urbit/sec/com/googleapis/www.hoon

|%
++  fass                                                ::  rewrite quay
  |=  a=quay
  %+  turn  a
  |=  [p=@t q=@t]  ^+  +<
  [(gsub '-' '_' p) q]
::
++  gsub                                                ::  replace chars
  |=  [a=@t b=@t t=@t]
  ^-  @t
  ?~  t  t
  %+  add  (lsh 3 1 $(t (rsh 3 1 t)))
  =+  c=(mod t (bex 8))
  ?:(=(a c) b c)
--
::
::::
  ::
|%
:: ++  crypto                                              ::  XX in zuse
::   |=  [our=@p now=@da]
::   =+  `mac=mace`p:;;(buck .^(a//(crip <our>)/buck/(crip <now>)/(crip <our>)))
::   ?>  ?=([^ ~] mac)  :: current, single life
::   (weur q.i.mac)
::
++  join  |=([a=tape b=(list tank)] rose/[a ~ ~]^b)
++  endpoint  |=(a=path [[& ~ `/com/googleapis/www] [~ a] ~])
++  toke-url  (endpoint /oauth2/v4/token)
++  dbg-post  `purl`[[| `6.000 `/localhost] `/testing /]
++  auth-url
  |=  [usr=@t cid=@t sop=(list cord)]  ^-  purl
  :+  [& ~ `/com/google/accounts]  [~ /o/oauth2/v2/auth]
  %-  fass  :~
    state/(pack usr /'')
    login-hint/?~(usr '' (cat 3 usr '@gmail.com'))
    client-id/cid
    access-type/%offline
    response-type/%code
    redirect-uri/redirect-uri
    =<  scope/(crip ~(ram re (join " " (turn sop .))))
    |=(a=cord leaf/(earn (endpoint /auth/[a])))
  ::
  ==
++  redirect-uri  'http://localhost:8443/~/ac/www.googleapis.com/_state'
++  user-state  ,[ber=@t ded=@da ref=[token=@t pending=?]]
--
::
::::
  ::
|_  [(bale ,@t) user-state]
++  decode-keys  ((hard ,[cid=@t cis=@t ~]) (lore key)) :: XX typed %jael
++  client-id      cid:decode-keys
++  client-secret  cis:decode-keys
::
++  need-refresh  (lth ded (add now ~m1))
++  out
  |=  a=hiss  ^-  [sec-move _+>]
  =-  [mov +>.$(pending.ref is-ref)]
  ^-  [is-ref=? mov=sec-move]
  ?~  ber  [| [%show (auth-url usr client-id 'userinfo.email' 'plus.me' ~)]]
  ?:  need-refresh
    [& [%send toke-url refresh-req]]
  =.  q.q.a  (~(add ja q.q.a) %authorization (cat 3 'Bearer ' ber))
  [| [%send a]]
::
++  refresh-req  (toke-req refresh-token/token.ref grant-type/'refresh_token' ~)
++  toke-req
  |=  quy=quay  ^-  moth 
  :+  %post  (mo ~[content-type/~['application/x-www-form-urlencoded']])
  =-  `(tact +:(tail:earn -))
  %-  fass
  %+  welp  quy
  :~  client-id/client-id
      client-secret/client-secret
      redirect-uri/redirect-uri
  ==
++  in
  |=  a=quay  ^-  sec-move
  =+  cod=~|(%no-code (~(got by (mo a)) %code))
  [%send toke-url (toke-req code/cod grant-type/'authorization_code' ~)]
::
++  res
  |=  a=httr  ^-  $&([sec-move _+>] sec-move)
  ?.  pending.ref  [%give a]
  ?:  (bad-response p.a)  [%redo ~]  ::  handle 4xx?
  ~|  %refreshed-token
  =.  pending.ref  |
  [[%redo ~] (new-token a)]
::
++  bad-response  |=(a=@u ?:(=(2 (div a 100)) | ~&(bad-httr/a &)))
++  new-token
  |=  a=httr  ^+  +>
  =+  `[typ=term ber=@t tim=@u]`(grab a parse-toke)
  ?>  ?=(%bearer typ)
  +>.$(ber ber, ded (add now (mul ~s1 tim)), pending.ref |)
::
++  grab
  |*  [a=httr b=fist:jo]
  ~|  bad-json/r.a
  (need (;~(biff poja b) q:(need r.a)))
::
++  parse-toke
  =>  jo  %-  ot  :~
    'token_type'^(cu cass sa)
    'access_token'^so
    'expires_in'^ni
  ==
::
++  bak
  |=  a=httr  ^-  [sec-move _+>]
  :-  [%redo ~]
  ?:  (bad-response p.a)  +>.$  ::  handle 4xx?
