nidus-sync/sync/oauth.go

package sync

import (
	"net/http"
	"net/url"
	"strconv"

	"github.com/Gleipnir-Technology/nidus-sync/auth"
	"github.com/Gleipnir-Technology/nidus-sync/background"
	"github.com/Gleipnir-Technology/nidus-sync/config"
	"github.com/Gleipnir-Technology/nidus-sync/db/models"
	"github.com/Gleipnir-Technology/nidus-sync/htmlpage"
	"github.com/rs/zerolog/log"
)

var (
	oauthPromptT = buildTemplate("oauth-prompt", "authenticated")
)

type ContextOauthPrompt struct {
	User User
}

// Build the ArcGIS authorization URL with PKCE
func buildArcGISAuthURL(clientID string) string {
	baseURL := "https://www.arcgis.com/sharing/rest/oauth2/authorize/"

	params := url.Values{}
	params.Add("client_id", clientID)
	params.Add("redirect_uri", config.ArcGISOauthRedirectURL())
	params.Add("response_type", "code")
	//params.Add("code_challenge", generateCodeChallenge(codeVerifier))
	//params.Add("code_challenge_method", "S256")

	// See https://developers.arcgis.com/rest/users-groups-and-items/token/
	// expiration is defined in minutes
	var expiration int
	if config.IsProductionEnvironment() {
		// 2 weeks is the maximum allowed
		expiration = 20160
	} else {
		expiration = 20
	}
	params.Add("expiration", strconv.Itoa(expiration))

	return baseURL + "?" + params.Encode()
}

func getArcgisOauthBegin(w http.ResponseWriter, r *http.Request) {
	authURL := buildArcGISAuthURL(config.ClientID)
	http.Redirect(w, r, authURL, http.StatusFound)
}

func getArcgisOauthCallback(w http.ResponseWriter, r *http.Request) {
	code := r.URL.Query().Get("code")
	log.Info().Str("code", code).Msg("Handling oauth callback")
	if code == "" {
		respondError(w, "Access code is empty", nil, http.StatusBadRequest)
		return
	}
	user, err := auth.GetAuthenticatedUser(r)
	if err != nil {
		respondError(w, "You're not currently authenticated, which really shouldn't happen.", err, http.StatusUnauthorized)
		return
	}
	err = background.HandleOauthAccessCode(r.Context(), user, code)
	if err != nil {
		respondError(w, "Failed to handle access code", err, http.StatusInternalServerError)
		return
	}
	http.Redirect(w, r, config.MakeURLNidus("/"), http.StatusFound)
}

func getOAuthRefresh(w http.ResponseWriter, r *http.Request) {
	user, err := auth.GetAuthenticatedUser(r)
	if err != nil {
		http.Redirect(w, r, "/?next=/oauth/refresh", http.StatusFound)
		return
	}
	oauthPrompt(w, r, user)
}

func oauthPrompt(w http.ResponseWriter, r *http.Request, user *models.User) {
	userContent, err := contentForUser(r.Context(), user)
	if err != nil {
		respondError(w, "Failed to get user content", err, http.StatusInternalServerError)
		return
	}
	data := ContextOauthPrompt{
		User: userContent,
	}
	htmlpage.RenderOrError(w, oauthPromptT, data)
}
Break apart sync into parts more like public-reports I like this layout makes it easier to track what functions do what and keeps templates near their render functions. 2026-01-13 20:26:15 +00:00			`package sync`

			`import (`
			`"net/http"`
Bunch of work around assigning reports to districts I added some DB schema to track logos and to relate reports to organizations. I reworked how GPS data comes from EXIF data on images because it wasn't working for JPEGs. I might have broken PNGs in the process. Also made the config options for domain names more standardized. 2026-01-22 03:27:32 +00:00			`"net/url"`
			`"strconv"`
Break apart sync into parts more like public-reports I like this layout makes it easier to track what functions do what and keeps templates near their render functions. 2026-01-13 20:26:15 +00:00
			`"github.com/Gleipnir-Technology/nidus-sync/auth"`
			`"github.com/Gleipnir-Technology/nidus-sync/background"`
			`"github.com/Gleipnir-Technology/nidus-sync/config"`
			`"github.com/Gleipnir-Technology/nidus-sync/db/models"`
			`"github.com/Gleipnir-Technology/nidus-sync/htmlpage"`
			`"github.com/rs/zerolog/log"`
			`)`

			`var (`
			`oauthPromptT = buildTemplate("oauth-prompt", "authenticated")`
			`)`

Make oauth prompt use its own context type And use the common utility to populate the user information 2026-01-14 20:15:48 +00:00			`type ContextOauthPrompt struct {`
			`User User`
			`}`

