2014-09-03 14:50:43 -04:00
|
|
|
// Copyright 2014 The oauth2 Authors. All rights reserved.
|
|
|
|
// Use of this source code is governed by a BSD-style
|
|
|
|
// license that can be found in the LICENSE file.
|
|
|
|
|
2014-09-29 17:38:10 -04:00
|
|
|
// +build appengine,!appenginevm
|
2014-06-17 09:53:08 -04:00
|
|
|
|
|
|
|
package google
|
|
|
|
|
|
|
|
import (
|
2014-09-02 17:06:51 -04:00
|
|
|
"net/http"
|
2014-10-03 01:44:50 -04:00
|
|
|
"strings"
|
|
|
|
"sync"
|
|
|
|
"time"
|
2014-09-02 17:06:51 -04:00
|
|
|
|
2014-06-17 09:53:08 -04:00
|
|
|
"github.com/golang/oauth2"
|
2014-07-09 01:27:34 -04:00
|
|
|
|
|
|
|
"appengine"
|
2014-10-03 01:44:50 -04:00
|
|
|
"appengine/memcache"
|
2014-07-11 13:57:28 -04:00
|
|
|
"appengine/urlfetch"
|
2014-06-17 09:53:08 -04:00
|
|
|
)
|
|
|
|
|
2014-10-03 01:44:50 -04:00
|
|
|
// aeMemcache wraps the needed Memcache functionality to make it easy to mock
|
|
|
|
type aeMemcache struct{}
|
|
|
|
|
|
|
|
func (m *aeMemcache) Get(c appengine.Context, key string, tok *oauth2.Token) (*memcache.Item, error) {
|
|
|
|
return memcache.Gob.Get(c, key, tok)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (m *aeMemcache) Set(c appengine.Context, item *memcache.Item) error {
|
|
|
|
return memcache.Gob.Set(c, item)
|
|
|
|
}
|
|
|
|
|
|
|
|
type memcacher interface {
|
|
|
|
Get(c appengine.Context, key string, tok *oauth2.Token) (*memcache.Item, error)
|
|
|
|
Set(c appengine.Context, item *memcache.Item) error
|
|
|
|
}
|
|
|
|
|
|
|
|
// memcacheGob enables mocking of the memcache.Gob calls for unit testing.
|
|
|
|
var memcacheGob memcacher = &aeMemcache{}
|
|
|
|
|
|
|
|
// accessTokenFunc enables mocking of the appengine.AccessToken call for unit testing.
|
|
|
|
var accessTokenFunc = appengine.AccessToken
|
|
|
|
|
|
|
|
// safetyMargin is used to avoid clock-skew problems.
|
|
|
|
// 5 minutes is conservative because tokens are valid for 60 minutes.
|
|
|
|
const safetyMargin = 5 * time.Minute
|
|
|
|
|
|
|
|
// mu protects multiple threads from attempting to fetch a token at the same time.
|
|
|
|
var mu sync.Mutex
|
|
|
|
|
|
|
|
// tokens implements a local cache of tokens to prevent hitting quota limits for appengine.AccessToken calls.
|
|
|
|
var tokens map[string]*oauth2.Token
|
|
|
|
|
|
|
|
func init() {
|
|
|
|
tokens = make(map[string]*oauth2.Token)
|
|
|
|
}
|
|
|
|
|
2014-06-22 17:39:35 -04:00
|
|
|
// AppEngineConfig represents a configuration for an
|
|
|
|
// App Engine application's Google service account.
|
2014-06-17 09:53:08 -04:00
|
|
|
type AppEngineConfig struct {
|
2014-09-03 20:20:29 -04:00
|
|
|
// Transport is the http.RoundTripper to be used
|
2014-08-31 18:36:50 -04:00
|
|
|
// to construct new oauth2.Transport instances from
|
|
|
|
// this configuration.
