diff options
| author | Niall Sheridan <nsheridan@gmail.com> | 2016-04-22 23:01:32 +0100 |
|---|---|---|
| committer | Niall Sheridan <nsheridan@gmail.com> | 2016-04-22 23:16:11 +0100 |
| commit | bd1e6a57fe354ccfe51d295fec3c06a1c878c3f7 (patch) | |
| tree | 8741e4537293221e64d5bf9dc6df3b9fb8816bc6 /server/auth/github/github.go | |
| parent | 5a57870d808f1601d85a35d08429b9ae19dafe93 (diff) | |
Add github oauth provider.
Diffstat (limited to 'server/auth/github/github.go')
| -rw-r--r-- | server/auth/github/github.go | 95 |
1 files changed, 95 insertions, 0 deletions
diff --git a/server/auth/github/github.go b/server/auth/github/github.go new file mode 100644 index 0000000..da12531 --- /dev/null +++ b/server/auth/github/github.go @@ -0,0 +1,95 @@ +package github + +import ( + "net/http" + + "github.com/nsheridan/cashier/server/auth" + "github.com/nsheridan/cashier/server/config" + + githubapi "github.com/google/go-github/github" + "golang.org/x/oauth2" + "golang.org/x/oauth2/github" +) + +const ( + // revokeURL = "https://accounts.google.com/o/oauth2/revoke?token=%s" + name = "github" +) + +// Config is an implementation of `auth.Provider` for authenticating using a +// Github account. +type Config struct { + config *oauth2.Config + organization string +} + +// New creates a new Github provider from a configuration. +func New(c *config.Auth) auth.Provider { + return &Config{ + config: &oauth2.Config{ + ClientID: c.OauthClientID, + ClientSecret: c.OauthClientSecret, + RedirectURL: c.OauthCallbackURL, + Endpoint: github.Endpoint, + Scopes: []string{ + string(githubapi.ScopeUser), + string(githubapi.ScopeReadOrg), + }, + }, + organization: c.ProviderOpts["organization"], + } +} + +// A new oauth2 http client. +func (c *Config) newClient(token *oauth2.Token) *http.Client { + return c.config.Client(oauth2.NoContext, token) +} + +// Name returns the name of the provider. +func (c *Config) Name() string { + return name +} + +// Valid validates the oauth token. +func (c *Config) Valid(token *oauth2.Token) bool { + if !token.Valid() { + return false + } + if c.organization == "" { + return true + } + client := githubapi.NewClient(c.newClient(token)) + member, _, err := client.Organizations.IsMember(c.organization, c.Username(token)) + if err != nil { + return false + } + return member +} + +// Revoke disables the access token. +func (c *Config) Revoke(token *oauth2.Token) error { + return nil +} + +// StartSession retrieves an authentication endpoint from Github. +func (c *Config) StartSession(state string) *auth.Session { + return &auth.Session{ + AuthURL: c.config.AuthCodeURL(state), + State: state, + } +} + +// Exchange authorizes the session and returns an access token. +func (c *Config) Exchange(code string) (*oauth2.Token, error) { + return c.config.Exchange(oauth2.NoContext, code) +} + +// Username retrieves the username portion of the user's email address. +func (c *Config) Username(token *oauth2.Token) string { + client := githubapi.NewClient(c.newClient(token)) + u, _, err := client.Users.Get("") + if err != nil { + return "" + } + return *u.Login +} |