-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathapi-auth.go
97 lines (79 loc) · 2.45 KB
/
api-auth.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
package main
import (
"bytes"
"crypto/rand"
"encoding/base64"
"encoding/json"
"io"
"net/http"
"net/url"
"github.com/spf13/viper"
)
// Response type from the Openplanet backend
type OpenplanetResponseAuth struct {
Error string `json:"error"`
AccountID string `json:"account_id"`
DisplayName string `json:"display_name"`
TokenTime int64 `json:"token_time"`
}
// Authentication response that we send to the client
type ResponseAuth struct {
AccountID string `json:"account_id"`
DisplayName string `json:"display_name"`
Secret string `json:"secret"`
}
func apiAuth(w http.ResponseWriter, r *http.Request) {
token := r.PostFormValue("t")
if token == "" {
sendError(w, "Missing token")
return
}
// Prepare data to send to the Openplanet backend
params := url.Values{}
params.Set("token", token)
params.Set("secret", viper.GetString("auth.secret"))
// Send data to Openplanet backend for token validation
body := bytes.NewReader([]byte(params.Encode()))
res, err := http.Post(viper.GetString("auth.base")+"/api/auth/validate", "application/x-www-form-urlencoded", body)
if err != nil {
sendError(w, "Couldn't communicate with Openplanet backend: "+err.Error())
return
}
// Read the response from the server
resBytes, _ := io.ReadAll(res.Body)
resAuth := OpenplanetResponseAuth{}
json.Unmarshal(resBytes, &resAuth)
// If there was an error, we must reject the token
if resAuth.Error != "" {
sendError(w, "Openplanet backend error: "+resAuth.Error)
return
}
// If we get here, the token can be considered valid as long as the account ID is expected
if resAuth.AccountID == "" {
sendError(w, "Unexpected account ID")
return
}
// Find an existing user with the authenticated account ID
user := User{}
gDatabase.Where("account_id", resAuth.AccountID).Find(&user)
// If the user is not yet in the database, create it here
if user.ID == 0 {
user.AccountID = resAuth.AccountID
}
// Update the display name in case it has changed
user.DisplayName = resAuth.DisplayName
// Generate a secret
b := make([]byte, 48)
rand.Read(b)
user.Secret = base64.URLEncoding.EncodeToString(b)
// Insert or update the user in the database
gDatabase.Save(&user)
// Send response to the client including our user secret
authResponse, _ := json.Marshal(ResponseAuth{
AccountID: user.AccountID,
DisplayName: user.DisplayName,
Secret: user.Secret,
})
w.Header().Set("Content-Type", "application/json")
w.Write(authResponse)
}