-
Notifications
You must be signed in to change notification settings - Fork 5
/
main.go
67 lines (57 loc) · 1.49 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
package main
import (
"fmt"
"strings"
"time"
cmAuth "github.com/chartmuseum/auth"
"github.com/gin-gonic/gin"
)
var (
tokenGenerator *cmAuth.TokenGenerator
tokenExpiry = time.Minute * 5
requiredGrantType = "client_credentials"
masterAccessKey = "MASTERKEY"
)
func oauthTokenHandler(c *gin.Context) {
authHeader := strings.TrimPrefix(c.GetHeader("Authorization"), "Bearer ")
if authHeader != masterAccessKey {
c.JSON(401, gin.H{"error": fmt.Sprintf(authHeader)})
return
}
grantType := c.Query("grant_type")
if grantType != requiredGrantType {
c.JSON(400, gin.H{"error": fmt.Sprintf("grant_type must equal %s", requiredGrantType)})
return
}
scope := c.Query("scope")
parts := strings.Split(scope, ":")
if len(parts) != 3 || parts[0] != cmAuth.AccessEntryType {
c.JSON(400, gin.H{"error": fmt.Sprintf("scope is missing or invalid")})
return
}
access := []cmAuth.AccessEntry{
{
Name: parts[1],
Type: cmAuth.AccessEntryType,
Actions: strings.Split(parts[2], ","),
},
}
accessToken, err := tokenGenerator.GenerateToken(access, tokenExpiry)
if err != nil {
c.JSON(500, gin.H{"error": err})
return
}
c.JSON(200, gin.H{"access_token": accessToken})
}
func main() {
var err error
tokenGenerator, err = cmAuth.NewTokenGenerator(&cmAuth.TokenGeneratorOptions{
PrivateKeyPath: "../config/server.key",
})
if err != nil {
panic(err)
}
r := gin.Default()
r.POST("/oauth/token", oauthTokenHandler)
r.Run(":5001") // listen and serve on 0.0.0.0:5001
}