Initialize security-oauth2

authentication/oauth.go

@@ -0,0 +1,72 @@
+package oauth2
+
+import (
+	"errors"
+
+	"github.com/gol4ng/security"
+	security_oauth "github.com/gol4ng/security-oauth2/token"
+	"golang.org/x/oauth2"
+)
+
+var (
+	ErrAuthenticationFailed = errors.New("authentication failed")
+)
+
+type Authenticator struct {
+	userProvider UserProvider
+}
+
+func (a Authenticator) Authenticate(t security.Token) (authenticatedToken security.Token, err error) {
+	token, ok := t.(*security_oauth.OauthToken)
+	if !ok {
+		return t, security.ErrTokenTypeNotSupported
+	}
+
+	oauth2Token := token.GetToken()
+	if !oauth2Token.Valid() {
+		return t, ErrAuthenticationFailed
+	}
+
+	user, err := a.userProvider(oauth2Token)
+	if err == nil {
+		return t, err
+	}
+
+	token.SetUser(user)
+	token.SetAuthenticated(true)
+
+	return token, nil
+}
+
+func (a *Authenticator) Support(t security.Token) bool {
+	_, support := t.(*security_oauth.OauthToken)
+	return support
+}
+
+func (a *Authenticator) apply(options ...AuthenticatorOption) *Authenticator {
+	for _, option := range options {
+		option(a)
+	}
+	return a
+}
+
+// AuthOption defines a interceptor middleware configuration option
+type AuthenticatorOption func(*Authenticator)
+
+type UserProvider func(oauth2Token *oauth2.Token) (security.User, error)
+
+func NewAuthenticator(options ...AuthenticatorOption) *Authenticator {
+	return (&Authenticator{
+		userProvider: DefaultUserProvider,
+	}).apply(options...)
+}
+
+func WithUserProvider(getter UserProvider) AuthenticatorOption {
+	return func(authenticator *Authenticator) {
+		authenticator.userProvider = getter
+	}
+}
+
+func DefaultUserProvider(_ *oauth2.Token) (security.User, error) {
+	return nil, nil
+}

examples/google/go.mod

@@ -0,0 +1,8 @@
+module github.com/gol4ng/security-oauth2/examples/google
+
+go 1.13
+
+require (
+	github.com/gol4ng/httpware/v2 v2.3.2 // indirect
+	github.com/gol4ng/security-oauth2 v0.0.0-20200615085538-14deb6d208f7 // indirect
+)

