initial commit

internal/pkg/oauth/github/client.go

@@ -0,0 +1,107 @@
+package github
+
+import (
+	"context"
+	"encoding/json"
+	"io"
+	"net/http"
+
+	"golang.org/x/oauth2"
+	"golang.org/x/oauth2/github"
+
+	"base/internal/pkg/oauth/types"
+)
+
+type client struct {
+	oauthConfig *oauth2.Config
+}
+
+func New(config oauth2.Config) types.Oauth {
+	oauthConfig := &oauth2.Config{
+		ClientID:     config.ClientID,
+		ClientSecret: config.ClientSecret,
+		Endpoint:     github.Endpoint,
+		RedirectURL:  config.RedirectURL,
+		Scopes:       config.Scopes,
+	}
+	return &client{oauthConfig: oauthConfig}
+}
+
+func (g client) GetConsentAuthUrl(ctx context.Context, state string) string {
+	return g.oauthConfig.AuthCodeURL(state, oauth2.AccessTypeOffline)
+}
+
+func (g client) ExchangeCodeWithToken(ctx context.Context, code string) (*types.Token, error) {
+	exchange, err := g.oauthConfig.Exchange(ctx, code, oauth2.AccessTypeOffline)
+	if err != nil {
+		return nil, err
+	}
+	token, err := g.oauthConfig.TokenSource(ctx, exchange).Token()
+	if err != nil {
+		return nil, err
+	}
+	return &types.Token{
+		AccessToken:  token.AccessToken,
+		TokenType:    token.TokenType,
+		RefreshToken: token.RefreshToken,
+		ExpiresIn:    token.ExpiresIn,
+	}, nil
+}
+
+func (g client) GetUserInfo(ctx context.Context, token, _ string) (types.UserInfo, error) {
+	oauthClient := g.oauthConfig.Client(ctx, &oauth2.Token{AccessToken: token})
+
+	resp, err := oauthClient.Get("https://api.github.com/user")
+	if err != nil {
+		return nil, err
+	}
+
+	defer resp.Body.Close()
+
+	data, readErr := io.ReadAll(resp.Body)
+	if readErr != nil {
+		return nil, readErr
+	}
+
+	var user UserInfo
+	if err = json.Unmarshal(data, &user); err != nil {
+		return nil, err
+	}
+
+	// GitHub /user often returns null for email; fetch from /user/emails (requires user:email scope)
+	if user.GEmail == "" {
+		user.GEmail = g.fetchPrimaryEmail(ctx, oauthClient)
+	}
+
+	return &user, nil
+}
+
+// fetchPrimaryEmail gets the primary email from GitHub /user/emails (requires user:email scope).
+func (g client) fetchPrimaryEmail(_ context.Context, oauthClient *http.Client) string {
+	resp, err := oauthClient.Get("https://api.github.com/user/emails")
+	if err != nil {
+		return ""
+	}
+	defer resp.Body.Close()
+	data, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return ""
+	}
+	var emails []struct {
+		Email    string `json:"email"`
+		Primary  bool   `json:"primary"`
+		Verified bool   `json:"verified"`
+	}
+	if err := json.Unmarshal(data, &emails); err != nil {
+		return ""
+	}
+	for _, e := range emails {
+		if e.Primary && e.Verified {
+			return e.Email
+		}
+	}
+	if len(emails) > 0 {
+		return emails[0].Email
+	}
+	return ""
+}

