Support OAuth 2.0 login flow for Monzo API

After some toil and lots of learning, monzo_ynab is receiving access and refresh
tokens from Monzo. I can now use these tokens to fetch my transactions from the
past 24 hours and then forward them along to YNAB.

If YNAB's API requires OAuth 2.0 login flow for authorization, I should be able
to set that up in about an hour, which would be much faster than it took me to
setup the login flow for Monzo. Learning can be a powerful thing.

See the TODOs scattered around for a general idea of some (but not all) of the
work that remains.

TL;DR
- Package monzo_ynab with buildGo
- Move some utility functions to sibling packages
- Add a README with a project overview, installation instructions, and a brief
  note about my ideas for deployment

Note: I have some outstanding questions about how to manage state in Go. Should
I use channels? Should I use a library? Are top-level variables enough? Answers
to some or all of these questions and more coming soon...

1 files changed, 125 insertions, 0 deletions

diff --git a/monzo_ynab/main.go b/monzo_ynab/main.go
new file mode 100644
index 0000000000..5b6c654e28
--- /dev/null
+++ b/monzo_ynab/main.go
@@ -0,0 +1,125 @@
+// Exporting Monzo transactions to my YouNeedABudget.com (i.e. YNAB)
+// account. YNAB unfortunately doesn't currently offer an Monzo integration. As
+// a workaround and a practical excuse to learn Go, I decided to write one
+// myself.
+//
+// This job is going to run N times per 24 hours. Monzo offers webhooks for
+// reacting to certain types of events. I don't expect I'll need realtime data
+// for my YNAB integration. That may change, however, so it's worth noting.
+
+package main
+
+import (
+	"encoding/json"
+	"fmt"
+	"log"
+	"net/http"
+	"net/url"
+	"os"
+	"os/exec"
+)
+
+////////////////////////////////////////////////////////////////////////////////
+// Constants
+////////////////////////////////////////////////////////////////////////////////
+
+var (
+	clientId     = os.Getenv("client_id")
+	clientSecret = os.Getenv("client_secret")
+)
+
+const (
+	redirectURI = "http://localhost:8080/authorization-code"
+	// TODO(wpcarro): Consider generating a random string for the state when the
+	// application starts instead of hardcoding it here.
+	state = "xyz123"
+)
+
+////////////////////////////////////////////////////////////////////////////////
+// Business Logic
+////////////////////////////////////////////////////////////////////////////////
+
+// This is the response returned from Monzo when we exchange our authorization
+// code for an access token. While Monzo returns additional fields, I'm only
+// interested in AccessToken and RefreshToken.
+type accessTokenResponse struct {
+	AccessToken  string `json:"access_token"`
+	RefreshToken string `json:"refresh_token"`
+}
+
+// TODO(wpcarro): Replace http.PostForm and other similar calls with
+// client.postForm. The default http.Get and other methods doesn't timeout, so
+// it's better to create a configured client with a value for the timeout.
+
+func getAccessToken(code string) {
+	res, err := http.PostForm("https://api.monzo.com/oauth2/token", url.Values{
+		"grant_type":    {"authorization_code"},
+		"client_id":     {clientId},
+		"client_secret": {clientSecret},
+		"redirect_uri":  {redirectURI},
+		"code":          {code},
+	})
+	failOn(err)
+	defer res.Body.Close()
+
+	payload := accessTokenResponse{}
+	json.NewDecoder(res.Body).Decode(&payload)
+
+	log.Printf("Access token: %s\n", payload.AccessToken)
+	log.Printf("Refresh token: %s\n", payload.AccessToken)
+}
+
+func listenHttp(sigint chan os.Signal) {
+	// Use a go-routine to listen for interrupt signals to shutdown our HTTP
+	// server.
+	go func() {
+		<-sigint
+		// TODO(wpcarro): Do we need context here? I took this example from the
+		// example on golang.org.
+		log.Println("Warning: I should be shutting down and closing the connection here, but I'm not.")
+		close(sigint)
+	}()
+
+	log.Fatal(http.ListenAndServe(":8080", http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
+		// 1. Get authorization code from Monzo.
+		if req.URL.Path == "/authorization-code" {
+			params := req.URL.Query()
+			reqState := params["state"][0]
+			code := params["code"][0]
+
+			if reqState != state {
+				log.Fatalf("Value for state returned by Monzo does not equal our state. %s != %s", reqState, state)
+			}
+
+			// TODO(wpcarro): Add a more interesting authorization confirmation
+			// screen -- or even nothing at all.
+			fmt.Fprintf(w, "Authorized!")
+
+			// Exchange the authorization code for an access token.
+			getAccessToken(code)
+			return
+		}
+
+		log.Printf("Unhandled request: %v\n", *req)
+	})))
+}
+
+// Open a web browser to allow the user to authorize this application.
+// TODO(wpcarro): Prefer using an environment variable for the web browser
+// instead of assuming it will be google-chrome.
+func authorizeClient() {
+	url := fmt.Sprintf("https://auth.monzo.com/?client_id=%s&redirect_uri=%s&response_type=code&state=%s", clientId, redirectURI, state)
+	exec.Command("google-chrome", url).Start()
+}
+
+func main() {
+	sigint := make(chan os.Signal, 1)
+	// TODO(wpcarro): Remove state here. I'm using as a hack to prevent my
+	// program from halting before I'd like it to. Once I'm more comfortable
+	// using channels, this should be a trivial change.
+	state := make(chan bool)
+
+	authorizeClient()
+	listenHttp(sigint)
+	<-state
+}