  =.  token.ref  (grab a (ot 'refresh_token'^so ~):jo)
  (new-token a)
::++  wipe  ~
--
prompt with url 2016-01-16 02:30:15 +03:00			`\|%`
			`++ fass :: rewrite quay`
			`\|= a=quay`
			`%+ turn a`
			`\|= [p=@t q=@t] ^+ +<`
			`[(gsub '-' '_' p) q]`
			`::`
			`++ gsub :: replace chars`
			`\|= [a=@t b=@t t=@t]`
			`^- @t`
			`?~ t t`
			`%+ add (lsh 3 1 $(t (rsh 3 1 t)))`
			`=+ c=(mod t (bex 8))`
			`?:(=(a c) b c)`
handle login flow redirect by exchanging code for tokens 2016-01-20 00:55:51 +03:00			`--`
			`::`
			`::::`
			`::`
			`\|%`
			`:: ++ crypto :: XX in zuse`
			`:: \|= [our=@p now=@da]`
			:: =+ `mac=mace`p:;;(buck .^(a//(crip <our>)/buck/(crip <now>)/(crip <our>)))
			`:: ?> ?=([^ ~] mac) :: current, single life`
			`:: (weur q.i.mac)`
prompt with url 2016-01-16 02:30:15 +03:00			`::`
			`++ join \|=([a=tape b=(list tank)] rose/[a ~ ~]^b)`
handle login flow redirect by exchanging code for tokens 2016-01-20 00:55:51 +03:00			++ endpoint \|=(a=path [[& ~ `/com/googleapis/www] [~ a] ~])
			`++ toke-url (endpoint /oauth2/v4/token)`
			++ dbg-post `purl`[[\| `6.000 `/localhost] `/testing /]
prompt with url 2016-01-16 02:30:15 +03:00			`++ auth-url`
per-user auth v2: ac/.../_state looks for state in quay 2016-01-23 03:39:49 +03:00			`\|= [usr=@t cid=@t sop=(list cord)] ^- purl`
prompt with url 2016-01-16 02:30:15 +03:00			:+ [& ~ `/com/google/accounts] [~ /o/oauth2/v2/auth]
			`%- fass :~`
per-user auth v2: ac/.../_state looks for state in quay 2016-01-23 03:39:49 +03:00			`state/(pack usr /'')`
			`login-hint/?~(usr '' (cat 3 usr '@gmail.com'))`
prompt with url 2016-01-16 02:30:15 +03:00			`client-id/cid`
			`access-type/%offline`
			`response-type/%code`
per-user auth v2: ac/.../_state looks for state in quay 2016-01-23 03:39:49 +03:00			`redirect-uri/redirect-uri`
prompt with url 2016-01-16 02:30:15 +03:00			`=< scope/(crip ~(ram re (join " " (turn sop .))))`
handle login flow redirect by exchanging code for tokens 2016-01-20 00:55:51 +03:00			`\|=(a=cord leaf/(earn (endpoint /auth/[a])))`
			`::`
prompt with url 2016-01-16 02:30:15 +03:00			`==`
per-user auth v2: ac/.../_state looks for state in quay 2016-01-23 03:39:49 +03:00			`++ redirect-uri 'http://localhost:8443/~/ac/www.googleapis.com/_state'`
allow all sec/ interface arms to be stateful or stateless 2016-01-26 04:41:01 +03:00			`++ user-state ,[ber=@t ded=@da ref=[token=@t pending=?]]`
prompt with url 2016-01-16 02:30:15 +03:00			`--`
			`::`
			`::::`
			`::`
added ++bale, ++sec-move formal zuse types 2016-01-21 04:50:16 +03:00			`\|_ [(bale ,@t) user-state]`
move keys to clay, update fb driver 2016-01-21 22:53:57 +03:00			`++ decode-keys ((hard ,[cid=@t cis=@t ~]) (lore key)) :: XX typed %jael`
			`++ client-id cid:decode-keys`
			`++ client-secret cis:decode-keys`
refresh google access tokens 2016-01-22 05:05:00 +03:00			`::`
			`++ need-refresh (lth ded (add now ~m1))`
handle login flow redirect by exchanging code for tokens 2016-01-20 00:55:51 +03:00			`++ out`
allow all sec/ interface arms to be stateful or stateless 2016-01-26 04:41:01 +03:00			`\|= a=hiss ^- [sec-move _+>]`
			`=- [mov +>.$(pending.ref is-ref)]`
			`^- [is-ref=? mov=sec-move]`