|
2014-09-03 20:20:29 -04:00
|
|
|
Transport http.RoundTripper
|
2014-08-31 18:13:59 -04:00
|
|
|
|
|
|
|
context appengine.Context
|
|
|
|
scopes []string
|
2014-06-17 09:53:08 -04:00
|
|
|
}
|
|
|
|
|
2014-06-22 17:39:35 -04:00
|
|
|
// NewAppEngineConfig creates a new AppEngineConfig for the
|
|
|
|
// provided auth scopes.
|
2014-09-29 17:38:10 -04:00
|
|
|
func NewAppEngineConfig(context appengine.Context, scopes ...string) *AppEngineConfig {
|
2014-08-31 18:13:59 -04:00
|
|
|
return &AppEngineConfig{
|
|
|
|
context: context,
|
|
|
|
scopes: scopes,
|
|
|
|
}
|
2014-06-17 09:53:08 -04:00
|
|
|
}
|
|
|
|
|
2014-06-22 17:39:35 -04:00
|
|
|
// NewTransport returns a transport that authorizes
|
|
|
|
// the requests with the application's service account.
|
2014-08-14 01:22:35 -04:00
|
|
|
func (c *AppEngineConfig) NewTransport() *oauth2.Transport {
|
2014-09-02 17:06:51 -04:00
|
|
|
return oauth2.NewTransport(c.transport(), c, nil)
|
2014-06-17 09:53:08 -04:00
|
|
|
}
|
|
|
|
|
2014-06-22 17:39:35 -04:00
|
|
|
// FetchToken fetches a new access token for the provided scopes.
|
2014-10-03 01:44:50 -04:00
|
|
|
// Tokens are cached locally and also with Memcache so that the app can scale
|
|
|
|
// without hitting quota limits by calling appengine.AccessToken too frequently.
|
2014-06-17 09:53:08 -04:00
|
|
|
func (c *AppEngineConfig) FetchToken(existing *oauth2.Token) (*oauth2.Token, error) {
|
2014-10-03 01:44:50 -04:00
|
|
|
mu.Lock()
|
|
|
|
defer mu.Unlock()
|
|
|
|
key := ":" + strings.Join(c.scopes, "_")
|
|
|
|
now := time.Now().Add(safetyMargin)
|
|
|
|
if t, ok := tokens[key]; ok && !t.Expiry.Before(now) {
|
|
|
|
return t, nil
|
|
|
|
}
|
|
|
|
delete(tokens, key)
|
|
|
|
|
|
|
|
// Attempt to get token from Memcache
|
|
|
|
tok := new(oauth2.Token)
|
|
|
|
_, err := memcacheGob.Get(c.context, key, tok)
|
|
|
|
if err == nil && !tok.Expiry.Before(now) {
|
|
|
|
tokens[key] = tok // Save token locally
|
|
|
|
return tok, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
token, expiry, err := accessTokenFunc(c.context, c.scopes...)
|
2014-06-17 09:53:08 -04:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2014-10-03 01:44:50 -04:00
|
|
|
t := &oauth2.Token{
|
2014-06-17 09:53:08 -04:00
|
|
|
AccessToken: token,
|
|
|
|
Expiry: expiry,
|
2014-10-03 01:44:50 -04:00
|
|
|
}
|
|
|
|
tokens[key] = t
|
|
|
|
// Also back up token in Memcache
|
|
|
|
if err = memcacheGob.Set(c.context, &memcache.Item{
|
|
|
|
Key: key,
|
|
|
|
Value: []byte{},
|
|
|
|
Object: *t,
|
|
|
|
Expiration: expiry.Sub(now),
|
|
|
|
}); err != nil {
|
|
|
|
c.context.Errorf("unexpected memcache.Set error: %v", err)
|
|
|
|
}
|
|
|
|
return t, nil
|
2014-06-17 09:53:08 -04:00
|
|
|
}
|
2014-09-02 17:06:51 -04:00
|
|
|
|
|
|
|
func (c *AppEngineConfig) transport() http.RoundTripper {
|
|
|
|
if c.Transport != nil {
|
|
|
|
return c.Transport
|
|
|
|
}
|
|
|
|
return &urlfetch.Transport{Context: c.context}
|
|
|
|
}
|