move server/* to scnserver/*

2022-12-21 12:35:56 +01:00
parent 2b4d77bab4
commit bbf7962e29
123 changed files with 0 additions and 0 deletions
--- a/scnserver/google/androidPublisher.go
+++ b/scnserver/google/androidPublisher.go
@@ -0,0 +1,151 @@
+package google
+
+import (
+	scn "blackforestbytes.com/simplecloudnotifier"
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"github.com/rs/zerolog/log"
+	"io"
+	"net/http"
+	"time"
+)
+
+// https://developers.google.com/android-publisher/api-ref/rest/v3/purchases.products/get
+// https://developers.google.com/android-publisher/api-ref/rest/v3/purchases.products#ProductPurchase
+
+type AndroidPublisher struct {
+	client  http.Client
+	auth    *GoogleOAuth2
+	baseURL string
+}
+
+func NewAndroidPublisherAPI(conf scn.Config) (AndroidPublisherClient, error) {
+
+	googauth, err := NewAuth(conf.GoogleAPITokenURI, conf.GoogleAPIPrivKeyID, conf.GoogleAPIClientMail, conf.GoogleAPIPrivateKey)
+	if err != nil {
+		return nil, err
+	}
+
+	return &AndroidPublisher{
+		client:  http.Client{Timeout: 5 * time.Second},
+		auth:    googauth,
+		baseURL: "https://androidpublisher.googleapis.com/androidpublisher",
+	}, nil
+}
+
+type PurchaseType int
+
+const (
+	PurchaseTypeTest     PurchaseType = 0 // i.e. purchased from a license testing account
+	PurchaseTypePromo    PurchaseType = 1 // i.e. purchased using a promo code
+	PurchaseTypeRewarded PurchaseType = 2 // i.e. from watching a video ad instead of paying
+)
+
+type ConsumptionState int
+
+const (
+	ConsumptionStateYetToBeConsumed ConsumptionState = 0
+	ConsumptionStateConsumed        ConsumptionState = 1
+)
+
+type PurchaseState int
+
+const (
+	PurchaseStatePurchased PurchaseState = 0
+	PurchaseStateCanceled  PurchaseState = 1
+	PurchaseStatePending   PurchaseState = 2
+)
+
+type AcknowledgementState int
+
+const (
+	AcknowledgementStateYetToBeAcknowledged AcknowledgementState = 0
+	AcknowledgementStateAcknowledged        AcknowledgementState = 1
+)
+
+type ProductPurchase struct {
+	Kind                        string               `json:"kind"`
+	PurchaseTimeMillis          string               `json:"purchaseTimeMillis"`
+	PurchaseState               *PurchaseState       `json:"purchaseState"`
+	ConsumptionState            ConsumptionState     `json:"consumptionState"`
+	DeveloperPayload            string               `json:"developerPayload"`
+	OrderId                     string               `json:"orderId"`
+	PurchaseType                *PurchaseType        `json:"purchaseType"`
+	AcknowledgementState        AcknowledgementState `json:"acknowledgementState"`
+	PurchaseToken               *string              `json:"purchaseToken"`
+	ProductId                   *string              `json:"productId"`
+	Quantity                    *int                 `json:"quantity"`
+	ObfuscatedExternalAccountId string               `json:"obfuscatedExternalAccountId"`
+	ObfuscatedExternalProfileId string               `json:"obfuscatedExternalProfileId"`
+	RegionCode                  string               `json:"regionCode"`
+}
+
+type apiError struct {
+	Code    int    `json:"code"`
+	Message string `json:"message"`
+}
+
+func (ap AndroidPublisher) GetProductPurchase(ctx context.Context, packageName string, productId string, token string) (*ProductPurchase, error) {
+
+	uri := fmt.Sprintf("%s/v3/applications/%s/purchases/products/%s/tokens/%s", ap.baseURL, packageName, productId, token)
+
+	request, err := http.NewRequestWithContext(ctx, "GET", uri, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	tok, err := ap.auth.Token(ctx)
+	if err != nil {
