MCPcopy Index your code
hub / github.com/rilldata/rill / githubAuth

Method githubAuth

admin/server/github.go:736–782  ·  view source on GitHub ↗

githubAuthLogin starts user authorization of github app. In case github app is installed by another user, other users of the repo need to separately authorise github app where this flow comes into picture. Some implementation details are copied from auth package. It's implemented as a non-gRPC endpo

(w http.ResponseWriter, r *http.Request)

Source from the content-addressed store, hash-verified

734// Some implementation details are copied from auth package.
735// It's implemented as a non-gRPC endpoint mounted directly on /github/auth/login.
736func (s *Server) githubAuth(w http.ResponseWriter, r *http.Request) {
737 // Check the request is made by an authenticated user
738 claims := auth.GetClaims(r.Context())
739 if claims.OwnerType() != auth.OwnerTypeUser {
740 // Redirect to the auth site, with a redirect back to here after successful auth.
741 s.redirectLogin(w, r)
742 return
743 }
744
745 // Generate random state for CSRF
746 b := make([]byte, 32)
747 _, err := rand.Read(b)
748 if err != nil {
749 http.Error(w, fmt.Sprintf("failed to generate state: %s", err), http.StatusInternalServerError)
750 return
751 }
752 state := base64.StdEncoding.EncodeToString(b)
753
754 // Get auth cookie
755 sess := s.cookies.Get(r, githubcookieName)
756 // Set state in cookie
757 sess.Values[githubcookieFieldState] = state
758 remote := r.URL.Query().Get("remote")
759 remote = normalizeGitRemote(remote) // Backwards compatibility
760 if remote != "" {
761 sess.Values[githubcookieFieldRemote] = remote
762 }
763 redirect := r.URL.Query().Get("redirect")
764 if redirect != "" {
765 sess.Values[githubcookieFieldRedirect] = redirect
766 }
767
768 // Save cookie
769 if err := sess.Save(r, w); err != nil {
770 http.Error(w, fmt.Sprintf("failed to save session: %s", err), http.StatusInternalServerError)
771 return
772 }
773
774 oauthConf := &oauth2.Config{
775 ClientID: s.opts.GithubClientID,
776 ClientSecret: s.opts.GithubClientSecret,
777 Endpoint: githuboauth.Endpoint,
778 RedirectURL: s.admin.URLs.GithubAuthCallback(),
779 }
780 // Redirect to github login page
781 http.Redirect(w, r, oauthConf.AuthCodeURL(state, oauth2.AccessTypeOnline), http.StatusTemporaryRedirect)
782}
783
784// githubAuthCallback is called after a user authorizes github app on their account
785// It's implemented as a non-gRPC endpoint mounted directly on /github/auth/callback.

Callers

nothing calls this directly

Calls 9

redirectLoginMethod · 0.95
GetClaimsFunction · 0.92
normalizeGitRemoteFunction · 0.85
GithubAuthCallbackMethod · 0.80
ContextMethod · 0.65
OwnerTypeMethod · 0.65
GetMethod · 0.65
QueryMethod · 0.65
ErrorMethod · 0.45

Tested by

no test coverage detected