCase) Revoke(ctx context.Context, accessToken string) error {
|
||||||
tkn, err := useCase.Verify(ctx, accessToken)
|
tkn, _, err := uc.Verify(ctx, accessToken)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("cannot verify token: %w", err)
|
return fmt.Errorf("cannot verify token: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
if err = useCase.tokens.Create(ctx, tkn); err != nil {
|
if err = uc.tokens.Create(ctx, tkn); err != nil {
|
||||||
return fmt.Errorf("cannot save token in database: %w", err)
|
return fmt.Errorf("cannot save token in database: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -3,35 +3,86 @@ package usecase_test
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"errors"
|
"errors"
|
||||||
|
"path"
|
||||||
"sync"
|
"sync"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
"github.com/stretchr/testify/assert"
|
"github.com/stretchr/testify/assert"
|
||||||
|
|
||||||
"source.toby3d.me/website/indieauth/internal/domain"
|
"source.toby3d.me/website/indieauth/internal/domain"
|
||||||
|
"source.toby3d.me/website/indieauth/internal/profile"
|
||||||
|
profilerepo "source.toby3d.me/website/indieauth/internal/profile/repository/memory"
|
||||||
|
"source.toby3d.me/website/indieauth/internal/session"
|
||||||
|
sessionrepo "source.toby3d.me/website/indieauth/internal/session/repository/memory"
|
||||||
"source.toby3d.me/website/indieauth/internal/token"
|
"source.toby3d.me/website/indieauth/internal/token"
|
||||||
repository "source.toby3d.me/website/indieauth/internal/token/repository/memory"
|
tokenrepo "source.toby3d.me/website/indieauth/internal/token/repository/memory"
|
||||||
usecase "source.toby3d.me/website/indieauth/internal/token/usecase"
|
usecase "source.toby3d.me/website/indieauth/internal/token/usecase"
|
||||||
)
|
)
|
||||||
|
|
||||||
/* TODO(toby3d)
|
type Dependencies struct {
|
||||||
|
config *domain.Config
|
||||||
|
profile *domain.Profile
|
||||||
|
profiles profile.Repository
|
||||||
|
session *domain.Session
|
||||||
|
sessions session.Repository
|
||||||
|
store *sync.Map
|
||||||
|
token *domain.Token
|
||||||
|
tokens token.Repository
|
||||||
|
}
|
||||||
|
|
||||||
func TestExchange(t *testing.T) {
|
func TestExchange(t *testing.T) {
|
||||||
t.Parallel()
|
t.Parallel()
|
||||||
|
|
||||||
|
deps := NewDependencies(t)
|
||||||
|
deps.store.Store(path.Join(profilerepo.DefaultPathPrefix, deps.session.Me.String()), deps.profile)
|
||||||
|
|
||||||
|
if err := deps.sessions.Create(context.TODO(), deps.session); err != nil {
|
||||||
|
t.Fatal(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
opts := token.ExchangeOptions{
|
||||||
|
ClientID: deps.session.ClientID,
|
||||||
|
Code: deps.session.Code,
|
||||||
|
CodeVerifier: deps.session.CodeChallenge,
|
||||||
|
RedirectURI: deps.session.RedirectURI,
|
||||||
|
}
|
||||||
|
|
||||||
|
tkn, userInfo, err := usecase.NewTokenUseCase(usecase.Config{
|
||||||
|
Config: deps.config,
|
||||||
|
Profiles: deps.profiles,
|
||||||
|
Sessions: deps.sessions,
|
||||||
|
Tokens: deps.tokens,
|
||||||
|
}).Exchange(context.TODO(), opts)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatal(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
if tkn == nil {
|
||||||
|
t.Errorf("Exchange(ctx, %v) = nil, want not nil", opts)
|
||||||
|
}
|
||||||
|
|
||||||
|
if userInfo == nil {
|
||||||
|
t.Errorf("Exchange(ctx, %v) = nil, want not nil", opts)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
*/
|
|
||||||
|
|
||||||
func TestVerify(t *testing.T) {
|
func TestVerify(t *testing.T) {
|
||||||
t.Parallel()
|
t.Parallel()
|
||||||
|
|
||||||
repo := repository.NewMemoryTokenRepository(new(sync.Map))
|
deps := NewDependencies(t)
|
||||||
ucase := usecase.NewTokenUseCase(repo, nil, domain.TestConfig(t))
|
ucase := usecase.NewTokenUseCase(usecase.Config{
|
||||||
|
Config: domain.TestConfig(t),
|
||||||
|
Profiles: deps.profiles,
|
||||||
|
Sessions: deps.sessions,
|
||||||
|
Tokens: deps.tokens,
|
||||||
|
})
|
||||||
|
|
||||||
t.Run("valid", func(t *testing.T) {
|
t.Run("valid", func(t *testing.T) {
