mirror of
https://gitea.com/gitea/tea.git
synced 2026-07-16 11:07:39 +02:00
6a57af24ad
Reviewed-on: https://gitea.com/gitea/tea/pulls/1044 Co-authored-by: techknowlogick <techknowlogick@gitea.com> Co-committed-by: techknowlogick <techknowlogick@gitea.com>
73 lines
2.1 KiB
Go
73 lines
2.1 KiB
Go
// Copyright 2026 The Gitea Authors. All rights reserved.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package config
|
|
|
|
import (
|
|
"path/filepath"
|
|
"sync"
|
|
"time"
|
|
|
|
"github.com/adrg/xdg"
|
|
"github.com/go-authgate/sdk-go/credstore"
|
|
"golang.org/x/oauth2"
|
|
)
|
|
|
|
var (
|
|
tokenStore *credstore.SecureStore[credstore.Token]
|
|
tokenStoreOnce sync.Once
|
|
|
|
saveOAuthTokenToStore = func(loginName, accessToken, refreshToken string, expiresAt time.Time) error {
|
|
return getTokenStore().Save(loginName, credstore.Token{
|
|
AccessToken: accessToken,
|
|
RefreshToken: refreshToken,
|
|
ExpiresAt: expiresAt,
|
|
ClientID: loginName,
|
|
})
|
|
}
|
|
deleteOAuthTokenFromStore = func(loginName string) error {
|
|
return getTokenStore().Delete(loginName)
|
|
}
|
|
)
|
|
|
|
func getTokenStore() *credstore.SecureStore[credstore.Token] {
|
|
tokenStoreOnce.Do(func() {
|
|
filePath := filepath.Join(xdg.ConfigHome, "tea", "credentials.json")
|
|
tokenStore = credstore.DefaultTokenSecureStore("tea-cli", filePath)
|
|
})
|
|
return tokenStore
|
|
}
|
|
|
|
// LoadOAuthToken loads OAuth tokens from the secure store.
|
|
func LoadOAuthToken(loginName string) (*credstore.Token, error) {
|
|
tok, err := getTokenStore().Load(loginName)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return &tok, nil
|
|
}
|
|
|
|
// SaveOAuthToken saves OAuth tokens to the secure store.
|
|
func SaveOAuthToken(loginName, accessToken, refreshToken string, expiresAt time.Time) error {
|
|
return saveOAuthTokenToStore(loginName, accessToken, refreshToken, expiresAt)
|
|
}
|
|
|
|
// DeleteOAuthToken removes tokens from the secure store.
|
|
func DeleteOAuthToken(loginName string) error {
|
|
return deleteOAuthTokenFromStore(loginName)
|
|
}
|
|
|
|
// SaveOAuthTokenFromOAuth2 saves an oauth2.Token to credstore, falling back to
|
|
// the existing login's values for empty refresh token or zero expiry.
|
|
func SaveOAuthTokenFromOAuth2(loginName string, token *oauth2.Token, login *Login) error {
|
|
refreshToken := token.RefreshToken
|
|
if refreshToken == "" {
|
|
refreshToken = login.GetRefreshToken()
|
|
}
|
|
expiry := token.Expiry
|
|
if expiry.IsZero() {
|
|
expiry = login.GetTokenExpiry()
|
|
}
|
|
return SaveOAuthToken(loginName, token.AccessToken, refreshToken, expiry)
|
|
}
|