| package iflow |
|
|
| import ( |
| "context" |
| "fmt" |
| "net" |
| "net/http" |
| "strings" |
| "sync" |
| "time" |
|
|
| log "github.com/sirupsen/logrus" |
| ) |
|
|
| const errorRedirectURL = "https://iflow.cn/oauth/error" |
|
|
| |
| type OAuthResult struct { |
| Code string |
| State string |
| Error string |
| } |
|
|
| |
| type OAuthServer struct { |
| server *http.Server |
| port int |
| result chan *OAuthResult |
| errChan chan error |
| mu sync.Mutex |
| running bool |
| } |
|
|
| |
| func NewOAuthServer(port int) *OAuthServer { |
| return &OAuthServer{ |
| port: port, |
| result: make(chan *OAuthResult, 1), |
| errChan: make(chan error, 1), |
| } |
| } |
|
|
| |
| func (s *OAuthServer) Start() error { |
| s.mu.Lock() |
| defer s.mu.Unlock() |
| if s.running { |
| return fmt.Errorf("iflow oauth server already running") |
| } |
| if !s.isPortAvailable() { |
| return fmt.Errorf("port %d is already in use", s.port) |
| } |
|
|
| mux := http.NewServeMux() |
| mux.HandleFunc("/oauth2callback", s.handleCallback) |
|
|
| s.server = &http.Server{ |
| Addr: fmt.Sprintf(":%d", s.port), |
| Handler: mux, |
| ReadTimeout: 10 * time.Second, |
| WriteTimeout: 10 * time.Second, |
| } |
|
|
| s.running = true |
|
|
| go func() { |
| if err := s.server.ListenAndServe(); err != nil && err != http.ErrServerClosed { |
| s.errChan <- err |
| } |
| }() |
|
|
| time.Sleep(100 * time.Millisecond) |
| return nil |
| } |
|
|
| |
| func (s *OAuthServer) Stop(ctx context.Context) error { |
| s.mu.Lock() |
| defer s.mu.Unlock() |
| if !s.running || s.server == nil { |
| return nil |
| } |
| defer func() { |
| s.running = false |
| s.server = nil |
| }() |
| return s.server.Shutdown(ctx) |
| } |
|
|
| |
| func (s *OAuthServer) WaitForCallback(timeout time.Duration) (*OAuthResult, error) { |
| select { |
| case res := <-s.result: |
| return res, nil |
| case err := <-s.errChan: |
| return nil, err |
| case <-time.After(timeout): |
| return nil, fmt.Errorf("timeout waiting for OAuth callback") |
| } |
| } |
|
|
| func (s *OAuthServer) handleCallback(w http.ResponseWriter, r *http.Request) { |
| if r.Method != http.MethodGet { |
| http.Error(w, "method not allowed", http.StatusMethodNotAllowed) |
| return |
| } |
|
|
| query := r.URL.Query() |
| if errParam := strings.TrimSpace(query.Get("error")); errParam != "" { |
| s.sendResult(&OAuthResult{Error: errParam}) |
| http.Redirect(w, r, errorRedirectURL, http.StatusFound) |
| return |
| } |
|
|
| code := strings.TrimSpace(query.Get("code")) |
| if code == "" { |
| s.sendResult(&OAuthResult{Error: "missing_code"}) |
| http.Redirect(w, r, errorRedirectURL, http.StatusFound) |
| return |
| } |
|
|
| state := query.Get("state") |
| s.sendResult(&OAuthResult{Code: code, State: state}) |
| http.Redirect(w, r, SuccessRedirectURL, http.StatusFound) |
| } |
|
|
| func (s *OAuthServer) sendResult(res *OAuthResult) { |
| select { |
| case s.result <- res: |
| default: |
| log.Debug("iflow oauth result channel full, dropping result") |
| } |
| } |
|
|
| func (s *OAuthServer) isPortAvailable() bool { |
| addr := fmt.Sprintf(":%d", s.port) |
| listener, err := net.Listen("tcp", addr) |
| if err != nil { |
| return false |
| } |
| _ = listener.Close() |
| return true |
| } |
|
|