mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 211 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9067 Commits
17 Branches
Tree: 0eeee9c721
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '0eeee9c721'
${ noResults }
gitea/vendor/github.com/markbates/goth/providers/github/github.go

github.go 6.3KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236 
  1. // Package github implements the OAuth2 protocol for authenticating users through Github.

  2. // This package can be used as a reference implementation of an OAuth2 provider for Goth.

  3. package github

  4. 

  5. import (

  6. 	"bytes"

  7. 	"encoding/json"

  8. 	"errors"

  9. 	"fmt"

  10. 	"io"

  11. 	"io/ioutil"

  12. 	"net/http"

  13. 	"strconv"

  14. 	"strings"

  15. 

  16. 	"github.com/markbates/goth"

  17. 	"golang.org/x/oauth2"

  18. )

  19. 

  20. // These vars define the Authentication, Token, and API URLS for GitHub. If

  21. // using GitHub enterprise you should change these values before calling New.

  22. //

  23. // Examples:

  24. //	github.AuthURL = "https://github.acme.com/login/oauth/authorize

  25. //	github.TokenURL = "https://github.acme.com/login/oauth/access_token

  26. //	github.ProfileURL = "https://github.acme.com/api/v3/user

  27. //	github.EmailURL = "https://github.acme.com/api/v3/user/emails

  28. var (

  29. 	AuthURL    = "https://github.com/login/oauth/authorize"

  30. 	TokenURL   = "https://github.com/login/oauth/access_token"

  31. 	ProfileURL = "https://api.github.com/user"

  32. 	EmailURL   = "https://api.github.com/user/emails"

  33. )

  34. 

  35. // New creates a new Github provider, and sets up important connection details.

  36. // You should always call `github.New` to get a new Provider. Never try to create

  37. // one manually.

  38. func New(clientKey, secret, callbackURL string, scopes ...string) *Provider {

  39. 	return NewCustomisedURL(clientKey, secret, callbackURL, AuthURL, TokenURL, ProfileURL, EmailURL, scopes...)

  40. }

  41. 

  42. // NewCustomisedURL is similar to New(...) but can be used to set custom URLs to connect to

  43. func NewCustomisedURL(clientKey, secret, callbackURL, authURL, tokenURL, profileURL, emailURL string, scopes ...string) *Provider {

  44. 	p := &Provider{

  45. 		ClientKey:    clientKey,

  46. 		Secret:       secret,

  47. 		CallbackURL:  callbackURL,

  48. 		providerName: "github",

  49. 		profileURL:   profileURL,

  50. 		emailURL:     emailURL,

  51. 	}

  52. 	p.config = newConfig(p, authURL, tokenURL, scopes)

  53. 	return p

  54. }

  55. 

  56. // Provider is the implementation of `goth.Provider` for accessing Github.

  57. type Provider struct {

  58. 	ClientKey    string

  59. 	Secret       string

  60. 	CallbackURL  string

  61. 	HTTPClient   *http.Client

  62. 	config       *oauth2.Config

  63. 	providerName string

  64. 	profileURL   string

  65. 	emailURL     string

  66. }

  67. 

  68. // Name is the name used to retrieve this provider later.

  69. func (p *Provider) Name() string {

  70. 	return p.providerName

  71. }

  72. 

  73. // SetName is to update the name of the provider (needed in case of multiple providers of 1 type)

  74. func (p *Provider) SetName(name string) {

  75. 	p.providerName = name

  76. }

  77. 

  78. func (p *Provider) Client() *http.Client {

  79. 	return goth.HTTPClientWithFallBack(p.HTTPClient)

  80. }

  81. 

  82. // Debug is a no-op for the github package.

  83. func (p *Provider) Debug(debug bool) {}

  84. 

  85. // BeginAuth asks Github for an authentication end-point.

  86. func (p *Provider) BeginAuth(state string) (goth.Session, error) {

  87. 	url := p.config.AuthCodeURL(state)

  88. 	session := &Session{

  89. 		AuthURL: url,

  90. 	}

  91. 	return session, nil

  92. }

  93. 

  94. // FetchUser will go to Github and access basic information about the user.

  95. func (p *Provider) FetchUser(session goth.Session) (goth.User, error) {

  96. 	sess := session.(*Session)

  97. 	user := goth.User{

  98. 		AccessToken: sess.AccessToken,

  99. 		Provider:    p.Name(),

  100. 	}

  101. 

  102. 	if user.AccessToken == "" {

  103. 		// data is not yet retrieved since accessToken is still empty

  104. 		return user, fmt.Errorf("%s cannot get user information without accessToken", p.providerName)

  105. 	}

  106. 

