oauth2: rewrite google package, fix the broken build
Change-Id: I2753a88d7be483bdbc0cac09a1beccc4806ea4bc Reviewed-on: https://go-review.googlesource.com/1361 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> Reviewed-by: Andrew Gerrand <adg@golang.org>
This commit is contained in:
Burcu Dogan
committed by
Brad Fitzpatrick
Brad Fitzpatrick
parent
a568078818
commit
9b6b7610ad
@@ -7,108 +7,31 @@
|
||||
package google
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
"strings"
|
||||
"sync"
|
||||
"time"
|
||||
|
||||
"golang.org/x/oauth2"
|
||||
|
||||
"appengine"
|
||||
"appengine/memcache"
|
||||
"appengine/urlfetch"
|
||||
|
||||
"golang.org/x/oauth2"
|
||||
)
|
||||
|
||||
var (
|
||||
// memcacheGob enables mocking of the memcache.Gob calls for unit testing.
|
||||
memcacheGob memcacher = &aeMemcache{}
|
||||
|
||||
// accessTokenFunc enables mocking of the appengine.AccessToken call for unit testing.
|
||||
accessTokenFunc = appengine.AccessToken
|
||||
|
||||
// mu protects multiple threads from attempting to fetch a token at the same time.
|
||||
mu sync.Mutex
|
||||
|
||||
// tokens implements a local cache of tokens to prevent hitting quota limits for appengine.AccessToken calls.
|
||||
tokens map[string]*oauth2.Token
|
||||
)
|
||||
|
||||
// safetyMargin is used to avoid clock-skew problems.
|
||||
// 5 minutes is conservative because tokens are valid for 60 minutes.
|
||||
const safetyMargin = 5 * time.Minute
|
||||
|
||||
func init() {
|
||||
tokens = make(map[string]*oauth2.Token)
|
||||
}
|
||||
|
||||
// AppEngineContext requires an App Engine request context.
|
||||
func AppEngineContext(ctx appengine.Context) oauth2.Option {
|
||||
return func(opts *oauth2.Options) error {
|
||||
opts.TokenFetcherFunc = makeAppEngineTokenFetcher(ctx, opts)
|
||||
opts.Client = &http.Client{
|
||||
Transport: &urlfetch.Transport{Context: ctx},
|
||||
}
|
||||
return nil
|
||||
// AppEngineTokenSource returns a token source that fetches tokens
|
||||
// issued to the current App Engine application's service account.
|
||||
// If you are implementing a 3-legged OAuth 2.0 flow on App Engine
|
||||
// that involves user accounts, see oauth2.Config instead.
|
||||
//
|
||||
// You are required to provide a valid appengine.Context as context.
|
||||
func AppEngineTokenSource(ctx appengine.Context, scope ...string) oauth2.TokenSource {
|
||||
return &appEngineTokenSource{
|
||||
ctx: ctx,
|
||||
scopes: scope,
|
||||
fetcherFunc: aeFetcherFunc,
|
||||
}
|
||||
}
|
||||
|
||||
// FetchToken fetches a new access token for the provided scopes.
|
||||
// Tokens are cached locally and also with Memcache so that the app can scale
|
||||
// without hitting quota limits by calling appengine.AccessToken too frequently.
|
||||
func makeAppEngineTokenFetcher(ctx appengine.Context, opts *oauth2.Options) func(*oauth2.Token) (*oauth2.Token, error) {
|
||||
return func(existing *oauth2.Token) (*oauth2.Token, error) {
|
||||
mu.Lock()
|
||||
defer mu.Unlock()
|
||||
|
||||
key := ":" + strings.Join(opts.Scopes, "_")
|
||||
now := time.Now().Add(safetyMargin)
|
||||
if t, ok := tokens[key]; ok && !t.Expiry.Before(now) {
|
||||
return t, nil
|
||||
}
|
||||
delete(tokens, key)
|
||||
|
||||
// Attempt to get token from Memcache
|
||||
tok := new(oauth2.Token)
|
||||
_, err := memcacheGob.Get(ctx, key, tok)
|
||||
if err == nil && !tok.Expiry.Before(now) {
|
||||
tokens[key] = tok // Save token locally
|
||||
return tok, nil
|
||||
}
|
||||
|
||||
token, expiry, err := accessTokenFunc(ctx, opts.Scopes...)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
t := &oauth2.Token{
|
||||
AccessToken: token,
|
||||
Expiry: expiry,
|
||||
}
|
||||
tokens[key] = t
|
||||
// Also back up token in Memcache
|
||||
if err = memcacheGob.Set(ctx, &memcache.Item{
|
||||
Key: key,
|
||||
Value: []byte{},
|
||||
Object: *t,
|
||||
Expiration: expiry.Sub(now),
|
||||
}); err != nil {
|
||||
ctx.Errorf("unexpected memcache.Set error: %v", err)
|
||||
}
|
||||
return t, nil
|
||||
var aeFetcherFunc = func(ctx oauth2.Context, scope ...string) (string, time.Time, error) {
|
||||
c, ok := ctx.(appengine.Context)
|
||||
if !ok {
|
||||
return "", time.Time{}, errInvalidContext
|
||||
}
|
||||
}
|
||||
|
||||
// aeMemcache wraps the needed Memcache functionality to make it easy to mock
|
||||
type aeMemcache struct{}
|
||||
|
||||
func (m *aeMemcache) Get(c appengine.Context, key string, tok *oauth2.Token) (*memcache.Item, error) {
|
||||
return memcache.Gob.Get(c, key, tok)
|
||||
}
|
||||
|
||||
func (m *aeMemcache) Set(c appengine.Context, item *memcache.Item) error {
|
||||
return memcache.Gob.Set(c, item)
|
||||
}
|
||||
|
||||
type memcacher interface {
|
||||
Get(c appengine.Context, key string, tok *oauth2.Token) (*memcache.Item, error)
|
||||
Set(c appengine.Context, item *memcache.Item) error
|
||||
return appengine.AccessToken(c, scope...)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user