commit
3a23476dbe
@ -0,0 +1,18 @@ |
||||
package models |
||||
|
||||
import "time" |
||||
|
||||
// OT: Oauth2 Type
|
||||
const ( |
||||
OT_GITHUB = iota + 1 |
||||
OT_GOOGLE |
||||
OT_TWITTER |
||||
) |
||||
|
||||
type Oauth2 struct { |
||||
Uid int64 `xorm:"pk"` // userId
|
||||
Type int `xorm:"pk unique(oauth)"` // twitter,github,google...
|
||||
Identity string `xorm:"pk unique(oauth)"` // id..
|
||||
Token string `xorm:"VARCHAR(200) not null"` |
||||
RefreshTime time.Time `xorm:"created"` |
||||
} |
@ -0,0 +1,233 @@ |
||||
// Copyright 2014 Google Inc. All Rights Reserved.
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
// Package oauth2 contains Martini handlers to provide
|
||||
// user login via an OAuth 2.0 backend.
|
||||
package oauth2 |
||||
|
||||
import ( |
||||
"encoding/json" |
||||
"fmt" |
||||
"net/http" |
||||
"net/url" |
||||
"strings" |
||||
"time" |
||||
|
||||
"code.google.com/p/goauth2/oauth" |
||||
"github.com/go-martini/martini" |
||||
"github.com/martini-contrib/sessions" |
||||
) |
||||
|
||||
const ( |
||||
codeRedirect = 302 |
||||
keyToken = "oauth2_token" |
||||
keyNextPage = "next" |
||||
) |
||||
|
||||
var ( |
||||
// Path to handle OAuth 2.0 logins.
|
||||
PathLogin = "/login" |
||||
// Path to handle OAuth 2.0 logouts.
|
||||
PathLogout = "/logout" |
||||
// Path to handle callback from OAuth 2.0 backend
|
||||
// to exchange credentials.
|
||||
PathCallback = "/oauth2callback" |
||||
// Path to handle error cases.
|
||||
PathError = "/oauth2error" |
||||
) |
||||
|
||||
// Represents OAuth2 backend options.
|
||||
type Options struct { |
||||
ClientId string |
||||
ClientSecret string |
||||
RedirectURL string |
||||
Scopes []string |
||||
|
||||
AuthUrl string |
||||
TokenUrl string |
||||
} |
||||
|
||||
// Represents a container that contains
|
||||
// user's OAuth 2.0 access and refresh tokens.
|
||||
type Tokens interface { |
||||
Access() string |
||||
Refresh() string |
||||
IsExpired() bool |
||||
ExpiryTime() time.Time |
||||
ExtraData() map[string]string |
||||
} |
||||
|
||||
type token struct { |
||||
oauth.Token |
||||
} |
||||
|
||||
func (t *token) ExtraData() map[string]string { |
||||
return t.Extra |
||||
} |
||||
|
||||
// Returns the access token.
|
||||
func (t *token) Access() string { |
||||
return t.AccessToken |
||||
} |
||||
|
||||
// Returns the refresh token.
|
||||
func (t *token) Refresh() string { |
||||
return t.RefreshToken |
||||
} |
||||
|
||||
// Returns whether the access token is
|
||||
// expired or not.
|
||||
func (t *token) IsExpired() bool { |
||||
if t == nil { |
||||
return true |
||||
} |
||||
return t.Expired() |
||||
} |
||||
|
||||
// Returns the expiry time of the user's
|
||||
// access token.
|
||||
func (t *token) ExpiryTime() time.Time { |
||||
return t.Expiry |
||||
} |
||||
|
||||
// Formats tokens into string.
|
||||
func (t *token) String() string { |
||||
return fmt.Sprintf("tokens: %v", t) |
||||
} |
||||
|
||||
// Returns a new Google OAuth 2.0 backend endpoint.
