🔥 Removed TicketAuth for now
This commit is contained in:
parent
b5a91b48ae
commit
d6c89a8d00
23 changed files with 87 additions and 1156 deletions
|
@ -31,11 +31,11 @@ type Dependencies struct {
|
|||
authService auth.UseCase
|
||||
clients client.Repository
|
||||
clientService client.UseCase
|
||||
config *domain.Config
|
||||
matcher language.Matcher
|
||||
profiles profile.Repository
|
||||
sessions session.Repository
|
||||
users user.Repository
|
||||
config *domain.Config
|
||||
}
|
||||
|
||||
func TestAuthorize(t *testing.T) {
|
||||
|
@ -113,7 +113,7 @@ func NewDependencies(tb testing.TB) Dependencies {
|
|||
users := userrepo.NewMemoryUserRepository()
|
||||
sessions := sessionrepo.NewMemorySessionRepository(*config)
|
||||
profiles := profilerepo.NewMemoryProfileRepository()
|
||||
authService := ucase.NewAuthUseCase(sessions, profiles, config)
|
||||
authService := ucase.NewAuthUseCase(sessions, profiles, *config)
|
||||
clientService := clientucase.NewClientUseCase(clients)
|
||||
|
||||
return Dependencies{
|
||||
|
|
|
@ -12,13 +12,13 @@ import (
|
|||
)
|
||||
|
||||
type authUseCase struct {
|
||||
config *domain.Config
|
||||
sessions session.Repository
|
||||
profiles profile.Repository
|
||||
config domain.Config
|
||||
}
|
||||
|
||||
// NewAuthUseCase creates a new authentication use case.
|
||||
func NewAuthUseCase(sessions session.Repository, profiles profile.Repository, config *domain.Config) auth.UseCase {
|
||||
func NewAuthUseCase(sessions session.Repository, profiles profile.Repository, config domain.Config) auth.UseCase {
|
||||
return &authUseCase{
|
||||
config: config,
|
||||
sessions: sessions,
|
||||
|
|
|
@ -58,7 +58,7 @@ func NewDependencies(tb testing.TB) Dependencies {
|
|||
tokens := tokenrepo.NewMemoryTokenRepository()
|
||||
profiles := profilerepo.NewMemoryProfileRepository()
|
||||
tokenService := tokenucase.NewTokenUseCase(tokenucase.Config{
|
||||
Config: config,
|
||||
Config: *config,
|
||||
Profiles: profiles,
|
||||
Sessions: sessions,
|
||||
Tokens: tokens,
|
||||
|
|
|
@ -10,7 +10,7 @@ type Ticket struct {
|
|||
Resource *url.URL
|
||||
|
||||
// The access token should be used when acting on behalf of this URL.
|
||||
Subject *Me
|
||||
Subject Me
|
||||
|
||||
// A random string that can be redeemed for an access token.
|
||||
Ticket string
|
||||
|
@ -22,7 +22,7 @@ func TestTicket(tb testing.TB) *Ticket {
|
|||
|
||||
return &Ticket{
|
||||
Resource: &url.URL{Scheme: "https", Host: "alice.example.com", Path: "/private/"},
|
||||
Subject: TestMe(tb, "https://bob.example.com/"),
|
||||
Subject: *TestMe(tb, "https://bob.example.com/"),
|
||||
Ticket: "32985723984723985792834",
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,198 +0,0 @@
|
|||
package http
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"net/http"
|
||||
|
||||
"github.com/goccy/go-json"
|
||||
"github.com/lestrrat-go/jwx/v2/jwa"
|
||||
"golang.org/x/text/language"
|
||||
"golang.org/x/text/message"
|
||||
|
||||
"source.toby3d.me/toby3d/auth/internal/common"
|
||||
"source.toby3d.me/toby3d/auth/internal/domain"
|
||||
"source.toby3d.me/toby3d/auth/internal/middleware"
|
||||
"source.toby3d.me/toby3d/auth/internal/random"
|
||||
"source.toby3d.me/toby3d/auth/internal/ticket"
|
||||
"source.toby3d.me/toby3d/auth/internal/urlutil"
|
||||
"source.toby3d.me/toby3d/auth/web"
|
||||
)
|
||||
|
||||
type Handler struct {
|
||||
matcher language.Matcher
|
||||
tickets ticket.UseCase
|
||||
config domain.Config
|
||||
}
|
||||
|
||||
func NewHandler(tickets ticket.UseCase, matcher language.Matcher, config domain.Config) *Handler {
|
||||
return &Handler{
|
||||
config: config,
|
||||
matcher: matcher,
|
||||
tickets: tickets,
|
||||
}
|
||||
}
|
||||
|
||||
func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
||||
//nolint:exhaustivestruct
|
||||
chain := middleware.Chain{
|
||||
middleware.CSRFWithConfig(middleware.CSRFConfig{
|
||||
Skipper: func(_ http.ResponseWriter, r *http.Request) bool {
|
||||
head, _ := urlutil.ShiftPath(r.URL.Path)
|
||||
|
||||
return r.Method == http.MethodPost && head == "ticket"
|
||||
},
|
||||
CookieMaxAge: 0,
|
||||
CookieSameSite: http.SameSiteStrictMode,
|
||||
ContextKey: "csrf",
|
||||
CookieDomain: h.config.Server.Domain,
|
||||
CookieName: "__Secure-csrf",
|
||||
CookiePath: "/ticket",
|
||||
TokenLookup: "form:_csrf",
|
||||
TokenLength: 0,
|
||||
CookieSecure: true,
|
||||
CookieHTTPOnly: true,
|
||||
}),
|
||||
middleware.JWTWithConfig(middleware.JWTConfig{
|
||||
AuthScheme: "Bearer",
|
||||
BeforeFunc: nil,
|
||||
Claims: nil,
|
||||
ContextKey: "token",
|
||||
ErrorHandler: nil,
|
||||
ErrorHandlerWithContext: nil,
|
||||
ParseTokenFunc: nil,
|
||||
SigningKey: []byte(h.config.JWT.Secret),
|
||||
SigningKeys: nil,
|
||||
SigningMethod: jwa.SignatureAlgorithm(h.config.JWT.Algorithm),
|
||||
Skipper: middleware.DefaultSkipper,
|
||||
SuccessHandler: nil,
|
||||
TokenLookup: "header:" + common.HeaderAuthorization +
|
||||
",cookie:__Secure-auth-token",
|
||||
}),
|
||||
}
|
||||
|
||||
chain.Handler(h.handleFunc).ServeHTTP(w, r)
|
||||
}
|
||||
|
||||
func (h *Handler) handleFunc(w http.ResponseWriter, r *http.Request) {
|
||||
var head string
|
||||
head, r.URL.Path = urlutil.ShiftPath(r.URL.Path)
|
||||
|
||||
switch r.Method {
|
||||
default:
|
||||
http.Error(w, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed)
|
||||
case "", http.MethodGet:
|
||||
if head != "" {
|
||||
http.NotFound(w, r)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
h.handleRender(w, r)
|
||||
case http.MethodPost:
|
||||
switch head {
|
||||
default:
|
||||
http.NotFound(w, r)
|
||||
case "":
|
||||
h.handleRedeem(w, r)
|
||||
case "send":
|
||||
h.handleSend(w, r)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func (h *Handler) handleRender(w http.ResponseWriter, r *http.Request) {
|
||||
w.Header().Set(common.HeaderContentType, common.MIMETextHTMLCharsetUTF8)
|
||||
|
||||
tags, _, _ := language.ParseAcceptLanguage(r.Header.Get(common.HeaderAcceptLanguage))
|
||||
tag, _, _ := h.matcher.Match(tags...)
