418 lines
12 KiB
Go
418 lines
12 KiB
Go
package core
|
|
|
|
import (
|
|
"crypto/hmac"
|
|
"crypto/sha1"
|
|
"encoding/base64"
|
|
"encoding/json"
|
|
"io"
|
|
"net/http"
|
|
"net/url"
|
|
"strconv"
|
|
"strings"
|
|
"time"
|
|
|
|
"repositories.action2quare.com/ayo/gocommon/logger"
|
|
|
|
"go.mongodb.org/mongo-driver/bson"
|
|
"go.mongodb.org/mongo-driver/bson/primitive"
|
|
"go.mongodb.org/mongo-driver/mongo/options"
|
|
)
|
|
|
|
func (mg *Maingate) platform_twitter_get_login_url(w http.ResponseWriter, r *http.Request) {
|
|
|
|
browserinfo, err := mg.GetUserBrowserInfo(r)
|
|
|
|
if err != nil {
|
|
w.WriteHeader(http.StatusBadRequest)
|
|
logger.Error(err)
|
|
return
|
|
}
|
|
|
|
existid := r.URL.Query().Get("existid")
|
|
//fmt.Println("existid =>", existid)
|
|
if existid != "" {
|
|
// 기존 계정이 있는 경우에는 그 계정 부터 조회한다.
|
|
info, err := mg.getUserTokenWithCheck(AuthPlatformTwitter, existid, browserinfo)
|
|
if err == nil {
|
|
if info.token != "" {
|
|
params := url.Values{}
|
|
params.Add("id", existid)
|
|
params.Add("authtype", AuthPlatformTwitter)
|
|
http.Redirect(w, r, "actionsquare://login?"+params.Encode(), http.StatusSeeOther)
|
|
return
|
|
}
|
|
}
|
|
}
|
|
|
|
sessionkey := mg.GeneratePlatformLoginNonceKey()
|
|
nonce := mg.GeneratePlatformLoginNonceKey()
|
|
|
|
auth_token, auth_secret := parse_TwitterOAuthToken(mg.CallTwitterAPI_WithAPPKey("https://api.twitter.com/oauth/request_token", "POST", nonce))
|
|
|
|
if auth_token == "" || auth_secret == "" {
|
|
w.WriteHeader(http.StatusBadRequest)
|
|
} else {
|
|
|
|
mg.mongoClient.Delete(CollectionPlatformLoginToken, bson.M{
|
|
"platform": AuthPlatformTwitter,
|
|
"key": sessionkey,
|
|
})
|
|
|
|
_, _, err := mg.mongoClient.Update(CollectionPlatformLoginToken, bson.M{
|
|
"_id": primitive.NewObjectID(),
|
|
}, bson.M{
|
|
"$setOnInsert": bson.M{
|
|
"platform": AuthPlatformTwitter,
|
|
"key": sessionkey,
|
|
"token": auth_token,
|
|
"secret": auth_secret,
|
|
"nonce": nonce,
|
|
"brinfo": browserinfo,
|
|
},
|
|
}, options.Update().SetUpsert(true))
|
|
|
|
if err != nil {
|
|
w.WriteHeader(http.StatusBadRequest)
|
|
logger.Error(err)
|
|
return
|
|
}
|
|
}
|
|
|
|
// set cookie for storing token
|
|
cookie := http.Cookie{
|
|
Name: "LoginFlowContext_SessionKey",
|
|
Value: sessionkey,
|
|
Expires: time.Now().Add(1 * time.Hour),
|
|
//SameSite: http.SameSiteStrictMode,
|
|
SameSite: http.SameSiteLaxMode,
|
|
// HttpOnly: false,
|
|
Secure: true,
|
|
Path: "/",
|
|
}
|
|
http.SetCookie(w, &cookie)
|
|
|
|
params := url.Values{}
|
|
params.Add("oauth_token", auth_token)
|
|
http.Redirect(w, r, "https://api.twitter.com/oauth/authorize?"+params.Encode(), http.StatusSeeOther)
|
|
}
|
|
|
|
func (mg *Maingate) platform_twitter_authorize(w http.ResponseWriter, r *http.Request) {
|
|
|
|
// defer r.Body.Close()
|
|
// body, _ := io.ReadAll(r.Body)
|
|
// bodyString := string(body)
|
|
|
|
// oauth_token := r.URL.Query().Get("oauth_token")
|
|
// oauth_verifier := r.URL.Query().Get("oauth_verifier")
|
|
// fmt.Println("bodyString")
|
|
// fmt.Println(bodyString)
|
|
// fmt.Println("=======================")
|
|
// fmt.Println("Req: %s %s", r.URL.Host, r.URL.Path)
|
|
// fmt.Println(oauth_token, oauth_verifier)
|
|
// fmt.Println("=======================")
|
|
|
|
// set cookie for storing token
|
|
cookie := http.Cookie{
|
|
Name: "LoginFlowContext_code",
|
|
Value: r.URL.Query().Encode(),
|
|
Expires: time.Now().Add(1 * time.Minute),
|
|
SameSite: http.SameSiteLaxMode,
|
|
Secure: true,
|
|
Path: "/",
|
|
}
|
|
http.SetCookie(w, &cookie)
|
|
|
|
http.Redirect(w, r, config.RedirectBaseUrl+"/authorize_result/"+AuthPlatformTwitter, http.StatusSeeOther) //-- 바로 받으니까 쿠키 안와서 한번 더 Redirect 시킨다.
