-
Notifications
You must be signed in to change notification settings - Fork 26
/
federate.go
75 lines (61 loc) · 1.76 KB
/
federate.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
package beyond
import (
"encoding/json"
"flag"
"net/http"
"github.com/gorilla/securecookie"
)
var (
federateAccessKey = flag.String("federate-access", "", "shared secret, 64 chars, enables federation")
federateSecretKey = flag.String("federate-secret", "", "internal secret, 64 chars")
federateAccessCodec []securecookie.Codec
federateSecretCodec []securecookie.Codec
)
func federateSetup() error {
if *federateAccessKey == "" {
return nil
}
federateAccessCodec = securecookie.CodecsFromPairs([]byte(*federateAccessKey)[0:31], []byte(*federateAccessKey)[32:64])
federateSecretCodec = securecookie.CodecsFromPairs([]byte(*federateSecretKey)[0:31], []byte(*federateSecretKey)[32:64])
return nil
}
func federate(w http.ResponseWriter, r *http.Request) {
setCacheControl(w)
// authenticate relying party
next := r.URL.Query().Get("next")
err := securecookie.DecodeMulti("next", next, &next, federateAccessCodec...)
if err != nil {
http.Error(w, err.Error(), http.StatusForbidden)
return
}
// authenticate end user
session, err := store.Get(r, *cookieName)
if err != nil {
session = store.New(*cookieName)
}
user, _ := session.Values["user"].(string)
// 401
if user == "" {
login(w, r)
return
}
// issue token
token, err := securecookie.EncodeMulti("user", user, federateSecretCodec...)
if err != nil {
http.Error(w, err.Error(), 500)
return
}
// 302
http.Redirect(w, r, next+token, http.StatusFound)
}
func federateVerify(w http.ResponseWriter, r *http.Request) {
// authenticate relying party
token := r.URL.Query().Get("token")
err := securecookie.DecodeMulti("user", token, &token, federateSecretCodec...)
if err != nil {
http.Error(w, err.Error(), 500)
return
}
v := map[string]string{"email": token}
json.NewEncoder(w).Encode(v)
}