|
||||
baseOf := web.BaseOf{
|
||||
Config: &h.config,
|
||||
Language: tag,
|
||||
Printer: message.NewPrinter(tag),
|
||||
}
|
||||
|
||||
csrf, _ := r.Context().Value("csrf").([]byte)
|
||||
web.WriteTemplate(w, &web.TicketPage{
|
||||
BaseOf: baseOf,
|
||||
CSRF: csrf,
|
||||
})
|
||||
}
|
||||
|
||||
func (h *Handler) handleSend(w http.ResponseWriter, r *http.Request) {
|
||||
w.Header().Set(common.HeaderAccessControlAllowOrigin, h.config.Server.Domain)
|
||||
w.Header().Set(common.HeaderContentType, common.MIMEApplicationJSONCharsetUTF8)
|
||||
|
||||
encoder := json.NewEncoder(w)
|
||||
|
||||
req := new(TicketGenerateRequest)
|
||||
if err := req.bind(r); err != nil {
|
||||
w.WriteHeader(http.StatusBadRequest)
|
||||
|
||||
_ = encoder.Encode(err)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
ticket := &domain.Ticket{
|
||||
Ticket: "",
|
||||
Resource: req.Resource.URL,
|
||||
Subject: &req.Subject,
|
||||
}
|
||||
|
||||
var err error
|
||||
if ticket.Ticket, err = random.String(h.config.TicketAuth.Length); err != nil {
|
||||
w.WriteHeader(http.StatusInternalServerError)
|
||||
|
||||
_ = encoder.Encode(domain.NewError(domain.ErrorCodeServerError, err.Error(), ""))
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
if err = h.tickets.Generate(r.Context(), *ticket); err != nil {
|
||||
w.WriteHeader(http.StatusInternalServerError)
|
||||
|
||||
_ = encoder.Encode(domain.NewError(domain.ErrorCodeServerError, err.Error(), ""))
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
w.WriteHeader(http.StatusOK)
|
||||
}
|
||||
|
||||
func (h *Handler) handleRedeem(w http.ResponseWriter, r *http.Request) {
|
||||
w.Header().Set(common.HeaderContentType, common.MIMEApplicationJSONCharsetUTF8)
|
||||
|
||||
encoder := json.NewEncoder(w)
|
||||
|
||||
req := new(TicketExchangeRequest)
|
||||
if err := req.bind(r); err != nil {
|
||||
w.WriteHeader(http.StatusBadRequest)
|
||||
|
||||
_ = encoder.Encode(err)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
token, err := h.tickets.Redeem(r.Context(), domain.Ticket{
|
||||
Ticket: req.Ticket,
|
||||
Resource: req.Resource.URL,
|
||||
Subject: &req.Subject,
|
||||
})
|
||||
if err != nil {
|
||||
w.WriteHeader(http.StatusBadRequest)
|
||||
|
||||
_ = encoder.Encode(domain.NewError(domain.ErrorCodeServerError, err.Error(), ""))
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
// TODO(toby3d): print the result as part of the debugging. Instead, we
|
||||
// need to send or save the token to the recipient for later use.
|
||||
fmt.Fprintf(w, `{
|
||||
"access_token": "%s",
|
||||
"token_type": "Bearer",
|
||||
"scope": "%s",
|
||||
"me": "%s"
|
||||
}`, token.AccessToken, token.Scope.String(), token.Me.String())
|
||||
w.WriteHeader(http.StatusOK)
|
||||
}
|
|
@ -1,90 +0,0 @@
|
|||
package http
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"net/http"
|
||||
|
||||
"source.toby3d.me/toby3d/auth/internal/domain"
|
||||
"source.toby3d.me/toby3d/form"
|
||||
)
|
||||
|
||||
type (
|
||||
TicketGenerateRequest struct {
|
||||
// The access token should be used when acting on behalf of this URL.
|
||||
Subject domain.Me `form:"subject"`
|
||||
|
||||
// The access token will work at this URL.
|
||||
Resource domain.URL `form:"resource"`
|
||||
}
|
||||
|
||||
TicketExchangeRequest struct {
|
||||
// The access token should be used when acting on behalf of this URL.
|
||||
Subject domain.Me `form:"subject"`
|
||||
|
||||
// The access token will work at this URL.
|
||||
Resource domain.URL `form:"resource"`
|
||||
|
||||
// A random string that can be redeemed for an access token.
