mirror of
https://github.com/grafana/grafana.git
synced 2025-02-11 16:15:42 -06:00
186 lines
4.3 KiB
Go
186 lines
4.3 KiB
Go
package social
|
|
|
|
import (
|
|
"encoding/json"
|
|
"fmt"
|
|
"strconv"
|
|
"strings"
|
|
|
|
"github.com/grafana/grafana/pkg/models"
|
|
"github.com/grafana/grafana/pkg/setting"
|
|
"golang.org/x/net/context"
|
|
|
|
"golang.org/x/oauth2"
|
|
)
|
|
|
|
type BasicUserInfo struct {
|
|
Identity string
|
|
Name string
|
|
Email string
|
|
Login string
|
|
Company string
|
|
}
|
|
|
|
type SocialConnector interface {
|
|
Type() int
|
|
UserInfo(token *oauth2.Token) (*BasicUserInfo, error)
|
|
IsEmailAllowed(email string) bool
|
|
|
|
AuthCodeURL(state string, opts ...oauth2.AuthCodeOption) string
|
|
Exchange(ctx context.Context, code string) (*oauth2.Token, error)
|
|
}
|
|
|
|
var (
|
|
SocialBaseUrl = "/login/"
|
|
SocialMap = make(map[string]SocialConnector)
|
|
)
|
|
|
|
func NewOAuthService() {
|
|
setting.OAuthService = &setting.OAuther{}
|
|
setting.OAuthService.OAuthInfos = make(map[string]*setting.OAuthInfo)
|
|
|
|
allOauthes := []string{"github", "google"}
|
|
|
|
for _, name := range allOauthes {
|
|
sec := setting.Cfg.Section("auth." + name)
|
|
info := &setting.OAuthInfo{
|
|
ClientId: sec.Key("client_id").String(),
|
|
ClientSecret: sec.Key("client_secret").String(),
|
|
Scopes: sec.Key("scopes").Strings(" "),
|
|
AuthUrl: sec.Key("auth_url").String(),
|
|
TokenUrl: sec.Key("token_url").String(),
|
|
ApiUrl: sec.Key("api_url").String(),
|
|
Enabled: sec.Key("enabled").MustBool(),
|
|
AllowedDomains: sec.Key("allowed_domains").Strings(" "),
|
|
}
|
|
|
|
if !info.Enabled {
|
|
continue
|
|
}
|
|
|
|
setting.OAuthService.OAuthInfos[name] = info
|
|
config := oauth2.Config{
|
|
ClientID: info.ClientId,
|
|
ClientSecret: info.ClientSecret,
|
|
Endpoint: oauth2.Endpoint{
|
|
AuthURL: info.AuthUrl,
|
|
TokenURL: info.TokenUrl,
|
|
},
|
|
RedirectURL: strings.TrimSuffix(setting.AppUrl, "/") + SocialBaseUrl + name,
|
|
Scopes: info.Scopes,
|
|
}
|
|
|
|
// GitHub.
|
|
if name == "github" {
|
|
setting.OAuthService.GitHub = true
|
|
SocialMap["github"] = &SocialGithub{Config: &config, allowedDomains: info.AllowedDomains, ApiUrl: info.ApiUrl}
|
|
}
|
|
|
|
// Google.
|
|
if name == "google" {
|
|
setting.OAuthService.Google = true
|
|
SocialMap["google"] = &SocialGoogle{Config: &config, allowedDomains: info.AllowedDomains, ApiUrl: info.ApiUrl}
|
|
}
|
|
}
|
|
}
|
|
|
|
func isEmailAllowed(email string, allowedDomains []string) bool {
|
|
if len(allowedDomains) == 0 {
|
|
return true
|
|
}
|
|
|
|
valid := false
|
|
for _, domain := range allowedDomains {
|
|
emailSuffix := fmt.Sprintf("@%s", domain)
|
|
valid = valid || strings.HasSuffix(email, emailSuffix)
|
|
}
|
|
|
|
return valid
|
|
}
|
|
|
|
type SocialGithub struct {
|
|
*oauth2.Config
|
|
allowedDomains []string
|
|
ApiUrl string
|
|
}
|
|
|
|
func (s *SocialGithub) Type() int {
|
|
return int(models.GITHUB)
|
|
}
|
|
|
|
func (s *SocialGithub) IsEmailAllowed(email string) bool {
|
|
return isEmailAllowed(email, s.allowedDomains)
|
|
}
|
|
|
|
func (s *SocialGithub) UserInfo(token *oauth2.Token) (*BasicUserInfo, error) {
|
|
var data struct {
|
|
Id int `json:"id"`
|
|
Name string `json:"login"`
|
|
Email string `json:"email"`
|
|
}
|
|
|
|
var err error
|
|
client := s.Client(oauth2.NoContext, token)
|
|
r, err := client.Get(s.ApiUrl)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
defer r.Body.Close()
|
|
|
|
if err = json.NewDecoder(r.Body).Decode(&data); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return &BasicUserInfo{
|
|
Identity: strconv.Itoa(data.Id),
|
|
Name: data.Name,
|
|
Email: data.Email,
|
|
}, nil
|
|
}
|
|
|
|
// ________ .__
|
|
// / _____/ ____ ____ ____ | | ____
|
|
// / \ ___ / _ \ / _ \ / ___\| | _/ __ \
|
|
// \ \_\ ( <_> | <_> ) /_/ > |_\ ___/
|
|
// \______ /\____/ \____/\___ /|____/\___ >
|
|
// \/ /_____/ \/
|
|
|
|
type SocialGoogle struct {
|
|
*oauth2.Config
|
|
allowedDomains []string
|
|
ApiUrl string
|
|
}
|
|
|
|
func (s *SocialGoogle) Type() int {
|
|
return int(models.GOOGLE)
|
|
}
|
|
|
|
func (s *SocialGoogle) IsEmailAllowed(email string) bool {
|
|
return isEmailAllowed(email, s.allowedDomains)
|
|
}
|
|
|
|
func (s *SocialGoogle) UserInfo(token *oauth2.Token) (*BasicUserInfo, error) {
|
|
var data struct {
|
|
Id string `json:"id"`
|
|
Name string `json:"name"`
|
|
Email string `json:"email"`
|
|
}
|
|
var err error
|
|
|
|
client := s.Client(oauth2.NoContext, token)
|
|
r, err := client.Get(s.ApiUrl)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
defer r.Body.Close()
|
|
if err = json.NewDecoder(r.Body).Decode(&data); err != nil {
|
|
return nil, err
|
|
}
|
|
return &BasicUserInfo{
|
|
Identity: data.Id,
|
|
Name: data.Name,
|
|
Email: data.Email,
|
|
}, nil
|
|
}
|