about summary refs log tree commit diff
path: root/tools/monzo_ynab/auth.go
blob: b66bacb10687e3f26b8c6c8683a9ebf1494f7499 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
package auth

////////////////////////////////////////////////////////////////////////////////
// Dependencies
////////////////////////////////////////////////////////////////////////////////

import (
	"encoding/json"
	"fmt"
	"log"
	"net/http"
	"net/url"
	"os"
	"os/exec"
	"utils"
)

////////////////////////////////////////////////////////////////////////////////
// Constants
////////////////////////////////////////////////////////////////////////////////

var (
	BROWSER      = os.Getenv("BROWSER")
	REDIRECT_URI = "http://localhost:8080/authorization-code"
)

////////////////////////////////////////////////////////////////////////////////
// Types
////////////////////////////////////////////////////////////////////////////////

// This is the response returned from Monzo when we exchange our authorization
// code for an access token. While Monzo returns additional fields, I'm only
// interested in AccessToken and RefreshToken.
type accessTokenResponse struct {
	AccessToken  string `json:"access_token"`
	RefreshToken string `json:"refresh_token"`
	ExpiresIn    int    `json:"expires_in"`
}

type Tokens struct {
	AccessToken  string
	RefreshToken string
	ExpiresIn    int
}

////////////////////////////////////////////////////////////////////////////////
// Functions
////////////////////////////////////////////////////////////////////////////////

// Returns the access token and refresh tokens for the Monzo API.
func GetTokensFromAuthCode(authCode string, clientID string, clientSecret string) *Tokens {
	res, err := http.PostForm("https://api.monzo.com/oauth2/token", url.Values{
		"grant_type":    {"authorization_code"},
		"client_id":     {clientID},
		"client_secret": {clientSecret},
		"redirect_uri":  {REDIRECT_URI},
		"code":          {authCode},
	})
	utils.FailOn(err)
	defer res.Body.Close()
	payload := &accessTokenResponse{}
	json.NewDecoder(res.Body).Decode(payload)

	return &Tokens{payload.AccessToken, payload.RefreshToken, payload.ExpiresIn}
}

// Open a web browser to allow the user to authorize this application. Return
// the authorization code sent from Monzo.
func GetAuthCode(clientID string) string {
	// TODO(wpcarro): Consider generating a random string for the state when the
	// application starts instead of hardcoding it here.
	state := "xyz123"
	url := fmt.Sprintf(
		"https://auth.monzo.com/?client_id=%s&redirect_uri=%s&response_type=code&state=%s",
		clientID, REDIRECT_URI, state)
	exec.Command(BROWSER, url).Start()

	authCode := make(chan string)
	go func() {
		log.Fatal(http.ListenAndServe(":8080",
			http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
				// 1. Get authorization code from Monzo.
				if req.URL.Path == "/authorization-code" {
					params := req.URL.Query()
					reqState := params["state"][0]
					code := params["code"][0]

					if reqState != state {
						log.Fatalf("Value for state returned by Monzo does not equal our state. %s != %s", reqState, state)
					}
					authCode <- code

					fmt.Fprintf(w, "Authorized!")
				} else {
					log.Printf("Unhandled request: %v\n", *req)
				}
			})))
	}()
	result := <-authCode
	return result
}