|
||||
Ticket string `form:"ticket"`
|
||||
}
|
||||
)
|
||||
|
||||
func (r *TicketGenerateRequest) bind(req *http.Request) error {
|
||||
indieAuthError := new(domain.Error)
|
||||
|
||||
if err := req.ParseForm(); err != nil {
|
||||
return domain.NewError(
|
||||
domain.ErrorCodeInvalidRequest,
|
||||
err.Error(),
|
||||
"https://indieauth.net/source/#authorization-request",
|
||||
)
|
||||
}
|
||||
|
||||
if err := form.Unmarshal([]byte(req.PostForm.Encode()), r); err != nil {
|
||||
if errors.As(err, indieAuthError) {
|
||||
return indieAuthError
|
||||
}
|
||||
|
||||
return domain.NewError(
|
||||
domain.ErrorCodeInvalidRequest,
|
||||
err.Error(),
|
||||
"https://indieweb.org/IndieAuth_Ticket_Auth#Create_the_IndieAuth_ticket",
|
||||
)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (r *TicketExchangeRequest) bind(req *http.Request) error {
|
||||
indieAuthError := new(domain.Error)
|
||||
|
||||
if err := req.ParseForm(); err != nil {
|
||||
return domain.NewError(
|
||||
domain.ErrorCodeInvalidRequest,
|
||||
err.Error(),
|
||||
"https://indieauth.net/source/#authorization-request",
|
||||
)
|
||||
}
|
||||
|
||||
if err := form.Unmarshal([]byte(req.PostForm.Encode()), r); err != nil {
|
||||
if errors.As(err, indieAuthError) {
|
||||
return indieAuthError
|
||||
}
|
||||
|
||||
return domain.NewError(
|
||||
domain.ErrorCodeInvalidRequest,
|
||||
err.Error(),
|
||||
"https://indieweb.org/IndieAuth_Ticket_Auth#Create_the_IndieAuth_ticket",
|
||||
)
|
||||
}
|
||||
|
||||
if r.Ticket == "" {
|
||||
return domain.NewError(
|
||||
domain.ErrorCodeInvalidRequest,
|
||||
"ticket parameter is required",
|
||||
"https://indieweb.org/IndieAuth_Ticket_Auth#Create_the_IndieAuth_ticket",
|
||||
)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
|
@ -1,121 +0,0 @@
|
|||
package http_test
|
||||
|
||||
/* TODO(toby3d): move CSRF middleware into main
|
||||
import (
|
||||
"fmt"
|
||||
"io"
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"strings"
|
||||
"sync"
|
||||
"testing"
|
||||
|
||||
"golang.org/x/text/language"
|
||||
"golang.org/x/text/message"
|
||||
|
||||
"source.toby3d.me/toby3d/auth/internal/common"
|
||||
"source.toby3d.me/toby3d/auth/internal/domain"
|
||||
"source.toby3d.me/toby3d/auth/internal/ticket"
|
||||
delivery "source.toby3d.me/toby3d/auth/internal/ticket/delivery/http"
|
||||
ticketrepo "source.toby3d.me/toby3d/auth/internal/ticket/repository/memory"
|
||||
ucase "source.toby3d.me/toby3d/auth/internal/ticket/usecase"
|
||||
)
|
||||
|
||||
type Dependencies struct {
|
||||
server *httptest.Server
|
||||
client *http.Client
|
||||
config *domain.Config
|
||||
matcher language.Matcher
|
||||
store *sync.Map
|
||||
ticket *domain.Ticket
|
||||
tickets ticket.Repository
|
||||
ticketService ticket.UseCase
|
||||
token *domain.Token
|
||||
}
|
||||
|
||||
func TestUpdate(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
deps := NewDependencies(t)
|
||||
t.Cleanup(deps.server.Close)
|
||||
|
||||
req := httptest.NewRequest(http.MethodPost, "https://example.com/", strings.NewReader(
|
||||
`ticket=`+deps.ticket.Ticket+
|
||||
`&resource=`+deps.ticket.Resource.String()+
|
||||
`&subject=`+deps.ticket.Subject.String(),
|
||||
))
|
||||
req.Header.Set(common.HeaderContentType, common.MIMEApplicationForm)
|
||||
deps.token.SetAuthHeader(req)
|
||||
|
||||
w := httptest.NewRecorder()
|
||||
delivery.NewHandler(deps.ticketService, deps.matcher, *deps.config).
|
||||
Handler().
|
||||
ServeHTTP(w, req)
|
||||
|
||||
domain.TestToken(t).SetAuthHeader(req)
|
||||
|
||||
resp := w.Result()
|
||||
|
||||
if resp.StatusCode != http.StatusOK &&
|
||||
resp.StatusCode != http.StatusAccepted {
|
||||
t.Errorf("%s %s = %d, want %d or %d", req.Method, req.RequestURI, resp.StatusCode, http.StatusOK,
|
||||
http.StatusAccepted)
|
||||
}
|
||||
|
||||
// TODO(toby3d): print the result as part of the debugging. Instead, you
|
||||
// need to send or save the token to the recipient for later use.
|
||||
if resp.Body == nil {
|
||||
t.Errorf("%s %s = nil, want not nil", req.Method, req.RequestURI)
|
||||
}
|
||||
}
|
||||
|
||||
func NewDependencies(tb testing.TB) Dependencies {
|
||||
tb.Helper()
|
||||
|
||||
config := domain.TestConfig(tb)
|
||||
matcher := language.NewMatcher(message.DefaultCatalog.Languages())
|
||||
store := new(sync.Map)
|
||||
ticket := domain.TestTicket(tb)
|
||||
token := domain.TestToken(tb)
|
||||
|
||||
mux := http.NewServeMux()
|
||||
// NOTE(toby3d): private resource
|
||||
mux.HandleFunc(ticket.Resource.Path, func(w http.ResponseWriter, r *http.Request) {
|
||||
w.Header().Set(common.HeaderContentType, common.MIMETextHTMLCharsetUTF8)
|
||||
fmt.Fprintf(w, `<link rel="token_endpoint" href="https://auth.example.org/token">`)
|
||||
})
|
||||
// NOTE(toby3d): token endpoint
|
||||
mux.HandleFunc("/token", func(w http.ResponseWriter, r *http.Request) {
|
||||
if r.Method != http.MethodPost {
|
||||
http.Error(w, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
w.Header().Set(common.HeaderContentType, common.MIMEApplicationJSONCharsetUTF8)
|
||||
fmt.Fprintf(w, `{
|
||||
"access_token": "`+token.AccessToken+`",
|
||||
"me": "`+token.Me.String()+`",
|
||||
"scope": "`+token.Scope.String()+`",
|
||||
"token_type": "Bearer"
|
||||
}`)
|
||||
})
|
||||
|
||||
server := httptest.NewServer(mux)
|
||||
client := server.Client()
|
||||
tickets := ticketrepo.NewMemoryTicketRepository(store, config)
|
||||
ticketService := ucase.NewTicketUseCase(tickets, client, config)
|
||||
|
||||
return Dependencies{
|
||||
server: server,
|
||||
client: client,
|
||||
config: config,
|
||||
matcher: matcher,
|
||||
store: store,
|
||||
ticket: ticket,
|
||||
tickets: tickets,
|
||||
ticketService: ticketService,
|
||||
token: token,
|
||||
}
|
||||
}
|
||||
*/
|
|
@ -1,15 +0,0 @@
|
|||
package ticket
|
||||
|
||||
import (
|
||||
"context"
|
||||
|
||||
"source.toby3d.me/toby3d/auth/internal/domain"
|
||||
)
|
||||
|
||||
type Repository interface {
|
||||
Create(ctx context.Context, ticket domain.Ticket) error
|
||||
GetAndDelete(ctx context.Context, ticket string) (*domain.Ticket, error)
|
||||
GC()
|
||||
}
|
||||
|
||||
var ErrNotExist error = domain.NewError(domain.ErrorCodeInvalidRequest, "ticket not exist or expired", "")
|
|
@ -1,86 +0,0 @@
|
|||