|
|
}
|
|
|
|
func (mg *Maingate) platform_twitter_authorize_result(w http.ResponseWriter, r *http.Request) {
|
|
|
|
brinfo, err := mg.GetUserBrowserInfo(r)
|
|
if err != nil {
|
|
w.WriteHeader(http.StatusBadRequest)
|
|
logger.Error(err)
|
|
return
|
|
}
|
|
|
|
cookie, err := r.Cookie("LoginFlowContext_SessionKey")
|
|
if err != nil {
|
|
logger.Println("Session not found", err)
|
|
w.WriteHeader(http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
cookiecode, err := r.Cookie("LoginFlowContext_code")
|
|
if err != nil {
|
|
logger.Println("code not found", err)
|
|
w.WriteHeader(http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
code := cookiecode.Value
|
|
found, err := mg.mongoClient.FindOne(CollectionPlatformLoginToken, bson.M{
|
|
"key": cookie.Value,
|
|
"platform": AuthPlatformTwitter,
|
|
})
|
|
|
|
if err != nil {
|
|
logger.Println("LoginFlowContext_SessionKey find key :", err)
|
|
w.WriteHeader(http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
if found == nil {
|
|
logger.Println("LoginFlowContext_SessionKey not found")
|
|
w.WriteHeader(http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
if cookie.Value != found["key"] {
|
|
logger.Println("LoginFlowContext_SessionKey key not match")
|
|
logger.Println(cookie.Value)
|
|
logger.Println(found["key"])
|
|
w.WriteHeader(http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
if brinfo != found["brinfo"] { //-- 로그인 시작점과 인증점의 브라우저 혹은 접속지 정보가 다르다?
|
|
logger.Println("LoginFlowContext_SessionKey brinfo not match ")
|
|
logger.Println(brinfo)
|
|
logger.Println(found["brinfo"])
|
|
w.WriteHeader(http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
urlvalue, err := url.ParseQuery(code)
|
|
if err != nil {
|
|
logger.Println("Token parse error")
|
|
w.WriteHeader(http.StatusBadRequest)
|
|
return
|
|
}
|
|
//===
|
|
|
|
oauth_token := urlvalue.Get("oauth_token")
|
|
oauth_verifier := urlvalue.Get("oauth_verifier")
|
|
if oauth_token == "" || oauth_verifier == "" {
|
|
w.WriteHeader(400)
|
|
return
|
|
}
|
|
|
|
userid, token, secret := getTwitterAccessToken("https://api.twitter.com/oauth/access_token?oauth_token=" + oauth_token + "&oauth_verifier=" + oauth_verifier)
|
|
|
|
if userid != "" && token != "" && secret != "" {
|
|
|
|
var info usertokeninfo
|
|
info.platform = AuthPlatformTwitter
|
|
info.userid = userid
|
|
info.token = token
|
|
info.secret = secret
|
|
info.brinfo = brinfo
|
|
|
|
mg.setUserToken(info)
|
|
params := url.Values{}
|
|
params.Add("id", userid)
|
|
params.Add("authtype", AuthPlatformTwitter)
|
|
http.Redirect(w, r, "actionsquare://login?"+params.Encode(), http.StatusSeeOther)
|
|
} else {
|
|
http.Redirect(w, r, "actionsquare://error", http.StatusSeeOther)
|
|
}
|
|
|
|
}
|
|
|
|
func (mg *Maingate) platform_twitter_getuserinfo(token, secret string) (bool, string, string) {
|
|
|
|
result := mg.CallTwitterAPI("https://api.twitter.com/1.1/account/verify_credentials.json?include_email=true", "GET", token, secret, mg.GeneratePlatformLoginNonceKey())
|
|
|
|
var TwitterUserInfo struct {
|
|
Id string `json:"id_str"`
|
|
