121 lines
3 KiB
Go
121 lines
3 KiB
Go
package authflow
|
|
|
|
import (
|
|
"bufio"
|
|
"fmt"
|
|
"io"
|
|
"net/http"
|
|
"os"
|
|
"strings"
|
|
|
|
"github.com/cli/cli/api"
|
|
"github.com/cli/cli/auth"
|
|
"github.com/cli/cli/internal/config"
|
|
"github.com/cli/cli/pkg/browser"
|
|
"github.com/cli/cli/utils"
|
|
"github.com/mattn/go-colorable"
|
|
)
|
|
|
|
var (
|
|
// The "GitHub CLI" OAuth app
|
|
oauthClientID = "178c6fc778ccc68e1d6a"
|
|
// This value is safe to be embedded in version control
|
|
oauthClientSecret = "34ddeff2b558a23d38fba8a6de74f086ede1cc0b"
|
|
)
|
|
|
|
func AuthFlowWithConfig(cfg config.Config, hostname, notice string, additionalScopes []string) (string, error) {
|
|
// TODO this probably shouldn't live in this package. It should probably be in a new package that
|
|
// depends on both iostreams and config.
|
|
stderr := colorable.NewColorableStderr()
|
|
|
|
token, userLogin, err := authFlow(hostname, stderr, notice, additionalScopes)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
err = cfg.Set(hostname, "user", userLogin)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
err = cfg.Set(hostname, "oauth_token", token)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
err = cfg.Write()
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
fmt.Fprintf(stderr, "%s Authentication complete. %s to continue...\n",
|
|
utils.GreenCheck(), utils.Bold("Press Enter"))
|
|
_ = waitForEnter(os.Stdin)
|
|
|
|
return token, nil
|
|
}
|
|
|
|
func authFlow(oauthHost string, w io.Writer, notice string, additionalScopes []string) (string, string, error) {
|
|
var verboseStream io.Writer
|
|
if strings.Contains(os.Getenv("DEBUG"), "oauth") {
|
|
verboseStream = w
|
|
}
|
|
|
|
minimumScopes := []string{"repo", "read:org", "gist"}
|
|
scopes := append(minimumScopes, additionalScopes...)
|
|
|
|
flow := &auth.OAuthFlow{
|
|
Hostname: oauthHost,
|
|
ClientID: oauthClientID,
|
|
ClientSecret: oauthClientSecret,
|
|
Scopes: scopes,
|
|
WriteSuccessHTML: func(w io.Writer) {
|
|
fmt.Fprintln(w, oauthSuccessPage)
|
|
},
|
|
VerboseStream: verboseStream,
|
|
HTTPClient: http.DefaultClient,
|
|
OpenInBrowser: func(url, code string) error {
|
|
if code != "" {
|
|
fmt.Fprintf(w, "%s First copy your one-time code: %s\n", utils.Yellow("!"), utils.Bold(code))
|
|
}
|
|
fmt.Fprintf(w, "- %s to open %s in your browser... ", utils.Bold("Press Enter"), oauthHost)
|
|
_ = waitForEnter(os.Stdin)
|
|
|
|
browseCmd, err := browser.Command(url)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
err = browseCmd.Run()
|
|
if err != nil {
|
|
fmt.Fprintf(w, "%s Failed opening a web browser at %s\n", utils.Red("!"), url)
|
|
fmt.Fprintf(w, " %s\n", err)
|
|
fmt.Fprint(w, " Please try entering the URL in your browser manually\n")
|
|
}
|
|
return nil
|
|
},
|
|
}
|
|
|
|
fmt.Fprintln(w, notice)
|
|
|
|
token, err := flow.ObtainAccessToken()
|
|
if err != nil {
|
|
return "", "", err
|
|
}
|
|
|
|
userLogin, err := getViewer(oauthHost, token)
|
|
if err != nil {
|
|
return "", "", err
|
|
}
|
|
|
|
return token, userLogin, nil
|
|
}
|
|
|
|
func getViewer(hostname, token string) (string, error) {
|
|
http := api.NewClient(api.AddHeader("Authorization", fmt.Sprintf("token %s", token)))
|
|
return api.CurrentLoginName(http, hostname)
|
|
}
|
|
|
|
func waitForEnter(r io.Reader) error {
|
|
scanner := bufio.NewScanner(r)
|
|
scanner.Scan()
|
|
return scanner.Err()
|
|
}
|