marc/scotty
1
0
Fork 0
mirror of https://git.sr.ht/~phw/scotty synced 2025-04-16 01:59:29 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Prompt user for auth after service requireing auth added

Browse source
This commit is contained in:
Philipp Wolfer 2023-12-09 23:17:43 +01:00
parent 9449a29fb1
commit ab0e50f7aa
No known key found for this signature in database
GPG key ID: 8FDF744D4919943B
3 changed files with 106 additions and 53 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
cmd/service_add.go
View file

@ -27,9 +27,11 @@ import (
"github.com/manifoldco/promptui" "github.com/manifoldco/promptui"
"github.com/spf13/cobra" "github.com/spf13/cobra"
"go.uploadedlobster.com/scotty/internal/backends"
"go.uploadedlobster.com/scotty/internal/cli" "go.uploadedlobster.com/scotty/internal/cli"
"go.uploadedlobster.com/scotty/internal/config" "go.uploadedlobster.com/scotty/internal/config"
"go.uploadedlobster.com/scotty/internal/i18n" "go.uploadedlobster.com/scotty/internal/i18n"
"go.uploadedlobster.com/scotty/internal/models"
) )
var serviceAddCmd = &cobra.Command{ var serviceAddCmd = &cobra.Command{
@ -71,6 +73,10 @@ var serviceAddCmd = &cobra.Command{
err = service.Save() err = service.Save()
cobra.CheckErr(err) cobra.CheckErr(err)
fmt.Println(i18n.Tr("Saved service %v using backend %v", service.Name, service.Backend)) fmt.Println(i18n.Tr("Saved service %v using backend %v", service.Name, service.Backend))
// Check whether authentication is required
err = promptForAuth(service)
cobra.CheckErr(err)
}, },
} }
@ -87,3 +93,25 @@ func init() {
// is called directly, e.g.: // is called directly, e.g.:
// serviceAddCmd.Flags().BoolP("toggle", "t", false, "Help message for toggle") // serviceAddCmd.Flags().BoolP("toggle", "t", false, "Help message for toggle")
} }
func promptForAuth(service config.ServiceConfig) error {
backend, err := backends.ResolveBackend[models.OAuth2Authenticator](service)
if err != nil {
// No authentication required, return
return nil
}
doAuth, err := cli.PromptYesNo(
i18n.Tr("The backend %v requires authentication. Authenticate now?", service.Backend),
true,
)
if err != nil {
return err
}
if !doAuth {
return nil
}
cli.AuthenticationFlow(service, backend)
return nil
}

54
cmd/service_auth.go
View file

@ -17,20 +17,10 @@ Scotty. If not, see <https://www.gnu.org/licenses/>.
package cmd package cmd
import ( import (
"fmt"
"os"
"github.com/cli/browser"
"github.com/spf13/cobra" "github.com/spf13/cobra"
"github.com/spf13/viper"
"go.uploadedlobster.com/scotty/internal/auth"
"go.uploadedlobster.com/scotty/internal/backends" "go.uploadedlobster.com/scotty/internal/backends"
"go.uploadedlobster.com/scotty/internal/cli" "go.uploadedlobster.com/scotty/internal/cli"
"go.uploadedlobster.com/scotty/internal/config"
"go.uploadedlobster.com/scotty/internal/i18n"
"go.uploadedlobster.com/scotty/internal/models" "go.uploadedlobster.com/scotty/internal/models"
"go.uploadedlobster.com/scotty/internal/storage"
"golang.org/x/oauth2"
) )
var serviceAuthCmd = &cobra.Command{ var serviceAuthCmd = &cobra.Command{
@ -45,49 +35,7 @@ multiple services using the same backend but different authentication.`,
cobra.CheckErr(err) cobra.CheckErr(err)
backend, err := backends.ResolveBackend[models.OAuth2Authenticator](serviceConfig) backend, err := backends.ResolveBackend[models.OAuth2Authenticator](serviceConfig)
cobra.CheckErr(err) cobra.CheckErr(err)
cli.AuthenticationFlow(serviceConfig, backend)
redirectURL, err := backends.BuildRedirectURL(viper.GetViper(), backend.Name())
cobra.CheckErr(err)
// The backend must provide an authentication strategy
strategy := backend.OAuth2Strategy(redirectURL)
// use PKCE to protect against CSRF attacks
// https://www.ietf.org/archive/id/draft-ietf-oauth-security-topics-22.html#name-countermeasures-6
verifier := oauth2.GenerateVerifier()
state := auth.RandomState()
// Redirect user to consent page to ask for permission specified scopes.
authUrl := strategy.AuthCodeURL(verifier, state)
// Start an HTTP server to listen for the response
responseChan := make(chan auth.CodeResponse)
auth.RunOauth2CallbackServer(*redirectURL, authUrl.Param, responseChan)
// Open the URL
fmt.Println(i18n.Tr("Visit the URL for authorization: %v", authUrl.Url))
err = browser.OpenURL(authUrl.Url)
cobra.CheckErr(err)
// Retrieve the code from the authentication callback
code := <-responseChan
if code.State != authUrl.State {
cobra.CompErrorln(i18n.Tr("Error: OAuth state mismatch"))
os.Exit(1)
}
// Exchange the code for the authentication token
tok, err := strategy.ExchangeToken(code, verifier)
cobra.CheckErr(err)
// Store the retrieved token in the database
db, err := storage.New(config.DatabasePath())
cobra.CheckErr(err)
err = db.SetOAuth2Token(serviceConfig.Name, tok)
cobra.CheckErr(err)
fmt.Println(i18n.Tr("Access token received, you can use %v now.\n", serviceConfig.Name))
}, },
} }