+		log.Err(err).Msg("Refreshing FB token failed")
+		return nil, err
+	}
+
+	request.Header.Set("Authorization", "Bearer "+tok)
+	request.Header.Set("Content-Type", "application/json")
+	request.Header.Set("Accept", "application/json")
+
+	response, err := ap.client.Do(request)
+	if err != nil {
+		return nil, err
+	}
+	defer func() { _ = response.Body.Close() }()
+
+	respBodyBin, err := io.ReadAll(response.Body)
+	if err != nil {
+		return nil, err
+	}
+
+	if response.StatusCode == 400 {
+
+		var errBody struct {
+			Error apiError `json:"error"`
+		}
+		if err := json.Unmarshal(respBodyBin, &errBody); err != nil {
+			return nil, err
+		}
+		if errBody.Error.Code == 400 {
+			return nil, nil // probably token not found
+		}
+	}
+
+	if response.StatusCode < 200 || response.StatusCode >= 300 {
+		if bstr, err := io.ReadAll(response.Body); err == nil {
+			return nil, errors.New(fmt.Sprintf("GetProducts-Request returned %d: %s", response.StatusCode, string(bstr)))
+		} else {
+			return nil, errors.New(fmt.Sprintf("GetProducts-Request returned %d", response.StatusCode))
+		}
+	}
+
+	var respBody ProductPurchase
+	if err := json.Unmarshal(respBodyBin, &respBody); err != nil {
+		return nil, err
+	}
+
+	if respBody.Kind != "androidpublisher#productPurchase" {
+		return nil, errors.New(fmt.Sprintf("Invalid ProductPurchase.kind: '%s'", respBody.Kind))
+	}
+
+	return &respBody, nil
+}
--- a/scnserver/google/client.go
+++ b/scnserver/google/client.go
@@ -0,0 +1,9 @@
+package google
+
+import (
+	"context"
+)
+
+type AndroidPublisherClient interface {
+	GetProductPurchase(ctx context.Context, packageName string, productId string, token string) (*ProductPurchase, error)
+}
--- a/scnserver/google/dummy.go
+++ b/scnserver/google/dummy.go
@@ -0,0 +1,38 @@
+package google
+
+import (
+	"context"
+	_ "embed"
+	"fmt"
+	"gogs.mikescher.com/BlackForestBytes/goext/langext"
+	"strings"
+	"time"
+)
+
+type DummyGoogleAPIClient struct{}
+
+func NewDummy() AndroidPublisherClient {
+	return &DummyGoogleAPIClient{}
+}
+
+func (d DummyGoogleAPIClient) GetProductPurchase(ctx context.Context, packageName string, productId string, token string) (*ProductPurchase, error) {
+	if strings.HasPrefix(token, "PURCHASED:") {
+		return &ProductPurchase{
+			Kind:                        "",
+			PurchaseTimeMillis:          fmt.Sprintf("%d", time.Date(2000, 1, 1, 12, 0, 0, 0, time.UTC).UnixMilli()),
+			PurchaseState:               langext.Ptr(PurchaseStatePurchased),
+			ConsumptionState:            ConsumptionStateConsumed,
+			DeveloperPayload:            "{}",
+			OrderId:                     "000",
+			PurchaseType:                nil,
+			AcknowledgementState:        AcknowledgementStateAcknowledged,
+			PurchaseToken:               nil,
+			ProductId:                   langext.Ptr("1234-5678"),
+			Quantity:                    nil,
+			ObfuscatedExternalAccountId: "000",
+			ObfuscatedExternalProfileId: "000",
+			RegionCode:                  "DE",
+		}, nil
+	}
+	return nil, nil // = purchase not found
+}
--- a/scnserver/google/oauth2.go
+++ b/scnserver/google/oauth2.go
@@ -0,0 +1,174 @@
+package google
+
+import (
+	"context"
+	"crypto"
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/sha256"
+	"crypto/x509"
+	"encoding/base64"
+	"encoding/json"
+	"encoding/pem"
+	"errors"
+	"fmt"
+	"github.com/gin-gonic/gin"
+	"gogs.mikescher.com/BlackForestBytes/goext/langext"
+	"gogs.mikescher.com/BlackForestBytes/goext/timeext"
+	"io"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+)
+
+type GoogleOAuth2 struct {
+	client *http.Client
+
+	scopes       []string
+	tokenURL     string
