Merge upstream

.github/workflows/ci.yml

@@ -16,40 +16,50 @@ jobs:
           sudo systemctl stop mono-xsp4.service || true
           sudo systemctl disable mono-xsp4.service || true
 
-      - name: set up go 1.17
-        uses: actions/setup-go@v2
+      - name: set up go 1.20
+        uses: actions/setup-go@v3
         with:
-          go-version: 1.17
+          go-version: "1.20"
         id: go
 
       - name: launch mongodb
         uses: wbari/start-mongoDB@v0.2
         with:
-          mongoDBVersion: "4.4"
+          mongoDBVersion: "6.0"
 
       - name: checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
+
+      - name: build the example
+        working-directory: _example
+        run: |
+          go build -race
+        env:
+          TZ: "America/Chicago"
 
       - name: build and test
         run: |
-          go get -v
-          go test -timeout=60s -v -race -p 1 -covermode=atomic -coverprofile=$GITHUB_WORKSPACE/profile.cov_tmp
-          cat $GITHUB_WORKSPACE/profile.cov_tmp | grep -v "_mock.go" > $GITHUB_WORKSPACE/profile.cov
+          go test -timeout=60s -v -race -p 1 -covermode=atomic -coverprofile=$GITHUB_WORKSPACE/profile.cov ./...
           go build -race
         env:
-          GO111MODULE: "on"
           TZ: "America/Chicago"
           ENABLE_MONGO_TESTS: "true"
 
-      - name: install golangci-lint and goveralls
-        run: |
-          curl -sfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh| sh -s -- -b $GITHUB_WORKSPACE v1.44.0
-          GO111MODULE=off go get -u -v github.com/mattn/goveralls
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v3
+        with:
+          version: latest
 
-      - name: run linters
-        run: $GITHUB_WORKSPACE/golangci-lint run
+      - name: golangci-lint on example directory
+        uses: golangci/golangci-lint-action@v3
+        with:
+          version: latest
+          args: --config ../.golangci.yml
+          working-directory: _example
 
       - name: submit coverage
-        run: $(go env GOPATH)/bin/goveralls -service="github" -coverprofile=$GITHUB_WORKSPACE/profile.cov
+        run: |
+          go install github.com/mattn/goveralls@latest
+          goveralls -service="github" -coverprofile=$GITHUB_WORKSPACE/profile.cov
         env:
           COVERALLS_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/codeql-analysis.yml

@@ -35,33 +35,22 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
+      uses: github/codeql-action/init@v2
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
         # By default, queries listed here will override any specified in a config file.
         # Prefix the list here with "+" to use these queries and those in the config file.
         # queries: ./path/to/local/query, your-org/your-repo/queries@main
 
-    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
-    # If this step fails, then you should remove it and run the build manually (see below)
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
-
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 https://git.io/JvXDl
-
-    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
-    #    and modify them (or add more) to build your code if your project
-    #    uses a compiled language
-
-    #- run: |
-    #   make bootstrap
-    #   make release
+    - name: Build the code
+      run: go build -o auth
+      env:
+        TZ: "America/Chicago"
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      uses: github/codeql-action/analyze@v2

.golangci.yml

@@ -2,11 +2,13 @@ linters-settings:
   govet:
     check-shadowing: true
   golint:
-    min-confidence: 0
+    min-confidence: 0.6
   gocyclo:
-    min-complexity: 20
+    min-complexity: 15
   maligned:
     suggest-new: true
+  dupl:
+    threshold: 100
   goconst:
     min-len: 2
     min-occurrences: 2
@@ -22,50 +24,60 @@ linters-settings:
     disabled-checks:
       - wrapperFunc
       - hugeParam
+      - rangeValCopy
 
 linters:
+  disable-all: true
   enable:
     - megacheck
     - revive
     - govet
     - unconvert
-    - megacheck
-    - structcheck
     - gas
-    - gocyclo
     - misspell
-    - unparam
-    - varcheck
-    - deadcode
+    - unused
     - typecheck
     - ineffassign
-    - varcheck
     - stylecheck
     - gochecknoinits
     - exportloopref
-    - gocritic
     - nakedret
     - gosimple
     - prealloc
+
   fast: false
-  disable-all: true
+
 