package memory
|
||||
|
||||
import (
|
||||
"context"
|
||||
"sync"
|
||||
"time"
|
||||
|
||||
"source.toby3d.me/toby3d/auth/internal/domain"
|
||||
"source.toby3d.me/toby3d/auth/internal/ticket"
|
||||
)
|
||||
|
||||
type (
|
||||
Ticket struct {
|
||||
CreatedAt time.Time
|
||||
domain.Ticket
|
||||
}
|
||||
|
||||
memoryTicketRepository struct {
|
||||
mutex *sync.RWMutex
|
||||
tickets map[string]Ticket
|
||||
config domain.Config
|
||||
}
|
||||
)
|
||||
|
||||
func NewMemoryTicketRepository(config domain.Config) ticket.Repository {
|
||||
return &memoryTicketRepository{
|
||||
config: config,
|
||||
mutex: new(sync.RWMutex),
|
||||
tickets: make(map[string]Ticket),
|
||||
}
|
||||
}
|
||||
|
||||
func (repo *memoryTicketRepository) Create(_ context.Context, t domain.Ticket) error {
|
||||
repo.mutex.Lock()
|
||||
defer repo.mutex.Unlock()
|
||||
|
||||
repo.tickets[t.Ticket] = Ticket{
|
||||
CreatedAt: time.Now().UTC(),
|
||||
Ticket: t,
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (repo *memoryTicketRepository) GetAndDelete(_ context.Context, t string) (*domain.Ticket, error) {
|
||||
repo.mutex.RLock()
|
||||
|
||||
out, ok := repo.tickets[t]
|
||||
if !ok {
|
||||
repo.mutex.RUnlock()
|
||||
|
||||
return nil, ticket.ErrNotExist
|
||||
}
|
||||
|
||||
repo.mutex.RUnlock()
|
||||
repo.mutex.Lock()
|
||||
delete(repo.tickets, t)
|
||||
repo.mutex.Unlock()
|
||||
|
||||
return &out.Ticket, nil
|
||||
}
|
||||
|
||||
func (repo *memoryTicketRepository) GC() {
|
||||
ticker := time.NewTicker(time.Second)
|
||||
defer ticker.Stop()
|
||||
|
||||
for ts := range ticker.C {
|
||||
ts = ts.UTC()
|
||||
|
||||
repo.mutex.RLock()
|
||||
|
||||
for _, t := range repo.tickets {
|
||||
if t.CreatedAt.Add(repo.config.Code.Expiry).After(ts) {
|
||||
continue
|
||||
}
|
||||
|
||||
repo.mutex.RUnlock()
|
||||
repo.mutex.Lock()
|
||||
delete(repo.tickets, t.Ticket.Ticket)
|
||||
repo.mutex.Unlock()
|
||||
repo.mutex.RLock()
|
||||
}
|
||||
|
||||
repo.mutex.RUnlock()
|
||||
}
|
||||
}
|
|
@ -1,122 +0,0 @@
|
|||
package sqlite3
|
||||
|
||||
import (
|
||||
"context"
|
||||
"database/sql"
|
||||
"errors"
|
||||
"fmt"
|
||||
"net/url"
|
||||
"time"
|
||||
|
||||
"github.com/jmoiron/sqlx"
|
||||
|
||||
"source.toby3d.me/toby3d/auth/internal/domain"
|
||||
"source.toby3d.me/toby3d/auth/internal/ticket"
|
||||
)
|
||||
|
||||
type (
|
||||
Ticket struct {
|
||||
Resource string `db:"resource"`
|
||||
Subject string `db:"subject"`
|
||||
Ticket string `db:"ticket"`
|
||||
CreatedAt sql.NullTime `db:"created_at"`
|
||||
}
|
||||
|
||||
sqlite3TicketRepository struct {
|
||||
config *domain.Config
|
||||
db *sqlx.DB
|
||||
}
|
||||
)
|
||||
|
||||
const (
|
||||
QueryTable string = `CREATE TABLE IF NOT EXISTS tickets (
|
||||
created_at DATETIME NOT NULL,
|
||||
resource TEXT NOT NULL,
|
||||
subject TEXT NOT NULL,
|
||||
ticket TEXT UNIQUE PRIMARY KEY NOT NULL
|
||||
);`
|
||||
|
||||
QueryGet string = `SELECT *
|
||||
FROM tickets
|
||||
WHERE ticket=$1;`
|
||||
|
||||
QueryCreate string = `INSERT INTO tickets (created_at, resource, subject, ticket)
|
||||
VALUES (:created_at, :resource, :subject, :ticket);`
|
||||
|
||||
QueryDelete string = `DELETE FROM tickets
|
||||
WHERE ticket=$1;`
|
||||
)
|
||||
|
||||
func NewSQLite3TicketRepository(db *sqlx.DB, config *domain.Config) ticket.Repository {
|
||||
db.MustExec(QueryTable)
|
||||
|
||||
return &sqlite3TicketRepository{
|
||||
config: config,
|
||||
db: db,
|
||||
}
|
||||
}
|
||||
|
||||
func (repo *sqlite3TicketRepository) Create(ctx context.Context, t domain.Ticket) error {
|
||||
if _, err := repo.db.NamedExecContext(ctx, QueryCreate, NewTicket(&t)); err != nil {
|
||||
return fmt.Errorf("cannot create token record in db: %w", err)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (repo *sqlite3TicketRepository) GetAndDelete(ctx context.Context, rawTicket string) (*domain.Ticket, error) {
|
||||
tx, err := repo.db.Beginx()
|
||||
if err != nil {
|
||||
_ = tx.Rollback()
|
||||
|
||||
return nil, fmt.Errorf("failed to begin transaction: %w", err)
|
||||
}
|
||||
|
||||
tkt := new(Ticket)
|
||||
if err = tx.GetContext(ctx, tkt, QueryGet, rawTicket); err != nil {
|
||||
//nolint:errcheck // deffered method
|
||||
defer tx.Rollback()
|
||||
|
||||
if errors.Is(err, sql.ErrNoRows) {
|
||||
return nil, ticket.ErrNotExist
|
||||
}
|
||||
|
||||
return nil, fmt.Errorf("cannot find ticket in db: %w", err)
|
||||
}
|
||||
|
||||
if _, err = tx.ExecContext(ctx, QueryDelete, rawTicket); err != nil {
|
||||
_ = tx.Rollback()
|
||||
|
||||
return nil, fmt.Errorf("cannot remove ticket from db: %w", err)
|
||||
}
|
||||
|
||||
if err = tx.Commit(); err != nil {
|
||||
return nil, fmt.Errorf("failed to commit transaction: %w", err)
|
||||
}
|
||||
|
||||
result := new(domain.Ticket)
|
||||
|
||||
tkt.Populate(result)
|
||||
|
||||
return result, nil
|
||||
}
|
||||
|
||||
func (repo *sqlite3TicketRepository) GC() {}
|
||||
|
||||
func NewTicket(src *domain.Ticket) *Ticket {
|
||||
return &Ticket{
|
||||
CreatedAt: sql.NullTime{
|
||||
Time: time.Now().UTC(),
|
||||
Valid: true,
|
||||
},
|
||||
Resource: src.Resource.String(),
|
||||
Subject: src.Subject.String(),
|
||||
Ticket: src.Ticket,
|
||||
}
|
||||
}
|
||||
|
||||
func (t *Ticket) Populate(dst *domain.Ticket) {
|
||||
dst.Ticket = t.Ticket
|
||||
dst.Subject, _ = domain.ParseMe(t.Subject)
|
||||
dst.Resource, _ = url.Parse(t.Resource)
|
||||
}
|
|
@ -1,82 +0,0 @@
|
|||
package sqlite3_test
|
||||
|
||||
import (
|
||||
"context"
|
||||
"regexp"
|
||||
"testing"
|
||||
|
||||
"github.com/DATA-DOG/go-sqlmock"
|
||||
|
||||
"source.toby3d.me/toby3d/auth/internal/domain"
|
||||
"source.toby3d.me/toby3d/auth/internal/testing/sqltest"
|
||||
repository "source.toby3d.me/toby3d/auth/internal/ticket/repository/sqlite3"
|
||||
)
|
||||
|
||||
// nolint: gochecknoglobals // slices cannot be contants
|
||||
var tableColumns = []string{"created_at", "resource", "subject", "ticket"}
|
||||
|
||||
func TestCreate(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
ticket := domain.TestTicket(t)
|
||||
model := repository.NewTicket(ticket)
|
||||
db, mock, cleanup := sqltest.Open(t)
|
||||
t.Cleanup(cleanup)
|
||||
|
||||
createTable(t, mock)
|
||||
mock.ExpectExec(regexp.QuoteMeta(`INSERT INTO tickets`)).