internal/pkg/oauth/github/user.go

@@ -0,0 +1,59 @@
+package github
+
+import (
+	"fmt"
+	"time"
+)
+
+type UserInfo struct {
+	Login             string      `json:"login"`
+	Id                int         `json:"id"`
+	NodeId            string      `json:"node_id"`
+	AvatarUrl         string      `json:"avatar_url"`
+	GravatarId        string      `json:"gravatar_id"`
+	Url               string      `json:"url"`
+	HtmlUrl           string      `json:"html_url"`
+	FollowersUrl      string      `json:"followers_url"`
+	FollowingUrl      string      `json:"following_url"`
+	GistsUrl          string      `json:"gists_url"`
+	StarredUrl        string      `json:"starred_url"`
+	SubscriptionsUrl  string      `json:"subscriptions_url"`
+	OrganizationsUrl  string      `json:"organizations_url"`
+	ReposUrl          string      `json:"repos_url"`
+	EventsUrl         string      `json:"events_url"`
+	ReceivedEventsUrl string      `json:"received_events_url"`
+	Type              string      `json:"type"`
+	UserViewType      string      `json:"user_view_type"`
+	SiteAdmin         bool        `json:"site_admin"`
+	Name              string      `json:"name"`
+	Company           interface{} `json:"company"`
+	Blog              string      `json:"blogusecase"`
+	Location          interface{} `json:"location"`
+	GEmail            string      `json:"email"`
+	Hireable          interface{} `json:"hireable"`
+	Bio               string      `json:"bio"`
+	TwitterUsername   string      `json:"twitter_username"`
+	NotificationEmail string      `json:"notification_email"`
+	PublicRepos       int         `json:"public_repos"`
+	PublicGists       int         `json:"public_gists"`
+	Followers         int         `json:"followers"`
+	Following         int         `json:"following"`
+	CreatedAt         time.Time   `json:"created_at"`
+	UpdatedAt         time.Time   `json:"updated_at"`
+}
+
+func (u UserInfo) ID() string {
+	return fmt.Sprintf("%d", u.Id)
+}
+
+func (u UserInfo) Email() string {
+	return u.GEmail
+}
+
+func (u UserInfo) FirstName() string {
+	return u.Name
+}
+
+func (u UserInfo) LastName() string {
+	return u.Name
+}

internal/pkg/oauth/google/client.go

@@ -0,0 +1,77 @@
+package google
+
+import (
+	"context"
+	"encoding/json"
+	"io"
+
+	"golang.org/x/oauth2"
+	"golang.org/x/oauth2/google"
+
+	"base/internal/pkg/oauth/types"
+)
+
+type client struct {
+	oauthConfig *oauth2.Config
+}
+
+func New(config oauth2.Config) types.Oauth {
+	oauthConfig := &oauth2.Config{
+		ClientID:     config.ClientID,
+		ClientSecret: config.ClientSecret,
+		Endpoint:     google.Endpoint,
+		RedirectURL:  config.RedirectURL,
+		Scopes:       config.Scopes,
+	}
+	return &client{oauthConfig: oauthConfig}
+}
+
+func (g client) GetConsentAuthUrl(ctx context.Context, state string) string {
+	return g.oauthConfig.AuthCodeURL(state, oauth2.AccessTypeOffline)
+}
+
+func (g client) ExchangeCodeWithToken(ctx context.Context, code string) (*types.Token, error) {
+	exchange, err := g.oauthConfig.Exchange(ctx, code, oauth2.AccessTypeOffline)
+	if err != nil {
+		return nil, err
+	}
+	token, err := g.oauthConfig.TokenSource(ctx, exchange).Token()
+	if err != nil {
+		return nil, err
+	}
+	return &types.Token{
+		AccessToken:  token.AccessToken,
+		TokenType:    token.TokenType,
+		RefreshToken: token.RefreshToken,
+		ExpiresIn:    token.ExpiresIn,
+	}, nil
+}
+
+func (g client) GetUserInfo(
+	ctx context.Context,
+	accessToken string,
+	refreshToken string,
+) (types.UserInfo, error) {
+	resp, err := g.oauthConfig.Client(
+		ctx,
+		&oauth2.Token{
+			AccessToken:  accessToken,
+			RefreshToken: refreshToken,
+		}).Get("https://www.googleapis.com/oauth2/v2/userinfo")
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	data, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return nil, err
+	}
+
+	var user UserInfo
+
+	if err = json.Unmarshal(data, &user); err != nil {
+		return nil, err
+	}
+	return &user, err
+}