|
||||||
t.Parallel()
|
t.Parallel()
|
||||||
|
|
||||||
accessToken := domain.TestToken(t)
|
accessToken := domain.TestToken(t)
|
||||||
|
|
||||||
result, err := ucase.Verify(context.TODO(), accessToken.AccessToken)
|
result, _, err := ucase.Verify(context.TODO(), accessToken.AccessToken)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatal(err)
|
t.Fatal(err)
|
||||||
}
|
}
|
||||||
|
@ -46,11 +97,11 @@ func TestVerify(t *testing.T) {
|
||||||
t.Parallel()
|
t.Parallel()
|
||||||
|
|
||||||
accessToken := domain.TestToken(t)
|
accessToken := domain.TestToken(t)
|
||||||
if err := repo.Create(context.TODO(), accessToken); err != nil {
|
if err := deps.tokens.Create(context.TODO(), accessToken); err != nil {
|
||||||
t.Fatal(err)
|
t.Fatal(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
result, err := ucase.Verify(context.TODO(), accessToken.AccessToken)
|
result, _, err := ucase.Verify(context.TODO(), accessToken.AccessToken)
|
||||||
if !errors.Is(err, token.ErrRevoke) {
|
if !errors.Is(err, token.ErrRevoke) {
|
||||||
t.Errorf("Verify(%s) = %v, want %v", accessToken.AccessToken, err, token.ErrRevoke)
|
t.Errorf("Verify(%s) = %v, want %v", accessToken.AccessToken, err, token.ErrRevoke)
|
||||||
}
|
}
|
||||||
|
@ -64,21 +115,41 @@ func TestVerify(t *testing.T) {
|
||||||
func TestRevoke(t *testing.T) {
|
func TestRevoke(t *testing.T) {
|
||||||
t.Parallel()
|
t.Parallel()
|
||||||
|
|
||||||
config := domain.TestConfig(t)
|
deps := NewDependencies(t)
|
||||||
accessToken := domain.TestToken(t)
|
|
||||||
repo := repository.NewMemoryTokenRepository(new(sync.Map))
|
|
||||||
|
|
||||||
if err := usecase.NewTokenUseCase(repo, nil, config).
|
if err := usecase.NewTokenUseCase(usecase.Config{
|
||||||
Revoke(context.TODO(), accessToken.AccessToken); err != nil {
|
Config: deps.config,
|
||||||
|
Profiles: deps.profiles,
|
||||||
|
Sessions: deps.sessions,
|
||||||
|
Tokens: deps.tokens,
|
||||||
|
}).Revoke(context.TODO(), deps.token.AccessToken); err != nil {
|
||||||
t.Fatal(err)
|
t.Fatal(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
result, err := repo.Get(context.TODO(), accessToken.AccessToken)
|
result, err := deps.tokens.Get(context.TODO(), deps.token.AccessToken)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Error(err)
|
t.Error(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
if result.AccessToken != accessToken.AccessToken {
|
if result.AccessToken != deps.token.AccessToken {
|
||||||
t.Errorf("Get(%s) = %s, want %s", accessToken.AccessToken, result.AccessToken, accessToken.AccessToken)
|
t.Errorf("Get(%s) = %s, want %s", deps.token.AccessToken, result.AccessToken, deps.token.AccessToken)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func NewDependencies(tb testing.TB) Dependencies {
|
||||||
|
tb.Helper()
|
||||||
|
|
||||||
|
store := new(sync.Map)
|
||||||
|
config := domain.TestConfig(tb)
|
||||||
|
|
||||||
|
return Dependencies{
|
||||||
|
config: config,
|
||||||
|
profile: domain.TestProfile(tb),
|
||||||
|
profiles: profilerepo.NewMemoryProfileRepository(store),
|
||||||
|
session: domain.TestSession(tb),
|
||||||
|
sessions: sessionrepo.NewMemorySessionRepository(store, config),
|
||||||
|
store: store,
|
||||||
|
token: domain.TestToken(tb),
|
||||||
|
tokens: tokenrepo.NewMemoryTokenRepository(store),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -65,8 +65,8 @@ func (h *RequestHandler) handleUserInformation(ctx *http.RequestCtx) {
|
||||||
|
|
||||||
encoder := json.NewEncoder(ctx)
|
encoder := json.NewEncoder(ctx)
|
||||||
|
|
||||||
tkn, err := h.tokens.Verify(ctx, strings.TrimPrefix(string(ctx.Request.Header.Peek(http.HeaderAuthorization)),
|
tkn, userInfo, err := h.tokens.Verify(ctx, strings.TrimPrefix(string(ctx.Request.Header.Peek(
|
||||||
"Bearer "))
|
http.HeaderAuthorization)), "Bearer "))
|
||||||
if err != nil || tkn == nil {
|
if err != nil || tkn == nil {
|
||||||
// WARN(toby3d): If the token is not valid, the endpoint still
|
// WARN(toby3d): If the token is not valid, the endpoint still
|
||||||
// MUST return a 200 Response.