|
||||
WithArgs(
|
||||
sqltest.Time{},
|
||||
model.Resource,
|
||||
model.Subject,
|
||||
model.Ticket,
|
||||
).
|
||||
WillReturnResult(sqlmock.NewResult(1, 1))
|
||||
|
||||
if err := repository.NewSQLite3TicketRepository(db, domain.TestConfig(t)).
|
||||
Create(context.Background(), *ticket); err != nil {
|
||||
t.Error(err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestGetAndDelete(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
ticket := domain.TestTicket(t)
|
||||
model := repository.NewTicket(ticket)
|
||||
db, mock, cleanup := sqltest.Open(t)
|
||||
t.Cleanup(cleanup)
|
||||
|
||||
createTable(t, mock)
|
||||
mock.ExpectBegin()
|
||||
mock.ExpectQuery(regexp.QuoteMeta(`SELECT * FROM tickets`)).
|
||||
WithArgs(model.Ticket).
|
||||
WillReturnRows(sqlmock.NewRows(tableColumns).
|
||||
AddRow(
|
||||
model.CreatedAt.Time,
|
||||
model.Resource,
|
||||
model.Subject,
|
||||
model.Ticket,
|
||||
))
|
||||
mock.ExpectExec(regexp.QuoteMeta(`DELETE FROM tickets`)).
|
||||
WithArgs(model.Ticket).
|
||||
WillReturnResult(sqlmock.NewResult(1, 1))
|
||||
mock.ExpectCommit()
|
||||
|
||||
result, err := repository.NewSQLite3TicketRepository(db, domain.TestConfig(t)).
|
||||
GetAndDelete(context.Background(), ticket.Ticket)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
if result.Ticket != ticket.Ticket {
|
||||
t.Errorf("GetAndDelete(%s) = %+v, want %+v", ticket.Ticket, result, ticket)
|
||||
}
|
||||
}
|
||||
|
||||
func createTable(tb testing.TB, mock sqlmock.Sqlmock) {
|
||||
tb.Helper()
|
||||
|
||||
mock.ExpectExec(regexp.QuoteMeta(repository.QueryTable)).
|
||||
WillReturnResult(sqlmock.NewResult(1, 1))
|
||||
}
|
|
@ -1,24 +0,0 @@
|
|||
package ticket
|
||||
|
||||
import (
|
||||
"context"
|
||||
|
||||
"source.toby3d.me/toby3d/auth/internal/domain"
|
||||
)
|
||||
|
||||
type UseCase interface {
|
||||
Generate(ctx context.Context, ticket domain.Ticket) error
|
||||
|
||||
// Redeem transform received ticket into access token.
|
||||
Redeem(ctx context.Context, ticket domain.Ticket) (*domain.Token, error)
|
||||
Exchange(ctx context.Context, ticket string) (*domain.Token, error)
|
||||
}
|
||||
|
||||
var (
|
||||
ErrTicketEndpointNotExist error = domain.NewError(
|
||||
domain.ErrorCodeServerError, "ticket_endpoint not found on ticket resource", "",
|
||||
)
|
||||
ErrTokenEndpointNotExist error = domain.NewError(
|
||||
domain.ErrorCodeServerError, "token_endpoint not found on ticket resource", "",
|
||||
)
|
||||
)
|
|
@ -1,175 +0,0 @@
|
|||
package usecase
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"context"
|
||||
"fmt"
|
||||
"io"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"time"
|
||||
|
||||
"github.com/goccy/go-json"
|
||||
|
||||
"source.toby3d.me/toby3d/auth/internal/common"
|
||||
"source.toby3d.me/toby3d/auth/internal/domain"
|
||||
"source.toby3d.me/toby3d/auth/internal/httputil"
|
||||
"source.toby3d.me/toby3d/auth/internal/ticket"
|
||||
)
|
||||
|
||||
type (
|
||||
//nolint:tagliatelle // https://indieauth.net/source/#access-token-response
|
||||
AccessToken struct {
|
||||
Me *domain.Me `json:"me"`
|
||||
Profile *Profile `json:"profile,omitempty"`
|
||||
AccessToken string `json:"access_token"`
|
||||
RefreshToken string `json:"refresh_token"`
|
||||
ExpiresIn int64 `json:"expires_in,omitempty"`
|
||||
}
|
||||
|
||||
Profile struct {
|
||||
Email *domain.Email `json:"email,omitempty"`
|
||||
Photo *domain.URL `json:"photo,omitempty"`
|
||||
URL *domain.URL `json:"url,omitempty"`
|
||||
Name string `json:"name,omitempty"`
|
||||
}
|
||||
|
||||
ticketUseCase struct {
|
||||
config *domain.Config
|
||||
client *http.Client
|
||||
tickets ticket.Repository
|
||||
}
|
||||
)
|
||||
|
||||
func NewTicketUseCase(tickets ticket.Repository, client *http.Client, config *domain.Config) ticket.UseCase {
|
||||
return &ticketUseCase{
|
||||
client: client,
|
||||
tickets: tickets,
|
||||
config: config,
|
||||
}
|
||||
}
|
||||
|
||||
func (useCase *ticketUseCase) Generate(ctx context.Context, tkt domain.Ticket) error {
|
||||
resp, err := useCase.client.Get(tkt.Subject.String())
|
||||
if err != nil {
|
||||
return fmt.Errorf("cannot discovery ticket subject: %w", err)
|
||||
}
|
||||
|
||||
body, err := io.ReadAll(resp.Body)
|
||||
if err != nil {
|
||||
return fmt.Errorf("cannot read response body: %w", err)
|
||||
}
|
||||
|
||||
buf := bytes.NewReader(body)
|
||||
ticketEndpoint := new(url.URL)
|
||||
|
||||
// NOTE(toby3d): find metadata first
|
||||
metadata, err := httputil.ExtractFromMetadata(useCase.client, tkt.Subject.String())
|
||||
if err == nil && metadata != nil {
|
||||
ticketEndpoint = metadata.TicketEndpoint
|
||||
} else { // NOTE(toby3d): fallback to old links searching
|
||||
endpoints := httputil.ExtractEndpoints(buf, tkt.Subject.URL(), resp.Header.Get(common.HeaderLink),
|
||||
"ticket_endpoint")
|
||||
if len(endpoints) > 0 {
|
||||
ticketEndpoint = endpoints[len(endpoints)-1]
|
||||
}
|
||||
}
|
||||
|
||||
if ticketEndpoint == nil {
|