internal/pkg/oauth/google/user.go

@@ -0,0 +1,28 @@
+package google
+
+type UserInfo struct {
+	Id            string `json:"id"`
+	GEmail        string `json:"email"`
+	VerifiedEmail bool   `json:"verified_email"`
+	Name          string `json:"name"`
+	GivenName     string `json:"given_name"`
+	FamilyName    string `json:"family_name"`
+	Picture       string `json:"picture"`
+	Locale        string `json:"locale"`
+}
+
+func (u UserInfo) ID() string {
+	return u.Id
+}
+
+func (u UserInfo) Email() string {
+	return u.GEmail
+}
+
+func (u UserInfo) FirstName() string {
+	return u.Name
+}
+
+func (u UserInfo) LastName() string {
+	return u.Name
+}

internal/pkg/oauth/linkedin/linkedin.go

@@ -0,0 +1,74 @@
+package linkedin
+
+import (
+	"context"
+	"encoding/json"
+	"golang.org/x/oauth2"
+	"golang.org/x/oauth2/linkedin"
+	"io"
+
+	"base/internal/pkg/oauth/types"
+)
+
+type client struct {
+	oauthConfig *oauth2.Config
+}
+
+func New(config oauth2.Config) types.Oauth {
+	oauthConfig := &oauth2.Config{
+		ClientID:     config.ClientID,
+		ClientSecret: config.ClientSecret,
+		Endpoint:     linkedin.Endpoint,
+		RedirectURL:  config.RedirectURL,
+		Scopes:       config.Scopes,
+	}
+	return &client{oauthConfig: oauthConfig}
+}
+
+func (l client) GetConsentAuthUrl(ctx context.Context, state string) string {
+	return l.oauthConfig.AuthCodeURL(state, oauth2.AccessTypeOffline)
+}
+
+func (l client) ExchangeCodeWithToken(ctx context.Context, code string) (*types.Token, error) {
+	exchange, err := l.oauthConfig.Exchange(ctx, code, oauth2.AccessTypeOffline)
+	if err != nil {
+		return nil, err
+	}
+	token, err := l.oauthConfig.TokenSource(ctx, exchange).Token()
+	if err != nil {
+		return nil, err
+	}
+	return &types.Token{
+		AccessToken:  token.AccessToken,
+		TokenType:    token.TokenType,
+		RefreshToken: token.RefreshToken,
+		ExpiresIn:    token.ExpiresIn,
+	}, nil
+}
+
+func (l client) GetUserInfo(
+	ctx context.Context,
+	accessToken string,
+	refreshToken string,
+) (types.UserInfo, error) {
+	resp, err := l.oauthConfig.Client(ctx, &oauth2.Token{
+		AccessToken:  accessToken,
+		RefreshToken: refreshToken,
+	}).Get("https://api.linkedin.com/v2/me")
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	data, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return nil, err
+	}
+
+	var user UserInfo
+
+	if err = json.Unmarshal(data, &user); err != nil {
+		return nil, err
+	}
+	return user, nil
+}

internal/pkg/oauth/linkedin/user.go

@@ -0,0 +1,57 @@
+package linkedin
+
+type UserInfo struct {
+	Id                 string                 `json:"id"`
+	LocalizedFirstName string                 `json:"localizedFirstName"`
+	LocalizedHeadline  string                 `json:"localizedHeadline"`
+	VanityName         string                 `json:"vanityName"`
+	LocalizedLastName  string                 `json:"localizedLastName"`
+	Firstname          UserInfoFirstName      `json:"firstName"`
+	Lastname           UserInfoLastName       `json:"lastName"`
+	Headline           UserInfoHeadline       `json:"headline"`
+	ProfilePicture     UserInfoProfilePicture `json:"profilePicture"`
+}
+
+type UserInfoFirstName struct {
+	Localized       Localized       `json:"localized"`
+	PreferredLocale PreferredLocale `json:"preferredLocale"`
+}
+
+type UserInfoLastName struct {
+	Localized       Localized       `json:"localized"`
+	PreferredLocale PreferredLocale `json:"preferredLocale"`
+}
+
+type Localized struct {
+	EnUS string `json:"en_US"`
+}
+
+type PreferredLocale struct {
+	Country  string `json:"country"`
+	Language string `json:"language"`
+}
+
+type UserInfoHeadline struct {
+	Localized       Localized       `json:"localized"`
+	PreferredLocale PreferredLocale `json:"preferredLocale"`
+}
+
+type UserInfoProfilePicture struct {
+	DisplayImage string `json:"displayImage"`
+}
+
+func (u UserInfo) ID() string {
+	return u.Id
+}
+
+func (u UserInfo) Email() string {
+	return ""
+}
+
+func (u UserInfo) FirstName() string {
+	return u.Firstname.Localized.EnUS
+}
+
+func (u UserInfo) LastName() string {
+	return u.Lastname.Localized.EnUS
+}

