github.com/vnforks/kid/v5@v5.22.1-0.20200408055009-b89d99c65676/model/authorize.go

github.com/vnforks/kid/v5@v5.22.1-0.20200408055009-b89d99c65676/model/authorize.go (about)

     1  // Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved.
     2  // See LICENSE.txt for license information.
     3  
     4  package model
     5  
     6  import (
     7  	"encoding/json"
     8  	"io"
     9  	"net/http"
    10  )
    11  
    12  const (
    13  	AUTHCODE_EXPIRE_TIME   = 60 * 10 // 10 minutes
    14  	AUTHCODE_RESPONSE_TYPE = "code"
    15  	IMPLICIT_RESPONSE_TYPE = "token"
    16  	DEFAULT_SCOPE          = "user"
    17  )
    18  
    19  type AuthData struct {
    20  	ClientId    string `json:"client_id"`
    21  	UserId      string `json:"user_id"`
    22  	Code        string `json:"code"`
    23  	ExpiresIn   int32  `json:"expires_in"`
    24  	CreateAt    int64  `json:"create_at"`
    25  	RedirectUri string `json:"redirect_uri"`
    26  	State       string `json:"state"`
    27  	Scope       string `json:"scope"`
    28  }
    29  
    30  type AuthorizeRequest struct {
    31  	ResponseType string `json:"response_type"`
    32  	ClientId     string `json:"client_id"`
    33  	RedirectUri  string `json:"redirect_uri"`
    34  	Scope        string `json:"scope"`
    35  	State        string `json:"state"`
    36  }
    37  
    38  // IsValid validates the AuthData and returns an error if it isn't configured
    39  // correctly.
    40  func (ad *AuthData) IsValid() *AppError {
    41  
    42  	if len(ad.ClientId) != 26 {
    43  		return NewAppError("AuthData.IsValid", "model.authorize.is_valid.client_id.app_error", nil, "", http.StatusBadRequest)
    44  	}
    45  
    46  	if len(ad.UserId) != 26 {
    47  		return NewAppError("AuthData.IsValid", "model.authorize.is_valid.user_id.app_error", nil, "", http.StatusBadRequest)
    48  	}
    49  
    50  	if len(ad.Code) == 0 || len(ad.Code) > 128 {
    51  		return NewAppError("AuthData.IsValid", "model.authorize.is_valid.auth_code.app_error", nil, "client_id="+ad.ClientId, http.StatusBadRequest)
    52  	}
    53  
    54  	if ad.ExpiresIn == 0 {
    55  		return NewAppError("AuthData.IsValid", "model.authorize.is_valid.expires.app_error", nil, "", http.StatusBadRequest)
    56  	}
    57  
    58  	if ad.CreateAt <= 0 {
    59  		return NewAppError("AuthData.IsValid", "model.authorize.is_valid.create_at.app_error", nil, "client_id="+ad.ClientId, http.StatusBadRequest)
    60  	}
    61  
    62  	if len(ad.RedirectUri) > 256 || !IsValidHttpUrl(ad.RedirectUri) {
    63  		return NewAppError("AuthData.IsValid", "model.authorize.is_valid.redirect_uri.app_error", nil, "client_id="+ad.ClientId, http.StatusBadRequest)
    64  	}
    65  
    66  	if len(ad.State) > 1024 {
    67  		return NewAppError("AuthData.IsValid", "model.authorize.is_valid.state.app_error", nil, "client_id="+ad.ClientId, http.StatusBadRequest)
    68  	}
    69  
    70  	if len(ad.Scope) > 128 {
    71  		return NewAppError("AuthData.IsValid", "model.authorize.is_valid.scope.app_error", nil, "client_id="+ad.ClientId, http.StatusBadRequest)
    72  	}
    73  
    74  	return nil
    75  }
    76  
    77  // IsValid validates the AuthorizeRequest and returns an error if it isn't configured
    78  // correctly.
    79  func (ar *AuthorizeRequest) IsValid() *AppError {
    80  
    81  	if len(ar.ClientId) != 26 {
    82  		return NewAppError("AuthData.IsValid", "model.authorize.is_valid.client_id.app_error", nil, "", http.StatusBadRequest)
    83  	}
    84  
    85  	if len(ar.ResponseType) == 0 {
    86  		return NewAppError("AuthData.IsValid", "model.authorize.is_valid.response_type.app_error", nil, "", http.StatusBadRequest)
    87  	}
    88  
    89  	if len(ar.RedirectUri) == 0 || len(ar.RedirectUri) > 256 || !IsValidHttpUrl(ar.RedirectUri) {
    90  		return NewAppError("AuthData.IsValid", "model.authorize.is_valid.redirect_uri.app_error", nil, "client_id="+ar.ClientId, http.StatusBadRequest)
    91  	}
    92  
    93  	if len(ar.State) > 1024 {
    94  		return NewAppError("AuthData.IsValid", "model.authorize.is_valid.state.app_error", nil, "client_id="+ar.ClientId, http.StatusBadRequest)
    95  	}
    96  
    97  	if len(ar.Scope) > 128 {
    98  		return NewAppError("AuthData.IsValid", "model.authorize.is_valid.scope.app_error", nil, "client_id="+ar.ClientId, http.StatusBadRequest)
    99  	}
   100  
   101  	return nil
   102  }
   103  
   104  func (ad *AuthData) PreSave() {
   105  	if ad.ExpiresIn == 0 {
   106  		ad.ExpiresIn = AUTHCODE_EXPIRE_TIME
   107  	}
   108  
   109  	if ad.CreateAt == 0 {
   110  		ad.CreateAt = GetMillis()
   111  	}
   112  
   113  	if len(ad.Scope) == 0 {
   114  		ad.Scope = DEFAULT_SCOPE
   115  	}
   116  }
   117  
   118  func (ad *AuthData) ToJson() string {
   119  	b, _ := json.Marshal(ad)
   120  	return string(b)
   121  }
   122  
   123  func AuthDataFromJson(data io.Reader) *AuthData {
   124  	var ad *AuthData
   125  	json.NewDecoder(data).Decode(&ad)
   126  	return ad
   127  }
   128  
   129  func (ar *AuthorizeRequest) ToJson() string {
   130  	b, _ := json.Marshal(ar)
   131  	return string(b)
   132  }
   133  
   134  func AuthorizeRequestFromJson(data io.Reader) *AuthorizeRequest {
   135  	var ar *AuthorizeRequest
   136  	json.NewDecoder(data).Decode(&ar)
   137  	return ar
   138  }
   139  
   140  func (ad *AuthData) IsExpired() bool {
   141  	return GetMillis() > ad.CreateAt+int64(ad.ExpiresIn*1000)
   142  }