||||
return ticket.ErrTicketEndpointNotExist
|
||||
}
|
||||
|
||||
if err = useCase.tickets.Create(ctx, tkt); err != nil {
|
||||
return fmt.Errorf("cannot save ticket in store: %w", err)
|
||||
}
|
||||
|
||||
payload := make(url.Values)
|
||||
payload.Set("ticket", tkt.Ticket)
|
||||
payload.Set("subject", tkt.Subject.String())
|
||||
payload.Set("resource", tkt.Resource.String())
|
||||
|
||||
if _, err = useCase.client.PostForm(ticketEndpoint.String(), payload); err != nil {
|
||||
return fmt.Errorf("cannot send ticket to subject ticket_endpoint: %w", err)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (useCase *ticketUseCase) Redeem(ctx context.Context, tkt domain.Ticket) (*domain.Token, error) {
|
||||
resp, err := useCase.client.Get(tkt.Resource.String())
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("cannot discovery ticket resource: %w", err)
|
||||
}
|
||||
|
||||
body, err := io.ReadAll(resp.Body)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("cannot read response body: %w", err)
|
||||
}
|
||||
|
||||
buf := bytes.NewReader(body)
|
||||
tokenEndpoint := new(url.URL)
|
||||
|
||||
// NOTE(toby3d): find metadata first
|
||||
metadata, err := httputil.ExtractFromMetadata(useCase.client, tkt.Resource.String())
|
||||
if err == nil && metadata != nil {
|
||||
tokenEndpoint = metadata.TokenEndpoint
|
||||
} else { // NOTE(toby3d): fallback to old links searching
|
||||
endpoints := httputil.ExtractEndpoints(buf, tkt.Resource, resp.Header.Get(common.HeaderLink),
|
||||
"token_endpoint")
|
||||
if len(endpoints) > 0 {
|
||||
tokenEndpoint = endpoints[len(endpoints)-1]
|
||||
}
|
||||
}
|
||||
|
||||
if tokenEndpoint == nil || tokenEndpoint.String() == "" {
|
||||
return nil, ticket.ErrTokenEndpointNotExist
|
||||
}
|
||||
|
||||
payload := make(url.Values)
|
||||
payload.Set("grant_type", domain.GrantTypeTicket.String())
|
||||
payload.Set("ticket", tkt.Ticket)
|
||||
|
||||
resp, err = useCase.client.PostForm(tokenEndpoint.String(), payload)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("cannot exchange ticket on token_endpoint: %w", err)
|
||||
}
|
||||
|
||||
data := new(AccessToken)
|
||||
if err := json.NewDecoder(resp.Body).Decode(data); err != nil {
|
||||
return nil, fmt.Errorf("cannot unmarshal access token response: %w", err)
|
||||
}
|
||||
|
||||
return &domain.Token{
|
||||
CreatedAt: time.Now().UTC(),
|
||||
Expiry: time.Unix(data.ExpiresIn, 0),
|
||||
Scope: nil, // TODO(toby3d)
|
||||
// TODO(toby3d): should this also include client_id?
|
||||
// https://github.com/indieweb/indieauth/issues/85
|
||||
ClientID: domain.ClientID{},
|
||||
Me: *data.Me,
|
||||
AccessToken: data.AccessToken,
|
||||
RefreshToken: "", // TODO(toby3d)
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (useCase *ticketUseCase) Exchange(ctx context.Context, ticket string) (*domain.Token, error) {
|
||||
tkt, err := useCase.tickets.GetAndDelete(ctx, ticket)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("cannot find provided ticket: %w", err)
|
||||
}
|
||||
|
||||
token, err := domain.NewToken(domain.NewTokenOptions{
|
||||
Expiration: useCase.config.JWT.Expiry,
|
||||
Scope: domain.Scopes{domain.ScopeRead},
|
||||
Issuer: domain.ClientID{},
|
||||
Subject: *tkt.Subject,
|
||||
Secret: []byte(useCase.config.JWT.Secret),
|
||||
Algorithm: useCase.config.JWT.Algorithm,
|
||||
NonceLength: useCase.config.JWT.NonceLength,
|
||||
})
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("cannot generate a new access token: %w", err)
|
||||
}
|
||||
|
||||
return token, nil
|
||||
}
|
|
@ -1,56 +0,0 @@
|
|||
package usecase_test
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"net/url"
|
||||
"testing"
|
||||
|
||||
"source.toby3d.me/toby3d/auth/internal/common"
|
||||
"source.toby3d.me/toby3d/auth/internal/domain"
|
||||
ucase "source.toby3d.me/toby3d/auth/internal/ticket/usecase"
|
||||
)
|
||||
|
||||
func TestRedeem(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
token := domain.TestToken(t)
|
||||
ticket := domain.TestTicket(t)
|
||||
|
||||
tokenServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
if r.Method != http.MethodPost {
|
||||
http.Error(w, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
w.Header().Set(common.HeaderContentType, common.MIMEApplicationJSONCharsetUTF8)
|
||||
fmt.Fprintf(w, `{
|
||||
"token_type": "Bearer",
|
||||
"access_token": "%s",
|
||||
"scope": "%s",
|
||||
"me": "%s"
|
||||
}`, token.AccessToken, token.Scope.String(), token.Me.String())
|
||||
}))
|
||||
t.Cleanup(tokenServer.Close)
|
||||
|
||||
subjectServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
|
||||
w.Header().Set(common.HeaderContentType, common.MIMETextHTMLCharsetUTF8)
|
||||
fmt.Fprint(w, `<link rel="token_endpoint" href="`+tokenServer.URL+`/token">`)
|
||||
}))
|
||||
t.Cleanup(subjectServer.Close)
|
||||
|
||||
ticket.Resource, _ = url.Parse(subjectServer.URL + "/")
|
||||
|
||||
result, err := ucase.NewTicketUseCase(nil, subjectServer.Client(), domain.TestConfig(t)).
