Should fix most of the authentication issues
This commit is contained in:
@@ -6,7 +6,9 @@
|
||||
[clj-time.core :as time]
|
||||
[clojure.tools.logging :as log]
|
||||
[config.core :refer [env]]
|
||||
[com.brunobonacci.mulog :as mu]))
|
||||
[com.brunobonacci.mulog :as mu]
|
||||
[clojure.java.io :as io]
|
||||
[clojure.edn :as edn]))
|
||||
|
||||
(def google-client-id "264081895820-0nndcfo3pbtqf30sro82vgq5r27h8736.apps.googleusercontent.com")
|
||||
(def google-client-secret "OC-WemHurPXYpuIw5cT-B90g")
|
||||
@@ -20,6 +22,50 @@
|
||||
(:jwt-secret env)
|
||||
{:alg :hs512}))
|
||||
|
||||
(defn gzip [data]
|
||||
(let [data (pr-str data)
|
||||
raw (java.io.ByteArrayOutputStream.)]
|
||||
(with-open [output (-> raw
|
||||
(io/output-stream)
|
||||
(java.util.zip.GZIPOutputStream.))]
|
||||
(io/copy data output))
|
||||
(.encodeToString (java.util.Base64/getEncoder) (.toByteArray raw))))
|
||||
|
||||
(defn gunzip [b64]
|
||||
|
||||
(let [raw-bytes (.decode (java.util.Base64/getDecoder) b64)
|
||||
raw (java.io.ByteArrayInputStream. raw-bytes)
|
||||
out (java.io.ByteArrayOutputStream.)]
|
||||
(with-open [compressed (-> raw
|
||||
(io/input-stream)
|
||||
(java.util.zip.GZIPInputStream.))]
|
||||
(io/copy compressed out))
|
||||
|
||||
(edn/read-string (.toString out))))
|
||||
|
||||
(defn user->jwt [user oauth-token]
|
||||
(let [auth (cond-> {:user (:user/name user)
|
||||
:exp (time/plus (time/now) (time/days 30))
|
||||
:db/id (:db/id user)
|
||||
:user/role (name (:user/role user))
|
||||
:user/name (:user/name user)}
|
||||
(= "admin" (name (:user/role user)))
|
||||
(assoc :gz-clients (->> (:user/clients user)
|
||||
(map (fn [c]
|
||||
(select-keys c [:client/code :db/id :client/locations])))
|
||||
|
||||
gzip))
|
||||
(not= "admin" (name (:user/role user)))
|
||||
(assoc :user/clients
|
||||
(->> (:user/clients user)
|
||||
(map (fn [c]
|
||||
(select-keys c [:client/code :db/id :client/locations]))))))]
|
||||
|
||||
(when (and user oauth-token)
|
||||
(jwt/sign auth
|
||||
(:jwt-secret env)
|
||||
{:alg :hs512}))))
|
||||
|
||||
(defn oauth [{{:strs [code state]} :query-params {:strs [host]} :headers :as request}]
|
||||
(try
|
||||
(let [auth (-> "https://accounts.google.com/o/oauth2/token"
|
||||
@@ -43,25 +89,15 @@
|
||||
:user/email (:email profile)
|
||||
:user/profile-image-url (:picture profile)
|
||||
:user/name (:name profile)})
|
||||
auth {:user (:name profile)
|
||||
:exp (time/plus (time/now) (time/days 30))
|
||||
:db/id (:db/id user)
|
||||
:user/clients (map (fn [c]
|
||||
(select-keys c [:client/code :db/id :client/locations]))
|
||||
(:user/clients user))
|
||||
:user/role (name (:user/role user))
|
||||
:user/name (:name profile)}
|
||||
|
||||
_ (mu/log ::logged-in-as
|
||||
:auth auth)]
|
||||
;; TODO - these namespaces are not being transmitted/deserialized properly
|
||||
|
||||
(if (and token user)
|
||||
(let [jwt (jwt/sign auth
|
||||
(:jwt-secret env)
|
||||
{:alg :hs512})]
|
||||
{:status 301
|
||||
:headers {"Location" (str (or (not-empty state) "/") "?jwt=" jwt)}
|
||||
:session {:identity (dissoc auth :exp)}})
|
||||
(if-let [jwt (user->jwt user token)]
|
||||
{:status 301
|
||||
:headers {"Location" (str (or (not-empty state) "/") "?jwt=" jwt)}
|
||||
:session {:identity (dissoc auth :exp)}}
|
||||
{:status 401
|
||||
:body "Couldn't authenticate"}))
|
||||
(catch Exception e
|
||||
|
||||
Reference in New Issue
Block a user