forked from inklabs/goauth2
-
Notifications
You must be signed in to change notification settings - Fork 2
/
client_application.go
100 lines (81 loc) · 2.12 KB
/
client_application.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
package goauth2
import (
"net/url"
"github.com/inklabs/rangedb"
)
type clientApplication struct {
IsOnBoarded bool
ClientID string
ClientSecret string
RedirectUri string
pendingEvents []rangedb.Event
}
func newClientApplication(records <-chan *rangedb.Record) *clientApplication {
aggregate := &clientApplication{}
for record := range records {
if event, ok := record.Data.(rangedb.Event); ok {
aggregate.apply(event)
}
}
return aggregate
}
func (a *clientApplication) apply(event rangedb.Event) {
switch e := event.(type) {
case *ClientApplicationWasOnBoarded:
a.IsOnBoarded = true
a.ClientID = e.ClientID
a.ClientSecret = e.ClientSecret
a.RedirectUri = e.RedirectUri
}
}
func (a *clientApplication) Handle(command Command) {
switch c := command.(type) {
case OnBoardClientApplication:
uri, err := url.Parse(c.RedirectUri)
if err != nil {
a.emit(OnBoardClientApplicationWasRejectedDueToInvalidRedirectUri{
ClientID: c.ClientID,
RedirectUri: c.RedirectUri,
})
return
}
if uri.Scheme != "https" {
a.emit(OnBoardClientApplicationWasRejectedDueToInsecureRedirectUri{
ClientID: c.ClientID,
RedirectUri: c.RedirectUri,
})
return
}
a.emit(ClientApplicationWasOnBoarded{
ClientID: c.ClientID,
ClientSecret: c.ClientSecret,
RedirectUri: c.RedirectUri,
UserID: c.UserID,
})
case RequestAccessTokenViaClientCredentialsGrant:
if !a.IsOnBoarded {
a.emit(RequestAccessTokenViaClientCredentialsGrantWasRejectedDueToInvalidClientApplicationID{
ClientID: c.ClientID,
})
return
}
if a.ClientSecret != c.ClientSecret {
a.emit(RequestAccessTokenViaClientCredentialsGrantWasRejectedDueToInvalidClientApplicationSecret{
ClientID: c.ClientID,
})
return
}
a.emit(AccessTokenWasIssuedToClientApplicationViaClientCredentialsGrant{
ClientID: c.ClientID,
})
}
}
func (a *clientApplication) emit(events ...rangedb.Event) {
for _, event := range events {
a.apply(event)
}
a.pendingEvents = append(a.pendingEvents, events...)
}
func (a *clientApplication) GetPendingEvents() []rangedb.Event {
return a.pendingEvents
}