|
||||
Redeem(context.Background(), *ticket)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
if result.String() != token.String() {
|
||||
t.Errorf("Redeem(%+v) = %s, want %s", ticket, result, token)
|
||||
}
|
||||
}
|
|
@ -9,22 +9,19 @@ import (
|
|||
"source.toby3d.me/toby3d/auth/internal/common"
|
||||
"source.toby3d.me/toby3d/auth/internal/domain"
|
||||
"source.toby3d.me/toby3d/auth/internal/middleware"
|
||||
"source.toby3d.me/toby3d/auth/internal/ticket"
|
||||
"source.toby3d.me/toby3d/auth/internal/token"
|
||||
"source.toby3d.me/toby3d/auth/internal/urlutil"
|
||||
)
|
||||
|
||||
type Handler struct {
|
||||
config *domain.Config
|
||||
tokens token.UseCase
|
||||
tickets ticket.UseCase
|
||||
config domain.Config
|
||||
tokens token.UseCase
|
||||
}
|
||||
|
||||
func NewHandler(tokens token.UseCase, tickets ticket.UseCase, config *domain.Config) *Handler {
|
||||
func NewHandler(tokens token.UseCase, config domain.Config) *Handler {
|
||||
return &Handler{
|
||||
config: config,
|
||||
tokens: tokens,
|
||||
tickets: tickets,
|
||||
config: config,
|
||||
tokens: tokens,
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -144,13 +141,10 @@ func (h *Handler) handleAction(w http.ResponseWriter, r *http.Request) {
|
|||
switch action {
|
||||
case domain.ActionRevoke:
|
||||
h.handleRevokation(w, r)
|
||||
case domain.ActionTicket:
|
||||
h.handleTicket(w, r)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
//nolint:funlen
|
||||
func (h *Handler) handleExchange(w http.ResponseWriter, r *http.Request) {
|
||||
if r.Method != http.MethodPost {
|
||||
http.Error(w, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed)
|
||||
|
@ -190,35 +184,10 @@ func (h *Handler) handleExchange(w http.ResponseWriter, r *http.Request) {
|
|||
AccessToken: token.AccessToken,
|
||||
ExpiresIn: token.Expiry.Unix(),
|
||||
Me: token.Me.String(),
|
||||
Profile: nil,
|
||||
Profile: NewTokenProfileResponse(profile),
|
||||
RefreshToken: "", // TODO(toby3d)
|
||||
}
|
||||
|
||||
if profile == nil {
|
||||
_ = encoder.Encode(resp)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
resp.Profile = &TokenProfileResponse{
|
||||
Name: profile.GetName(),
|
||||
URL: "",
|
||||
Photo: "",
|
||||
Email: "",
|
||||
}
|
||||
|
||||
if url := profile.GetURL(); url != nil {
|
||||
resp.Profile.URL = url.String()
|
||||
}
|
||||
|
||||
if photo := profile.GetPhoto(); photo != nil {
|
||||
resp.Profile.Photo = photo.String()
|
||||
}
|
||||
|
||||
if email := profile.GetEmail(); email != nil {
|
||||
resp.Profile.Email = email.String()
|
||||
}
|
||||
|
||||
_ = encoder.Encode(resp)
|
||||
|
||||
w.WriteHeader(http.StatusOK)
|
||||
|
@ -256,44 +225,3 @@ func (h *Handler) handleRevokation(w http.ResponseWriter, r *http.Request) {
|
|||
|
||||
w.WriteHeader(http.StatusOK)
|
||||
}
|
||||
|
||||
func (h *Handler) handleTicket(w http.ResponseWriter, r *http.Request) {
|
||||
if r.Method != http.MethodPost {
|
||||
http.Error(w, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
w.Header().Set(common.HeaderContentType, common.MIMEApplicationJSONCharsetUTF8)
|
||||
|
||||
encoder := json.NewEncoder(w)
|
||||
|
||||
req := new(TokenTicketRequest)
|
||||
if err := req.bind(r); err != nil {
|
||||
w.WriteHeader(http.StatusBadRequest)
|
||||
|
||||
_ = encoder.Encode(err)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
tkn, err := h.tickets.Exchange(r.Context(), req.Ticket)
|
||||
if err != nil {
|
||||
w.WriteHeader(http.StatusInternalServerError)
|
||||
|
||||
_ = encoder.Encode(domain.NewError(domain.ErrorCodeInvalidRequest, err.Error(),
|
||||
"https://indieauth.net/source/#request"))
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
_ = encoder.Encode(&TokenExchangeResponse{
|
||||
AccessToken: tkn.AccessToken,
|
||||
Me: tkn.Me.String(),
|
||||
Profile: nil,
|
||||
ExpiresIn: tkn.Expiry.Unix(),
|
||||
RefreshToken: "", // TODO(toby3d)
|
||||
})
|
||||
|
||||
w.WriteHeader(http.StatusOK)
|
||||
}
|
||||
|
|
|
@ -37,11 +37,6 @@ type (
|
|||
Token string `form:"token"`
|
||||
}
|
||||
|
||||
TokenTicketRequest struct {
|
||||
Action domain.Action `form:"action"`
|
||||
Ticket string `form:"ticket"`
|
||||
}
|
||||
|
||||
TokenIntrospectRequest struct {
|
||||
Token string `form:"token"`
|
||||
}
|
||||
|
@ -113,6 +108,35 @@ type (
|
|||
TokenRevocationResponse struct{}
|
||||
)
|
||||
|
||||
func NewTokenProfileResponse(in *domain.Profile) *TokenProfileResponse {
|
||||
out := &TokenProfileResponse{
|
||||
Name: "",
|
||||
URL: "",
|
||||
Photo: "",
|
||||
Email: "",
|
||||
}
|
||||
|
||||
if in == nil {
|
||||
return out
|
||||
}
|
||||
|
||||
out.Name = in.Name
|
||||
|
||||
if in.URL != nil {
|
||||
out.URL = in.URL.String()
|
||||
}
|
||||
|
||||
if in.Photo != nil {
|
||||
out.Photo = in.Photo.String()
|
||||
}
|
||||
|
||||
if in.Email != nil {
|
||||
out.Email = in.Email.String()
|
||||
}
|
||||
|
||||
return out
|
||||
}
|
||||
|
||||
func (r *TokenExchangeRequest) bind(req *http.Request) error {
|
||||
indieAuthError := new(domain.Error)
|
||||
|
||||
|
@ -165,24 +189,6 @@ func (r *TokenRevocationRequest) bind(req *http.Request) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
func (r *TokenTicketRequest) bind(req *http.Request) error {
|
||||
indieAuthError := new(domain.Error)
|
||||
|
||||
if err := form.Unmarshal([]byte(req.URL.Query().Encode()), r); err != nil {