Name string `json:"name"`
|
|
Username string `json:"screen_name"`
|
|
Email string `json:"email"`
|
|
}
|
|
|
|
err := json.Unmarshal([]byte(result), &TwitterUserInfo)
|
|
if err != nil {
|
|
logger.Error("twitter userinfo api unmarshal fail :", result)
|
|
return false, "", ""
|
|
}
|
|
|
|
// fmt.Println("=====================")
|
|
// fmt.Println(result)
|
|
// fmt.Println(TwitterUserInfo.Id)
|
|
// fmt.Println(TwitterUserInfo.Name)
|
|
// fmt.Println(TwitterUserInfo.Username)
|
|
// fmt.Println(TwitterUserInfo.Email)
|
|
// fmt.Println("=====================")
|
|
|
|
return true, TwitterUserInfo.Id, TwitterUserInfo.Email
|
|
}
|
|
|
|
func (mg *Maingate) CallTwitterAPI_WithAPPKey(requesturl, method, nonce string) string {
|
|
return mg.CallTwitterAPI(requesturl, method, config.TwitterOAuthKey, config.TwitterOAuthSecret, nonce)
|
|
}
|
|
|
|
func (mg *Maingate) CallTwitterAPI(requesturl, method, oauth_token, oauth_secret, nonce string) string {
|
|
vals := url.Values{}
|
|
|
|
if method == "GET" {
|
|
splited := strings.Split(requesturl, "?")
|
|
if len(splited) > 1 {
|
|
parameter := splited[1]
|
|
args := strings.Split(parameter, "&")
|
|
for _, arg := range args {
|
|
tempsplited := strings.Split(arg, "=")
|
|
if len(tempsplited) == 2 {
|
|
vals.Add(tempsplited[0], tempsplited[1])
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
//vals.Add("oauth_callback", "actionclient://callback")
|
|
//vals.Add("oauth_callback", "http://127.0.0.1:7770/auth")
|
|
|
|
vals.Add("oauth_callback", config.RedirectBaseUrl+"/authorize/"+AuthPlatformTwitter)
|
|
vals.Add("oauth_consumer_key", config.TwitterCustomerKey)
|
|
vals.Add("oauth_token", oauth_token)
|
|
vals.Add("oauth_signature_method", "HMAC-SHA1")
|
|
vals.Add("oauth_timestamp", strconv.Itoa(int(time.Now().Unix())))
|
|
vals.Add("oauth_nonce", nonce)
|
|
vals.Add("oauth_version", "1.0")
|
|
|
|
parameterString := strings.Replace(vals.Encode(), "+", "%20", -1)
|
|
signatureBase := strings.ToUpper(method) + "&" + url.QueryEscape(strings.Split(requesturl, "?")[0]) + "&" + url.QueryEscape(parameterString)
|
|
signingKey := url.QueryEscape(config.TwitterCustomerSecret) + "&" + url.QueryEscape(oauth_secret)
|
|
signature := calculateTwitterSignature(signatureBase, signingKey)
|
|
|
|
headerString := "OAuth oauth_callback=\"" + url.QueryEscape(vals.Get("oauth_callback")) + "\", oauth_consumer_key=\"" + url.QueryEscape(vals.Get("oauth_consumer_key")) + "\", oauth_nonce=\"" + url.QueryEscape(vals.Get("oauth_nonce")) +
|
|
"\", oauth_signature=\"" + url.QueryEscape(signature) + "\", oauth_signature_method=\"" + url.QueryEscape(vals.Get("oauth_signature_method")) +
|
|
"\", oauth_timestamp=\"" + url.QueryEscape(vals.Get("oauth_timestamp")) + "\", oauth_token=\"" + url.QueryEscape(vals.Get("oauth_token")) +
|
|
"\", oauth_version=\"" + url.QueryEscape(vals.Get("oauth_version")) + "\""
|
|
|
|
client := &http.Client{}
|
|
|
|
req, err := http.NewRequest(method, requesturl, nil)
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
|
|
req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
|
|
