File: session.go

package info (click to toggle)
golang-github-markbates-goth 1.42.0-9
  • links: PTS, VCS
  • area: main
  • in suites: bookworm, forky, sid, trixie
  • size: 968 kB
  • sloc: makefile: 3
file content (100 lines) | stat: -rw-r--r-- 2,770 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
 
// Package steam implements the OpenID protocol for authenticating users through Steam.
package steam

import (
	"encoding/json"
	"errors"
	"io/ioutil"
	"net/url"
	"regexp"
	"strings"

	"github.com/markbates/goth"
)

// Session stores data during the auth process with Steam.
type Session struct {
	AuthURL       string
	CallbackURL   string
	SteamID       string
	ResponseNonce string
}

// GetAuthURL will return the URL set by calling the `BeginAuth` function on the Steam provider.
func (s Session) GetAuthURL() (string, error) {
	if s.AuthURL == "" {
		return "", errors.New(goth.NoAuthUrlErrorMessage)
	}
	return s.AuthURL, nil
}

// Authorize the session with Steam and return the unique response_nonce by OpenID.
func (s *Session) Authorize(provider goth.Provider, params goth.Params) (string, error) {
	p := provider.(*Provider)
	if params.Get("openid.mode") != "id_res" {
		return "", errors.New("Mode must equal to \"id_res\".")
	}

	if params.Get("openid.return_to") != s.CallbackURL {
		return "", errors.New("The \"return_to url\" must match the url of current request.")
	}

	v := make(url.Values)
	v.Set("openid.assoc_handle", params.Get("openid.assoc_handle"))
	v.Set("openid.signed", params.Get("openid.signed"))
	v.Set("openid.sig", params.Get("openid.sig"))
	v.Set("openid.ns", params.Get("openid.ns"))

	split := strings.Split(params.Get("openid.signed"), ",")
	for _, item := range split {
		v.Set("openid."+item, params.Get("openid." + item))
	}
	v.Set("openid.mode", "check_authentication")

	resp, err := p.Client().PostForm(apiLoginEndpoint, v)
	if err != nil {
		return "", err
	}
	defer resp.Body.Close()
	content, err := ioutil.ReadAll(resp.Body)
	if err != nil {
		return "", err
	}

	response := strings.Split(string(content), "\n")
	if response[0] != "ns:"+openIDNs {
		return "", errors.New("Wrong ns in the response.")
	}

	if response[1] == "is_valid:false" {
		return "", errors.New("Unable validate openId.")
	}

	openIDURL := params.Get("openid.claimed_id")
	validationRegExp := regexp.MustCompile("^(http|https)://steamcommunity.com/openid/id/[0-9]{15,25}$")
	if !validationRegExp.MatchString(openIDURL) {
		return "", errors.New("Invalid Steam ID pattern.")
	}

	s.SteamID = regexp.MustCompile("\\D+").ReplaceAllString(openIDURL, "")
	s.ResponseNonce = params.Get("openid.response_nonce")

	return s.ResponseNonce, nil
}

// Marshal the session into a string
func (s Session) Marshal() string {
	b, _ := json.Marshal(s)
	return string(b)
}

func (s Session) String() string {
	return s.Marshal()
}

// UnmarshalSession will unmarshal a JSON string into a session.
func (p *Provider) UnmarshalSession(data string) (goth.Session, error) {
	s := &Session{}
	err := json.NewDecoder(strings.NewReader(data)).Decode(s)
	return s, err
}