mirrors
/
gitea
의 미러 https://github.com/go-gitea/gitea.git
보기 1
좋아요 0
포크 0
코드 이슈 0 릴리즈 210 위키 Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7975 커밋
17 브랜치
트리: 7a8e299c7c
브랜치 태그
${ item.name }
Create branch ${ searchTerm }
from '7a8e299c7c'
${ noResults }
gitea/modules/auth/oauth2/oauth2.go

oauth2.go 8.0KB
Raw Blame 히스토리

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250 
  1. // Copyright 2017 The Gitea Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package oauth2

  6. 

  7. import (

  8. 	"math"

  9. 	"net/http"

  10. 

  11. 	"code.gitea.io/gitea/modules/log"

  12. 	"code.gitea.io/gitea/modules/setting"

  13. 

  14. 	"github.com/go-xorm/xorm"

  15. 	"github.com/lafriks/xormstore"

  16. 	"github.com/markbates/goth"

  17. 	"github.com/markbates/goth/gothic"

  18. 	"github.com/markbates/goth/providers/bitbucket"

  19. 	"github.com/markbates/goth/providers/discord"

  20. 	"github.com/markbates/goth/providers/dropbox"

  21. 	"github.com/markbates/goth/providers/facebook"

  22. 	"github.com/markbates/goth/providers/gitea"

  23. 	"github.com/markbates/goth/providers/github"

  24. 	"github.com/markbates/goth/providers/gitlab"

  25. 	"github.com/markbates/goth/providers/google"

  26. 	"github.com/markbates/goth/providers/openidConnect"

  27. 	"github.com/markbates/goth/providers/twitter"

  28. 	"github.com/satori/go.uuid"

  29. )

  30. 

  31. var (

  32. 	sessionUsersStoreKey = "gitea-oauth2-sessions"

  33. 	providerHeaderKey    = "gitea-oauth2-provider"

  34. )

  35. 

  36. // CustomURLMapping describes the urls values to use when customizing OAuth2 provider URLs

  37. type CustomURLMapping struct {

  38. 	AuthURL    string

  39. 	TokenURL   string

  40. 	ProfileURL string

  41. 	EmailURL   string

  42. }

  43. 

  44. // Init initialize the setup of the OAuth2 library

  45. func Init(x *xorm.Engine) error {

  46. 	store, err := xormstore.NewOptions(x, xormstore.Options{

  47. 		TableName: "oauth2_session",

  48. 	}, []byte(sessionUsersStoreKey))

  49. 

  50. 	if err != nil {

  51. 		return err

  52. 	}

  53. 	// according to the Goth lib:

  54. 	// set the maxLength of the cookies stored on the disk to a larger number to prevent issues with:

  55. 	// securecookie: the value is too long

  56. 	// when using OpenID Connect , since this can contain a large amount of extra information in the id_token

  57. 

  58. 	// Note, when using the FilesystemStore only the session.ID is written to a browser cookie, so this is explicit for the storage on disk

  59. 	store.MaxLength(math.MaxInt16)

  60. 	gothic.Store = store

  61. 

  62. 	gothic.SetState = func(req *http.Request) string {

  63. 		return uuid.NewV4().String()

  64. 	}

  65. 

  66. 	gothic.GetProviderName = func(req *http.Request) (string, error) {

  67. 		return req.Header.Get(providerHeaderKey), nil

  68. 	}

  69. 

  70. 	return nil

  71. }

  72. 

  73. // Auth OAuth2 auth service

  74. func Auth(provider string, request *http.Request, response http.ResponseWriter) error {

  75. 	// not sure if goth is thread safe (?) when using multiple providers

  76. 	request.Header.Set(providerHeaderKey, provider)

  77. 

  78. 	// don't use the default gothic begin handler to prevent issues when some error occurs

  79. 	// normally the gothic library will write some custom stuff to the response instead of our own nice error page

  80. 	//gothic.BeginAuthHandler(response, request)

  81. 