77
internal/cli/auth.go Normal file
View file

@ -0,0 +1,77 @@
/*
Copyright © 2023 Philipp Wolfer <phw@uploadedlobster.com>
Scotty is free software: you can redistribute it and/or modify it under the
terms of the GNU General Public License as published by the Free Software
Foundation, either version 3 of the License, or (at your option) any later version.
Scotty is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with
Scotty. If not, see <https://www.gnu.org/licenses/>.
*/
package cli
import (
"fmt"
"os"
"github.com/cli/browser"
"github.com/spf13/cobra"
"github.com/spf13/viper"
"go.uploadedlobster.com/scotty/internal/auth"
"go.uploadedlobster.com/scotty/internal/backends"
"go.uploadedlobster.com/scotty/internal/config"
"go.uploadedlobster.com/scotty/internal/i18n"
"go.uploadedlobster.com/scotty/internal/models"
"go.uploadedlobster.com/scotty/internal/storage"
"golang.org/x/oauth2"
)
func AuthenticationFlow(service config.ServiceConfig, backend models.OAuth2Authenticator) {
redirectURL, err := backends.BuildRedirectURL(viper.GetViper(), backend.Name())
cobra.CheckErr(err)
// The backend must provide an authentication strategy
strategy := backend.OAuth2Strategy(redirectURL)
// use PKCE to protect against CSRF attacks
// https://www.ietf.org/archive/id/draft-ietf-oauth-security-topics-22.html#name-countermeasures-6
verifier := oauth2.GenerateVerifier()
state := auth.RandomState()
// Redirect user to consent page to ask for permission specified scopes.
authUrl := strategy.AuthCodeURL(verifier, state)
// Start an HTTP server to listen for the response
responseChan := make(chan auth.CodeResponse)
auth.RunOauth2CallbackServer(*redirectURL, authUrl.Param, responseChan)
// Open the URL
fmt.Println(i18n.Tr("Visit the URL for authorization: %v", authUrl.Url))
err = browser.OpenURL(authUrl.Url)
cobra.CheckErr(err)
// Retrieve the code from the authentication callback
code := <-responseChan
if code.State != authUrl.State {
cobra.CompErrorln(i18n.Tr("Error: OAuth state mismatch"))
os.Exit(1)
}
// Exchange the code for the authentication token
tok, err := strategy.ExchangeToken(code, verifier)
cobra.CheckErr(err)
// Store the retrieved token in the database
db, err := storage.New(config.DatabasePath())
cobra.CheckErr(err)
err = db.SetOAuth2Token(service.Name, tok)
cobra.CheckErr(err)
fmt.Println(i18n.Tr("Access token received, you can use %v now.\n", service.Name))
}