From fbac1b1e860f8b8f1aed3f9cde12d5efb331914a Mon Sep 17 00:00:00 2001
From: Niall Sheridan <nsheridan@gmail.com>
Date: Wed, 20 Apr 2016 22:12:14 +0100
Subject: Add comments.

---
 server/auth/google/google.go | 10 ++++++++++
 server/auth/provider.go      |  4 ++++
 server/main.go               |  2 +-
 server/signer/signer.go      |  5 ++++-
 4 files changed, 19 insertions(+), 2 deletions(-)

(limited to 'server')

diff --git a/server/auth/google/google.go b/server/auth/google/google.go
index 5580002..d464b14 100644
--- a/server/auth/google/google.go
+++ b/server/auth/google/google.go
@@ -18,11 +18,14 @@ const (
 	name      = "google"
 )
 
+// Config is an implementation of `auth.Provider` for authenticating using a
+// Google account.
 type Config struct {
 	config *oauth2.Config
 	domain string
 }
 
+// New creates a new Google provider from a configuration.
 func New(c *config.Auth) auth.Provider {
 	return &Config{
 		config: &oauth2.Config{
@@ -36,14 +39,17 @@ func New(c *config.Auth) auth.Provider {
 	}
 }
 
+// A new oauth2 http client.
 func (c *Config) newClient(token *oauth2.Token) *http.Client {
 	return c.config.Client(oauth2.NoContext, token)
 }
 
+// Name returns the name of the provider.
 func (c *Config) Name() string {
 	return name
 }
 
+// Valid validates the oauth token.
 func (c *Config) Valid(token *oauth2.Token) bool {
 	if !token.Valid() {
 		return false
@@ -70,12 +76,14 @@ func (c *Config) Valid(token *oauth2.Token) bool {
 	return true
 }
 
+// Revoke disables the access token.
 func (c *Config) Revoke(token *oauth2.Token) error {
 	h := c.newClient(token)
 	_, err := h.Get(fmt.Sprintf(revokeURL, token.AccessToken))
 	return err
 }
 
+// StartSession retrieves an authentication endpoint from Google.
 func (c *Config) StartSession(state string) *auth.Session {
 	return &auth.Session{
 		AuthURL: c.config.AuthCodeURL(state, oauth2.SetAuthURLParam("hd", c.domain)),
@@ -83,10 +91,12 @@ func (c *Config) StartSession(state string) *auth.Session {
 	}
 }
 
+// Exchange authorizes the session and returns an access token.
 func (c *Config) Exchange(code string) (*oauth2.Token, error) {
 	return c.config.Exchange(oauth2.NoContext, code)
 }
 
+// Username retrieves the username portion of the user's email address.
 func (c *Config) Username(token *oauth2.Token) string {
 	svc, err := googleapi.New(c.newClient(token))
 	if err != nil {
diff --git a/server/auth/provider.go b/server/auth/provider.go
index ae512bd..d7d5ed5 100644
--- a/server/auth/provider.go
+++ b/server/auth/provider.go
@@ -2,6 +2,7 @@ package auth
 
 import "golang.org/x/oauth2"
 
+// Provider is an abstraction of different auth methods.
 type Provider interface {
 	Name() string
 	StartSession(string) *Session
@@ -11,12 +12,15 @@ type Provider interface {
 	Revoke(*oauth2.Token) error
 }
 
+// Session stores authentication state.
 type Session struct {
 	AuthURL string
 	Token   *oauth2.Token
 	State   string
 }
 
+// Authorize obtains data from the provider and retains an access token that
+// can be stored for later access.
 func (s *Session) Authorize(provider Provider, code string) error {
 	t, err := provider.Exchange(code)
 	if err != nil {
diff --git a/server/main.go b/server/main.go
index 500e713..6530343 100644
--- a/server/main.go
+++ b/server/main.go
@@ -184,7 +184,7 @@ func main() {
 	if err != nil {
 		log.Fatal(err)
 	}
-	signer, err := signer.NewSigner(config.SSH)
+	signer, err := signer.New(config.SSH)
 	if err != nil {
 		log.Fatal(err)
 	}
diff --git a/server/signer/signer.go b/server/signer/signer.go
index 4594c35..f897195 100644
--- a/server/signer/signer.go
+++ b/server/signer/signer.go
@@ -11,6 +11,7 @@ import (
 	"golang.org/x/crypto/ssh"
 )
 
+// KeySigner does the work of signing a ssh public key with the CA key.
 type KeySigner struct {
 	ca          ssh.Signer
 	validity    time.Duration
@@ -18,6 +19,7 @@ type KeySigner struct {
 	permissions map[string]string
 }
 
+// SignUserKey returns a signed ssh certificate.
 func (s *KeySigner) SignUserKey(req *lib.SignRequest) (string, error) {
 	pubkey, _, _, _, err := ssh.ParseAuthorizedKey([]byte(req.Key))
 	if err != nil {
@@ -63,7 +65,8 @@ func makeperms(perms []string) map[string]string {
 	}
 }
 
-func NewSigner(conf config.SSH) (*KeySigner, error) {
+// New creates a new KeySigner from the supplied configuration.
+func New(conf config.SSH) (*KeySigner, error) {
 	data, err := ioutil.ReadFile(conf.SigningKey)
 	if err != nil {
 		return nil, fmt.Errorf("unable to read CA key %s: %v", conf.SigningKey, err)
-- 
cgit v1.2.3