Эхлэл Бүгдийг харах Тусламж
Бүртгүүлэх Нэвтрэх
Apq
/
sftpgo
-ын хуулбар https://github.com/drakkan/sftpgo.git
1
0
Салаа 0
Файлууд Асуудлууд 0 Мэдлэгийн сан
Мод: v2.5.5
Салаанууд Тагууд
sftpgo
/
internal
/
smtp
/
oauth2.go

oauth2.go 4.6 KB
Байнгын холболт Түүх Анхны өгөгдөл

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165 
  1. // Copyright (C) 2019-2023 Nicola Murino
    2. 

  2. //
    3. 

  3. // This program is free software: you can redistribute it and/or modify
    4. 

  4. // it under the terms of the GNU Affero General Public License as published
    5. 

  5. // by the Free Software Foundation, version 3.
    6. 

  6. //
    7. 

  7. // This program is distributed in the hope that it will be useful,
    8. 

  8. // but WITHOUT ANY WARRANTY; without even the implied warranty of
    9. 

  9. // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
    10. 

  10. // GNU Affero General Public License for more details.
    11. 

  11. //
    12. 

  12. // You should have received a copy of the GNU Affero General Public License
    13. 

  13. // along with this program. If not, see <https://www.gnu.org/licenses/>.
    14. 

  14. 

  15. // Package smtp provides supports for sending emails
    16. 

  16. package smtp
    17. 

  17. 

  18. import (
    19. 

  19. 	"context"
    20. 

  20. 	"errors"
    21. 

  21. 	"fmt"
    22. 

  22. 	"sync"
    23. 

  23. 	"time"
    24. 

  24. 

  25. 	"golang.org/x/oauth2"
    26. 

  26. 	"golang.org/x/oauth2/google"
    27. 

  27. 	"golang.org/x/oauth2/microsoft"
    28. 

  28. 

  29. 	"github.com/drakkan/sftpgo/v2/internal/logger"
    30. 

  30. 	"github.com/drakkan/sftpgo/v2/internal/util"
    31. 

  31. )
    32. 

  32. 

  33. // Supported OAuth2 providers
    34. 

  34. const (
    35. 

  35. 	OAuth2ProviderGoogle = iota
    36. 

  36. 	OAuth2ProviderMicrosoft
    37. 

  37. )
    38. 

  38. 

  39. var supportedOAuth2Providers = []int{OAuth2ProviderGoogle, OAuth2ProviderMicrosoft}
    40. 

  40. 

  41. // OAuth2Config defines OAuth2 settings
    42. 

  42. type OAuth2Config struct {
    43. 

  43. 	Provider int `json:"provider" mapstructure:"provider"`
    44. 

  44. 	// Tenant for Microsoft provider, if empty "common" is used
    45. 

  45. 	Tenant string `json:"tenant" mapstructure:"tenant"`
    46. 

  46. 	// ClientID is the application's ID
    47. 

  47. 	ClientID string `json:"client_id" mapstructure:"client_id"`
    48. 

  48. 	// ClientSecret is the application's secret
    49. 

  49. 	ClientSecret string `json:"client_secret" mapstructure:"client_secret"`
    50. 

  50. 	// Token to use to get/renew access tokens
    51. 

  51. 	RefreshToken string `json:"refresh_token" mapstructure:"refresh_token"`
    52. 

  52. 	mu           *sync.RWMutex
    53. 

  53. 	config       *oauth2.Config
    54. 

  54. 	accessToken  *oauth2.Token
    55. 

  55. }
    56. 

  56. 

  57. // Validate validates and initializes the configuration
    58. 

  58. func (c *OAuth2Config) Validate() error {
    59. 

  59. 	if !util.Contains(supportedOAuth2Providers, c.Provider) {
    60. 

  60. 		return fmt.Errorf("smtp oauth2: unsupported provider %d", c.Provider)
    61. 

  61. 	}
    62. 

  62. 	if c.ClientID == "" {
    63. 

  63. 		return errors.New("smtp oauth2: client id is required")
    64. 

  64. 	}
    65. 

  65. 	if c.ClientSecret == "" {
    66. 

  66. 		return errors.New("smtp oauth2: client secret is required")
    67. 

  67. 	}
    68. 

  68. 	if c.RefreshToken == "" {
    69. 

  69. 		return errors.New("smtp oauth2: refresh token is required")
    70. 

  70. 	}
    71. 

  71. 	c.initialize()
    72. 

  72. 	return nil
    73. 

  73. }
    74. 

  74. 

  75. func (c *OAuth2Config) isEqual(other *OAuth2Config) bool {
    76. 

  76. 	if c.Provider != other.Provider {
    77. 

