Basic "scotty auth" implementation

cmd/auth.go

@@ -0,0 +1,120 @@
+/*
+Copyright © 2023 Philipp Wolfer <phw@uploadedlobster.com>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
+*/
+package cmd
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"strings"
+
+	"github.com/cli/browser"
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+	"go.uploadedlobster.com/scotty/storage"
+	"golang.org/x/oauth2"
+	"golang.org/x/oauth2/spotify"
+)
+
+// authCmd represents the auth command
+var authCmd = &cobra.Command{
+	Use:   "auth",
+	Short: "Authenticate with a backend",
+	Long:  `For backends requiring authentication this command can be used to authenticate.`,
+	Run: func(cmd *cobra.Command, args []string) {
+		serviceName, serviceConfig := getConfigFromFlag(cmd, "service")
+		fmt.Print("HERE\n")
+		backend := serviceConfig.GetString("backend")
+
+		callbackHost, _ := strings.CutSuffix(viper.GetString("oauth-host"), "/")
+		if callbackHost == "" {
+			callbackHost = "127.0.0.1:2222"
+		}
+		callbackPath := "/callback/" + backend
+
+		ctx := context.Background()
+		conf := &oauth2.Config{
+			ClientID:     serviceConfig.GetString("client-id"),
+			ClientSecret: serviceConfig.GetString("client-secret"),
+			Scopes:       []string{"user-read-recently-played"},
+			RedirectURL:  "http://" + callbackHost + callbackPath,
+			Endpoint:     spotify.Endpoint,
+		}
+
+		responseChan := make(chan string)
+
+		// Start an HTTP server to listen for the response
+		http.HandleFunc(callbackPath, func(w http.ResponseWriter, r *http.Request) {
+			code := r.URL.Query().Get("code")
+			fmt.Fprint(w, "Token received, you can close this window now.")
+			responseChan <- code
+		})
+
+		go http.ListenAndServe(callbackHost, nil)
+
+		// use PKCE to protect against CSRF attacks
+		// https://www.ietf.org/archive/id/draft-ietf-oauth-security-topics-22.html#name-countermeasures-6
+		verifier := oauth2.GenerateVerifier()
+
+		// Redirect user to consent page to ask for permission
+		// for the scopes specified above.
+		url := conf.AuthCodeURL("state", oauth2.AccessTypeOffline, oauth2.S256ChallengeOption(verifier))
+		fmt.Printf("Visit the URL for the auth dialog: %v\n", url)
+
+		err := browser.OpenURL(url)
+		cobra.CheckErr(err)
+
+		code := <-responseChan
+
+		// Use the authorization code that is pushed to the redirect
+		// URL. Exchange will do the handshake to retrieve the
+		// initial access token. The HTTP Client returned by
+		// conf.Client will refresh the token as necessary.
+		// var code string
+		// _, err = fmt.Scan(&code)
+		// cobra.CheckErr(err)
+		tok, err := conf.Exchange(ctx, code, oauth2.VerifierOption(verifier))
+		cobra.CheckErr(err)
+
+		fmt.Printf("Token: %v\n", tok)
+
+		db, err := storage.New(viper.GetString("database"))
+		cobra.CheckErr(err)
+
+		err = db.SetOAuth2Token(serviceName, *tok)
+		cobra.CheckErr(err)
+
+		// oauth2.Token{
+
+		// }
+
+		// client := conf.Client(ctx, tok)
+		// client.Get("...")
+	},
+}
+
+func init() {
+	rootCmd.AddCommand(authCmd)
+
+	authCmd.Flags().StringP("service", "s", "", "Service configuration (required)")
+	authCmd.MarkFlagRequired("service")
+}