Here is what I have so far which returns a "400 error". Am I doing something wrong? I can't figure it out why is not working as the request is pretty straightforward
package main
import (
"code.google.com/p/goauth2/oauth"
"fmt"
"log"
)
func main() {
cachefile := "cache.json"
code := "4/xxxxx.8uFT5Z0slpMbJvIeHux6iLY_9k7ajw" //the code received from the URL redirect
// Set up a configuration.
config := &oauth.Config{
ClientId: "xx.apps.googleusercontent.com",
ClientSecret: "cWP3HudD3XmaP33j8",
RedirectURL: "https://crm.com/sender/gmail/auth/callBack",
Scope: "https://www.googleapis.com/auth/gmail.compose",
AuthURL: "https://accounts.google.com/o/oauth2/auth",
TokenURL: "https://accounts.google.com/o/oauth2/token",
AccessType: "offline",
TokenCache: oauth.CacheFile(cachefile),
}
// Set up a Transport using the config.
transport := &oauth.Transport{Config: config}
token, err := config.TokenCache.Token()
if err != nil {
token, err = transport.Exchange(code)
if err != nil {
log.Fatal("Exchange:", err)
}
}
// (The Exchange method will automatically cache the token.)
transport.Token = token
fmt.Println(token)
}
Result
Exchange:OAuthError: updateToken: Unexpected HTTP status 400 Bad Request
I would recommend to use 'one-time code flow', as described in the documentation:
To take advantage of all of the benefits of Google+ Sign-In you must use a hybrid server-side flow where a user authorizes your app on the client side using the JavaScript API client and you send a special one-time authorization code to your server. Your server exchanges this one-time-use code to acquire its own access and refresh tokens from Google for the server to be able to make its own API calls, which can be done while the user is offline. This one-time code flow has security advantages over both a pure server-side flow and over sending access tokens to your server.
As code can be used just once there are less chances of compromising user's account.
Client code is pretty straight forward, follow the example in step 3.
For server-side, I would recommend using the package oauth2 instead of goauth2.
$ go get code.google.com/p/google-api-go-client/plus/v1
$ go get github.com/golang/oauth2
$ go get google.golang.org/appengine
For some reason, oauth2 package requires also appengine package.
Exchanging the one-time code for a reusable token can be done using function NewTransportWithCode:
func exchangeCode(code string) (*oauth2.Token, *oauth2.Transport, error) {
config, err := google.NewConfig(&oauth2.Options{
ClientID: CLIENT_ID,
ClientSecret: CLIENT_SECRET,
RedirectURL: "postmessage",
Scopes: []string{"https://www.googleapis.com/auth/plus.login"},
})
if err != nil {
return &oauth2.Token{}, &oauth2.Transport{}, err
}
transport, err := config.NewTransportWithCode(code)
if err != nil {
return &oauth2.Token{}, &oauth2.Transport{}, err
}
token := transport.Token()
return token, transport, nil
}
And finally the code you created in step 3 can submit one time code to a handler listening at /oauth2:
func oauth2Handler(w http.ResponseWriter, r *http.Request) {
// TODO Check request has...
// - Method: POST
// - Content-Type: application/octet-stream; charset=utf-8
// - CSRF Token http://goo.gl/mNCjJm
body, err := ioutil.ReadAll(r.Body)
defer r.Body.Close()
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
code := string(body[:])
token, transport, err := exchangeCode(code)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
// From here you can use the transport
client := http.Client{Transport: transport}
service, err := plus.New(&client)
if err != nil {
return nil, err
}
// https://www.googleapis.com/plus/v1/people/me
person, err := service.People.Get("me").Do()
// ...
}
func main() {
http.HandleFunc("/oauth2", oauth2Handler)
log.Fatal(http.ListenAndServe(":8000", nil))
}
Some error handling is missing, but you get the idea.
Related
We would like to add tracing to methods used within services deployed on Cloud Run.
Tracing already provided Cloud Run requests:
Let's say we have the following gRPC method:
func (s *myServiceService) SyncTable(ctx context.Context, req *pb.SyncTableRequest) (*longrunning.Operation, error) {
//.... some stuff here...