internal/pkg/oauth/mock/client.go

@@ -0,0 +1,81 @@
+package mock
+
+import (
+	"context"
+	"encoding/json"
+	"io"
+	"net/http"
+	"strings"
+
+	"golang.org/x/oauth2"
+
+	"base/internal/pkg/oauth/types"
+)
+
+type client struct {
+	oauthConfig *oauth2.Config
+	userinfoURL string
+}
+
+// New creates a mock OAuth client that uses a local mock OAuth server.
+// Use for local development when real Google/GitHub credentials are not available.
+func New(config oauth2.Config, baseURL string) types.Oauth {
+	baseURL = strings.TrimSuffix(baseURL, "/")
+	oauthConfig := &oauth2.Config{
+		ClientID:     config.ClientID,
+		ClientSecret: config.ClientSecret,
+		RedirectURL:  config.RedirectURL,
+		Scopes:       config.Scopes,
+		Endpoint: oauth2.Endpoint{
+			AuthURL:  baseURL + "/authorize",
+			TokenURL: baseURL + "/token",
+		},
+	}
+	return &client{
+		oauthConfig: oauthConfig,
+		userinfoURL: baseURL + "/userinfo",
+	}
+}
+
+func (c *client) GetConsentAuthUrl(ctx context.Context, state string) string {
+	return c.oauthConfig.AuthCodeURL(state, oauth2.AccessTypeOffline)
+}
+
+func (c *client) ExchangeCodeWithToken(ctx context.Context, code string) (*types.Token, error) {
+	exchange, err := c.oauthConfig.Exchange(ctx, code, oauth2.AccessTypeOffline)
+	if err != nil {
+		return nil, err
+	}
+	token, err := c.oauthConfig.TokenSource(ctx, exchange).Token()
+	if err != nil {
+		return nil, err
+	}
+	return &types.Token{
+		AccessToken:  token.AccessToken,
+		TokenType:    token.TokenType,
+		RefreshToken: token.RefreshToken,
+		ExpiresIn:    token.ExpiresIn,
+	}, nil
+}
+
+func (c *client) GetUserInfo(ctx context.Context, accessToken, _ string) (types.UserInfo, error) {
+	req, err := http.NewRequestWithContext(ctx, http.MethodGet, c.userinfoURL, nil)
+	if err != nil {
+		return nil, err
+	}
+	req.Header.Set("Authorization", "Bearer "+accessToken)
+	resp, err := http.DefaultClient.Do(req)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+	data, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return nil, err
+	}
+	var user UserInfo
+	if err := json.Unmarshal(data, &user); err != nil {
+		return nil, err
+	}
+	return &user, nil
+}

internal/pkg/oauth/mock/user.go

@@ -0,0 +1,25 @@
+package mock
+
+// UserInfo matches the mock server's /userinfo response (Google-like format)
+type UserInfo struct {
+	MID        string `json:"id"`
+	MEmail     string `json:"email"`
+	Name       string `json:"name"`
+	GivenName  string `json:"given_name"`
+	FamilyName string `json:"family_name"`
+}
+
+func (u UserInfo) ID() string    { return u.MID }
+func (u UserInfo) Email() string { return u.MEmail }
+func (u UserInfo) FirstName() string {
+	if u.GivenName != "" {
+		return u.GivenName
+	}
+	return u.Name
+}
+func (u UserInfo) LastName() string {
+	if u.FamilyName != "" {
+		return u.FamilyName
+	}
+	return u.Name
+}