  77. 		return false
    78. 

  78. 	}
    79. 

  79. 	if c.Tenant != other.Tenant {
    80. 

  80. 		return false
    81. 

  81. 	}
    82. 

  82. 	if c.ClientID != other.ClientID {
    83. 

  83. 		return false
    84. 

  84. 	}
    85. 

  85. 	if c.ClientSecret != other.ClientSecret {
    86. 

  86. 		return false
    87. 

  87. 	}
    88. 

  88. 	if c.RefreshToken != other.RefreshToken {
    89. 

  89. 		return false
    90. 

  90. 	}
    91. 

  91. 	return true
    92. 

  92. }
    93. 

  93. 

  94. func (c *OAuth2Config) getAccessToken() (string, error) {
    95. 

  95. 	c.mu.RLock()
    96. 

  96. 	if c.accessToken.Expiry.After(time.Now().Add(30 * time.Second)) {
    97. 

  97. 		accessToken := c.accessToken.AccessToken
    98. 

  98. 		c.mu.RUnlock()
    99. 

  99. 

  100. 		return accessToken, nil
    101. 

  101. 	}
    102. 

  102. 	logger.Debug(logSender, "", "renew oauth2 token required, current token expires at %s", c.accessToken.Expiry)
    103. 

  103. 	token := new(oauth2.Token)
    104. 

  104. 	*token = *c.accessToken
    105. 

  105. 	c.mu.RUnlock()
    106. 

  106. 

  107. 	ctx, cancel := context.WithTimeout(context.Background(), 15*time.Second)
    108. 

  108. 	defer cancel()
    109. 

  109. 

  110. 	newToken, err := c.config.TokenSource(ctx, token).Token()
    111. 

  111. 	if err != nil {
    112. 

  112. 		logger.Error(logSender, "", "unable to get new token: %v", err)
    113. 

  113. 		return "", err
    114. 

  114. 	}
    115. 

  115. 	accessToken := newToken.AccessToken
    116. 

  116. 	refreshToken := newToken.RefreshToken
    117. 

  117. 	if refreshToken != "" && refreshToken != token.RefreshToken {
    118. 

  118. 		c.mu.Lock()
    119. 

  119. 		c.RefreshToken = refreshToken
    120. 

  120. 		c.accessToken = newToken
    121. 

  121. 		c.mu.Unlock()
    122. 

  122. 

  123. 		logger.Debug(logSender, "", "oauth2 refresh token changed")
    124. 

  124. 		go updateRefreshToken(refreshToken)
    125. 

  125. 	}
    126. 

  126. 	if accessToken != token.AccessToken {
    127. 

  127. 		c.mu.Lock()
    128. 

  128. 		c.accessToken = newToken
    129. 

  129. 		c.mu.Unlock()
    130. 

  130. 

  131. 		logger.Debug(logSender, "", "new oauth2 token saved, expires at %s", c.accessToken.Expiry)
    132. 

  132. 	}
    133. 

  133. 	return accessToken, nil
    134. 

  134. }
    135. 

  135. 

  136. func (c *OAuth2Config) initialize() {
    137. 

  137. 	c.mu = new(sync.RWMutex)
    138. 

  138. 	c.config = c.GetOAuth2()
    139. 

  139. 	c.accessToken = &oauth2.Token{
    140. 

  140. 		TokenType:    "Bearer",
    141. 

  141. 		RefreshToken: c.RefreshToken,
    142. 

  142. 	}
    143. 

  143. }
    144. 

  144. 

  145. // GetOAuth2 returns the oauth2 configuration for the provided parameters.
    146. 

  146. func (c *OAuth2Config) GetOAuth2() *oauth2.Config {
    147. 

  147. 	var endpoint oauth2.Endpoint
    148. 

  148. 	var scopes []string
    149. 

  149. 

  150. 	switch c.Provider {
    151. 

  151. 	case OAuth2ProviderMicrosoft:
    152. 

  152. 		endpoint = microsoft.AzureADEndpoint(c.Tenant)
    153. 

  153. 		scopes = []string{"offline_access", "https://outlook.office.com/SMTP.Send"}
    154. 

  154. 	default:
    155. 

  155. 		endpoint = google.Endpoint
    156. 

  156. 		scopes = []string{"https://mail.google.com/"}
    157. 

  157. 	}
    158. 

  158. 

  159. 	return &oauth2.Config{
    160. 

  160. 		ClientID:     c.ClientID,
    161. 

  161. 		ClientSecret: c.ClientSecret,
    162. 

  162. 		Scopes:       scopes,
    163. 

  163. 		Endpoint:     endpoint,
    164. 

  164. 	}
    165. 

  165. }
    166.