// making a call to the internal method, which has a tracing span
err := dropRequestOnStorage(ctx, ...)
if err != nil {
return nil, err
}
return op, nil
}
Here is an example of an internal method to which we have added a Trace span and is called by the main gRPC method:
// dropRequestOnStorage loads the requests on the relevant bucket.
func dropRequestOnStorage(ctx context.Context, filename string, operationID string, req *pb.ExtractDataRequest) error {
// add tracing to this method.
ctx, span := otel.Tracer("").Start(ctx, "dropRequestOnStorage")
defer span.End()
// load json object to storage
reqByte, err := protojson.Marshal(req)
if err != nil {
fmt.Println(err)
}
wc := storageClient.Bucket("my-bucket-with-cool-stuff").Object(filename).NewWriter(ctx)
wc.ContentType = "application/json"
_, err = wc.Write(reqByte)
if err != nil {
fmt.Println(err)
}
wc.Close()
fmt.Println(filename)
return nil
}
Looking at Tracing for Google Cloud Run I see traces for the above method:
Despite passing the context from the main gRPC to the internal method, Tracing is not pulled through to the underlying internals. The traces generated by the internal methods does not 'receive' the main gRPC trace as a parent.
Is this because the default tracing provided by Cloud Run is done by the Cloud Run internals? And therefore not available to the context of the gRPC methods?
Tracing using gRPC Interceptors
The only way to get this to work was to add gRPC interceptors to create tracing spans for each gRPC method.
package main
import (
"context"
texporter "github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/trace"
"go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc"
"go.opentelemetry.io/otel"
"go.opentelemetry.io/otel/propagation"
sdktrace "go.opentelemetry.io/otel/sdk/trace"
"google.golang.org/grpc"
"log"
"net"
"os"
)
func init() {
// Pre-declare err to avoid shadowing.
var err error
// initialising tracing exporter
//exporter, err := stdout.NewExporter(stdout.WithPrettyPrint())
exporter, err := texporter.NewExporter(texporter.WithProjectID("alis-de"))
if err != nil {
log.Fatalf("texporter.NewExporter: %v", err)
}
tp := sdktrace.NewTracerProvider(
sdktrace.WithSampler(sdktrace.AlwaysSample()),
sdktrace.WithSyncer(exporter),
)
otel.SetTracerProvider(tp)
otel.SetTextMapPropagator(propagation.NewCompositeTextMapPropagator(propagation.TraceContext{}, propagation.Baggage{}))
}
func main() {
log.Printf("starting server...")
port := os.Getenv("PORT")
if port == "" {
port = "8080"
log.Printf("Defaulting to port %s", port)
}
listener, err := net.Listen("tcp", ":"+port)
if err != nil {
log.Fatalf("net.Listen: %v", err)
}
// Attaching grpc interceptors to automatically enable tracing at gRCP methods
grpcServer := grpc.NewServer(
grpc.UnaryInterceptor(otelgrpc.UnaryServerInterceptor()),
grpc.StreamInterceptor(otelgrpc.StreamServerInterceptor()),
)
pb.RegisterOperationsServer(grpcServer, &operationsService{})
if err = grpcServer.Serve(listener); err != nil {
log.Fatal(err)
}
}
Tracing now pulls through to the Console:
However, looking at the Traces, there are now (unfortunately??) two trace entries:
The default trace provided by Cloud Run (with no child traces)
The new trace generated by the gRPC interceptors (with child traces reflecting the internally called methods)
I have a gRPC server (server) written in Go that a Python gRPC client (client) talks to. The server occasionally sends http post requests to a Go based http server (sigsvc). All of these instances run as docker instances spun up through docker-compose sharing the same docker network.