internal/pkg/oauth/oauth.go

@@ -0,0 +1,119 @@
+package oauth
+
+import (
+	"context"
+	"errors"
+	"strings"
+
+	"golang.org/x/oauth2"
+
+	"base/config"
+
+	"base/internal/pkg/oauth/github"
+	"base/internal/pkg/oauth/google"
+	"base/internal/pkg/oauth/linkedin"
+	"base/internal/pkg/oauth/mock"
+	"base/internal/pkg/oauth/types"
+)
+
+// Token is an alias for types.Token for backward compatibility
+type Token = types.Token
+
+type OAuth struct {
+	google   types.Oauth
+	linkedin types.Oauth
+	github   types.Oauth
+	mock     types.Oauth
+}
+
+type Config struct {
+	GoogleConfig   oauth2.Config
+	GitHubConfig   oauth2.Config
+	LinkedinConfig oauth2.Config
+}
+
+func New(cfg *config.AppConfig) OAuth {
+	oauthConfig := Config{
+		GoogleConfig: oauth2.Config{
+			ClientID:     cfg.OAuth.Google.ClientID,
+			ClientSecret: cfg.OAuth.Google.ClientSecret,
+			RedirectURL:  cfg.OAuth.Google.RedirectURL,
+			Scopes:       cfg.OAuth.Google.Scopes,
+		},
+		GitHubConfig: oauth2.Config{
+			ClientID:     cfg.OAuth.GitHub.ClientID,
+			ClientSecret: cfg.OAuth.GitHub.ClientSecret,
+			RedirectURL:  cfg.OAuth.GitHub.RedirectURL,
+			Scopes:       cfg.OAuth.GitHub.Scopes,
+		},
+		LinkedinConfig: oauth2.Config{
+			ClientID:     cfg.OAuth.LinkedIn.ClientID,
+			ClientSecret: cfg.OAuth.LinkedIn.ClientSecret,
+			RedirectURL:  cfg.OAuth.LinkedIn.RedirectURL,
+			Scopes:       cfg.OAuth.LinkedIn.Scopes,
+		},
+	}
+
+	o := OAuth{
+		google:   google.New(oauthConfig.GoogleConfig),
+		linkedin: linkedin.New(oauthConfig.LinkedinConfig),
+		github:   github.New(oauthConfig.GitHubConfig),
+	}
+
+	if cfg.OAuth.Mock.Enabled && strings.TrimSpace(cfg.OAuth.Mock.BaseURL) != "" {
+		baseURL := strings.TrimSuffix(strings.TrimSpace(cfg.OAuth.Mock.BaseURL), "/")
+		mockConfig := oauth2.Config{
+			ClientID:     cfg.OAuth.Mock.ClientID,
+			ClientSecret: cfg.OAuth.Mock.ClientSecret,
+			RedirectURL:  cfg.OAuth.Mock.RedirectURL,
+			Scopes:       cfg.OAuth.Mock.Scopes,
+		}
+		if mockConfig.ClientID == "" {
+			mockConfig.ClientID = "mock-client"
+		}
+		if mockConfig.ClientSecret == "" {
+			mockConfig.ClientSecret = "mock-secret"
+		}
+		if mockConfig.RedirectURL == "" {
+			mockConfig.RedirectURL = "http://localhost:3000/auth/callback"
+		}
+		o.mock = mock.New(mockConfig, baseURL)
+	}
+	return o
+}
+
+func (a OAuth) Client(provider Provider) types.Oauth {
+	switch provider {
+	case Google:
+		return a.google
+	case Linkedin:
+		return a.linkedin
+	case GitHub:
+		return a.github
+	case Mock:
+		if a.mock != nil {
+			return a.mock
+		}
+		return disabledMockClient{}
+	default:
+		return a.google
+	}
+}
+
+// ErrMockNotEnabled is returned when mock provider is used but not configured
+var ErrMockNotEnabled = errors.New("oauth mock is not enabled - set oauth.mock.enabled=true and oauth.mock.base_url")
+
+// disabledMockClient is used when mock is requested but not configured
+type disabledMockClient struct{}
+
+func (disabledMockClient) GetConsentAuthUrl(_ context.Context, _ string) string {
+	panic("oauth mock is not enabled - set oauth.mock.enabled=true and oauth.mock.base_url")
+}
+
+func (disabledMockClient) ExchangeCodeWithToken(context.Context, string) (*types.Token, error) {
+	return nil, ErrMockNotEnabled
+}
+
+func (disabledMockClient) GetUserInfo(context.Context, string, string) (types.UserInfo, error) {
+	return nil, ErrMockNotEnabled
+}

