aboutsummaryrefslogtreecommitdiff
path: root/server/auth
diff options
context:
space:
mode:
Diffstat (limited to 'server/auth')
-rw-r--r--server/auth/google/google.go10
-rw-r--r--server/auth/provider.go4
2 files changed, 14 insertions, 0 deletions
diff --git a/server/auth/google/google.go b/server/auth/google/google.go
index 5580002..d464b14 100644
--- a/server/auth/google/google.go
+++ b/server/auth/google/google.go
@@ -18,11 +18,14 @@ const (
name = "google"
)
+// Config is an implementation of `auth.Provider` for authenticating using a
+// Google account.
type Config struct {
config *oauth2.Config
domain string
}
+// New creates a new Google provider from a configuration.
func New(c *config.Auth) auth.Provider {
return &Config{
config: &oauth2.Config{
@@ -36,14 +39,17 @@ func New(c *config.Auth) auth.Provider {
}
}
+// A new oauth2 http client.
func (c *Config) newClient(token *oauth2.Token) *http.Client {
return c.config.Client(oauth2.NoContext, token)
}
+// Name returns the name of the provider.
func (c *Config) Name() string {
return name
}
+// Valid validates the oauth token.
func (c *Config) Valid(token *oauth2.Token) bool {
if !token.Valid() {
return false
@@ -70,12 +76,14 @@ func (c *Config) Valid(token *oauth2.Token) bool {
return true
}
+// Revoke disables the access token.
func (c *Config) Revoke(token *oauth2.Token) error {
h := c.newClient(token)
_, err := h.Get(fmt.Sprintf(revokeURL, token.AccessToken))
return err
}
+// StartSession retrieves an authentication endpoint from Google.
func (c *Config) StartSession(state string) *auth.Session {
return &auth.Session{
AuthURL: c.config.AuthCodeURL(state, oauth2.SetAuthURLParam("hd", c.domain)),
@@ -83,10 +91,12 @@ func (c *Config) StartSession(state string) *auth.Session {
}
}
+// Exchange authorizes the session and returns an access token.
func (c *Config) Exchange(code string) (*oauth2.Token, error) {
return c.config.Exchange(oauth2.NoContext, code)
}
+// Username retrieves the username portion of the user's email address.
func (c *Config) Username(token *oauth2.Token) string {
svc, err := googleapi.New(c.newClient(token))
if err != nil {
diff --git a/server/auth/provider.go b/server/auth/provider.go
index ae512bd..d7d5ed5 100644
--- a/server/auth/provider.go
+++ b/server/auth/provider.go
@@ -2,6 +2,7 @@ package auth
import "golang.org/x/oauth2"
+// Provider is an abstraction of different auth methods.
type Provider interface {
Name() string
StartSession(string) *Session
@@ -11,12 +12,15 @@ type Provider interface {
Revoke(*oauth2.Token) error
}
+// Session stores authentication state.
type Session struct {
AuthURL string
Token *oauth2.Token
State string
}
+// Authorize obtains data from the provider and retains an access token that
+// can be stored for later access.
func (s *Session) Authorize(provider Provider, code string) error {
t, err := provider.Exchange(code)
if err != nil {