admin/ersteller
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Make google authentication to ersteller-lib

Browse Source
This commit is contained in:
Achim Rohn
2025-09-17 20:58:53 +02:00
parent c4f4c5d637
commit b788fb4898
3 changed files with 62 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files
starter/google/database.go
+32
View File
@@ -0,0 +1,32 @@
package google
import (
"context"
ersteller_lib "ersteller-lib"
google_http "ersteller-lib/authentication/google/http"
"ersteller-lib/starter/ent"
"ersteller-lib/starter/ent/user"
)
type Database struct {
db *ent.Client
}
func NewDatabase(db *ent.Client) google_http.Database {
return &Database{
db: db,
}
}
func (d *Database) GetUserIdByEmail(ctx context.Context, email string) (int, error) {
return d.db.User.Query().Where(user.Email(email)).OnlyID(ctx)
}
func (d *Database) CreateUser(ctx context.Context, email string) (int, error) {
newUser, err := d.db.User.Create().SetEmail(email).Save(ctx)
if err != nil {
ersteller_lib.LogError("Failed to create user: %v", err)
return -1, err
}
return newUser.ID, nil
}
starter/google/google_auth.go
-213
View File
@@ -1,213 +0,0 @@
package google
import (
"context"
"crypto/rand"
"encoding/base64"
"encoding/json"
. "ersteller-lib"
"ersteller-lib/authentication"
"ersteller-lib/starter/ent"
"ersteller-lib/starter/ent/user"
"ersteller-lib/starter/env"
"io/ioutil"
"net/http"
"time"
"github.com/gorilla/sessions"
"golang.org/x/oauth2"
"golang.org/x/oauth2/google"
)
const oAuthStateCookieName = "oauthstate"
const GoogleLogin = "/login/google"
const GoogleLoginCallback = "/google/authenticated"
const oauthGoogleUrlAPI = "https://www.googleapis.com/oauth2/v2/userinfo?access_token="
type GoogleUserData struct {
Email string `json:"email"`
Token *oauth2.Token `json:"-"`
}
type GoogleAuth struct {
db *ent.Client
server *http.ServeMux
environment env.Environment
config oauth2.Config
sessionStore *sessions.CookieStore
}
func NewGoogleAuth(db *ent.Client, server *http.ServeMux, environment env.Environment, sessionStore *sessions.CookieStore) *GoogleAuth {
config := oauth2.Config{
ClientID: environment.GoogleClientId,
ClientSecret: environment.GoogleClientSecret,
Endpoint: google.Endpoint,
RedirectURL: environment.BaseUrl + GoogleLoginCallback,
Scopes: []string{"https://www.googleapis.com/auth/userinfo.email"},
}
return &GoogleAuth{
db: db,
server: server,
environment: environment,
config: config,
sessionStore: sessionStore,
}
}
func (g *GoogleAuth) AddRoutes() {
g.server.HandleFunc("GET "+GoogleLogin, func(writer http.ResponseWriter, request *http.Request) {
state := g.generateStateOauthCookie(writer)
url := g.config.AuthCodeURL(state, oauth2.AccessTypeOffline, oauth2.ApprovalForce)
http.Redirect(writer, request, url, http.StatusTemporaryRedirect)
})
// OAuth callback handler
g.server.HandleFunc("GET "+GoogleLoginCallback, func(writer http.ResponseWriter, request *http.Request) {
LogDebug("email authenticated called")
// Get OAuth state cookie
oauthstateCookie, err := request.Cookie(oAuthStateCookieName)
if err != nil {
LogError("Failed to get cookie: %v", err)
http.Error(writer, "Failed to get OAuth state cookie", http.StatusBadRequest)
return
}
// Verify OAuth state
if request.FormValue("state") != oauthstateCookie.Value {
LogError("Failed to verify google oauth state")
http.Error(writer, "Invalid OAuth state", http.StatusBadRequest)
return
}
// Get authorization code
code := request.FormValue("code")
data, err := g.ParseUserData(code)
if err != nil {
LogError("Failed to parse user data: %v", err)
http.Error(writer, "Failed to parse user data", http.StatusInternalServerError)