|
||||
if errors.As(err, indieAuthError) {
|
||||
return indieAuthError
|
||||
}
|
||||
|
||||
return domain.NewError(
|
||||
domain.ErrorCodeInvalidRequest,
|
||||
err.Error(),
|
||||
"https://indieauth.net/source/#request",
|
||||
)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (r *TokenIntrospectRequest) bind(req *http.Request) error {
|
||||
indieAuthError := new(domain.Error)
|
||||
|
||||
|
|
|
@ -17,9 +17,6 @@ import (
|
|||
profilerepo "source.toby3d.me/toby3d/auth/internal/profile/repository/memory"
|
||||
"source.toby3d.me/toby3d/auth/internal/session"
|
||||
sessionrepo "source.toby3d.me/toby3d/auth/internal/session/repository/memory"
|
||||
"source.toby3d.me/toby3d/auth/internal/ticket"
|
||||
ticketrepo "source.toby3d.me/toby3d/auth/internal/ticket/repository/memory"
|
||||
ticketucase "source.toby3d.me/toby3d/auth/internal/ticket/usecase"
|
||||
"source.toby3d.me/toby3d/auth/internal/token"
|
||||
delivery "source.toby3d.me/toby3d/auth/internal/token/delivery/http"
|
||||
tokenrepo "source.toby3d.me/toby3d/auth/internal/token/repository/memory"
|
||||
|
@ -27,15 +24,13 @@ import (
|
|||
)
|
||||
|
||||
type Dependencies struct {
|
||||
client *http.Client
|
||||
config *domain.Config
|
||||
profiles profile.Repository
|
||||
sessions session.Repository
|
||||
tickets ticket.Repository
|
||||
ticketService ticket.UseCase
|
||||
token *domain.Token
|
||||
tokens token.Repository
|
||||
tokenService token.UseCase
|
||||
client *http.Client
|
||||
config *domain.Config
|
||||
profiles profile.Repository
|
||||
sessions session.Repository
|
||||
token *domain.Token
|
||||
tokens token.Repository
|
||||
tokenService token.UseCase
|
||||
}
|
||||
|
||||
/* TODO(toby3d)
|
||||
|
@ -55,7 +50,7 @@ func TestIntrospection(t *testing.T) {
|
|||
req.Header.Set(common.HeaderContentType, common.MIMEApplicationForm)
|
||||
|
||||
w := httptest.NewRecorder()
|
||||
delivery.NewHandler(deps.tokenService, deps.ticketService, deps.config).
|
||||
delivery.NewHandler(deps.tokenService, *deps.config).
|
||||
ServeHTTP(w, req)
|
||||
|
||||
resp := w.Result()
|
||||
|
@ -89,7 +84,7 @@ func TestRevocation(t *testing.T) {
|
|||
req.Header.Set(common.HeaderAccept, common.MIMEApplicationJSON)
|
||||
|
||||
w := httptest.NewRecorder()
|
||||
delivery.NewHandler(deps.tokenService, deps.ticketService, deps.config).
|
||||
delivery.NewHandler(deps.tokenService, *deps.config).
|
||||
ServeHTTP(w, req)
|
||||
|
||||
resp := w.Result()
|
||||
|
@ -126,25 +121,21 @@ func NewDependencies(tb testing.TB) Dependencies {
|
|||
token := domain.TestToken(tb)
|
||||
profiles := profilerepo.NewMemoryProfileRepository()
|
||||
sessions := sessionrepo.NewMemorySessionRepository(*config)
|
||||
tickets := ticketrepo.NewMemoryTicketRepository(*config)
|
||||
tokens := tokenrepo.NewMemoryTokenRepository()
|
||||
ticketService := ticketucase.NewTicketUseCase(tickets, client, config)
|
||||
tokenService := tokenucase.NewTokenUseCase(tokenucase.Config{
|
||||
Config: config,
|
||||
Config: *config,
|
||||
Profiles: profiles,
|
||||
Sessions: sessions,
|
||||
Tokens: tokens,
|
||||
})
|
||||
|
||||
return Dependencies{
|
||||
client: client,
|
||||
config: config,
|
||||
profiles: profiles,
|
||||
sessions: sessions,
|
||||
tickets: tickets,
|
||||
ticketService: ticketService,
|
||||
token: token,
|
||||
tokens: tokens,
|
||||
tokenService: tokenService,
|
||||
client: client,
|
||||
config: config,
|
||||
profiles: profiles,
|
||||
sessions: sessions,
|
||||
token: token,
|
||||
tokens: tokens,
|
||||
tokenService: tokenService,
|
||||
}
|
||||
}
|
||||
|
|
|
@ -16,17 +16,17 @@ import (
|
|||
|
||||
type (
|
||||
Config struct {
|
||||
Config *domain.Config
|
||||
Profiles profile.Repository
|
||||
Sessions session.Repository
|
||||
Tokens token.Repository
|
||||
Config domain.Config
|
||||
}
|
||||
|
||||
tokenUseCase struct {
|
||||
config *domain.Config
|
||||
profiles profile.Repository
|
||||
sessions session.Repository
|
||||
tokens token.Repository
|
||||
config domain.Config
|
||||
}
|
||||
)
|
||||
|
||||
|
@ -132,7 +132,7 @@ func (uc *tokenUseCase) Verify(ctx context.Context, accessToken string) (*domain
|
|||
return result, nil, nil //nolint:nilerr // it's okay to return result without profile
|
||||
}
|
||||
|
||||
if !result.Scope.Has(domain.ScopeEmail) && len(profile.Email) > 0 {
|
||||
if !result.Scope.Has(domain.ScopeEmail) && profile.Email != nil {
|
||||
profile.Email = nil
|
||||
}
|
||||
|
||||
|
|
|
@ -45,7 +45,7 @@ func TestExchange(t *testing.T) {
|
|||
}
|
||||
|
||||
tkn, userInfo, err := usecase.NewTokenUseCase(usecase.Config{
|
||||
Config: deps.config,
|
||||
Config: *deps.config,
|
||||
Profiles: deps.profiles,
|
||||
Sessions: deps.sessions,
|
||||
Tokens: deps.tokens,
|
||||
|
@ -68,7 +68,7 @@ func TestVerify(t *testing.T) {
|
|||
|
||||
deps := NewDependencies(t)
|
||||
ucase := usecase.NewTokenUseCase(usecase.Config{
|
||||
Config: deps.config,
|
||||
Config: *deps.config,
|
||||
Profiles: deps.profiles,
|
||||
Sessions: deps.sessions,
|
||||
Tokens: deps.tokens,
|
||||
|
@ -115,7 +115,7 @@ func TestRevoke(t *testing.T) {
|
|||
|
||||
deps := NewDependencies(t)
|
||||
if err := usecase.NewTokenUseCase(usecase.Config{
|
||||
Config: deps.config,
|
||||
Config: *deps.config,
|
||||
Profiles: deps.profiles,
|
||||