go.chromium.org/luci@v0.0.0-20240309015107-7cdc2e660f33/appengine/gaeauth/server/cookies.go

go.chromium.org/luci@v0.0.0-20240309015107-7cdc2e660f33/appengine/gaeauth/server/cookies.go (about)

     1  // Copyright 2015 The LUCI Authors.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //      http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package server
    16  
    17  import (
    18  	"context"
    19  
    20  	"go.chromium.org/luci/auth/identity"
    21  	"go.chromium.org/luci/gae/service/user"
    22  	"go.chromium.org/luci/server/auth"
    23  )
    24  
    25  // UsersAPIAuthMethod implements auth.Method and auth.UsersAPI interfaces on top
    26  // of GAE Users API (that uses HTTP cookies internally to track user sessions).
    27  //
    28  // Deprecated: this method depends on Users API not available outside of the GAE
    29  // first-gen runtime. Use go.chromium.org/luci/server/encryptedcookies instead.
    30  type UsersAPIAuthMethod struct{}
    31  
    32  // Authenticate extracts peer's identity from the incoming request.
    33  func (m UsersAPIAuthMethod) Authenticate(ctx context.Context, r auth.RequestMetadata) (*auth.User, auth.Session, error) {
    34  	u := user.Current(ctx)
    35  	if u == nil {
    36  		return nil, nil, nil
    37  	}
    38  	id, err := identity.MakeIdentity("user:" + u.Email)
    39  	if err != nil {
    40  		return nil, nil, err
    41  	}
    42  	return &auth.User{
    43  		Identity:  id,
    44  		Superuser: u.Admin,
    45  		Email:     u.Email,
    46  	}, nil, nil
    47  }
    48  
    49  // LoginURL returns a URL that, when visited, prompts the user to sign in,
    50  // then redirects the user to the URL specified by dest.
    51  func (m UsersAPIAuthMethod) LoginURL(ctx context.Context, dest string) (string, error) {
    52  	return user.LoginURL(ctx, dest)
    53  }
    54  
    55  // LogoutURL returns a URL that, when visited, signs the user out,
    56  // then redirects the user to the URL specified by dest.
    57  func (m UsersAPIAuthMethod) LogoutURL(ctx context.Context, dest string) (string, error) {
    58  	return user.LogoutURL(ctx, dest)
    59  }