req.Header.Add("Content-Length", "0")
|
|
req.Header.Add("Accept-Encoding", "application/json")
|
|
req.Header.Add("Host", "api.twitter.com")
|
|
req.Header.Add("Accept", "*/*")
|
|
req.Header.Add("Authorization", headerString)
|
|
|
|
resp, err := client.Do(req)
|
|
if err != nil {
|
|
logger.Error(err)
|
|
}
|
|
defer resp.Body.Close()
|
|
|
|
strBody := ""
|
|
respBody, err := io.ReadAll(resp.Body)
|
|
if err == nil {
|
|
strBody = string(respBody)
|
|
}
|
|
|
|
if resp.StatusCode != 200 {
|
|
logger.Error("Error: ", resp.StatusCode, err, strBody)
|
|
return "error"
|
|
}
|
|
|
|
return strBody
|
|
}
|
|
|
|
func getTwitterAccessToken(requesturl string) (string, string, string) {
|
|
|
|
client := &http.Client{}
|
|
|
|
req, err := http.NewRequest("POST", requesturl, nil)
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
|
|
req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
|
|
req.Header.Add("Content-Length", "0")
|
|
req.Header.Add("Accept-Encoding", "application/json")
|
|
req.Header.Add("Host", "api.twitter.com")
|
|
req.Header.Add("Accept", "*/*")
|
|
|
|
resp, err := client.Do(req)
|
|
if err != nil {
|
|
logger.Error(err)
|
|
return "", "", ""
|
|
}
|
|
defer resp.Body.Close()
|
|
|
|
strBody := ""
|
|
respBody, err := io.ReadAll(resp.Body)
|
|
if err == nil {
|
|
strBody = string(respBody)
|
|
}
|
|
|
|
if resp.StatusCode != 200 {
|
|
logger.Error("Error: ", resp.StatusCode, err, strBody)
|
|
return "", "", ""
|
|
}
|
|
|
|
params := strings.Split(strBody, "&")
|
|
oauth_token := ""
|
|
oauth_secret := ""
|
|
user_id := ""
|
|
//screen_name := ""
|
|
for _, param := range params {
|
|
parsedStr := strings.Split(param, "=")
|
|
if len(parsedStr) == 2 {
|
|
if parsedStr[0] == "oauth_token" {
|
|
oauth_token = parsedStr[1]
|
|
}
|
|
if parsedStr[0] == "oauth_token_secret" {
|
|
oauth_secret = parsedStr[1]
|
|
}
|
|
if parsedStr[0] == "user_id" {
|
|
user_id = parsedStr[1]
|
|
}
|
|
// if parsedStr[0] == "screen_name" {
|
|
// screen_name = parsedStr[1]
|
|
// }
|
|
}
|
|
}
|
|
|
|
// ret := ""
|
|
|
|
// if oauth_token != "" && oauth_secret != "" && user_id != "" && screen_name != "" {
|
|
// ret = "{ \"AuthToken\": \"" + oauth_token + "\", \"UserId\": \"" + user_id + "\", \"Screen_name\": \"" + screen_name + "\" }"
|
|
// }
|
|
// return ret, user_id, oauth_token, oauth_secret
|
|
return user_id, oauth_token, oauth_secret
|
|
}
|
|
|
|
func calculateTwitterSignature(base, key string) string {
|
|
hash := hmac.New(sha1.New, []byte(key))
|
|
hash.Write([]byte(base))
|
|
signature := hash.Sum(nil)
|
|
return base64.StdEncoding.EncodeToString(signature)
|
|
}
|
|
|
|
func parse_TwitterOAuthToken(strBody string) (string, string) {
|
|
params := strings.Split(strBody, "&")
|
|
oauth_token := ""
|
|
oauth_secret := ""
|
|
for _, param := range params {
|
|
parsedStr := strings.Split(param, "=")
|
|
|
|
if len(parsedStr) == 2 {
|
|
if parsedStr[0] == "oauth_token" {
|
|
oauth_token = parsedStr[1]
|
|
}
|
|
if parsedStr[0] == "oauth_token_secret" {
|
|
oauth_secret = parsedStr[1]
|
|
}
|
|
}
|
|
}
|
|
|
|
return oauth_token, oauth_secret
|
|
}
|