generated from posener/go-template
-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathmain.go
84 lines (73 loc) · 2.69 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
// The example program shows how to use the auth package.
//
// Before usage, credentials needs to be created.
// Go to the https://console.cloud.google.com/apis/credentials page and create an "OAuth 2.0 Client
// ID". The OAuth 2.0 client ID and secret should be passed using the 'client-id' and
// 'client-secret' flags.
// In the client ID configuration, the "Authorized Javascript origins" should contain
// http://localhost:8080 (or another URL address that this server is running at). And the
// "Authorized redirect URIs" should contain the same address with a "/auth" suffix - according to
// where the `auth.RedirectHandler()` is mounted in this code, and see that
// `auth.Config.OAuth2.RedirectURL` is configured accordingly.
package main
import (
"context"
"flag"
"fmt"
"log"
"net/http"
"github.com/posener/auth"
"golang.org/x/oauth2"
)
var (
port = flag.Int("port", 8080, "Server port")
clientID = flag.String("client-id", "", "Google OAuth 2.0 Client ID.")
clientSecret = flag.String("client-secret", "", "Google OAuth 2.0 Client secret.")
authorized = flag.String("authorized", "", "Authorized user.")
)
func main() {
flag.Parse()
// Create auth object.
a, err := auth.New(context.Background(), auth.Config{
// Client credentials. As configured in
// from https://console.cloud.google.com/apis/credentials at the "OAuth 2.0 Client IDs"
// section.
Config: oauth2.Config{
// The redirect URL should be configured in the client config in google cloud console.
RedirectURL: fmt.Sprintf("http://localhost:%d/auth", *port),
ClientID: *clientID,
ClientSecret: *clientSecret,
},
Log: log.Printf,
})
if err != nil {
log.Fatal(err)
}
mux := http.NewServeMux()
mux.Handle("/", a.Authenticate(http.HandlerFunc(handler)))
mux.Handle("/auth", a.RedirectHandler())
err = http.ListenAndServe(fmt.Sprintf(":%d", *port), mux)
if err != nil {
log.Fatal(err)
}
}
// handler is an example for http handler that is protected using Google authorization.
func handler(w http.ResponseWriter, r *http.Request) {
// Get the authenticated user from the request context.
user := auth.User(r.Context())
if user == nil {
// No user is logged in. This can only happen when the handler is not wrapped with
// `auth.Authorize`.
http.Error(w, "Not authorized", http.StatusUnauthorized)
return
}
// The authenticated user can be authorized according to the email, which identifies the
// account.
if *authorized != "" && *authorized != user.Email {
// The logged in user is not allowed for this page.
http.Error(w, fmt.Sprintf("User %s not allowed", user.Email), http.StatusForbidden)
return
}
// User is allowed, greet them.
fmt.Fprintf(w, "Hello, %s", user.Name)
}