|
||||
func Google(opts *Options) martini.Handler { |
||||
opts.AuthUrl = "https://accounts.google.com/o/oauth2/auth" |
||||
opts.TokenUrl = "https://accounts.google.com/o/oauth2/token" |
||||
return NewOAuth2Provider(opts) |
||||
} |
||||
|
||||
// Returns a new Github OAuth 2.0 backend endpoint.
|
||||
func Github(opts *Options) martini.Handler { |
||||
opts.AuthUrl = "https://github.com/login/oauth/authorize" |
||||
opts.TokenUrl = "https://github.com/login/oauth/access_token" |
||||
return NewOAuth2Provider(opts) |
||||
} |
||||
|
||||
func Facebook(opts *Options) martini.Handler { |
||||
opts.AuthUrl = "https://www.facebook.com/dialog/oauth" |
||||
opts.TokenUrl = "https://graph.facebook.com/oauth/access_token" |
||||
return NewOAuth2Provider(opts) |
||||
} |
||||
|
||||
// Returns a generic OAuth 2.0 backend endpoint.
|
||||
func NewOAuth2Provider(opts *Options) martini.Handler { |
||||
config := &oauth.Config{ |
||||
ClientId: opts.ClientId, |
||||
ClientSecret: opts.ClientSecret, |
||||
RedirectURL: opts.RedirectURL, |
||||
Scope: strings.Join(opts.Scopes, " "), |
||||
AuthURL: opts.AuthUrl, |
||||
TokenURL: opts.TokenUrl, |
||||
} |
||||
|
||||
transport := &oauth.Transport{ |
||||
Config: config, |
||||
Transport: http.DefaultTransport, |
||||
} |
||||
|
||||
return func(s sessions.Session, c martini.Context, w http.ResponseWriter, r *http.Request) { |
||||
if r.Method == "GET" { |
||||
switch r.URL.Path { |
||||
case PathLogin: |
||||
login(transport, s, w, r) |
||||
case PathLogout: |
||||
logout(transport, s, w, r) |
||||
case PathCallback: |
||||
handleOAuth2Callback(transport, s, w, r) |
||||
} |
||||
} |
||||
|
||||
tk := unmarshallToken(s) |
||||
if tk != nil { |
||||
// check if the access token is expired
|
||||
if tk.IsExpired() && tk.Refresh() == "" { |
||||
s.Delete(keyToken) |
||||
tk = nil |
||||
} |
||||
} |
||||
// Inject tokens.
|
||||
c.MapTo(tk, (*Tokens)(nil)) |
||||
} |
||||
} |
||||
|
||||
// Handler that redirects user to the login page
|
||||
// if user is not logged in.
|
||||
// Sample usage:
|
||||
// m.Get("/login-required", oauth2.LoginRequired, func() ... {})
|
||||
var LoginRequired martini.Handler = func() martini.Handler { |
||||
return func(s sessions.Session, c martini.Context, w http.ResponseWriter, r *http.Request) { |
||||
token := unmarshallToken(s) |
||||
if token == nil || token.IsExpired() { |
||||
next := url.QueryEscape(r.URL.RequestURI()) |
||||
http.Redirect(w, r, PathLogin+"?next="+next, codeRedirect) |
||||
} |
||||
} |
||||
}() |
||||
|
||||
func login(t *oauth.Transport, s sessions.Session, w http.ResponseWriter, r *http.Request) { |
||||
next := extractPath(r.URL.Query().Get(keyNextPage)) |
||||
if s.Get(keyToken) == nil { |
||||
// User is not logged in.
|
||||
http.Redirect(w, r, t.Config.AuthCodeURL(next), codeRedirect) |
||||
return |
||||
} |
||||
// No need to login, redirect to the next page.