  82. 	url, err := gothic.GetAuthURL(response, request)

  83. 	if err == nil {

  84. 		http.Redirect(response, request, url, http.StatusTemporaryRedirect)

  85. 	}

  86. 	return err

  87. }

  88. 

  89. // ProviderCallback handles OAuth callback, resolve to a goth user and send back to original url

  90. // this will trigger a new authentication request, but because we save it in the session we can use that

  91. func ProviderCallback(provider string, request *http.Request, response http.ResponseWriter) (goth.User, error) {

  92. 	// not sure if goth is thread safe (?) when using multiple providers

  93. 	request.Header.Set(providerHeaderKey, provider)

  94. 

  95. 	user, err := gothic.CompleteUserAuth(response, request)

  96. 	if err != nil {

  97. 		return user, err

  98. 	}

  99. 

  100. 	return user, nil

  101. }

  102. 

  103. // RegisterProvider register a OAuth2 provider in goth lib

  104. func RegisterProvider(providerName, providerType, clientID, clientSecret, openIDConnectAutoDiscoveryURL string, customURLMapping *CustomURLMapping) error {

  105. 	provider, err := createProvider(providerName, providerType, clientID, clientSecret, openIDConnectAutoDiscoveryURL, customURLMapping)

  106. 

  107. 	if err == nil && provider != nil {

  108. 		goth.UseProviders(provider)

  109. 	}

  110. 

  111. 	return err

  112. }

  113. 

  114. // RemoveProvider removes the given OAuth2 provider from the goth lib

  115. func RemoveProvider(providerName string) {

  116. 	delete(goth.GetProviders(), providerName)

  117. }

  118. 

  119. // used to create different types of goth providers

  120. func createProvider(providerName, providerType, clientID, clientSecret, openIDConnectAutoDiscoveryURL string, customURLMapping *CustomURLMapping) (goth.Provider, error) {

  121. 	callbackURL := setting.AppURL + "user/oauth2/" + providerName + "/callback"

  122. 

  123. 	var provider goth.Provider

  124. 	var err error

  125. 

  126. 	switch providerType {

  127. 	case "bitbucket":

  128. 		provider = bitbucket.New(clientID, clientSecret, callbackURL, "account")

  129. 	case "dropbox":

  130. 		provider = dropbox.New(clientID, clientSecret, callbackURL)

  131. 	case "facebook":

  132. 		provider = facebook.New(clientID, clientSecret, callbackURL, "email")

  133. 	case "github":

  134. 		authURL := github.AuthURL

  135. 		tokenURL := github.TokenURL

  136. 		profileURL := github.ProfileURL

  137. 		emailURL := github.EmailURL

  138. 		if customURLMapping != nil {

  139. 			if len(customURLMapping.AuthURL) > 0 {

  140. 				authURL = customURLMapping.AuthURL

  141. 			}

  142. 			if len(customURLMapping.TokenURL) > 0 {

  143. 				tokenURL = customURLMapping.TokenURL

  144. 			}

  145. 			if len(customURLMapping.ProfileURL) > 0 {

  146. 				profileURL = customURLMapping.ProfileURL

  147. 			}

  148. 			if len(customURLMapping.EmailURL) > 0 {

  149. 				emailURL = customURLMapping.EmailURL

  150. 			}

  151. 		}

  152. 		provider = github.NewCustomisedURL(clientID, clientSecret, callbackURL, authURL, tokenURL, profileURL, emailURL)

  153. 	case "gitlab":