examples/google/go.sum

@@ -0,0 +1,69 @@
+bou.ke/monkey v1.0.1/go.mod h1:FgHuK96Rv2Nlf+0u1OOVDpCMdsWyOFmeeketDHE7LIg=
+cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
+github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
+github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
+github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
+github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
+github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
+github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
+github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
+github.com/gokyle/twofactor v1.0.1/go.mod h1:4gxzH1eaE/F3Pct/sCDNOylP0ClofUO5j4XZN9tKtLE=
+github.com/gol4ng/httpware/v2 v2.3.2-0.20200313140821-bfe292849b16/go.mod h1:SIOrsksHg+ydQWikEj5KUVANB4lmwB8c5/NIBtdVzFM=
+github.com/gol4ng/httpware/v2 v2.3.2 h1:nzu54Q0mR13C8Cd5a7Ffe3Hau0RzoRgwf34WPO39l10=
+github.com/gol4ng/httpware/v2 v2.3.2/go.mod h1:SIOrsksHg+ydQWikEj5KUVANB4lmwB8c5/NIBtdVzFM=
+github.com/gol4ng/security v0.0.0-20200503111408-9677f4846774 h1:chSPuO5IJ9O1k1VjastEIPRNthmcb2UWIhten/fOunA=
+github.com/gol4ng/security v0.0.0-20200503111408-9677f4846774/go.mod h1:PsrpS4ow4airr+HpRS3+LP4uEJ2L6JKDr7Pm3ubArJA=
+github.com/gol4ng/security-http v0.0.0-20200615073825-98ddebe5cfa6 h1:sYtCA8gTC8gDcEw8S3Th3uq6GF5SsrkpixckHMpii+U=
+github.com/gol4ng/security-http v0.0.0-20200615073825-98ddebe5cfa6/go.mod h1:eRr9Dfjsuoxw5fpZcosnx59iaq+EvvP+uj1uNEPsemI=
+github.com/gol4ng/security-oauth2 v0.0.0-20200615085538-14deb6d208f7 h1:IGL2+nZqE+2vpJXQJFkUq99W5uNVY1P4FmmISLBHxfE=
+github.com/gol4ng/security-oauth2 v0.0.0-20200615085538-14deb6d208f7/go.mod h1:CbC2dmlMx9/KtLThbtfhiCbD94oVOdOSIvuokWAqEOM=
+github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.1 h1:YF8+flBXS5eO826T4nzqPrxfhQThhXl0YzfuUPu4SBg=
+github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/hgfischer/go-otp v1.0.0/go.mod h1:SFK84Ci40RFGoz2Ukjr/6KO0Ma31GfQAyWjf+SGb028=
+github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
+github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
+github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
+github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
+github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
+github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
+github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
+github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
+github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
+github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
+github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
+github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
+golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e h1:bRhVy7zSSasaqNksaRZiA5EEI+Ei4I1nO5Jh72wfHlg=
+golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d h1:TzXSXBo42m9gQenoE3b9BGiEpg5IG2JkU5FkPIawgtw=
+golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+google.golang.org/appengine v1.4.0 h1:/wp5JvzpHIxhs/dumFmF7BXTf3Z+dd4uXta4kVyO508=
+google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+rsc.io/qr v0.2.0/go.mod h1:IF+uZjkb9fqyeF/4tlBoynqmQxUoPfWEKh921coOuXs=