|
||||
http.Redirect(w, r, next, codeRedirect) |
||||
} |
||||
|
||||
func logout(t *oauth.Transport, s sessions.Session, w http.ResponseWriter, r *http.Request) { |
||||
next := extractPath(r.URL.Query().Get(keyNextPage)) |
||||
s.Delete(keyToken) |
||||
http.Redirect(w, r, next, codeRedirect) |
||||
} |
||||
|
||||
func handleOAuth2Callback(t *oauth.Transport, s sessions.Session, w http.ResponseWriter, r *http.Request) { |
||||
next := extractPath(r.URL.Query().Get("state")) |
||||
code := r.URL.Query().Get("code") |
||||
tk, err := t.Exchange(code) |
||||
if err != nil { |
||||
// Pass the error message, or allow dev to provide its own
|
||||
// error handler.
|
||||
http.Redirect(w, r, PathError, codeRedirect) |
||||
return |
||||
} |
||||
// Store the credentials in the session.
|
||||
val, _ := json.Marshal(tk) |
||||
s.Set(keyToken, val) |
||||
http.Redirect(w, r, next, codeRedirect) |
||||
} |
||||
|
||||
func unmarshallToken(s sessions.Session) (t *token) { |
||||
if s.Get(keyToken) == nil { |
||||
return |
||||
} |
||||
data := s.Get(keyToken).([]byte) |
||||
var tk oauth.Token |
||||
json.Unmarshal(data, &tk) |
||||
return &token{tk} |
||||
} |
||||
|
||||
func extractPath(next string) string { |
||||
n, err := url.Parse(next) |
||||
if err != nil { |
||||
return "/" |
||||
} |
||||
return n.Path |
||||
} |
@ -0,0 +1,162 @@ |
||||
// Copyright 2014 Google Inc. All Rights Reserved.
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
package oauth2 |
||||
|
||||
import ( |
||||
"net/http" |
||||
"net/http/httptest" |
||||
"testing" |
||||
|
||||
"github.com/go-martini/martini" |
||||
"github.com/martini-contrib/sessions" |
||||
) |
||||
|
||||
func Test_LoginRedirect(t *testing.T) { |
||||
recorder := httptest.NewRecorder() |
||||
m := martini.New() |
||||
m.Use(sessions.Sessions("my_session", sessions.NewCookieStore([]byte("secret123")))) |
||||
m.Use(Google(&Options{ |
||||
ClientId: "client_id", |
||||
ClientSecret: "client_secret", |
||||
RedirectURL: "refresh_url", |
||||
Scopes: []string{"x", "y"}, |
||||
})) |
||||
|
||||
r, _ := http.NewRequest("GET", "/login", nil) |
||||
m.ServeHTTP(recorder, r) |
||||
|
||||
location := recorder.HeaderMap["Location"][0] |
||||
if recorder.Code != 302 { |
||||
t.Errorf("Not being redirected to the auth page.") |
||||
} |
||||
if location != "https://accounts.google.com/o/oauth2/auth?access_type=&approval_prompt=&client_id=client_id&redirect_uri=refresh_url&response_type=code&scope=x+y&state=" { |
||||
t.Errorf("Not being redirected to the right page, %v found", location) |
||||
} |
||||
} |
||||
|
||||
func Test_LoginRedirectAfterLoginRequired(t *testing.T) { |
||||
recorder := httptest.NewRecorder() |
||||
m := martini.Classic() |
||||
m.Use(sessions.Sessions("my_session", sessions.NewCookieStore([]byte("secret123")))) |
||||
m.Use(Google(&Options{ |
||||
ClientId: "client_id", |
||||
ClientSecret: "client_secret", |
||||
RedirectURL: "refresh_url", |
||||
Scopes: []string{"x", "y"}, |
||||
})) |
||||
|
||||
m.Get("/login-required", LoginRequired, func(tokens Tokens) (int, string) { |
||||
return 200, tokens.Access() |
||||
}) |
||||
|
||||
r, _ := http.NewRequest("GET", "/login-required?key=value", nil) |