  107. 	req, err := http.NewRequest("GET", p.profileURL, nil)

  108. 	req.Header.Add("Authorization", "Bearer "+sess.AccessToken)

  109. 	response, err := p.Client().Do(req)

  110. 	if err != nil {

  111. 		return user, err

  112. 	}

  113. 	defer response.Body.Close()

  114. 

  115. 	if response.StatusCode != http.StatusOK {

  116. 		return user, fmt.Errorf("GitHub API responded with a %d trying to fetch user information", response.StatusCode)

  117. 	}

  118. 

  119. 	bits, err := ioutil.ReadAll(response.Body)

  120. 	if err != nil {

  121. 		return user, err

  122. 	}

  123. 

  124. 	err = json.NewDecoder(bytes.NewReader(bits)).Decode(&user.RawData)

  125. 	if err != nil {

  126. 		return user, err

  127. 	}

  128. 

  129. 	err = userFromReader(bytes.NewReader(bits), &user)

  130. 	if err != nil {

  131. 		return user, err

  132. 	}

  133. 

  134. 	if user.Email == "" {

  135. 		for _, scope := range p.config.Scopes {

  136. 			if strings.TrimSpace(scope) == "user" || strings.TrimSpace(scope) == "user:email" {

  137. 				user.Email, err = getPrivateMail(p, sess)

  138. 				if err != nil {

  139. 					return user, err

  140. 				}

  141. 				break

  142. 			}

  143. 		}

  144. 	}

  145. 	return user, err

  146. }

  147. 

  148. func userFromReader(reader io.Reader, user *goth.User) error {

  149. 	u := struct {

  150. 		ID       int    `json:"id"`

  151. 		Email    string `json:"email"`

  152. 		Bio      string `json:"bio"`

  153. 		Name     string `json:"name"`

  154. 		Login    string `json:"login"`

  155. 		Picture  string `json:"avatar_url"`

  156. 		Location string `json:"location"`

  157. 	}{}

  158. 

  159. 	err := json.NewDecoder(reader).Decode(&u)

  160. 	if err != nil {

  161. 		return err

  162. 	}

  163. 

  164. 	user.Name = u.Name

  165. 	user.NickName = u.Login

  166. 	user.Email = u.Email

  167. 	user.Description = u.Bio

  168. 	user.AvatarURL = u.Picture

  169. 	user.UserID = strconv.Itoa(u.ID)

  170. 	user.Location = u.Location

  171. 

  172. 	return err

  173. }

  174. 

  175. func getPrivateMail(p *Provider, sess *Session) (email string, err error) {

  176. 	req, err := http.NewRequest("GET", p.emailURL, nil)

  177. 	req.Header.Add("Authorization", "Bearer "+sess.AccessToken)

  178. 	response, err := p.Client().Do(req)

  179. 	if err != nil {

  180. 		if response != nil {

  181. 			response.Body.Close()

  182. 		}

  183. 		return email, err

  184. 	}

  185. 	defer response.Body.Close()

  186. 

  187. 	if response.StatusCode != http.StatusOK {

  188. 		return email, fmt.Errorf("GitHub API responded with a %d trying to fetch user email", response.StatusCode)

  189. 	}

  190. 

  191. 	var mailList = []struct {

  192. 		Email    string `json:"email"`

  193. 		Primary  bool   `json:"primary"`

  194. 		Verified bool   `json:"verified"`

  195. 	}{}

  196. 	err = json.NewDecoder(response.Body).Decode(&mailList)

  197. 	if err != nil {

  198. 		return email, err

  199. 	}

  200. 	for _, v := range mailList {

  201. 		if v.Primary && v.Verified {

  202. 			return v.Email, nil

  203. 		}

  204. 	}

  205. 	// can't get primary email - shouldn't be possible

  206. 	return

  207. }

  208. 

  209. func newConfig(provider *Provider, authURL, tokenURL string, scopes []string) *oauth2.Config {

  210. 	c := &oauth2.Config{

  211. 		ClientID:     provider.ClientKey,

  212. 		ClientSecret: provider.Secret,

  213. 		RedirectURL:  provider.CallbackURL,

  214. 		Endpoint: oauth2.Endpoint{

  215. 			AuthURL:  authURL,

  216. 			TokenURL: tokenURL,

  217. 		},

  218. 		Scopes: []string{},

  219. 	}

  220. 

  221. 	for _, scope := range scopes {

  222. 		c.Scopes = append(c.Scopes, scope)

  223. 	}

  224. 

  225. 	return c

  226. }

  227. 

  228. //RefreshToken refresh token is not provided by github

  229. func (p *Provider) RefreshToken(refreshToken string) (*oauth2.Token, error) {

  230. 	return nil, errors.New("Refresh token is not provided by github")

  231. }

  232. 

  233. //RefreshTokenAvailable refresh token is not provided by github

  234. func (p *Provider) RefreshTokenAvailable() bool {

  235. 	return false

  236. }