README
¶
Google OAuth2 login for Conway members.
Routes
GET /login/google— initiates OAuth2 flow. Acceptscallback_uriquery param, embedded in a signed JWT state token (5 min TTL, audiencegoogle-login).GET /login/google/callback— verifies state, exchanges code, fetches userinfo, looks up or creates the member by email.
Configuration
Stored via engine/config under module key google (table google_config). Requires client_id and client_secret from Google Cloud Console. Redirect URI must be <self>/login/google/callback. Scopes requested: openid, email.
Behavior
IsLoginEnabledreturns false unless both credentials are set and aLoginCompleteFunchas been registered.- Emails are lowercased before lookup.
- If no member exists for the email:
- If
SignupConfirmFuncis registered, the confirmation page is rendered and the flow halts. - Otherwise (fallback) the member is created immediately via upsert and login proceeds.
- If
- If the user denies consent or returns an
errorparam, they are redirected to/login(302). - Invalid/expired state returns 400; missing email on the Google account returns 400.
- HTTP client timeout is 10s; userinfo is fetched from
https://www.googleapis.com/oauth2/v2/userinfo.
Wiring
SetLoginCompleter, SetSignupConfirm, and SetConfigLoader must all be called before AttachRoutes. The module does not import the members module; account linkage is purely by email match against the members table.
Documentation
¶
Overview ¶
templ: version: v0.3.1001
Index ¶
- type Config
- type LoginCompleteFunc
- type Module
- func (m *Module) AttachRoutes(router *engine.Router)
- func (m *Module) ConfigSpec() config.Spec
- func (m *Module) IsLoginEnabled(ctx context.Context) bool
- func (m *Module) SetConfigLoader(store *config.Store)
- func (m *Module) SetLoginCompleter(f LoginCompleteFunc)
- func (m *Module) SetSignupConfirm(f SignupConfirmFunc)
- type SignupConfirmFunc
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
ClientID string `json:"client_id" config:"label=Client ID,section=oauth,help=The Client ID from Google Cloud Console."`
ClientSecret string `json:"client_secret" config:"label=Client Secret,secret,section=oauth,help=Keep this confidential."`
}
Config holds Google OAuth-related configuration.
type LoginCompleteFunc ¶
type LoginCompleteFunc func(w http.ResponseWriter, r *http.Request, memberID int64, callbackURI string)
LoginCompleteFunc is called by the google module to finish a login flow. It receives the member ID and the callback URI to redirect to after login.
type Module ¶
type Module struct {
// contains filtered or unexported fields
}
func (*Module) AttachRoutes ¶
func (*Module) ConfigSpec ¶
ConfigSpec returns the Google configuration specification.
func (*Module) IsLoginEnabled ¶
IsLoginEnabled reports whether Google OAuth login is available.
func (*Module) SetConfigLoader ¶
SetConfigLoader sets the typed config loader for this module.
func (*Module) SetLoginCompleter ¶
func (m *Module) SetLoginCompleter(f LoginCompleteFunc)
SetLoginCompleter configures the function used to complete Google-based logins. This must be called before routes are attached.
func (*Module) SetSignupConfirm ¶
func (m *Module) SetSignupConfirm(f SignupConfirmFunc)
SetSignupConfirm configures the function used to show the signup confirmation page. This must be called before routes are attached.
type SignupConfirmFunc ¶
type SignupConfirmFunc func(w http.ResponseWriter, r *http.Request, email, provider, callbackURI string)
SignupConfirmFunc is called when no account exists for the user's email. It renders a confirmation page asking the user to confirm account creation.
Source Files