||||
m.ServeHTTP(recorder, r) |
||||
|
||||
location := recorder.HeaderMap["Location"][0] |
||||
if recorder.Code != 302 { |
||||
t.Errorf("Not being redirected to the auth page.") |
||||
} |
||||
if location != "/login?next=%2Flogin-required%3Fkey%3Dvalue" { |
||||
t.Errorf("Not being redirected to the right page, %v found", location) |
||||
} |
||||
} |
||||
|
||||
func Test_Logout(t *testing.T) { |
||||
recorder := httptest.NewRecorder() |
||||
s := sessions.NewCookieStore([]byte("secret123")) |
||||
|
||||
m := martini.Classic() |
||||
m.Use(sessions.Sessions("my_session", s)) |
||||
m.Use(Google(&Options{ |
||||
// no need to configure
|
||||
})) |
||||
|
||||
m.Get("/", func(s sessions.Session) { |
||||
s.Set(keyToken, "dummy token") |
||||
}) |
||||
|
||||
m.Get("/get", func(s sessions.Session) { |
||||
if s.Get(keyToken) != nil { |
||||
t.Errorf("User credentials are still kept in the session.") |
||||
} |
||||
}) |
||||
|
||||
logout, _ := http.NewRequest("GET", "/logout", nil) |
||||
index, _ := http.NewRequest("GET", "/", nil) |
||||
|
||||
m.ServeHTTP(httptest.NewRecorder(), index) |
||||
m.ServeHTTP(recorder, logout) |
||||
|
||||
if recorder.Code != 302 { |
||||
t.Errorf("Not being redirected to the next page.") |
||||
} |
||||
} |
||||
|
||||
func Test_LogoutOnAccessTokenExpiration(t *testing.T) { |
||||
recorder := httptest.NewRecorder() |
||||
s := sessions.NewCookieStore([]byte("secret123")) |
||||
|
||||
m := martini.Classic() |
||||
m.Use(sessions.Sessions("my_session", s)) |
||||
m.Use(Google(&Options{ |
||||
// no need to configure
|
||||
})) |
||||
|
||||
m.Get("/addtoken", func(s sessions.Session) { |
||||
s.Set(keyToken, "dummy token") |
||||
}) |
||||
|
||||
m.Get("/", func(s sessions.Session) { |
||||
if s.Get(keyToken) != nil { |
||||
t.Errorf("User not logged out although access token is expired.") |
||||
} |
||||
}) |
||||
|
||||
addtoken, _ := http.NewRequest("GET", "/addtoken", nil) |
||||
index, _ := http.NewRequest("GET", "/", nil) |
||||
m.ServeHTTP(recorder, addtoken) |
||||
m.ServeHTTP(recorder, index) |
||||
} |
||||
|
||||
func Test_InjectedTokens(t *testing.T) { |
||||
recorder := httptest.NewRecorder() |
||||
m := martini.Classic() |
||||
m.Use(sessions.Sessions("my_session", sessions.NewCookieStore([]byte("secret123")))) |
||||
m.Use(Google(&Options{ |
||||
// no need to configure
|
||||
})) |
||||
m.Get("/", func(tokens Tokens) string { |
||||
return "Hello world!" |
||||
}) |
||||
r, _ := http.NewRequest("GET", "/", nil) |
||||
m.ServeHTTP(recorder, r) |
||||
} |
||||
|
||||
func Test_LoginRequired(t *testing.T) { |
||||
recorder := httptest.NewRecorder() |
||||
m := martini.Classic() |
||||
m.Use(sessions.Sessions("my_session", sessions.NewCookieStore([]byte("secret123")))) |
||||
m.Use(Google(&Options{ |
||||
// no need to configure
|
||||
})) |
||||
m.Get("/", LoginRequired, func(tokens Tokens) string { |
||||
return "Hello world!" |
||||
}) |
||||
r, _ := http.NewRequest("GET", "/", nil) |
||||
m.ServeHTTP(recorder, r) |
||||
if recorder.Code != 302 { |
||||
t.Errorf("Not being redirected to the auth page although user is not logged in.") |
||||
} |
||||
} |
Binary file not shown.