This is the section of code on server that creates and sends the http request:
b := new(bytes.Buffer)
txbytes, err := json.Marshal(tx)
if err != nil {
log.WithError(err).Error("failed to marshal transaction")
return nil, err
}
b.Write(txbytes)
resp, err := http.Post(sigsvc.signerURL, "application/json; charset=utf-8", b)
if err != nil {
log.WithError(err).Errorf("error signing transaction with signer %s", sigsvc.signerURL)
return nil, err
}
defer resp.Body.Close()
var signedTx types.Transaction
err = json.NewDecoder(resp.Body).Decode(&signedTx)
if err != nil {
log.WithError(err).Error("couldn't decode signed transaction")
return nil, err
}
sigsvc.signerURL maps to something like http://signer:6666/sign which is the endpoint on the http signer service that handles the request.
signer refers to the service name listed on a docker-compose.yml specification.
This is how the handler looks like on sigsvc:
func (sv *SignerSv) handleSignTx() http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
log.Info("request received to sign transaction")
dump, err := httputil.DumpRequest(r, true)
if err != nil {
http.Error(w, fmt.Sprint(err), http.StatusInternalServerError)
}
log.Debugf("%q", dump)
if r.Body == nil {
log.Error("request body missing")
http.Error(w, "Please send a request body", 400)
return
}
log.Debugf("request body: %v", r.Body)
var tx types.Transaction
err = json.NewDecoder(r.Body).Decode(&tx)
if err != nil {
log.WithError(err).Error("failed to unmarshal transaction")
http.Error(w, err.Error(), 400)
return
}
log.WithFields(log.Fields{
"txhash": tx.Hash().Hex(),
"nonce": tx.Nonce(),
"to": tx.To().Hex(),
"data": tx.Data(),
"gasLimit": tx.Gas(),
"gasPrice": tx.GasPrice(),
"value": tx.Value(),
}).Debug("Decoded transaction from request body")
Both the request and request body are dumped successfully by the debug logs. However, apparently the line decoding the request body to the transaction type is never executed, since no error or decoded transaction logs are logged.
On server, I keep getting the following error:
error="Post http://signer:6666/sign: EOF"
This is how the request is logged on sigsvc:
msg="\"POST /sign HTTP/1.1\\r\\nHost: signer:6666\\r\\nConnection: close\\r\\nAccept-Encoding: gzip\\r\\nConnection: close\\r\\nContent-Length: 10708\\r\\nUser-Agent: Go-http-client/1.1\\r\\n\\r\\n{\\\"nonce\\\":\\\"0x0\\\",\\\"gasPrice\\\":\\\"0x2540be400\\\",\\\"gas\\\":\\\"0x15c285\\\",\\\"to\\\":null,\\\"value\\\":\\\"0x0\\\",\\\"input\\\":\\\"0x6080604055",\\\"v\\\":\\\"0x0\\\",\\\"r\\\":\\\"0x0\\\",\\\"s\\\":\\\"0x0\\\",\\\"hash\\\":\\\"0xab55920fb3d490fc55ccd76a29dfb380f4f8a9e5d0bda4155a3b114fca26da0a\\\"}\"
I have tried reproducing this error on similar but simplified docker setups, but I have failed at that.
I'm trying to understand the following:
If there is anything wrong with this code that is being exposed due
to a particular setup on docker?
Or, do I need to look at some docker setup specifics to debug the instances.
The problem was in the way the http handler code was logging the to field in this logrus call.
log.WithFields(log.Fields{
"txhash": tx.Hash().Hex(),
"nonce": tx.Nonce(),
"to": tx.To().Hex(),
"data": tx.Data(),
"gasLimit": tx.Gas(),
"gasPrice": tx.GasPrice(),
"value": tx.Value(),
}).Debug("Decoded transaction from request body")
Under specific circumstances, the tx.To() call returns nil, which implies calling tx.To().Hex() would lead to an error on account of trying to make a method call on a nil pointer. On the face of it, one would expect the log.WithFields() call to error out or panic, but instead the handler silently closes connection with the client side getting an EOF response.
I have written a simple client/server in Go that will do an HTTP GET over TLS, but I'm trying to also make it capable of doing an HTTP POST over TLS.
