oauth2/google/appengine.go

// Copyright 2014 The oauth2 Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

// +build appengine,!appenginevm

package google

import (
	"strings"
	"sync"
	"time"

	"github.com/golang/oauth2"

	"appengine"
	"appengine/memcache"
	"appengine/urlfetch"
)

var (
	// memcacheGob enables mocking of the memcache.Gob calls for unit testing.
	memcacheGob memcacher = &aeMemcache{}

	// accessTokenFunc enables mocking of the appengine.AccessToken call for unit testing.
	accessTokenFunc = appengine.AccessToken

	// mu protects multiple threads from attempting to fetch a token at the same time.
	mu sync.Mutex

	// tokens implements a local cache of tokens to prevent hitting quota limits for appengine.AccessToken calls.
	tokens map[string]*oauth2.Token
)

// safetyMargin is used to avoid clock-skew problems.
// 5 minutes is conservative because tokens are valid for 60 minutes.
const safetyMargin = 5 * time.Minute

func init() {
	tokens = make(map[string]*oauth2.Token)
}

// AppEngineContext requires an App Engine request context.
func AppEngineContext(ctx appengine.Context) oauth2.Option {
	return func(opts *oauth2.Options) error {
		opts.TokenFetcherFunc = makeAppEngineTokenFetcher(ctx, opts)
		opts.Transport = &urlfetch.Transport{Context: ctx}
		return nil
	}
}

// FetchToken fetches a new access token for the provided scopes.
// Tokens are cached locally and also with Memcache so that the app can scale
// without hitting quota limits by calling appengine.AccessToken too frequently.
func makeAppEngineTokenFetcher(ctx appengine.Context, opts *oauth2.Options) func(*oauth2.Token) (*oauth2.Token, error) {
	return func(existing *oauth2.Token) (*oauth2.Token, error) {
		mu.Lock()
		defer mu.Unlock()

		key := ":" + strings.Join(opts.Scopes, "_")
		now := time.Now().Add(safetyMargin)
		if t, ok := tokens[key]; ok && !t.Expiry.Before(now) {
			return t, nil
		}
		delete(tokens, key)

		// Attempt to get token from Memcache
		tok := new(oauth2.Token)
		_, err := memcacheGob.Get(ctx, key, tok)
		if err == nil && !tok.Expiry.Before(now) {
			tokens[key] = tok // Save token locally
			return tok, nil
		}

		token, expiry, err := accessTokenFunc(ctx, opts.Scopes...)
		if err != nil {
			return nil, err
		}
		t := &oauth2.Token{
			AccessToken: token,
			Expiry:      expiry,
		}
		tokens[key] = t
		// Also back up token in Memcache
		if err = memcacheGob.Set(ctx, &memcache.Item{
			Key:        key,
			Value:      []byte{},
			Object:     *t,
			Expiration: expiry.Sub(now),
		}); err != nil {
			ctx.Errorf("unexpected memcache.Set error: %v", err)
		}
		return t, nil
	}
}

// aeMemcache wraps the needed Memcache functionality to make it easy to mock
type aeMemcache struct{}

func (m *aeMemcache) Get(c appengine.Context, key string, tok *oauth2.Token) (*memcache.Item, error) {
	return memcache.Gob.Get(c, key, tok)
}

func (m *aeMemcache) Set(c appengine.Context, item *memcache.Item) error {
	return memcache.Gob.Set(c, item)
}

type memcacher interface {
	Get(c appengine.Context, key string, tok *oauth2.Token) (*memcache.Item, error)
	Set(c appengine.Context, item *memcache.Item) error
}
Add missing license headers. 2014-09-03 14:50:43 -04:00			`// Copyright 2014 The oauth2 Authors. All rights reserved.`
			`// Use of this source code is governed by a BSD-style`
			`// license that can be found in the LICENSE file.`

use variadics and fix build tags for App Engine files 2014-09-29 17:38:10 -04:00			`// +build appengine,!appenginevm`
Adding app engine implementations. 2014-06-17 09:53:08 -04:00
			`package google`

			`import (`
Locally cache oauth tokens. This change is for both App Engine and Managed VMs so that these apps can scale without running into the app_identity_service quota limit due to calling appengine.AccessToken too frequently. An added benefit of caching is that calls to Google APIs will be significantly sped up due to removing the round-trip calls to the api_identity_service. 2014-10-03 01:44:50 -04:00			`"strings"`
			`"sync"`
			`"time"`
Allow configs to be initialised with zero values for Client and Transport. 2014-09-02 17:06:51 -04:00
Adding app engine implementations. 2014-06-17 09:53:08 -04:00			`"github.com/golang/oauth2"`
remove cache 2014-07-09 01:27:34 -04:00
			`"appengine"`
Locally cache oauth tokens. This change is for both App Engine and Managed VMs so that these apps can scale without running into the app_identity_service quota limit due to calling appengine.AccessToken too frequently. An added benefit of caching is that calls to Google APIs will be significantly sped up due to removing the round-trip calls to the api_identity_service. 2014-10-03 01:44:50 -04:00			`"appengine/memcache"`
oauth2: don't use http.DefaultTransport. http.DefaultTransport is not available on App Engine. 2014-07-11 13:57:28 -04:00			`"appengine/urlfetch"`
Adding app engine implementations. 2014-06-17 09:53:08 -04:00			`)`

Introduce an option function type - Reduce the duplicate code by merging the flows and determining the flow type by looking at the provided options. - Options as a function type allows us to validate an individual an option in its scope and makes it easier to compose the built-in options with the third-party ones. 2014-11-06 19:36:41 -05:00			`var (`
			`// memcacheGob enables mocking of the memcache.Gob calls for unit testing.`
			`memcacheGob memcacher = &aeMemcache{}`
Locally cache oauth tokens. This change is for both App Engine and Managed VMs so that these apps can scale without running into the app_identity_service quota limit due to calling appengine.AccessToken too frequently. An added benefit of caching is that calls to Google APIs will be significantly sped up due to removing the round-trip calls to the api_identity_service. 2014-10-03 01:44:50 -04:00
Introduce an option function type - Reduce the duplicate code by merging the flows and determining the flow type by looking at the provided options. - Options as a function type allows us to validate an individual an option in its scope and makes it easier to compose the built-in options with the third-party ones. 2014-11-06 19:36:41 -05:00			`// accessTokenFunc enables mocking of the appengine.AccessToken call for unit testing.`
			`accessTokenFunc = appengine.AccessToken`
Locally cache oauth tokens. This change is for both App Engine and Managed VMs so that these apps can scale without running into the app_identity_service quota limit due to calling appengine.AccessToken too frequently. An added benefit of caching is that calls to Google APIs will be significantly sped up due to removing the round-trip calls to the api_identity_service. 2014-10-03 01:44:50 -04:00
Introduce an option function type - Reduce the duplicate code by merging the flows and determining the flow type by looking at the provided options. - Options as a function type allows us to validate an individual an option in its scope and makes it easier to compose the built-in options with the third-party ones. 2014-11-06 19:36:41 -05:00			`// mu protects multiple threads from attempting to fetch a token at the same time.`
			`mu sync.Mutex`
Locally cache oauth tokens. This change is for both App Engine and Managed VMs so that these apps can scale without running into the app_identity_service quota limit due to calling appengine.AccessToken too frequently. An added benefit of caching is that calls to Google APIs will be significantly sped up due to removing the round-trip calls to the api_identity_service. 2014-10-03 01:44:50 -04:00
Introduce an option function type - Reduce the duplicate code by merging the flows and determining the flow type by looking at the provided options. - Options as a function type allows us to validate an individual an option in its scope and makes it easier to compose the built-in options with the third-party ones. 2014-11-06 19:36:41 -05:00			`// tokens implements a local cache of tokens to prevent hitting quota limits for appengine.AccessToken calls.`
			`tokens map[string]*oauth2.Token`
			`)`
Locally cache oauth tokens. This change is for both App Engine and Managed VMs so that these apps can scale without running into the app_identity_service quota limit due to calling appengine.AccessToken too frequently. An added benefit of caching is that calls to Google APIs will be significantly sped up due to removing the round-trip calls to the api_identity_service. 2014-10-03 01:44:50 -04:00
			`// safetyMargin is used to avoid clock-skew problems.`
			`// 5 minutes is conservative because tokens are valid for 60 minutes.`
			`const safetyMargin = 5 * time.Minute`

			`func init() {`
			`tokens = make(map[string]*oauth2.Token)`
			`}`

Introduce an option function type - Reduce the duplicate code by merging the flows and determining the flow type by looking at the provided options. - Options as a function type allows us to validate an individual an option in its scope and makes it easier to compose the built-in options with the third-party ones. 2014-11-06 19:36:41 -05:00			`// AppEngineContext requires an App Engine request context.`
			`func AppEngineContext(ctx appengine.Context) oauth2.Option {`
			`return func(opts *oauth2.Options) error {`
			`opts.TokenFetcherFunc = makeAppEngineTokenFetcher(ctx, opts)`
			`opts.Transport = &urlfetch.Transport{Context: ctx}`
			`return nil`
Do not assume that http.DefaultClient and http.DefaultTransport is always available. 2014-08-31 18:13:59 -04:00			`}`
Adding app engine implementations. 2014-06-17 09:53:08 -04:00			`}`

Add docs. 2014-06-22 17:39:35 -04:00			`// FetchToken fetches a new access token for the provided scopes.`
Locally cache oauth tokens. This change is for both App Engine and Managed VMs so that these apps can scale without running into the app_identity_service quota limit due to calling appengine.AccessToken too frequently. An added benefit of caching is that calls to Google APIs will be significantly sped up due to removing the round-trip calls to the api_identity_service. 2014-10-03 01:44:50 -04:00			`// Tokens are cached locally and also with Memcache so that the app can scale`
			`// without hitting quota limits by calling appengine.AccessToken too frequently.`
Introduce an option function type - Reduce the duplicate code by merging the flows and determining the flow type by looking at the provided options. - Options as a function type allows us to validate an individual an option in its scope and makes it easier to compose the built-in options with the third-party ones. 2014-11-06 19:36:41 -05:00			`func makeAppEngineTokenFetcher(ctx appengine.Context, opts oauth2.Options) func(oauth2.Token) (*oauth2.Token, error) {`
			`return func(existing oauth2.Token) (oauth2.Token, error) {`
			`mu.Lock()`
			`defer mu.Unlock()`

			`key := ":" + strings.Join(opts.Scopes, "_")`
			`now := time.Now().Add(safetyMargin)`
			`if t, ok := tokens[key]; ok && !t.Expiry.Before(now) {`
			`return t, nil`
			`}`
			`delete(tokens, key)`

			`// Attempt to get token from Memcache`
			`tok := new(oauth2.Token)`
			`_, err := memcacheGob.Get(ctx, key, tok)`
			`if err == nil && !tok.Expiry.Before(now) {`
			`tokens[key] = tok // Save token locally`
			`return tok, nil`
			`}`

			`token, expiry, err := accessTokenFunc(ctx, opts.Scopes...)`
			`if err != nil {`
			`return nil, err`
			`}`
			`t := &oauth2.Token{`
			`AccessToken: token,`
			`Expiry: expiry,`
			`}`
			`tokens[key] = t`
			`// Also back up token in Memcache`
			`if err = memcacheGob.Set(ctx, &memcache.Item{`
			`Key: key,`
			`Value: []byte{},`
			`Object: *t,`
			`Expiration: expiry.Sub(now),`
			`}); err != nil {`
			`ctx.Errorf("unexpected memcache.Set error: %v", err)`
			`}`
Locally cache oauth tokens. This change is for both App Engine and Managed VMs so that these apps can scale without running into the app_identity_service quota limit due to calling appengine.AccessToken too frequently. An added benefit of caching is that calls to Google APIs will be significantly sped up due to removing the round-trip calls to the api_identity_service. 2014-10-03 01:44:50 -04:00			`return t, nil`
			`}`
Introduce an option function type - Reduce the duplicate code by merging the flows and determining the flow type by looking at the provided options. - Options as a function type allows us to validate an individual an option in its scope and makes it easier to compose the built-in options with the third-party ones. 2014-11-06 19:36:41 -05:00			`}`
Locally cache oauth tokens. This change is for both App Engine and Managed VMs so that these apps can scale without running into the app_identity_service quota limit due to calling appengine.AccessToken too frequently. An added benefit of caching is that calls to Google APIs will be significantly sped up due to removing the round-trip calls to the api_identity_service. 2014-10-03 01:44:50 -04:00
Introduce an option function type - Reduce the duplicate code by merging the flows and determining the flow type by looking at the provided options. - Options as a function type allows us to validate an individual an option in its scope and makes it easier to compose the built-in options with the third-party ones. 2014-11-06 19:36:41 -05:00			`// aeMemcache wraps the needed Memcache functionality to make it easy to mock`
			`type aeMemcache struct{}`

			`func (m aeMemcache) Get(c appengine.Context, key string, tok oauth2.Token) (*memcache.Item, error) {`
			`return memcache.Gob.Get(c, key, tok)`
Adding app engine implementations. 2014-06-17 09:53:08 -04:00			`}`
Allow configs to be initialised with zero values for Client and Transport. 2014-09-02 17:06:51 -04:00
Introduce an option function type - Reduce the duplicate code by merging the flows and determining the flow type by looking at the provided options. - Options as a function type allows us to validate an individual an option in its scope and makes it easier to compose the built-in options with the third-party ones. 2014-11-06 19:36:41 -05:00			`func (m aeMemcache) Set(c appengine.Context, item memcache.Item) error {`
			`return memcache.Gob.Set(c, item)`
			`}`

			`type memcacher interface {`
			`Get(c appengine.Context, key string, tok oauth2.Token) (memcache.Item, error)`
			`Set(c appengine.Context, item *memcache.Item) error`
Allow configs to be initialised with zero values for Client and Transport. 2014-09-02 17:06:51 -04:00			`}`