 run:
-  output:
-    format: tab
+  #  modules-download-mode: vendor
   skip-dirs:
     - vendor
+  concurrency: 4
 
 issues:
   exclude-rules:
     - text: "should have a package comment, unless it's in another file for this package"
       linters:
         - golint
-    - text: "G505: Blocklisted import crypto/sha1: weak cryptographic primitive"
+    - text: "exitAfterDefer:"
+      linters:
+        - gocritic
+    - text: "whyNoLint: include an explanation for nolint directive"
+      linters:
+        - gocritic
+    - text: "go.mongodb.org/mongo-driver/bson/primitive.E"
+      linters:
+        - govet
+    - text: "weak cryptographic primitive"
       linters:
         - gosec
-    - text: "Use of weak cryptographic primitive"
+    - text: "at least one file in a package should have a package comment"
+      linters:
+        - stylecheck
+    - text: "should have a package comment"
+      linters:
+        - revive
+    - text: 'Deferring unsafe method "Close" on type "io.ReadCloser"'
       linters:
         - gosec
-
   exclude-use-default: false

README.md

@@ -499,15 +499,27 @@ Authentication handled by external providers. You should setup oauth2 for all (o
 2.  Choose the new project from the top right project dropdown (only if another project is selected)
 3.  In the project Dashboard center pane, choose **"API Manager"**
 4.  In the left Nav pane, choose **"Credentials"**
-5.  In the center pane, choose **"OAuth consent screen"** tab. Fill in **"Product name shown to users"** and hit save.
-6.  In the center pane, choose **"Credentials"** tab.
-    * Open the **"New credentials"** drop down
-    * Choose **"OAuth client ID"**
-    * Choose **"Web application"**
-    * Application name is freeform, choose something appropriate
-    * Authorized origins is your domain ex: `https://example.mysite.com`
-    * Authorized redirect URIs is the location of oauth2/callback constructed as domain + `/auth/google/callback`, ex: `https://example.mysite.com/auth/google/callback`
-    * Choose **"Create"**
+5. In the center pane, choose the **"OAuth consent screen"** tab.
+  * Select "**External**" and click "Create"
+  * Fill in **"App name"** and select **User support email**
+  * Upload a logo, if you want to
+  * In the **App Domain** section:
+    * **Application home page** - your site URL, e.g., `https://mysite.com`
+    * **Application privacy policy link** - `/web/privacy.html` of your Remark42 installation, e.g. `https://remark42.mysite.com/web/privacy.html` (please check that it works)
+    * **Terms of service** - leave empty
+  * **Authorized domains** - your site domain, e.g., `mysite.com`
+  * **Developer contact information** - add your email, and then click **Save and continue**
+  * On the **Scopes** tab, just click **Save and continue**
+  * On the **Test users**, add your email, then click **Save and continue**
+  * Before going to the next step, set the app to "Production" and send it to verification
+6. In the center pane, choose the **"Credentials"** tab
+   * Open the **"Create credentials"** drop-down
+   * Choose **"OAuth client ID"**
+   * Choose **"Web application"**
+   * Application **Name** is freeform; choose something appropriate, like "Comments on mysite.com"
+   * **Authorized JavaScript Origins** should be your domain, e.g., `https://remark42.mysite.com`
+   * **Authorized redirect URIs** is the location of OAuth2/callback constructed as domain + `/auth/google/callback`, e.g., `https://remark42.mysite.com/auth/google/callback`
+   * Click **"Create"**
 7.  Take note of the **Client ID** and **Client Secret**
 
