mirror of
https://github.com/zerotier/ZeroTierOne.git
synced 2025-01-10 06:52:49 +00:00
148 lines
5.3 KiB
Rust
148 lines
5.3 KiB
Rust
|
//!
|
||
|
|
//! This example showcases the Github OAuth2 process for requesting access to the user's public repos and
|
||
|
|
//! email address.
|
||
|
|
//!
|
||
|
|
//! Before running it, you'll need to generate your own Github OAuth2 credentials.
|
||
|
|
//!
|
||
|
|
//! In order to run the example call:
|
||
|
|
//!
|
||
|
|
//! ```sh
|
||
|
|
//! GITHUB_CLIENT_ID=xxx GITHUB_CLIENT_SECRET=yyy cargo run --example github
|
||
|
|
//! ```
|
||
|
|
//!
|
||
|
|
//! ...and follow the instructions.
|
||
|
|
//!
|
||
|
|
|
||
|
|
use oauth2::basic::BasicClient;
|
||
|
|
|
||
|
|
// Alternatively, this can be `oauth2::curl::http_client` or a custom client.
|
||
|
|
use oauth2::reqwest::http_client;
|
||
|
|
use oauth2::{
|
||
|
|
AuthUrl, AuthorizationCode, ClientId, ClientSecret, CsrfToken, RedirectUrl, Scope,
|
||
|
|
TokenResponse, TokenUrl,
|
||
|
|
};
|
||
|
|
use std::env;
|
||
|
|
use std::io::{BufRead, BufReader, Write};
|
||
|
|
use std::net::TcpListener;
|
||
|
|
use url::Url;
|
||
|
|
|
||
|
|
fn main() {
|
||
|
|
let github_client_id = ClientId::new(
|
||
|
|
env::var("GITHUB_CLIENT_ID").expect("Missing the GITHUB_CLIENT_ID environment variable."),
|
||
|
|
);
|
||
|
|
let github_client_secret = ClientSecret::new(
|
||
|
|
env::var("GITHUB_CLIENT_SECRET")
|
||
|
|
.expect("Missing the GITHUB_CLIENT_SECRET environment variable."),
|
||
|
|
);
|
||
|
|
let auth_url = AuthUrl::new("https://github.com/login/oauth/authorize".to_string())
|
||
|
|
.expect("Invalid authorization endpoint URL");
|
||
|
|
let token_url = TokenUrl::new("https://github.com/login/oauth/access_token".to_string())
|
||
|
|
.expect("Invalid token endpoint URL");
|
||
|
|
|
||
|
|
// Set up the config for the Github OAuth2 process.
|
||
|
|
let client = BasicClient::new(
|
||
|
|
github_client_id,
|
||
|
|
Some(github_client_secret),
|
||
|
|
auth_url,
|
||
|
|
Some(token_url),
|
||
|
|
)
|
||
|
|
// This example will be running its own server at localhost:8080.
|
||
|
|
// See below for the server implementation.
|
||
|
|
.set_redirect_uri(
|
||
|
|
RedirectUrl::new("http://localhost:8080".to_string()).expect("Invalid redirect URL"),
|
||
|
|
);
|
||
|
|
|
||
|
|
// Generate the authorization URL to which we'll redirect the user.
|
||
|
|
let (authorize_url, csrf_state) = client
|
||
|
|
.authorize_url(CsrfToken::new_random)
|
||
|
|
// This example is requesting access to the user's public repos and email.
|
||
|
|
.add_scope(Scope::new("public_repo".to_string()))
|
||
|
|
.add_scope(Scope::new("user:email".to_string()))
|
||
|
|
.url();
|
||
|
|
|
||
|
|
println!(
|
||
|
|
"Open this URL in your browser:\n{}\n",
|
||
|
|
authorize_url.to_string()
|
||
|
|
);
|
||
|
|
|
||
|
|
// A very naive implementation of the redirect server.
|
||
|
|
let listener = TcpListener::bind("127.0.0.1:8080").unwrap();
|
||
|
|
for stream in listener.incoming() {
|
||
|
|
if let Ok(mut stream) = stream {
|
||
|
|
let code;
|
||
|
|
let state;
|
||
|
|
{
|
||
|
|
let mut reader = BufReader::new(&stream);
|
||
|
|
|
||
|
|
let mut request_line = String::new();
|
||
|
|
reader.read_line(&mut request_line).unwrap();
|
||
|
|
|
||
|
|
let redirect_url = request_line.split_whitespace().nth(1).unwrap();
|
||
|
|
let url = Url::parse(&("http://localhost".to_string() + redirect_url)).unwrap();
|
||
|
|
|
||
|
|
let code_pair = url
|
||
|
|
.query_pairs()
|
||
|
|
.find(|pair| {
|
||
|
|
let &(ref key, _) = pair;
|
||
|
|
key == "code"
|
||
|
|
})
|
||
|
|
.unwrap();
|
||
|
|
|
||
|
|
let (_, value) = code_pair;
|
||
|
|
code = AuthorizationCode::new(value.into_owned());
|
||
|
|
|
||
|
|
let state_pair = url
|
||
|
|
.query_pairs()
|
||
|
|
.find(|pair| {
|
||
|
|
let &(ref key, _) = pair;
|
||
|
|
key == "state"
|
||
|
|
})
|
||
|
|
.unwrap();
|
||
|
|
|
||
|
|
let (_, value) = state_pair;
|
||
|
|
state = CsrfToken::new(value.into_owned());
|
||
|
|
}
|
||
|
|
|
||
|
|
let message = "Go back to your terminal :)";
|
||
|
|
let response = format!(
|
||
|
|
"HTTP/1.1 200 OK\r\ncontent-length: {}\r\n\r\n{}",
|
||
|
|
message.len(),
|
||
|
|
message
|
||
|
|
);
|
||
|
|
stream.write_all(response.as_bytes()).unwrap();
|
||
|
|
|
||
|
|
println!("Github returned the following code:\n{}\n", code.secret());
|
||
|
|
println!(
|
||
|
|
"Github returned the following state:\n{} (expected `{}`)\n",
|
||
|
|
state.secret(),
|
||
|
|
csrf_state.secret()
|
||
|
|
);
|
||
|
|
|
||
|
|
// Exchange the code with a token.
|
||
|
|
let token_res = client.exchange_code(code).request(http_client);
|
||
|
|
|
||
|
|
println!("Github returned the following token:\n{:?}\n", token_res);
|
||
|
|
|
||
|
|
if let Ok(token) = token_res {
|
||
|
|
// NB: Github returns a single comma-separated "scope" parameter instead of multiple
|
||
|
|
// space-separated scopes. Github-specific clients can parse this scope into
|
||
|
|
// multiple scopes by splitting at the commas. Note that it's not safe for the
|
||
|
|
// library to do this by default because RFC 6749 allows scopes to contain commas.
|
||
|
|
let scopes = if let Some(scopes_vec) = token.scopes() {
|
||
|
|
scopes_vec
|
||
|
|
.iter()
|
||
|
|
.map(|comma_separated| comma_separated.split(','))
|
||
|
|
.flatten()
|
||
|
|
.collect::<Vec<_>>()
|
||
|
|
} else {
|
||
|
|
Vec::new()
|
||
|
|
};
|
||
|
|
println!("Github returned the following scopes:\n{:?}\n", scopes);
|
||
|
|
}
|
||
|
|
|
||
|
|
// The server will terminate itself after collecting the first code.
|
||
|
|
break;
|
||
|
|
}
|
||
|
|
}
|
||
|
|
}
|