internal/pkg/oauth/provider.go

@@ -0,0 +1,51 @@
+package oauth
+
+import (
+	"encoding/json"
+	"fmt"
+	"strings"
+)
+
+//go:generate stringer -type=Provider
+type Provider int
+
+const (
+	Unknown Provider = iota
+	Credentials
+	Google
+	GitHub
+	Linkedin
+	Mock
+)
+
+// UnmarshalJSON implements json.Unmarshaler so Provider accepts string in JSON (e.g. "mock", "google")
+func (p *Provider) UnmarshalJSON(data []byte) error {
+	var s string
+	if err := json.Unmarshal(data, &s); err != nil {
+		return err
+	}
+	parsed, err := ParseProvider(s)
+	if err != nil {
+		return err
+	}
+	*p = parsed
+	return nil
+}
+
+// ParseProvider parses a provider string and returns the corresponding Provider enum
+func ParseProvider(provider string) (Provider, error) {
+	switch strings.ToLower(provider) {
+	case "credentials":
+		return Credentials, nil
+	case "google":
+		return Google, nil
+	case "github":
+		return GitHub, nil
+	case "linkedin":
+		return Linkedin, nil
+	case "mock":
+		return Mock, nil
+	default:
+		return Unknown, fmt.Errorf("unknown provider: %s", provider)
+	}
+}

internal/pkg/oauth/provider_string.go

@@ -0,0 +1,28 @@
+// Code generated by "stringer -type=Provider"; DO NOT EDIT.
+
+package oauth
+
+import "strconv"
+
+func _() {
+	// An "invalid array index" compiler error signifies that the constant values have changed.
+	// Re-run the stringer command to generate them again.
+	var x [1]struct{}
+	_ = x[Unknown-0]
+	_ = x[Credentials-1]
+	_ = x[Google-2]
+	_ = x[GitHub-3]
+	_ = x[Linkedin-4]
+	_ = x[Mock-5]
+}
+
+const _Provider_name = "UnknownCredentialsGoogleGitHubLinkedinMock"
+
+var _Provider_index = [...]uint8{0, 7, 18, 24, 30, 38, 42}
+
+func (i Provider) String() string {
+	if i < 0 || i >= Provider(len(_Provider_index)-1) {
+		return "Provider(" + strconv.FormatInt(int64(i), 10) + ")"
+	}
+	return _Provider_name[_Provider_index[i]:_Provider_index[i+1]]
+}

internal/pkg/oauth/types/types.go

@@ -0,0 +1,25 @@
+package types
+
+import (
+	"context"
+)
+
+type Token struct {
+	AccessToken  string
+	TokenType    string
+	RefreshToken string
+	ExpiresIn    int64
+}
+
+type Oauth interface {
+	GetConsentAuthUrl(ctx context.Context, state string) string
+	ExchangeCodeWithToken(ctx context.Context, code string) (*Token, error)
+	GetUserInfo(ctx context.Context, accessToken, refreshToken string) (UserInfo, error)
+}
+
+type UserInfo interface {
+	ID() string
+	Email() string
+	FirstName() string
+	LastName() string
+}