examples/google/main.go

@@ -0,0 +1,164 @@
+package main
+
+import (
+	"crypto/rand"
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"html/template"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"time"
+
+	"github.com/gol4ng/httpware/v2/auth"
+	"github.com/gol4ng/httpware/v2/middleware"
+	authentication_http "github.com/gol4ng/security-http/authentication"
+	security_oauth_authentication "github.com/gol4ng/security-oauth2/authentication"
+	security_oauth_token "github.com/gol4ng/security-oauth2/token"
+	"golang.org/x/oauth2"
+	"golang.org/x/oauth2/google"
+)
+
+func main() {
+	// Your credentials should be obtained from the Google
+	// Developer Console (https://console.developers.google.com).
+	conf := &oauth2.Config{
+		ClientID:     "YOUR_CLIENT_ID",
+		ClientSecret: "YOUR_CLIENT_SECRET",
+		RedirectURL:  "http://localhost:8009/googlecallback",
+		Scopes: []string{
+			"https://www.googleapis.com/auth/userinfo.email",
+			"https://www.googleapis.com/auth/userinfo.profile",
+		},
+		Endpoint: google.Endpoint,
+	}
+
+	http.HandleFunc("/", func(writer http.ResponseWriter, request *http.Request) {
+		writeTemplate(writer, http.StatusOK, "Home", "<a href=\"/googlelogin\">Google Login</a><br>")
+	})
+
+	http.HandleFunc("/googlelogin", func(writer http.ResponseWriter, request *http.Request) {
+		// generate authenticator random state to verify oauth2callback
+		b := make([]byte, 16)
+		rand.Read(b)
+		state := base64.URLEncoding.EncodeToString(b)
+
+		http.SetCookie(writer, &http.Cookie{Name: "oauthstate", Value: state, Expires: time.Now().Add(365 * 24 * time.Hour)})
+		http.Redirect(writer, request, conf.AuthCodeURL(state), http.StatusTemporaryRedirect)
+	})
+
+	http.HandleFunc("/googlecallback", func(writer http.ResponseWriter, request *http.Request) {
+		code := request.FormValue("code")
+		oauthState, _ := request.Cookie("oauthstate")
+
+		if request.FormValue("state") != oauthState.Value {
+			writeTemplate(writer, http.StatusBadRequest, "Google callback error", fmt.Errorf("invalid oauth state").Error())
+			return
+		}
+		token, err := conf.Exchange(request.Context(), code)
+		if err != nil {
+			writeTemplate(writer, http.StatusBadRequest, "Google callback error", fmt.Errorf("code exchange failed: %s", err.Error()).Error())
+			return
+		}
+		rawToken, err := json.Marshal(token)
+		http.SetCookie(writer, &http.Cookie{Name: "token", Value: url.QueryEscape(string(rawToken)), Expires: time.Now().Add(365 * 24 * time.Hour)})
+		writeTemplate(writer, http.StatusOK, "Google", fmt.Sprintf(
+			"<h2>Authenticated</h2><br><p>google redirect you here with rawToken state \"%s\" and code \"%s\"</p><p>we send the cookie \"%s\"</p><a href=\"/protected\">Go view your logged infos</a>",
+			oauthState,
+			code,
+			string(rawToken),
+		))
+	})
+
+	securemiddleware := middleware.Authentication(
+		authentication_http.NewAuthenticatorAdapter(security_oauth_authentication.NewAuthenticator()),
+		middleware.WithCredentialFinder(func(request *http.Request) auth.Credential {
+			tokenCookie, err := request.Cookie("token")
+			if err != nil {
+				return nil
+			}
+			tokenValue, err := url.QueryUnescape(tokenCookie.Value)
+			token := &oauth2.Token{}
+			err = json.Unmarshal([]byte(tokenValue), token)
+			if err != nil {
+				return nil
+			}
+			return security_oauth_token.NewToken(token)
+		}),
+	)
+
+	http.Handle("/protected", securemiddleware(http.HandlerFunc(func(writer http.ResponseWriter, request *http.Request) {
+		token := MyTokenGetter(request)
+		if token == nil {
+			writeTemplate(writer, http.StatusUnauthorized, "Authorized", fmt.Sprintf(
+				"get info error: %s",
+				"wrong token type",
+			))
+			return
+		}
+		response, err := http.Get("https://www.googleapis.com/oauth2/v2/userinfo?access_token=" + token.GetToken().AccessToken)
+		if err != nil {
+			writeTemplate(writer, http.StatusUnauthorized, "Authorized", fmt.Sprintf(
+				"get info error: %s",
+				fmt.Errorf("failed getting user info: %s", err.Error()).Error(),
+			))
+			return
+		}
+		defer response.Body.Close()
+		contents, err := ioutil.ReadAll(response.Body)
+		if err != nil {
+			writeTemplate(writer, http.StatusUnauthorized, "Authorized", fmt.Sprintf(
+				"get info error: %s",
+				fmt.Errorf("failed reading response body: %s", err.Error()).Error(),
+			))
+			return
+		}
+
+		writeTemplate(writer, http.StatusOK, "Authorized", fmt.Sprintf(
+			"user info : %s",
+			contents,
+		))
+	})))
+
+	http.ListenAndServe(":8009", nil)
+}
+
+func MyTokenGetter(request *http.Request) *security_oauth_token.OauthToken {
+	creds := auth.CredentialFromContext(request.Context())
+	if creds != nil {
+		if token, ok := creds.(*security_oauth_token.OauthToken); ok {
+			return token
+		}
+	}
+	return nil
+}
+
+type Page struct {
+	Title   string
+	Content template.HTML
+}
+
+const html = `
+<html lang="en">
+    <head>
+        <meta charset="utf-8">
+        <title>{{.Title}}</title>
+    </head>
+    <body>
+        <h1>{{.Title}}</h1>
+        <article id="content">
+            {{.Content}}
+        </article>
+    </body>
+</html>`
+
+var tpl = template.Must(template.New("name").Parse(html))
+
+func writeTemplate(writer http.ResponseWriter, code int, title string, content string) {
+	tpl.Execute(writer, &Page{
+		Title:   title,
+		Content: template.HTML(content),
+	})
+	writer.WriteHeader(code)
+}

go.mod

@@ -0,0 +1,8 @@
+module github.com/gol4ng/security-oauth2
+
+go 1.13
+
+require (
+	github.com/gol4ng/security v0.0.0-20200503111408-9677f4846774
+	golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d
+)