Sign upLogin

devrelcollective/xela

View on GitHub
Star
actions/auth.go

Summary

Maintainability
A
45 mins
Test Coverage
package actions

import (
    "fmt"
    "os"
    "strings"

    "github.com/devrelcollective/xela/models"
    "github.com/gobuffalo/buffalo"
    "github.com/gobuffalo/pop"
    "github.com/gobuffalo/pop/nulls"
    "github.com/markbates/going/defaults"
    "github.com/markbates/goth"
    "github.com/markbates/goth/gothic"
    "github.com/markbates/goth/providers/google"
    "github.com/pkg/errors"
)

func init() {
    gothic.Store = App().SessionStore

    goth.UseProviders(
        google.New(os.Getenv("GOOGLE_KEY"), os.Getenv("GOOGLE_SECRET"), fmt.Sprintf("%s%s", App().Host, "/auth/google/callback")),
    )
}

func AuthCallback(c buffalo.Context) error {
    gu, err := gothic.CompleteUserAuth(c.Response(), c.Request())
    if err != nil {
        return c.Error(401, err)
    }
    tx := c.Value("tx").(*pop.Connection)
    q := tx.Where("provider = ? and provider_id = ?", gu.Provider, gu.UserID)
    exists, err := q.Exists("users")
    if err != nil {
        return errors.WithStack(err)
    }
    u := &models.User{}
    if exists {
        if err = q.First(u); err != nil {
            return errors.WithStack(err)
        }
    }
    u.Name = defaults.String(gu.Name, gu.NickName)
    u.Provider = gu.Provider
    u.ProviderID = gu.UserID
    u.Email = nulls.NewString(gu.Email)

    if userDomain := strings.SplitAfter(gu.Email, "@"); IsAuthorizedDomain(userDomain[1]) == false {
        c.Session().Clear()
        c.Flash().Add("danger", "You are not authorized to log in")
        return c.Redirect(302, "/")
    }
    if err = tx.Save(u); err != nil {
        return errors.WithStack(err)
    }

    c.Session().Set("current_user_id", u.ID)
    if err = c.Session().Save(); err != nil {
        return errors.WithStack(err)
    }

    c.Flash().Add("success", "You have been logged in")

    return c.Redirect(302, "/")
}

func IsAuthorizedDomain(userDomain string) bool {
    authorizedDomains := splitDomains(os.Getenv("AUTHORIZED_LOGIN_DOMAINS"))
    for _, domain := range authorizedDomains {
        if userDomain == string(domain) {
            return true
        }
    }
    return false
}

func splitDomains(domain string) []string {
    domains := strings.Split(domain, ",")
    return domains
}

func AuthDestroy(c buffalo.Context) error {
    c.Session().Clear()
    c.Flash().Add("success", "You have been logged out")
    return c.Redirect(302, "/")
}

func SetCurrentUser(next buffalo.Handler) buffalo.Handler {
    return func(c buffalo.Context) error {
        if uid := c.Session().Get("current_user_id"); uid != nil {
            u := &models.User{}
            tx := c.Value("tx").(*pop.Connection)
            if err := tx.Find(u, uid); err != nil {
                return errors.WithStack(err)
            }
            c.Set("current_user", u)
        }
        return next(c)
    }
}

func Authorize(next buffalo.Handler) buffalo.Handler {
    return func(c buffalo.Context) error {
        if uid := c.Session().Get("current_user_id"); uid == nil {
            c.Flash().Add("danger", "You must be authorized to see that page")
            return c.Redirect(302, "/")
        }
        return next(c)
    }
}