forked from cli/cli
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathoauth.go
143 lines (128 loc) · 3.59 KB
/
oauth.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
package auth
import (
"crypto/rand"
"encoding/hex"
"errors"
"fmt"
"io"
"io/ioutil"
"net"
"net/http"
"net/url"
"os"
"strings"
"github.com/cli/cli/pkg/browser"
)
func randomString(length int) (string, error) {
b := make([]byte, length/2)
_, err := rand.Read(b)
if err != nil {
return "", err
}
return hex.EncodeToString(b), nil
}
// OAuthFlow represents the setup for authenticating with GitHub
type OAuthFlow struct {
Hostname string
ClientID string
ClientSecret string
Scopes []string
WriteSuccessHTML func(io.Writer)
VerboseStream io.Writer
}
// ObtainAccessToken guides the user through the browser OAuth flow on GitHub
// and returns the OAuth access token upon completion.
func (oa *OAuthFlow) ObtainAccessToken() (accessToken string, err error) {
state, _ := randomString(20)
code := ""
listener, err := net.Listen("tcp", "localhost:0")
if err != nil {
return
}
port := listener.Addr().(*net.TCPAddr).Port
scopes := "repo"
if oa.Scopes != nil {
scopes = strings.Join(oa.Scopes, " ")
}
q := url.Values{}
q.Set("client_id", oa.ClientID)
q.Set("redirect_uri", fmt.Sprintf("http://127.0.0.1:%d/callback", port))
q.Set("scope", scopes)
q.Set("state", state)
startURL := fmt.Sprintf("https://%s/login/oauth/authorize?%s", oa.Hostname, q.Encode())
oa.logf("open %s\n", startURL)
if err := openInBrowser(startURL); err != nil {
fmt.Fprintf(os.Stderr, "error opening web browser: %s\n", err)
fmt.Fprintf(os.Stderr, "")
fmt.Fprintf(os.Stderr, "Please open the following URL manually:\n%s\n", startURL)
fmt.Fprintf(os.Stderr, "")
// TODO: Temporary workaround for https://github.com/cli/cli/issues/297
fmt.Fprintf(os.Stderr, "If you are on a server or other headless system, use this workaround instead:")
fmt.Fprintf(os.Stderr, " 1. Complete authentication on a GUI system")
fmt.Fprintf(os.Stderr, " 2. Copy the contents of ~/.config/gh/config.yml to this system")
}
_ = http.Serve(listener, http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
oa.logf("server handler: %s\n", r.URL.Path)
if r.URL.Path != "/callback" {
w.WriteHeader(404)
return
}
defer listener.Close()
rq := r.URL.Query()
if state != rq.Get("state") {
fmt.Fprintf(w, "Error: state mismatch")
return
}
code = rq.Get("code")
oa.logf("server received code %q\n", code)
w.Header().Add("content-type", "text/html")
if oa.WriteSuccessHTML != nil {
oa.WriteSuccessHTML(w)
} else {
fmt.Fprintf(w, "<p>You have successfully authenticated. You may now close this page.</p>")
}
}))
tokenURL := fmt.Sprintf("https://%s/login/oauth/access_token", oa.Hostname)
oa.logf("POST %s\n", tokenURL)
resp, err := http.PostForm(tokenURL,
url.Values{
"client_id": {oa.ClientID},
"client_secret": {oa.ClientSecret},
"code": {code},
"state": {state},
})
if err != nil {
return
}
defer resp.Body.Close()
if resp.StatusCode != 200 {
err = fmt.Errorf("HTTP %d error while obtaining OAuth access token", resp.StatusCode)
return
}
body, err := ioutil.ReadAll(resp.Body)
if err != nil {
return
}
tokenValues, err := url.ParseQuery(string(body))
if err != nil {
return
}
accessToken = tokenValues.Get("access_token")
if accessToken == "" {
err = errors.New("the access token could not be read from HTTP response")
}
return
}
func (oa *OAuthFlow) logf(format string, args ...interface{}) {
if oa.VerboseStream == nil {
return
}
fmt.Fprintf(oa.VerboseStream, format, args...)
}
func openInBrowser(url string) error {
cmd, err := browser.Command(url)
if err != nil {
return err
}
return cmd.Run()
}