|
// MUST return a 200 Response.
|
||||||
|
@ -88,24 +88,26 @@ func (h *RequestHandler) handleUserInformation(ctx *http.RequestCtx) {
|
||||||
}
|
}
|
||||||
|
|
||||||
resp := new(UserInformationResponse)
|
resp := new(UserInformationResponse)
|
||||||
if tkn.Profile == nil {
|
if userInfo == nil {
|
||||||
_ = encoder.Encode(resp)
|
_ = encoder.Encode(resp)
|
||||||
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
resp.Name = tkn.Profile.GetName()
|
if userInfo.HasName() {
|
||||||
|
resp.Name = userInfo.GetName()
|
||||||
if url := tkn.Profile.GetURL(); url != nil {
|
|
||||||
resp.URL = url.String()
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if photo := tkn.Profile.GetPhoto(); photo != nil {
|
if userInfo.HasURL() {
|
||||||
resp.Photo = photo.String()
|
resp.URL = userInfo.GetURL().String()
|
||||||
}
|
}
|
||||||
|
|
||||||
if email := tkn.Profile.GetEmail(); email != nil && tkn.Scope.Has(domain.ScopeEmail) {
|
if userInfo.HasPhoto() {
|
||||||
resp.Email = email.String()
|
resp.Photo = userInfo.GetPhoto().String()
|
||||||
|
}
|
||||||
|
|
||||||
|
if tkn.Scope.Has(domain.ScopeEmail) && userInfo.HasEmail() {
|
||||||
|
resp.Email = userInfo.GetEmail().String()
|
||||||
}
|
}
|
||||||
|
|
||||||
_ = encoder.Encode(resp)
|
_ = encoder.Encode(resp)
|
||||||
|
|
|
@ -0,0 +1,94 @@
|
||||||
|
package http_test
|
||||||
|
|
||||||
|
import (
|
||||||
|
"path"
|
||||||
|
"sync"
|
||||||
|
"testing"
|
||||||
|
|
||||||
|
"github.com/goccy/go-json"
|
||||||
|
http "github.com/valyala/fasthttp"
|
||||||
|
|
||||||
|
"github.com/fasthttp/router"
|
||||||
|
|
||||||
|
"source.toby3d.me/website/indieauth/internal/domain"
|
||||||
|
"source.toby3d.me/website/indieauth/internal/profile"
|
||||||
|
profilerepo "source.toby3d.me/website/indieauth/internal/profile/repository/memory"
|
||||||
|
"source.toby3d.me/website/indieauth/internal/session"
|
||||||
|
sessionrepo "source.toby3d.me/website/indieauth/internal/session/repository/memory"
|
||||||
|
"source.toby3d.me/website/indieauth/internal/testing/httptest"
|
||||||
|
"source.toby3d.me/website/indieauth/internal/token"
|
||||||
|
tokenrepo "source.toby3d.me/website/indieauth/internal/token/repository/memory"
|
||||||
|
tokenucase "source.toby3d.me/website/indieauth/internal/token/usecase"
|
||||||
|
delivery "source.toby3d.me/website/indieauth/internal/user/delivery/http"
|
||||||
|
)
|
||||||
|
|
||||||
|
type Dependencies struct {
|
||||||
|
config *domain.Config
|
||||||
|
profile *domain.Profile
|
||||||
|
profiles profile.Repository
|
||||||
|
sessions session.Repository
|
||||||
|
store *sync.Map
|
||||||
|
token *domain.Token
|
||||||
|
tokens token.Repository
|
||||||
|
tokenService token.UseCase
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestUserInfo(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
|
||||||
|
deps := NewDependencies(t)
|
||||||
|
deps.store.Store(path.Join(profilerepo.DefaultPathPrefix, deps.token.Me.String()), deps.profile)
