Use x/oauth2 instead of custom token

3 files changed, 13 insertions, 30 deletions

diff --git a/app/controllers/api_user.go b/app/controllers/api_user.go
index f265f26..e55d88d 100644
--- a/app/controllers/api_user.go
+++ b/app/controllers/api_user.go
@@ -82,15 +82,6 @@ func validateKeysAndTokens(in *models.User) error {
                 }
         }
 
-        for k, v := range in.AuthTokens {
-                if k != v.Kind {
-                        return &echo.HTTPError{
-                                Code:    http.StatusBadRequest,
-                                Message: "Token kind must match hash key.",
-                        }
-                }
-        }
-
         return nil
 }
 
diff --git a/app/middleware/auth.go b/app/middleware/auth.go
index 7cef4d7..5a3c2f6 100644
--- a/app/middleware/auth.go
+++ b/app/middleware/auth.go
@@ -15,6 +15,7 @@ import (
         "github.com/labstack/echo/v4"
         "github.com/prometheus/client_golang/prometheus"
         "github.com/prometheus/client_golang/prometheus/promauto"
+        "golang.org/x/oauth2"
 )
 
 // apiKeyRequests tracks the number of requests made with the legacy X-API-Key
@@ -202,9 +203,8 @@ func (m *AuthenticationMiddleware) HandleCompleteLogin(c echo.Context) error {
         dbUser.AddKey(sk)
         dbUser.GCKeys() // This is a convenient place to do it
 
-        dbUser.AddToken(&models.AuthToken{
-                Kind:         "github",
-                Token:        token.AccessToken,
+        dbUser.AddToken("github", &oauth2.Token{
+                AccessToken:  token.AccessToken,
                 RefreshToken: token.RefreshToken,
         })
 
diff --git a/app/models/user.go b/app/models/user.go
index 4e37377..eb0ccbf 100644
--- a/app/models/user.go
+++ b/app/models/user.go
@@ -7,6 +7,7 @@ import (
         "code.crute.us/mcrute/golib/db/mongodb"
         "go.mongodb.org/mongo-driver/bson"
         "go.mongodb.org/mongo-driver/bson/primitive"
+        "golang.org/x/oauth2"
 )
 
 const userCol = "users"
@@ -18,22 +19,13 @@ type UserStore interface {
         Delete(context.Context, *User) error
 }
 
-type AuthToken struct {
-        Kind  string `json:"kind"`
-        Token string `json:"token"`
-
-        // Do not expose refresh tokens in JSON as they are long-lived tokens that
-        // are harder to invalidate and thus rather security sensitive.
-        RefreshToken string `json:"-"`
-}
-
 type User struct {
-        Username   string                 `bson:"_id" json:"username"`
-        IsAdmin    bool                   `json:"is_admin"`
-        IsService  bool                   `json:"is_service"`
-        Keys       map[string]*SessionKey `json:"keys,omitempty"`        // kid  -> key
-        AuthTokens map[string]*AuthToken  `json:"auth_tokens,omitempty"` // kind -> token
-        Deleted    *time.Time             `json:"deleted,omitempty"`
+        Username   string                   `bson:"_id" json:"username"`
+        IsAdmin    bool                     `json:"is_admin"`
+        IsService  bool                     `json:"is_service"`
+        Keys       map[string]*SessionKey   `json:"keys,omitempty"`        // kid  -> key
+        AuthTokens map[string]*oauth2.Token `json:"auth_tokens,omitempty"` // kind -> token
+        Deleted    *time.Time               `json:"deleted,omitempty"`
 }
 
 // GCKeys garbage collects keys that are no longer valid
@@ -62,11 +54,11 @@ func (u *User) AddKey(k *SessionKey) {
         u.Keys[k.KeyId] = k
 }
 
-func (u *User) AddToken(t *AuthToken) {
+func (u *User) AddToken(name string, t *oauth2.Token) {
         if u.AuthTokens == nil {
-                u.AuthTokens = map[string]*AuthToken{}
+                u.AuthTokens = map[string]*oauth2.Token{}
         }
-        u.AuthTokens[t.Kind] = t
+        u.AuthTokens[name] = t
 }
 
 type MongoDbUserStore struct {