osbzr
/
com
项目红包剩余9514,下一贡献奖励5%,即 476个红包
Observar 15
Favorito 7
Wiki 捐赠
本站源代码
Você não pode selecionar mais de 25 tópicos Os tópicos devem começar com uma letra ou um número, podem incluir traços ('-') e podem ter até 35 caracteres.
Branch: gamification
Branches Tags
${ item.name }
Criar branch ${ searchTerm }
de gamification
${ noResults }
com/vendor/github.com/mrjones/oauth/provider.go

164 linhas
4.0KB
Original Link permanente Anotar Histórico 

  1. package oauth

  2. 

  3. import (

  4. 	"bytes"

  5. 	"fmt"

  6. 	"math"

  7. 	"net/http"

  8. 	"net/url"

  9. 	"strconv"

  10. 	"strings"

  11. )

  12. 

  13. //

  14. // OAuth1 2-legged provider

  15. // Contributed by https://github.com/jacobpgallagher

  16. //

  17. 

  18. // Provide an buffer reader which implements the Close() interface

  19. type oauthBufferReader struct {

  20. 	*bytes.Buffer

  21. }

  22. 

  23. // So that it implements the io.ReadCloser interface

  24. func (m oauthBufferReader) Close() error { return nil }

  25. 

  26. type ConsumerGetter func(key string, header map[string]string) (*Consumer, error)

  27. 

  28. // Provider provides methods for a 2-legged Oauth1 provider

  29. type Provider struct {

  30. 	ConsumerGetter ConsumerGetter

  31. 

  32. 	// For mocking

  33. 	clock clock

  34. }

  35. 

  36. // NewProvider takes a function to get the consumer secret from a datastore.

  37. // Returns a Provider

  38. func NewProvider(secretGetter ConsumerGetter) *Provider {

  39. 	provider := &Provider{

  40. 		secretGetter,

  41. 		&defaultClock{},

  42. 	}

  43. 	return provider

  44. }

  45. 

  46. // Combine a URL and Request to make the URL absolute

  47. func makeURLAbs(url *url.URL, request *http.Request) {

  48. 	if !url.IsAbs() {

  49. 		url.Host = request.Host

  50. 		if request.TLS != nil || request.Header.Get("X-Forwarded-Proto") == "https" {

  51. 			url.Scheme = "https"

  52. 		} else {

  53. 			url.Scheme = "http"

  54. 		}

  55. 	}

  56. }

  57. 

  58. // IsAuthorized takes an *http.Request and returns a pointer to a string containing the consumer key,

  59. // or nil if not authorized

  60. func (provider *Provider) IsAuthorized(request *http.Request) (*string, error) {

  61. 	var err error

  62. 	var userParams map[string]string

  63. 

  64. 	// start with the body/query params

  65. 	userParams, err = parseBody(request)

  66. 	if err != nil {

  67. 		return nil, err

  68. 	}

  69. 

  70. 	// if the oauth params are in the Authorization header, grab them, and

  71. 	// let them override what's in userParams

  72. 	authHeader := request.Header.Get(HTTP_AUTH_HEADER)

  73. 	if len(authHeader) > 6 && strings.EqualFold(OAUTH_HEADER, authHeader[0:6]) {

  74. 		authHeader = authHeader[6:]

  75. 		params := strings.Split(authHeader, ",")

  76. 		for _, param := range params {

  77. 			vals := strings.SplitN(param, "=", 2)

  78. 			k := strings.Trim(vals[0], " ")

  79. 			v := strings.Trim(strings.Trim(vals[1], "\""), " ")

  80. 			if strings.HasPrefix(k, "oauth") {

  81. 				userParams[k], err = url.QueryUnescape(v)

  82. 				if err != nil {

  83. 					return nil, err

  84. 				}

  85. 			}

  86. 		}

  87. 	}

  88. 

  89. 	// pop the request's signature, it's not included in our signature

  90. 	// calculation

  91. 	oauthSignature, ok := userParams[SIGNATURE_PARAM]

  92. 	if !ok {

  93. 		return nil, fmt.Errorf("no oauth signature")

  94. 	}

  95. 	delete(userParams, SIGNATURE_PARAM)

  96. 

  97. 	// get the oauth consumer key

  98. 	consumerKey, ok := userParams[CONSUMER_KEY_PARAM]

  99. 	if !ok || consumerKey == "" {

  100. 		return nil, fmt.Errorf("no consumer key")

  101. 	}

  102. 

  103. 	// use it to create a consumer object

  104. 	consumer, err := provider.ConsumerGetter(consumerKey, userParams)

  105. 	if err != nil {

  106. 		return nil, err

  107. 	}

  108. 

  109. 	// Make sure timestamp is no more than 10 digits

  110. 	timestamp := userParams[TIMESTAMP_PARAM]

  111. 	if len(timestamp) > 10 {

  112. 		timestamp = timestamp[0:10]

  113. 	}

  114. 

  115. 	// Check the timestamp

  116. 	if !consumer.serviceProvider.IgnoreTimestamp {

  117. 		oauthTimeNumber, err := strconv.Atoi(timestamp)

  118. 		if err != nil {

  119. 			return nil, err

  120. 		}

  121. 

  122. 		if math.Abs(float64(int64(oauthTimeNumber)-provider.clock.Seconds())) > 5*60 {

  123. 			return nil, fmt.Errorf("too much clock skew")

  124. 		}

  125. 	}

  126. 

  127. 	// Include the query string params in the base string

  128. 	if consumer.serviceProvider.SignQueryParams {

  129. 		for k, v := range request.URL.Query() {

  130. 			userParams[k] = strings.Join(v, "")

  131. 		}

  132. 	}

  133. 

  134. 	// if our consumer supports bodyhash, check it

  135. 	if consumer.serviceProvider.BodyHash {

  136. 		bodyHash, err := calculateBodyHash(request, consumer.signer)

  137. 		if err != nil {

  138. 			return nil, err

  139. 		}

  140. 

  141. 		sentHash, ok := userParams[BODY_HASH_PARAM]

  142. 

  143. 		if bodyHash == "" && ok {

  144. 			return nil, fmt.Errorf("body_hash must not be set")

  145. 		} else if sentHash != bodyHash {

  146. 			return nil, fmt.Errorf("body_hash mismatch")

  147. 		}

  148. 	}

  149. 

  150. 	allParams := NewOrderedParams()

  151. 	for key, value := range userParams {

  152. 		allParams.Add(key, value)

  153. 	}

  154. 

  155. 	makeURLAbs(request.URL, request)

  156. 	baseString := consumer.requestString(request.Method, canonicalizeUrl(request.URL), allParams)

  157. 	err = consumer.signer.Verify(baseString, oauthSignature)

  158. 	if err != nil {

  159. 		return nil, err

  160. 	}

  161. 

  162. 	return &consumerKey, nil

  163. }
上海开阖软件有限公司 沪ICP备12045867号-1