-
Notifications
You must be signed in to change notification settings - Fork 3
/
provider.go
100 lines (84 loc) · 2.89 KB
/
provider.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
// Copyright (c) 2013 Jason McVetta. This is Free Software, released under the
// terms of the GPL v3. See http://www.gnu.org/copyleft/gpl.html for details.
// Resist intellectual serfdom - the ownership of ideas is akin to slavery.
package o2pro
import (
"log"
"net/http"
"os"
"time"
)
var (
DefaultExpireAfter = "8h" // Duration string for time.ParseDuration()
DefaultLogger = log.New(os.Stdout, "[o2pro] ", log.Ltime|log.Ldate|log.Lshortfile)
DefaultScopes = []string{"all"}
)
// A Storage back end saves and retrieves authorizations to persistent storage.
type Storage interface {
saveAuthz(a *Authz) error
authz(token string) (*Authz, error)
initialize() error
migrate() error
}
// An Authenticator authenticates a user's credentials.
type Authenticator func(user, password string) (bool, error)
// A Grantor decides whether to grant access for a given user, scope, and
// client. Client is optional.
type Grantor func(user, scope string, c *Client) (bool, error)
// GrantAll is a Grantor that always returns true.
func GrantAll(user, scope string, c *Client) (bool, error) {
return true, nil
}
// NewProvider initializes a new OAuth2 provider server.
func NewProvider(s Storage, a Authenticator, g Grantor) *Provider {
dur, err := time.ParseDuration(DefaultExpireAfter)
if err != nil {
log.Panic(err)
}
return &Provider{
Storage: s,
Scopes: DefaultScopes,
DefaultScopes: DefaultScopes,
Duration: dur,
Logger: DefaultLogger,
a: a,
g: g,
}
}
// A Provider is an OAuth2 authorization server.
type Provider struct {
Storage
Scopes []string // All scopes supported by this server
DefaultScopes []string // Issued if no specific scope(s) requested
Duration time.Duration // Lifetime for an authorization
Logger *log.Logger
a Authenticator
g Grantor
}
// Grant decides whether to grant an authorization.
func (p *Provider) Grant(user, scope string, c *Client) (bool, error) {
return p.g(user, scope, c)
}
// Authenticate validates a user's credentials.
func (p *Provider) Authenticate(user, password string) (bool, error) {
return p.a(user, password)
}
// Initialize prepares a fresh database, creating necessary schema, indexes,
// etc. Behavior is undefined if called with an already-initialized db.
func (p *Provider) Initialize() error {
return p.initialize()
}
// Migrate attempts to update the database to use the latest schema, indexes,
// etc. Some storage implementations may return ErrNotImplemented.
func (p *Provider) Migrate() error {
return p.migrate()
}
type handlerStub func(p *Provider, w http.ResponseWriter, r *http.Request)
func (p *Provider) handlerFunc(hs handlerStub) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
hs(p, w, r)
}
}
func (p *Provider) PasswordGrantHandler() http.HandlerFunc {
return p.handlerFunc(passwordGrant)
}