Move tokenSource from tsuru-client

pkg/client/client.go

@@ -1,8 +1,11 @@
 package client
 
 import (
+	"net/http"
+
 	"github.com/tsuru/go-tsuruclient/pkg/config"
 	"github.com/tsuru/go-tsuruclient/pkg/tsuru"
+	"golang.org/x/oauth2"
 )
 
 func ClientFromEnvironment(cfg *tsuru.Configuration) (*tsuru.APIClient, error) {
@@ -28,3 +31,25 @@ func ClientFromEnvironment(cfg *tsuru.Configuration) (*tsuru.APIClient, error) {
 	cli := tsuru.NewAPIClient(cfg)
 	return cli, nil
 }
+
+func RoundTripperAndTokenProvider() (http.RoundTripper, config.TokenProvider, error) {
+	tokenV2, err := config.ReadTokenV2()
+	if err != nil {
+		return nil, nil, err
+	}
+
+	teamToken := config.ReadTeamToken()
+	if tokenV2 != nil && tokenV2.Scheme == "oidc" && teamToken == "" {
+		oidcTokenSource := NewOIDCTokenSource(tokenV2)
+		tokenProvider := &OIDCTokenProvider{OAuthTokenSource: oidcTokenSource}
+
+		roundTripper := &oauth2.Transport{
+			Base:   http.DefaultTransport,
+			Source: oidcTokenSource,
+		}
+
+		return roundTripper, tokenProvider, nil
+	}
+
+	return NewTokenV1RoundTripper(), config.TokenProviderV1(), nil
+}

pkg/client/oidc.go

@@ -0,0 +1,69 @@
+package client
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"reflect"
+	"time"
+
+	"github.com/tsuru/go-tsuruclient/pkg/config"
+	"golang.org/x/oauth2"
+)
+
+func NewOIDCTokenSource(tokenV2 *config.TokenV2) oauth2.TokenSource {
+	baseTokenSource := tokenV2.OAuth2Config.TokenSource(context.Background(), tokenV2.OAuth2Token)
+	return newTokenSourceFSStorage(baseTokenSource, tokenV2)
+}
+
+type TokenSourceFSStorage struct {
+	BaseTokenSource oauth2.TokenSource
+	LastToken       *config.TokenV2
+}
+
+var _ oauth2.TokenSource = &TokenSourceFSStorage{}
+
+func (t *TokenSourceFSStorage) Token() (*oauth2.Token, error) {
+	newToken, err := t.BaseTokenSource.Token()
+	if err != nil {
+		return nil, err
+	}
+
+	if !reflect.DeepEqual(t.LastToken.OAuth2Token, newToken) {
+		fmt.Fprintf(os.Stderr, "The OIDC token was refreshed and expiry in %s\n", time.Since(newToken.Expiry)*-1)
+
+		t.LastToken.OAuth2Token = newToken
+		err = config.WriteTokenV2(*t.LastToken)
+		if err != nil {
+			fmt.Fprintf(os.Stderr, "Could not write refreshed token: %s\n", err.Error())
+			return nil, err
+		}
+
+		err = config.WriteTokenV1(newToken.AccessToken)
+		if err != nil {
+			fmt.Fprintf(os.Stderr, "Could not write legacy refreshed token: %s\n", err.Error())
+			return nil, err
+		}
+	}
+
+	return newToken, nil
+}
+
+func newTokenSourceFSStorage(baseTokenSource oauth2.TokenSource, tokenV2 *config.TokenV2) oauth2.TokenSource {
+	return &TokenSourceFSStorage{
+		BaseTokenSource: baseTokenSource,
+		LastToken:       tokenV2,
+	}
+}
+
+type OIDCTokenProvider struct {
+	OAuthTokenSource oauth2.TokenSource
+}
+
+func (ts *OIDCTokenProvider) Token() (string, error) {
+	t, err := ts.OAuthTokenSource.Token()
+	if err != nil {
+		return "", err
+	}
+	return t.AccessToken, nil
+}

pkg/client/token_v1_transport.go

@@ -0,0 +1,51 @@
+package client
+
+import (
+	"fmt"
+	"net/http"
+	"os"
+
+	"github.com/tsuru/go-tsuruclient/pkg/config"
+	tsuruerr "github.com/tsuru/tsuru/errors"
+)
+
+var errUnauthorized = &tsuruerr.HTTP{Code: http.StatusUnauthorized, Message: "unauthorized"}
+
+type TokenV1RoundTripper struct {
+	http.RoundTripper
+}
+
+func (v *TokenV1RoundTripper) RoundTrip(req *http.Request) (*http.Response, error) {
+	roundTripper := v.RoundTripper
+	if roundTripper == nil {
+		roundTripper = http.DefaultTransport
+	}
+
+	if token, err := config.ReadTokenV1(); err == nil && token != "" {
+		req.Header.Set("Authorization", "bearer "+token)
+	}
+
+	response, err := roundTripper.RoundTrip(req)
+
+	if err != nil {
+		return nil, err
+	}
+
+	if response.StatusCode == http.StatusUnauthorized {
+		if teamToken := config.ReadTeamToken(); teamToken != "" {
+			fmt.Fprintln(os.Stderr, "Invalid session - maybe invalid defined token on TSURU_TOKEN envvar")
+		} else {
+			fmt.Fprintln(os.Stderr, "Invalid session")
+		}
+
+		return nil, errUnauthorized
+	}
+
+	return response, nil
+}
+
+func NewTokenV1RoundTripper() http.RoundTripper {
+	return &TokenV1RoundTripper{
+		RoundTripper: http.DefaultTransport,
+	}
+}