return
}
// Get or create user
userId, err := g.db.User.Query().Where(user.Email(data.Email)).OnlyID(request.Context())
if err != nil {
LogError("Failed to get user id: %v", err)
newUser, err := g.db.User.Create().SetEmail(data.Email).Save(request.Context())
if err != nil {
LogError("Failed to create user: %v", err)
http.Error(writer, "Failed to create user", http.StatusInternalServerError)
return
}
userId = newUser.ID
}
// Save email to session
err = authentication.SaveEmailAndUserIdToSessionStore(request, writer, g.sessionStore, data.Email, userId)
if err != nil {
LogError("Failed to save session: %v", err)
http.Error(writer, "Failed to save session", http.StatusInternalServerError)
return
}
// Save credentials
err = g.SaveCredentials(userId, data.Token)
if err != nil {
Error("failed to save credentials for user ", userId, ": ", err)
http.Error(writer, "Failed to save credentials", http.StatusInternalServerError)
return
}
Debug("saved credentials for user", userId)
http.Redirect(writer, request, "/", http.StatusTemporaryRedirect)
})
// Logout handler
g.server.HandleFunc("GET /logout", func(writer http.ResponseWriter, request *http.Request) {
// Clear the session
session, err := g.sessionStore.Get(request, "session") // Using default session name
if err != nil {
LogError("Failed to get session: %v", err)
http.Redirect(writer, request, "/", http.StatusTemporaryRedirect)
return
}
session.Options.MaxAge = -1
err = session.Save(request, writer)
if err != nil {
LogError("Failed to save session: %v", err)
http.Error(writer, "Failed to clear session", http.StatusInternalServerError)
return
}
http.Redirect(writer, request, "/", http.StatusTemporaryRedirect)
})
}
func (g *GoogleAuth) ParseUserData(code string) (GoogleUserData, error) {
data, err := g.getUserDataFromGoogle(code)
if err != nil {
LogError("failed getting user data from Google: %v", err)
return GoogleUserData{}, err
}
LogDebug("user data: %v", data)
return data, nil
}
func (g *GoogleAuth) getUserDataFromGoogle(code string) (GoogleUserData, error) {
// Use code to get token and get user info from Google.
token, err := g.config.Exchange(context.Background(), code)
if err != nil {
LogError("code exchange wrong: %v", err)
return GoogleUserData{}, err
}
response, err := http.Get(oauthGoogleUrlAPI + token.AccessToken)
if err != nil {
LogError("failed getting user info: %v", err)
return GoogleUserData{}, err
}
defer response.Body.Close()
contents, err := ioutil.ReadAll(response.Body)
if err != nil {
LogError("failed read response: %v", err)
return GoogleUserData{}, err
}
userData := GoogleUserData{}
err = json.Unmarshal(contents, &userData)
if err != nil {
LogError("failed to unmarshal user data: %v", err)
return GoogleUserData{}, err
}
userData.Token = token
return userData, nil
}
func (g *GoogleAuth) SaveCredentials(userId int, token *oauth2.Token) error {
Debug("saving google credentials for user ", userId)
// For now, we'll just log this - in a real implementation you'd save to database
Debug("saved credentials for user", userId)
return nil
}
func (g *GoogleAuth) generateStateOauthCookie(w http.ResponseWriter) string {
b := make([]byte, 16)
_, err := rand.Read(b)
if err != nil {
LogError("Failed to read random state: %v", err)
}
state := base64.URLEncoding.EncodeToString(b)
var expiration = time.Now().Add(time.Hour)
cookie := http.Cookie{Name: oAuthStateCookieName, Value: state, Expires: expiration, HttpOnly: true, Path: "/", Secure: false}
if g.environment.IsLocal {
cookie.SameSite = http.SameSiteLaxMode
cookie.Secure = false
}
http.SetCookie(w, &cookie)
return state
}