			`?~ ber [\| [%show (auth-url usr client-id 'userinfo.email' 'plus.me' ~)]]`
refresh google access tokens 2016-01-22 05:05:00 +03:00			`?: need-refresh`
allow all sec/ interface arms to be stateful or stateless 2016-01-26 04:41:01 +03:00			`[& [%send toke-url refresh-req]]`
			`=. q.q.a (~(add ja q.q.a) %authorization (cat 3 'Bearer ' ber))`
			`[\| [%send a]]`
handle login flow redirect by exchanging code for tokens 2016-01-20 00:55:51 +03:00			`::`
allow all sec/ interface arms to be stateful or stateless 2016-01-26 04:41:01 +03:00			`++ refresh-req (toke-req refresh-token/token.ref grant-type/'refresh_token' ~)`
refresh google access tokens 2016-01-22 05:05:00 +03:00			`++ toke-req`
			`\|= quy=quay ^- moth`
			`:+ %post (mo ~[content-type/~['application/x-www-form-urlencoded']])`
			=- `(tact +:(tail:earn -))
handle login flow redirect by exchanging code for tokens 2016-01-20 00:55:51 +03:00			`%- fass`
refresh google access tokens 2016-01-22 05:05:00 +03:00			`%+ welp quy`
handle login flow redirect by exchanging code for tokens 2016-01-20 00:55:51 +03:00			`:~ client-id/client-id`
			`client-secret/client-secret`
			`redirect-uri/redirect-uri`
			`==`
refresh google access tokens 2016-01-22 05:05:00 +03:00			`++ in`
			`\|= a=quay ^- sec-move`
			`=+ cod=~\|(%no-code (~(got by (mo a)) %code))`
			`[%send toke-url (toke-req code/cod grant-type/'authorization_code' ~)]`
			`::`
			`++ res`
allow all sec/ interface arms to be stateful or stateless 2016-01-26 04:41:01 +03:00			`\|= a=httr ^- $&([sec-move _+>] sec-move)`
			`?. pending.ref [%give a]`
			`?: (bad-response p.a) [%redo ~] :: handle 4xx?`
			`~\| %refreshed-token`
			`=. pending.ref \|`
			`[[%redo ~] (new-token a)]`
refresh google access tokens 2016-01-22 05:05:00 +03:00			`::`
code deduplication 2016-01-22 22:13:11 +03:00			`++ bad-response \|=(a=@u ?:(=(2 (div a 100)) \| ~&(bad-httr/a &)))`
refresh google access tokens 2016-01-22 05:05:00 +03:00			`++ new-token`
code deduplication 2016-01-22 22:13:11 +03:00			`\|= a=httr ^+ +>`
			=+ `[typ=term ber=@t tim=@u]`(grab a parse-toke)
refresh google access tokens 2016-01-22 05:05:00 +03:00			`?> ?=(%bearer typ)`
allow all sec/ interface arms to be stateful or stateless 2016-01-26 04:41:01 +03:00			`+>.$(ber ber, ded (add now (mul ~s1 tim)), pending.ref \|)`
refresh google access tokens 2016-01-22 05:05:00 +03:00			`::`
			`++ grab`
			`\|* [a=httr b=fist:jo]`
			`~\| bad-json/r.a`
			`(need (;~(biff poja b) q:(need r.a)))`
handle login flow redirect by exchanging code for tokens 2016-01-20 00:55:51 +03:00			`::`
refresh google access tokens 2016-01-22 05:05:00 +03:00			`++ parse-toke`
			`=> jo %- ot :~`
			`'token_type'^(cu cass sa)`
			`'access_token'^so`
			`'expires_in'^ni`
save token to core sample, refresh 2016-01-20 02:13:38 +03:00			`==`
			`::`
			`++ bak`
refresh google access tokens 2016-01-22 05:05:00 +03:00			`\|= a=httr ^- [sec-move _+>]`
allow all sec/ interface arms to be stateful or stateless 2016-01-26 04:41:01 +03:00			`:- [%redo ~]`
			`?: (bad-response p.a) +>.$ :: handle 4xx?`
			`=. token.ref (grab a (ot 'refresh_token'^so ~):jo)`
			`(new-token a)`
			`::++ wipe ~`
handle login flow redirect by exchanging code for tokens 2016-01-20 00:55:51 +03:00			`--`