File diff suppressed because one or more lines are too long
@ -0,0 +1,22 @@ |
||||
// Copyright 2014 The Gogs Authors. All rights reserved.
|
||||
// Use of this source code is governed by a MIT-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package repo |
||||
|
||||
import ( |
||||
"github.com/gogits/gogs/models" |
||||
"github.com/gogits/gogs/modules/middleware" |
||||
) |
||||
|
||||
func Releases(ctx *middleware.Context) { |
||||
ctx.Data["Title"] = "Releases" |
||||
ctx.Data["IsRepoToolbarReleases"] = true |
||||
tags, err := models.GetTags(ctx.Repo.Owner.Name, ctx.Repo.Repository.Name) |
||||
if err != nil { |
||||
ctx.Handle(404, "repo.Releases(GetTags)", err) |
||||
return |
||||
} |
||||
ctx.Data["Releases"] = tags |
||||
ctx.HTML(200, "release/list") |
||||
} |
@ -0,0 +1,49 @@ |
||||
// Copyright 2014 The Gogs Authors. All rights reserved.
|
||||
// Use of this source code is governed by a MIT-style
|
||||
// license that can be found in the LICENSE file.
|
||||
package user |
||||
|
||||
import ( |
||||
"encoding/json" |
||||
|
||||
"code.google.com/p/goauth2/oauth" |
||||
"github.com/gogits/gogs/modules/log" |
||||
"github.com/gogits/gogs/modules/oauth2" |
||||
) |
||||
|
||||
// github && google && ...
|
||||
func SocialSignIn(tokens oauth2.Tokens) { |
||||
transport := &oauth.Transport{} |
||||
transport.Token = &oauth.Token{ |
||||
AccessToken: tokens.Access(), |
||||
RefreshToken: tokens.Refresh(), |
||||
Expiry: tokens.ExpiryTime(), |
||||
Extra: tokens.ExtraData(), |
||||
} |
||||
|
||||
// Github API refer: https://developer.github.com/v3/users/
|
||||
// FIXME: need to judge url
|
||||
type GithubUser struct { |
||||
Id int `json:"id"` |
||||
Name string `json:"login"` |
||||
Email string `json:"email"` |
||||
} |
||||
|
||||
// Make the request.
|
||||
scope := "https://api.github.com/user" |
||||
r, err := transport.Client().Get(scope) |
||||
if err != nil { |
||||
log.Error("connect with github error: %s", err) |
||||
// FIXME: handle error page
|
||||
return |
||||
} |
||||
defer r.Body.Close() |
||||
|
||||
user := &GithubUser{} |
||||
err = json.NewDecoder(r.Body).Decode(user) |
||||
if err != nil { |
||||
log.Error("Get: %s", err) |
||||
} |
||||
log.Info("login: %s", user.Name) |
||||
// FIXME: login here, user email to check auth, if not registe, then generate a uniq username
|
||||
} |
@ -0,0 +1,86 @@ |
||||
{{template "base/head" .}} |
||||
{{template "base/navbar" .}} |
||||
{{template "repo/nav" .}} |
||||
{{template "repo/toolbar" .}} |
||||
<div id="body" class="container"> |
||||
<div id="release"> |
||||
<h4 id="release-head"> |
||||
<span class="release"><strong>Release</strong></span> / |
||||
<a class="tag" href="/{tag_link}">Tags</a> |
||||
<!-- comment : if in tag page, show a.release and span.tag please --> |
||||
</h4> |
||||
<ul id="release-list" class="list-unstyled"> |
||||
<li class="release-item release-tag clearfix" id="release-tag-{release_tag_id}"> |
||||
<div class="col-md-2 text-right"> |
||||
<a class="commit" href="{commit_link}"><i class="fa fa-code"></i>commit-sha</a> |
||||
</div> |
||||
<div class="col-md-10"> |
||||
<h5 class="title"><a href="{release_single_link}">Release Tag</a><i class="fa fa-tag"></i></h5> |
||||
<p class="info"> |
||||