|
||||||
|
|
||||||
|
r := router.New()
|
||||||
|
delivery.NewRequestHandler(deps.tokenService, deps.config).Register(r)
|
||||||
|
|
||||||
|
client, _, cleanup := httptest.New(t, r.Handler)
|
||||||
|
t.Cleanup(cleanup)
|
||||||
|
|
||||||
|
req := httptest.NewRequest(http.MethodGet, "https://example.com/userinfo", nil)
|
||||||
|
defer http.ReleaseRequest(req)
|
||||||
|
deps.token.SetAuthHeader(req)
|
||||||
|
|
||||||
|
resp := http.AcquireResponse()
|
||||||
|
defer http.ReleaseResponse(resp)
|
||||||
|
|
||||||
|
if err := client.Do(req, resp); err != nil {
|
||||||
|
t.Fatal(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
result := new(delivery.UserInformationResponse)
|
||||||
|
if err := json.Unmarshal(resp.Body(), result); err != nil {
|
||||||
|
t.Fatal(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
if result.Name != deps.profile.GetName() ||
|
||||||
|
result.Photo != deps.profile.GetPhoto().String() {
|
||||||
|
t.Errorf("GET /userinfo = %+v, want %+v", result, &delivery.UserInformationResponse{
|
||||||
|
Name: deps.profile.GetName(),
|
||||||
|
URL: deps.profile.GetURL().String(),
|
||||||
|
Photo: deps.profile.GetPhoto().String(),
|
||||||
|
Email: deps.profile.GetEmail().String(),
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func NewDependencies(tb testing.TB) Dependencies {
|
||||||
|
tb.Helper()
|
||||||
|
|
||||||
|
store := new(sync.Map)
|
||||||
|
config := domain.TestConfig(tb)
|
||||||
|
|
||||||
|
return Dependencies{
|
||||||
|
profile: domain.TestProfile(tb),
|
||||||
|
token: domain.TestToken(tb),
|
||||||
|
config: config,
|
||||||
|
store: store,
|
||||||
|
tokens: tokenrepo.NewMemoryTokenRepository(store),
|
||||||
|
tokenService: tokenucase.NewTokenUseCase(tokenucase.Config{
|
||||||
|
Config: config,
|
||||||
|
Profiles: profilerepo.NewMemoryProfileRepository(store),
|
||||||
|
Sessions: sessionrepo.NewMemorySessionRepository(store, config),
|
||||||
|
Tokens: tokenrepo.NewMemoryTokenRepository(store),
|
||||||
|
}),
|
||||||
|
}
|
||||||
|
}
|
7
main.go
7
main.go
|
@ -277,7 +277,12 @@ func NewApp(opts NewAppOptions) *App {
|
||||||
matcher: language.NewMatcher(message.DefaultCatalog.Languages()),
|
matcher: language.NewMatcher(message.DefaultCatalog.Languages()),
|
||||||
sessions: sessionucase.NewSessionUseCase(opts.Sessions),
|
sessions: sessionucase.NewSessionUseCase(opts.Sessions),
|
||||||
tickets: ticketucase.NewTicketUseCase(opts.Tickets, opts.Client, config),
|
tickets: ticketucase.NewTicketUseCase(opts.Tickets, opts.Client, config),
|
||||||
tokens: tokenucase.NewTokenUseCase(opts.Tokens, opts.Sessions, config),
|
tokens: tokenucase.NewTokenUseCase(tokenucase.Config{
|
||||||
|
Config: config,
|
||||||
|
Profiles: opts.Profiles,
|
||||||
|
Sessions: opts.Sessions,
|
||||||
|
Tokens: opts.Tokens,
|
||||||
|
}),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue