fitst succesful access to gitea

2020-07-22 00:11:48 +02:00
parent 28b4ba6844
commit 80ff9f11fd
2 changed files with 31 additions and 5 deletions
--- a/server/cli/src/main.rs
+++ b/server/cli/src/main.rs
@@ -39,7 +39,7 @@ fn main() {
        .get_matches();

    let client_id = matches.value_of("client_id").unwrap();
-    let secret = matches.value_of("client_id").unwrap();
+    let secret = matches.value_of("secrect").unwrap();
    let _eng = DummyEngine {};
    let _podman_eng = PodmanEngine::new(env::current_dir().unwrap());
    //let exectuor = NixIdeManageService::new(Box::new(eng));
@@ -53,7 +53,8 @@ fn main() {
                v1_open_gitlab,
                v1_open_inquirer_github,
                v1_open_inquirer_gitlab,
-                v1_ide_state
+                v1_ide_state,
+                v1_open_oath
            ],
        )
        .manage(exectuor)
--- a/server/lib/src/lib.rs
+++ b/server/lib/src/lib.rs
@@ -38,6 +38,7 @@ use std::cell::{
 use oauth2::{
    AuthorizationCode,
    AuthUrl,
+    AuthType,
    ClientId,
    ClientSecret,
    CsrfToken,
@@ -81,8 +82,13 @@ pub trait NixIdeManageServiceEngine {
    fn start_open(&self, ide_id: &str, param: &OpenGitParam) -> Result<IdeState, Status>;
 }

+pub struct  OAuthData{
+    verifier : PkceCodeVerifier,
+    client : BasicClient
+}
+
 pub struct RunningData{
-    tokensMap : HashMap<String, PkceCodeVerifier>
+    tokensMap : HashMap<String, OAuthData>
 }
 pub struct NixIdeManageService {
    eng: RefCell<Box<dyn NixIdeManageServiceEngine>>,
@@ -207,6 +213,24 @@ pub fn v1_open_inquirer_git(
        })
 }

+#[openapi]
+#[get("/open?<state>&<code>")]
+pub fn v1_open_oath(
+    state: String,
+    code: String,
+    srv: State<NixIdeManageService>,
+) {
+
+    let data =srv.data.borrow_mut().tokensMap.remove(&state).unwrap();
+    let token_result =  data.client
+        .set_auth_type(AuthType::RequestBody)
+        .exchange_code(AuthorizationCode::new(code))
+        .set_pkce_verifier(data.verifier)
+        .request(http_client).unwrap();
+
+    println!("token to: {:#?}", token_result);
+}
+
 #[openapi]
 #[get("/state/<ide_id>")]
 pub fn v1_ide_state(
@@ -242,6 +266,7 @@ pub fn v1_open_inquirer_gitea(
        ref_name,
    };

+    println!("secret {:#?}", ClientSecret::new(srv.secret.clone()));
    // Create an OAuth2 client by specifying the client ID, client secret, authorization URL and
    // token URL.
    let client =
@@ -252,7 +277,7 @@ pub fn v1_open_inquirer_gitea(
        Some(TokenUrl::new("https://gitea.stubbe.rocks/login/oauth/access_token".to_string()).unwrap())
    )
    // Set the URL the user will be redirected to after the authorization process.
-    .set_redirect_url(RedirectUrl::new("https://cloud.stubbe.rocks/login".to_string()).unwrap());
+    .set_redirect_url(RedirectUrl::new("http://localhost:8000/api/v1/open".to_string()).unwrap());

    // Generate a PKCE challenge.
    let (pkce_challenge, pkce_verifier) = PkceCodeChallenge::new_random_sha256();
@@ -271,7 +296,7 @@ pub fn v1_open_inquirer_gitea(
    // process.
    println!("Browse to: {}", auth_url);

-    srv.data.borrow_mut().tokensMap.insert(csrf_token.secret().clone(), pkce_verifier);
+    srv.data.borrow_mut().tokensMap.insert(csrf_token.secret().clone(), OAuthData { verifier: pkce_verifier, client : client});
    Ok(SeeOtherResponse(format!("{}", auth_url)))
    // Once the user has been redirected to the redirect URL, you'll have access to the
    // authorization code. For security reasons, your code should verify that the `state`