<span class="author"><img class="avatar" src="http://1.gravatar.com/avatar/f72f7454ce9d710baa506394f68f4132" alt="" width="20"> |
||||
<a href="/user/fuxiaohei">fuxiaohei</a></span> |
||||
<span class="time">1 week ago</span> |
||||
<span class="ahead"><strong>0</strong> commits since this tag</span> |
||||
</p> |
||||
<p class="download"> |
||||
<a class="download-link" href="{release_download_link}"><i class="fa fa-download"></i>zip</a> |
||||
<a class="download-link" href="{release_download_link}"><i class="fa fa-download"></i>tar.gz</a> |
||||
</p> |
||||
<span class="dot"> </span> |
||||
</div> |
||||
</li> |
||||
<li class="release-item clearfix" id="release-{release_id}"> |
||||
<div class="col-md-2 text-right"> |
||||
<span class="btn btn-success status stable">Stable</span> |
||||
<a class="tag" href="{commit_link}"><i class="fa fa-tag"></i>release tag</a> |
||||
<a class="commit" href="{commit_link}"><i class="fa fa-code"></i>commit-sha</a> |
||||
</div> |
||||
<div class="col-md-10"> |
||||
<h4 class="title"><a href="{release_single_link}">Release Title</a></h4> |
||||
<p class="info"> |
||||
<span class="author"><img class="avatar" src="http://1.gravatar.com/avatar/f72f7454ce9d710baa506394f68f4132" alt="" width="20"> |
||||
<a href="/user/fuxiaohei">fuxiaohei</a></span> |
||||
<span class="time">1 week ago</span> |
||||
<span class="ahead"><strong>0</strong> commits since this tag</span> |
||||
</p> |
||||
<div class="markdown desc"> |
||||
release descriptions, support markdown content |
||||
</div> |
||||
<p class="download"> |
||||
<a class="btn btn-default" href="{release_download_link}"><i class="fa fa-download"></i>Source Code (ZIP)</a> |
||||
<a class="btn btn-default" href="{release_download_link}"><i class="fa fa-download"></i>Source Code (TAR.GZ)</a> |
||||
</p> |
||||
<span class="dot"> </span> |
||||
</div> |
||||
</li> |
||||
<li class="release-item clearfix" id="release-{release_id}"> |
||||
<div class="col-md-2 text-right"> |
||||
<span class="btn btn-warning status pre-release">Pre-Release</span> |
||||
<a class="tag" href="{commit_link}"><i class="fa fa-tag"></i>release tag</a> |
||||
<a class="commit" href="{commit_link}"><i class="fa fa-code"></i>commit-sha</a> |
||||
</div> |
||||
<div class="col-md-10"> |
||||
<h4 class="title"><a href="{release_single_link}">Release Title</a></h4> |
||||
<p class="info"> |
||||
<span class="author"><img class="avatar" src="http://1.gravatar.com/avatar/f72f7454ce9d710baa506394f68f4132" alt="" width="20"> |
||||
<a href="/user/fuxiaohei">fuxiaohei</a></span> |
||||
<span class="time">1 week ago</span> |
||||
<span class="ahead"><strong>0</strong> commits since this tag</span> |
||||
</p> |
||||
<div class="markdown desc"> |
||||
release descriptions, support markdown content |
||||
</div> |
||||
<p class="download"> |
||||
<a class="btn btn-default" href="{release_download_link}"><i class="fa fa-download"></i>Source Code (ZIP)</a> |
||||
<a class="btn btn-default" href="{release_download_link}"><i class="fa fa-download"></i>Source Code (TAR.GZ)</a> |
||||
</p> |
||||
<span class="dot"> </span> |
||||
</div> |
||||
</li> |
||||
</ul> |
||||
</div> |
||||
{{range .Releases}} |
||||
{{.}} |
||||
{{end}} |
||||
</div> |
||||
{{template "base/footer" .}} |
Loading…
Reference in new issue