In the example below index.html just contains the text hello, and the HTTP GET is working fine. I want the client to get the HTTP GET and write back, hello world to the server.
client
package main
import (
"crypto/tls"
"fmt"
"io/ioutil"
"net/http"
"strings"
)
func main() {
link := "https://10.0.0.1/static/index.html"
tr := &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
}
client := &http.Client{Transport: tr}
response, err := client.Get(link)
if err != nil {
fmt.Println(err)
}
defer response.Body.Close()
content, _ := ioutil.ReadAll(response.Body)
s := strings.TrimSpace(string(content))
fmt.Println(s)
// out := s + " world"
// Not working POST...
// resp, err := client.Post(link, "text/plain", &out)
}
server
package main
import (
"fmt"
"log"
"net/http"
)
func main() {
http.HandleFunc("/static/", func (w http.ResponseWriter, r *http.Request) {
fmt.Println("Got connection!")
http.ServeFile(w, r, r.URL.Path[1:])
})
log.Fatal(http.ListenAndServeTLS(":443", "server.crt", "server.key", nil))
}
I also currently have nothing to handle the POST on the server side, but I just want it to print it out to the screen so when I run the client I will see the server print hello world.
How should I fix my client code to do a proper POST? And what should the corresponding server code look like to accept the POST? Any help would be appreciated, I'm having trouble finding HTTPS/TLS POST examples.
You didn't share the error message, but I assume the client.Post call wasn't allowing a string as its third parameter, because it requires an io.Reader. Try this instead:
out := s + " world"
resp, err := client.Post(link, "text/plain", bytes.NewBufferString(out))
On the server side, you already have the right code set up to handle the POST request. Just check the method:
http.HandleFunc("/static/", func (w http.ResponseWriter, r *http.Request) {
if r.Method == "POST" {
// handle POST requests
} else {
// handle all other requests
}
})
I noticed one other issue. Using index.html probably won't work here. http.ServeFile will redirect that path. See https://golang.org/pkg/net/http/#ServeFile:
As a special case, ServeFile redirects any request where r.URL.Path
ends in "/index.html" to the same path, without the final
"index.html". To avoid such redirects either modify the path or use
ServeContent.
I'd suggest just using a different file name to avoid that issue.
So, I'm using the net/http package. I'm GETting a URL that I know for certain is redirecting. It may even redirect a couple of times before landing on the final URL. Redirection is handled automatically behind the scenes.
Is there an easy way to figure out what the final URL was without a hackish workaround that involves setting the CheckRedirect field on a http.Client object?
I guess I should mention that I think I came up with a workaround, but it's kind of hackish, as it involves using a global variable and setting the CheckRedirect field on a custom http.Client.
There's got to be a cleaner way to do it. I'm hoping for something like this:
package main
import (
"fmt"
"log"
"net/http"
)
func main() {
// Try to GET some URL that redirects. Could be 5 or 6 unseen redirections here.
resp, err := http.Get("http://some-server.com/a/url/that/redirects.html")
if err != nil {
log.Fatalf("http.Get => %v", err.Error())
}
// Find out what URL we ended up at
finalURL := magicFunctionThatTellsMeTheFinalURL(resp)
fmt.Printf("The URL you ended up at is: %v", finalURL)
}
package main
import (
"fmt"
"log"
"net/http"
)
func main() {
resp, err := http.Get("http://stackoverflow.com/q/16784419/727643")
if err != nil {
log.Fatalf("http.Get => %v", err.Error())
}
// Your magic function. The Request in the Response is the last URL the
// client tried to access.
finalURL := resp.Request.URL.String()
fmt.Printf("The URL you ended up at is: %v\n", finalURL)
}
Output:
The URL you ended up at is: http://stackoverflow.com/questions/16784419/in-golang-how-to-determine-the-final-url-after-a-series-of-redirects
I would add a note that http.Head method should be enough to retrieve the final URL. Theoretically it should be faster comparing to http.Get as a server is expected to send back just a header:
resp, err := http.Head("http://stackoverflow.com/q/16784419/727643")
...
finalURL := resp.Request.URL.String()
...