 _instructions for google oauth2 setup borrowed from [oauth2_proxy](https://github.com/bitly/oauth2_proxy)_
@@ -557,7 +569,7 @@ After completing the previous steps, you can proceed with configuring the Apple
 - _ClientID_ (**required**) - Service ID identifier which is used for Sign with Apple
 - _TeamID_ (**required**) - Identifier a developer account (use as prefix for all App ID)
 - _KeyID_ (**required**) - Identifier a generated key for Sign with Apple
-
+- _ResponseMode_  - Response Mode, please see [documentation](https://developer.apple.com/documentation/sign_in_with_apple/request_an_authorization_to_the_sign_in_with_apple_server?changes=_1_2#4066168) for reference, default is `form_post`
 
 ```go
     // apple config parameters

_example/README.md

@@ -3,8 +3,8 @@
 ## build and try
 
 - run `go run main.go`
-- open route: http://127.0.0.1:8080/open
-- web application - http://127.0.0.1:8080/web
+- open route: http://localhost:8080/open
+- web application - http://localhost:8080/web
 
 ## parameters
 

_example/go.mod

@@ -1,16 +1,52 @@
 module github.com/go-pkgz/auth/_example
 
-go 1.15
+go 1.21
 
 replace github.com/go-pkgz/auth => ../
 
 require (
-	github.com/go-chi/chi/v5 v5.0.7
-	github.com/go-oauth2/oauth2/v4 v4.5.1
-	github.com/go-pkgz/auth v1.18.0
-	github.com/go-pkgz/lgr v0.10.4
-	github.com/go-pkgz/rest v1.16.0
+	github.com/go-chi/chi/v5 v5.0.10
+	github.com/go-oauth2/oauth2/v4 v4.5.2
+	github.com/go-pkgz/auth v1.22.0
+	github.com/go-pkgz/lgr v0.11.1
+	github.com/go-pkgz/rest v1.17.0
 	github.com/golang-jwt/jwt v3.2.2+incompatible
-	github.com/tidwall/buntdb v1.2.8 // indirect
-	golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5
+	golang.org/x/oauth2 v0.13.0
+)
+
+require (
+	cloud.google.com/go/compute v1.23.1 // indirect
+	cloud.google.com/go/compute/metadata v0.2.3 // indirect
+	github.com/MicahParks/keyfunc v1.1.0 // indirect
+	github.com/dghubble/oauth1 v0.7.2 // indirect
+	github.com/go-pkgz/repeater v1.1.3 // indirect
+	github.com/golang-jwt/jwt/v4 v4.4.1 // indirect
+	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/golang/snappy v0.0.4 // indirect
+	github.com/google/uuid v1.3.1 // indirect
+	github.com/klauspost/compress v1.17.1 // indirect
+	github.com/montanaflynn/stats v0.7.1 // indirect
+	github.com/nullrocks/identicon v0.0.0-20180626043057-7875f45b0022 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/tidwall/btree v1.7.0 // indirect
+	github.com/tidwall/buntdb v1.3.0 // indirect
+	github.com/tidwall/gjson v1.17.0 // indirect
+	github.com/tidwall/grect v0.1.4 // indirect
+	github.com/tidwall/match v1.1.1 // indirect
+	github.com/tidwall/pretty v1.2.1 // indirect
+	github.com/tidwall/rtred v0.1.2 // indirect
+	github.com/tidwall/tinyqueue v0.1.1 // indirect
+	github.com/xdg-go/pbkdf2 v1.0.0 // indirect
+	github.com/xdg-go/scram v1.1.2 // indirect
+	github.com/xdg-go/stringprep v1.0.4 // indirect
+	github.com/youmark/pkcs8 v0.0.0-20201027041543-1326539a0a0a // indirect
+	go.etcd.io/bbolt v1.3.7 // indirect
+	go.mongodb.org/mongo-driver v1.12.1 // indirect
+	golang.org/x/crypto v0.14.0 // indirect
+	golang.org/x/image v0.13.0 // indirect
+	golang.org/x/sync v0.4.0 // indirect
+	golang.org/x/sys v0.13.0 // indirect
+	golang.org/x/text v0.13.0 // indirect
+	google.golang.org/appengine v1.6.8 // indirect
+	google.golang.org/protobuf v1.31.0 // indirect
 )