  154. 		authURL := gitlab.AuthURL

  155. 		tokenURL := gitlab.TokenURL

  156. 		profileURL := gitlab.ProfileURL

  157. 		if customURLMapping != nil {

  158. 			if len(customURLMapping.AuthURL) > 0 {

  159. 				authURL = customURLMapping.AuthURL

  160. 			}

  161. 			if len(customURLMapping.TokenURL) > 0 {

  162. 				tokenURL = customURLMapping.TokenURL

  163. 			}

  164. 			if len(customURLMapping.ProfileURL) > 0 {

  165. 				profileURL = customURLMapping.ProfileURL

  166. 			}

  167. 		}

  168. 		provider = gitlab.NewCustomisedURL(clientID, clientSecret, callbackURL, authURL, tokenURL, profileURL, "read_user")

  169. 	case "gplus": // named gplus due to legacy gplus -> google migration (Google killed Google+). This ensures old connections still work

  170. 		provider = google.New(clientID, clientSecret, callbackURL)

  171. 	case "openidConnect":

  172. 		if provider, err = openidConnect.New(clientID, clientSecret, callbackURL, openIDConnectAutoDiscoveryURL); err != nil {

  173. 			log.Warn("Failed to create OpenID Connect Provider with name '%s' with url '%s': %v", providerName, openIDConnectAutoDiscoveryURL, err)

  174. 		}

  175. 	case "twitter":

  176. 		provider = twitter.NewAuthenticate(clientID, clientSecret, callbackURL)

  177. 	case "discord":

  178. 		provider = discord.New(clientID, clientSecret, callbackURL, discord.ScopeIdentify, discord.ScopeEmail)

  179. 	case "gitea":

  180. 		authURL := gitea.AuthURL

  181. 		tokenURL := gitea.TokenURL

  182. 		profileURL := gitea.ProfileURL

  183. 		if customURLMapping != nil {

  184. 			if len(customURLMapping.AuthURL) > 0 {

  185. 				authURL = customURLMapping.AuthURL

  186. 			}

  187. 			if len(customURLMapping.TokenURL) > 0 {

  188. 				tokenURL = customURLMapping.TokenURL

  189. 			}

  190. 			if len(customURLMapping.ProfileURL) > 0 {

  191. 				profileURL = customURLMapping.ProfileURL

  192. 			}

  193. 		}

  194. 		provider = gitea.NewCustomisedURL(clientID, clientSecret, callbackURL, authURL, tokenURL, profileURL)

  195. 	}

  196. 

  197. 	// always set the name if provider is created so we can support multiple setups of 1 provider

  198. 	if err == nil && provider != nil {

  199. 		provider.SetName(providerName)

  200. 	}

  201. 

  202. 	return provider, err

  203. }

  204. 

  205. // GetDefaultTokenURL return the default token url for the given provider

  206. func GetDefaultTokenURL(provider string) string {

  207. 	switch provider {

  208. 	case "github":

  209. 		return github.TokenURL

  210. 	case "gitlab":

  211. 		return gitlab.TokenURL

  212. 	case "gitea":

  213. 		return gitea.TokenURL

  214. 	}

  215. 	return ""

  216. }

  217. 

  218. // GetDefaultAuthURL return the default authorize url for the given provider

  219. func GetDefaultAuthURL(provider string) string {

  220. 	switch provider {

  221. 	case "github":

  222. 		return github.AuthURL

  223. 	case "gitlab":

  224. 		return gitlab.AuthURL

  225. 	case "gitea":

  226. 		return gitea.AuthURL

  227. 	}

  228. 	return ""

  229. }

  230. 

  231. // GetDefaultProfileURL return the default profile url for the given provider

  232. func GetDefaultProfileURL(provider string) string {

  233. 	switch provider {

  234. 	case "github":

  235. 		return github.ProfileURL

  236. 	case "gitlab":

  237. 		return gitlab.ProfileURL

  238. 	case "gitea":

  239. 		return gitea.ProfileURL

  240. 	}

  241. 	return ""

  242. }

  243. 

  244. // GetDefaultEmailURL return the default email url for the given provider

  245. func GetDefaultEmailURL(provider string) string {

  246. 	if provider == "github" {

  247. 		return github.EmailURL

  248. 	}

  249. 	return ""

  250. }