i am using the following library for google oauth2 https://github.com/golang/oauth2
I am using the code given in the examples (url : http://play.golang.org/p/qXyuaVEhyS ,https://godoc.org/golang.org/x/oauth2/google )
I am able to get the auth code and token , but not able to make a get request to get user info
MyCode :
conf := &oauth2.Config{
ClientID: "my client id",
ClientSecret: "secred id",
RedirectURL: "http://localhost:3000/googlelogin",
Scopes: []string{
"https://www.googleapis.com/auth/userinfo.profile",
},
Endpoint: google.Endpoint,
}
m.Get("/googleloginrequest", func(r render.Render, request *http.Request) {
url := conf.AuthCodeURL("state")
fmt.Printf("Visit the URL for the auth dialog: %v", url)
r.Redirect(url)
})
m.Get("/googlelogin", func(r render.Render, request *http.Request) {
authcode := request.FormValue("code")
tok, err := conf.Exchange(oauth2.NoContext, authcode)
if err != nil {
log.Fatal(err)
}
client := conf.Client(oauth2.NoContext, tok)
resp, err :=client.Get("https://www.googleapis.com/userinfo/v2/me")
r.JSON(200, map[string]interface{}{"status":resp})
})
the response i get here is very big and does not have any user info
response :
200 OK","StatusCode":200,"Proto":"HTTP/1.1","ProtoMajor":1,"ProtoMinor":1,"Header":{"Alternate-
Protocol":["443:quic,p=0.02"],"Cache-Control":["no-cache, no-store, max-age=0, must-
revalidate"],"Content-Type":["application/json; charset=UTF-8"],"Date":["Tue, 23 Dec 2014 18:18:19
GMT"],"Expires":["Fri, 01 Jan 1990 00:00:00 GMT"],"Pragma":["no-cache"],"Server":["GSE"],"Vary":
["Origin","X-Origin"],"X-Content-Type-Options":["nosniff"],"X-Frame-Options":["SAMEORIGIN"],"X-Xss-
Protection":["1; mode=block"]},"Body":{},"ContentLength":-1,"TransferEncoding":
["chunked"],"Close":false,"Trailer":null,"Request":{"Method":"GET","URL":
{"Scheme":"https","Opaque":"","User":null,"Host":"www.googleapis.com","Path":"/userinfo/v2/me","RawQuery
":"","Fragment":""},"Proto":"HTTP/1.1","ProtoMajor":1,"ProtoMinor":1,"Header":{"Authorization":["Bearer
ya29.5QDPWWRKB7tNkdB2Yvm0PCST9LF_iQhjN1Y0g2abE-
lnw9BNgEd_n3A85ZfJzDNYZywqqElCb7Z2xA"]},"Body":null,"ContentLength":0,"TransferEncoding":null,"Close":fa
lse,"Host":"www.googleapis.com","Form":null,"PostForm":null,"MultipartForm":null,"Trailer":null,"RemoteA
ddr":"","RequestURI":"","TLS":null},"TLS":{"Version":771,"HandshakeComplete":true,"DidResume":false,
....
Please help, or suggest me other working library/code ,which works in the above scenario
this Library works for me "golang.org/x/oauth2/google"
Initiatialization
googleconf = &oauth2.Config{
ClientID: "your-client-id",
ClientSecret: "youe-secred",
RedirectURL: "http://localhost:300/googlelogin",
Scopes: []string{
"https://www.googleapis.com/auth/userinfo.profile",
"https://www.googleapis.com/auth/userinfo.email",
},
Endpoint: google.Endpoint,
}
Redirect User on Request :
url := googleconf.AuthCodeURL("state")
response.Redirect(url)
Getting Data From Google :
authcode := request.FormValue("code")
tok, err := googleconf.Exchange(oauth2.NoContext, authcode)
if err != nil {
fmt.Println("err is", err)
}
fmt.Println("token is ", tok)
response, err := http.Get("https://www.googleapis.com/oauth2/v2/userinfo?access_token=" + tok.AccessToken)
defer response.Body.Close()
contents, err := ioutil.ReadAll(response.Body)