make oauth as a service

2023-09-21 14:21:14 +07:00 · 2023-09-21 14:21:14 +07:00 · dbc741ccf6
commit dbc741ccf6
parent da4110a47b
5 changed files with 160 additions and 97 deletions
--- a/server/routers/auth.go
+++ b/server/routers/auth.go
@ -6,44 +6,20 @@ import (
 	"encoding/json"
 	"net/http"
 	"net/url"
-	"os"
 	"recipe-manager/config"
+	"recipe-manager/services/oauth"

 	"github.com/go-chi/chi/v5"
 	"golang.org/x/oauth2"
 )

 type AuthRouter struct {
-	cfg     *config.ServerConfig
-	gConfig *oauth2.Config
-	nonce   map[string]map[string]string
+	cfg   *config.ServerConfig
+	oauth oauth.OAuthService
 }

-func NewAuthRouter(cfg *config.ServerConfig) *AuthRouter {
-
-	file, err := os.Open("client_secret.json")
-	if err != nil {
-		panic(err)
-	}
-	defer file.Close()
-
-	var clientSecret map[string]interface{}
-	json.NewDecoder(file).Decode(&clientSecret)
-
-	return &AuthRouter{
-		cfg: cfg,
-		gConfig: &oauth2.Config{
-			ClientID:     clientSecret["web"].(map[string]interface{})["client_id"].(string),
-			ClientSecret: clientSecret["web"].(map[string]interface{})["client_secret"].(string),
-			RedirectURL:  cfg.ServerDomain + "/auth/google/callback",
-			Scopes:       []string{"https://www.googleapis.com/auth/userinfo.email", "https://www.googleapis.com/auth/userinfo.profile"},
-			Endpoint: oauth2.Endpoint{
-				AuthURL:  clientSecret["web"].(map[string]interface{})["auth_uri"].(string),
-				TokenURL: clientSecret["web"].(map[string]interface{})["token_uri"].(string),
-			},
-		},
-		nonce: make(map[string]map[string]string),
-	}
+func NewAuthRouter(cfg *config.ServerConfig, oauth oauth.OAuthService) *AuthRouter {
+	return &AuthRouter{cfg, oauth}
 }

 func (ar *AuthRouter) Route(r chi.Router) {
@ -61,9 +37,7 @@ func (ar *AuthRouter) Route(r chi.Router) {
 				stateMap["redirect_to"] = r.URL.Query().Get("redirect_to")
 			}

-			ar.nonce[state] = stateMap
-
-			url := ar.gConfig.AuthCodeURL(state, oauth2.SetAuthURLParam("hd", "forth.co.th"), oauth2.SetAuthURLParam("include_granted_scopes", "true"), oauth2.AccessTypeOffline)
+			url := ar.oauth.AuthURL(state, stateMap)
 			http.Redirect(w, r, url, http.StatusTemporaryRedirect)
 		})

@ -71,11 +45,12 @@ func (ar *AuthRouter) Route(r chi.Router) {
 			// check state

 			var redirect_to string
-			if r.URL.Query().Get("state") == "" {
+			state := r.URL.Query().Get("state")
+			if state == "" {
 				http.Error(w, "State not found", http.StatusBadRequest)
 				return
 			} else {
-				val, ok := ar.nonce[r.URL.Query().Get("state")]
+				val, ok := ar.oauth.GetState(state)

 				if !ok {
 					http.Error(w, "Invalid state", http.StatusBadRequest)
@ -84,34 +59,30 @@ func (ar *AuthRouter) Route(r chi.Router) {

 				redirect_to = val["redirect_to"]

-				// remove state from nonce
-				delete(ar.nonce, r.URL.Query().Get("state"))
+				ar.oauth.RemoveState(state)
 			}

 			// exchange code for token
-			token, err := ar.gConfig.Exchange(r.Context(), r.FormValue("code"))
+			token, err := ar.oauth.Exchange(r.Context(), r.FormValue("code"))
 			if err != nil {
 				http.Error(w, "Error exchanging code for token", http.StatusBadRequest)
 				return
 			}

 			// get user info
-			client := ar.gConfig.Client(r.Context(), token)
-			resp, err := client.Get("https://www.googleapis.com/oauth2/v3/userinfo")
+			user, err := ar.oauth.GetUserInfo(r.Context(), token)
+
 			if err != nil {
 				http.Error(w, "Error getting user info", http.StatusBadRequest)
 				return
 			}
-			defer resp.Body.Close()

-			var userInfo map[string]interface{}
-			json.NewDecoder(resp.Body).Decode(&userInfo)
+			value := url.Values{
+				"name":    {user.Name},
+				"email":   {user.Email},
+				"picture": {user.Picture},
+			}

-			value := url.Values{}
-
-			value.Add("email", userInfo["email"].(string))
-			value.Add("name", userInfo["name"].(string))
-			value.Add("picture", userInfo["picture"].(string))
 			if redirect_to != "" {
 				value.Add("redirect_to", redirect_to)
 			}
@ -132,7 +103,7 @@ func (ar *AuthRouter) Route(r chi.Router) {
 			}

 			// exchange refresh token for new token
-			token, err := ar.gConfig.TokenSource(r.Context(), &oauth2.Token{RefreshToken: refreshToken}).Token()
+			token, err := ar.oauth.RefreshToken(r.Context(), &oauth2.Token{RefreshToken: refreshToken})
 			if err != nil {
 				http.Error(w, "Error exchanging refresh token for token", http.StatusBadRequest)
 				return
@ -177,35 +148,17 @@ func (ar *AuthRouter) Route(r chi.Router) {
 			}

 			// get user info
-			client := ar.gConfig.Client(r.Context(), token)
-			resp, err := client.Get("https://www.googleapis.com/oauth2/v3/userinfo")
+			user, err := ar.oauth.GetUserInfo(r.Context(), token)
+
 			if err != nil {
 				http.Error(w, "Error getting user info", http.StatusBadRequest)
 				return
 			}
-			defer resp.Body.Close()
-
-			var userInfo map[string]interface{}
-			if err = json.NewDecoder(resp.Body).Decode(&userInfo); err != nil {
-				http.Error(w, "Error getting user info", http.StatusBadRequest)
-				return
-			}
-
-			if userInfo["error"] != nil {
-				w.Header().Add("Content-Type", "application/json")
-				w.WriteHeader(http.StatusUnauthorized)
-				json.NewEncoder(w).Encode(userInfo)
-				return
-			}

 			// return user info
 			w.Header().Add("Content-Type", "application/json")
 			json.NewEncoder(w).Encode(map[string]interface{}{
-				"user": map[string]string{
-					"email":    userInfo["email"].(string),
-					"username": userInfo["name"].(string),
-					"image":    userInfo["picture"].(string),
-				},
+				"user": user,
 			})
 		})