commento/api/domain_sso.go

package main

import (
	"net/http"
)

func domainSsoSecretNew(domain string) (string, error) {
	if domain == "" {
		return "", errorMissingField
	}

	ssoSecret, err := randomHex(32)
	if err != nil {
		logger.Errorf("error generating SSO secret hex: %v", err)
		return "", errorInternal
	}

	statement := `
		UPDATE domains
		SET ssoSecret = $2
		WHERE domain = $1;
	`
	_, err = db.Exec(statement, domain, ssoSecret)
	if err != nil {
		logger.Errorf("cannot update ssoSecret: %v", err)
		return "", errorInternal
	}

	return ssoSecret, nil
}

func domainSsoSecretNewHandler(w http.ResponseWriter, r *http.Request) {
	type request struct {
		OwnerToken *string `json:"ownerToken"`
		Domain     *string `json:"domain"`
	}

	var x request
	if err := bodyUnmarshal(r, &x); err != nil {
		bodyMarshal(w, response{"success": false, "message": err.Error()})
		return
	}

	o, err := ownerGetByOwnerToken(*x.OwnerToken)
	if err != nil {
		bodyMarshal(w, response{"success": false, "message": err.Error()})
		return
	}

	domain := domainStrip(*x.Domain)
	isOwner, err := domainOwnershipVerify(o.OwnerHex, domain)
	if err != nil {
		bodyMarshal(w, response{"success": false, "message": err.Error()})
		return
	}

	if !isOwner {
		bodyMarshal(w, response{"success": false, "message": errorNotAuthorised.Error()})
		return
	}

	ssoSecret, err := domainSsoSecretNew(domain)
	if err != nil {
		bodyMarshal(w, response{"success": false, "message": err.Error()})
		return
	}

	bodyMarshal(w, response{"success": true, "ssoSecret": ssoSecret})
}
frontend, api, db: add single sign-on Closes https://gitlab.com/commento/commento/issues/90 2019-04-21 08:34:25 +08:00			`package main`

			`import (`
			`"net/http"`
			`)`

sso: expire tokens after usage 2019-04-21 11:25:35 +08:00			`func domainSsoSecretNew(domain string) (string, error) {`
frontend, api, db: add single sign-on Closes https://gitlab.com/commento/commento/issues/90 2019-04-21 08:34:25 +08:00			`if domain == "" {`
			`return "", errorMissingField`
			`}`

			`ssoSecret, err := randomHex(32)`
			`if err != nil {`
			`logger.Errorf("error generating SSO secret hex: %v", err)`
			`return "", errorInternal`
			`}`

			statement := `
			`UPDATE domains`
			`SET ssoSecret = $2`
			`WHERE domain = $1;`
			`
			`_, err = db.Exec(statement, domain, ssoSecret)`
			`if err != nil {`
			`logger.Errorf("cannot update ssoSecret: %v", err)`
			`return "", errorInternal`
			`}`

			`return ssoSecret, nil`
			`}`

sso: expire tokens after usage 2019-04-21 11:25:35 +08:00			`func domainSsoSecretNewHandler(w http.ResponseWriter, r *http.Request) {`
frontend, api, db: add single sign-on Closes https://gitlab.com/commento/commento/issues/90 2019-04-21 08:34:25 +08:00			`type request struct {`
			OwnerToken *string `json:"ownerToken"`
			Domain *string `json:"domain"`
			`}`

			`var x request`
			`if err := bodyUnmarshal(r, &x); err != nil {`
			`bodyMarshal(w, response{"success": false, "message": err.Error()})`
			`return`
			`}`

			`o, err := ownerGetByOwnerToken(*x.OwnerToken)`
			`if err != nil {`
			`bodyMarshal(w, response{"success": false, "message": err.Error()})`
			`return`
			`}`

			`domain := domainStrip(*x.Domain)`
			`isOwner, err := domainOwnershipVerify(o.OwnerHex, domain)`
			`if err != nil {`
			`bodyMarshal(w, response{"success": false, "message": err.Error()})`
			`return`
			`}`

			`if !isOwner {`
			`bodyMarshal(w, response{"success": false, "message": errorNotAuthorised.Error()})`
			`return`
			`}`

sso: expire tokens after usage 2019-04-21 11:25:35 +08:00			`ssoSecret, err := domainSsoSecretNew(domain)`
frontend, api, db: add single sign-on Closes https://gitlab.com/commento/commento/issues/90 2019-04-21 08:34:25 +08:00			`if err != nil {`
			`bodyMarshal(w, response{"success": false, "message": err.Error()})`
			`return`
			`}`

			`bodyMarshal(w, response{"success": true, "ssoSecret": ssoSecret})`
			`}`