Bunch of work around assigning reports to districts I added some DB schema to track logos and to relate reports to organizations. I reworked how GPS data comes from EXIF data on images because it wasn't working for JPEGs. I might have broken PNGs in the process. Also made the config options for domain names more standardized. 2026-01-22 03:27:32 +00:00			`// Build the ArcGIS authorization URL with PKCE`
			`func buildArcGISAuthURL(clientID string) string {`
			`baseURL := "https://www.arcgis.com/sharing/rest/oauth2/authorize/"`

			`params := url.Values{}`
			`params.Add("client_id", clientID)`
			`params.Add("redirect_uri", config.ArcGISOauthRedirectURL())`
			`params.Add("response_type", "code")`
			`//params.Add("code_challenge", generateCodeChallenge(codeVerifier))`
			`//params.Add("code_challenge_method", "S256")`

			`// See https://developers.arcgis.com/rest/users-groups-and-items/token/`
			`// expiration is defined in minutes`
			`var expiration int`
			`if config.IsProductionEnvironment() {`
			`// 2 weeks is the maximum allowed`
			`expiration = 20160`
			`} else {`
			`expiration = 20`
			`}`
			`params.Add("expiration", strconv.Itoa(expiration))`

			`return baseURL + "?" + params.Encode()`
			`}`

Break apart sync into parts more like public-reports I like this layout makes it easier to track what functions do what and keeps templates near their render functions. 2026-01-13 20:26:15 +00:00			`func getArcgisOauthBegin(w http.ResponseWriter, r *http.Request) {`
Bunch of work around assigning reports to districts I added some DB schema to track logos and to relate reports to organizations. I reworked how GPS data comes from EXIF data on images because it wasn't working for JPEGs. I might have broken PNGs in the process. Also made the config options for domain names more standardized. 2026-01-22 03:27:32 +00:00			`authURL := buildArcGISAuthURL(config.ClientID)`
Break apart sync into parts more like public-reports I like this layout makes it easier to track what functions do what and keeps templates near their render functions. 2026-01-13 20:26:15 +00:00			`http.Redirect(w, r, authURL, http.StatusFound)`
			`}`

			`func getArcgisOauthCallback(w http.ResponseWriter, r *http.Request) {`
			`code := r.URL.Query().Get("code")`
			`log.Info().Str("code", code).Msg("Handling oauth callback")`
			`if code == "" {`
			`respondError(w, "Access code is empty", nil, http.StatusBadRequest)`
			`return`
			`}`
			`user, err := auth.GetAuthenticatedUser(r)`
			`if err != nil {`
			`respondError(w, "You're not currently authenticated, which really shouldn't happen.", err, http.StatusUnauthorized)`
			`return`
			`}`
			`err = background.HandleOauthAccessCode(r.Context(), user, code)`
			`if err != nil {`
			`respondError(w, "Failed to handle access code", err, http.StatusInternalServerError)`
			`return`
			`}`
Bunch of work around assigning reports to districts I added some DB schema to track logos and to relate reports to organizations. I reworked how GPS data comes from EXIF data on images because it wasn't working for JPEGs. I might have broken PNGs in the process. Also made the config options for domain names more standardized. 2026-01-22 03:27:32 +00:00			`http.Redirect(w, r, config.MakeURLNidus("/"), http.StatusFound)`
Break apart sync into parts more like public-reports I like this layout makes it easier to track what functions do what and keeps templates near their render functions. 2026-01-13 20:26:15 +00:00			`}`

			`func getOAuthRefresh(w http.ResponseWriter, r *http.Request) {`
			`user, err := auth.GetAuthenticatedUser(r)`
			`if err != nil {`
			`http.Redirect(w, r, "/?next=/oauth/refresh", http.StatusFound)`
			`return`
			`}`
Make oauth prompt use its own context type And use the common utility to populate the user information 2026-01-14 20:15:48 +00:00			`oauthPrompt(w, r, user)`
Break apart sync into parts more like public-reports I like this layout makes it easier to track what functions do what and keeps templates near their render functions. 2026-01-13 20:26:15 +00:00			`}`

Make oauth prompt use its own context type And use the common utility to populate the user information 2026-01-14 20:15:48 +00:00			`func oauthPrompt(w http.ResponseWriter, r http.Request, user models.User) {`
			`userContent, err := contentForUser(r.Context(), user)`
			`if err != nil {`
			`respondError(w, "Failed to get user content", err, http.StatusInternalServerError)`
			`return`
			`}`
			`data := ContextOauthPrompt{`
			`User: userContent,`
Break apart sync into parts more like public-reports I like this layout makes it easier to track what functions do what and keeps templates near their render functions. 2026-01-13 20:26:15 +00:00			`}`
			`htmlpage.RenderOrError(w, oauthPromptT, data)`
			`}`