+	privateKeyID string
+	clientMail   string
+
+	currToken   *string
+	tokenExpiry *time.Time
+	privateKey  *rsa.PrivateKey
+}
+
+func NewAuth(tokenURL string, privKeyID string, cmail string, pemstr string) (*GoogleOAuth2, error) {
+
+	pkey, err := decodePemKey(pemstr)
+	if err != nil {
+		return nil, err
+	}
+
+	return &GoogleOAuth2{
+		client:       &http.Client{Timeout: 3 * time.Second},
+		tokenURL:     tokenURL,
+		privateKey:   pkey,
+		privateKeyID: privKeyID,
+		clientMail:   cmail,
+		scopes: []string{
+			"https://www.googleapis.com/auth/androidpublisher",
+		},
+	}, nil
+}
+
+func decodePemKey(pemstr string) (*rsa.PrivateKey, error) {
+	var raw []byte
+
+	block, _ := pem.Decode([]byte(pemstr))
+
+	if block != nil {
+		raw = block.Bytes
+	} else {
+		raw = []byte(pemstr)
+	}
+
+	pkey8, err1 := x509.ParsePKCS8PrivateKey(raw)
+	if err1 == nil {
+		privkey, ok := pkey8.(*rsa.PrivateKey)
+		if !ok {
+			return nil, errors.New("private key is invalid")
+		}
+		return privkey, nil
+	}
+
+	pkey1, err2 := x509.ParsePKCS1PrivateKey(raw)
+	if err2 == nil {
+		return pkey1, nil
+	}
+
+	return nil, errors.New(fmt.Sprintf("failed to parse private-key: [ %v | %v ]", err1, err2))
+}
+
+func (a *GoogleOAuth2) Token(ctx context.Context) (string, error) {
+	if a.currToken == nil || a.tokenExpiry == nil || a.tokenExpiry.Before(time.Now()) {
+		err := a.Refresh(ctx)
+		if err != nil {
+			return "", err
+		}
+	}
+
+	return *a.currToken, nil
+}
+
+func (a *GoogleOAuth2) Refresh(ctx context.Context) error {
+
+	assertion, err := a.encodeAssertion(a.privateKey)
+	if err != nil {
+		return err
+	}
+
+	body := url.Values{
+		"assertion":  []string{assertion},
+		"grant_type": []string{"urn:ietf:params:oauth:grant-type:jwt-bearer"},
+	}.Encode()
+
+	req, err := http.NewRequestWithContext(ctx, "POST", a.tokenURL, strings.NewReader(body))
+	if err != nil {
+		return err
+	}
+
+	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+
+	reqNow := time.Now()
+
+	resp, err := a.client.Do(req)
+	if err != nil {
+		return err
+	}
+	defer func() { _ = resp.Body.Close() }()
+
+	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
+		if bstr, err := io.ReadAll(resp.Body); err == nil {
+			return errors.New(fmt.Sprintf("Auth-Request returned %d: %s", resp.StatusCode, string(bstr)))
+		} else {
+			return errors.New(fmt.Sprintf("Auth-Request returned %d", resp.StatusCode))
+		}
+	}
+
+	respBodyBin, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return err
+	}
+
+	var respBody struct {
+		AccessToken string `json:"access_token"`
+		TokenType   string `json:"token_type"`
+		ExpiresIn   int    `json:"expires_in"`
+	}
+	if err := json.Unmarshal(respBodyBin, &respBody); err != nil {
+		return err
+	}
+
+	a.currToken = langext.Ptr(respBody.AccessToken)
+	a.tokenExpiry = langext.Ptr(reqNow.Add(timeext.FromSeconds(respBody.ExpiresIn)))
+
+	return nil
+}
+
+func (a *GoogleOAuth2) encodeAssertion(key *rsa.PrivateKey) (string, error) {
+	headBin, err := json.Marshal(gin.H{"alg": "RS256", "typ": "JWT", "kid": a.privateKeyID})
+	if err != nil {
+		return "", err
+	}
+	head := base64.RawURLEncoding.EncodeToString(headBin)
+
+	now := time.Now().Add(-10 * time.Second) // jwt hack against unsynced clocks
+
+	claimBin, err := json.Marshal(gin.H{"iss": a.clientMail, "scope": strings.Join(a.scopes, " "), "aud": a.tokenURL, "exp": now.Add(time.Hour).Unix(), "iat": now.Unix()})
+	if err != nil {
+		return "", err
+	}
+	claim := base64.RawURLEncoding.EncodeToString(claimBin)
+
+	checksum := sha256.New()
+	checksum.Write([]byte(head + "." + claim))
+	sig, err := rsa.SignPKCS1v15(rand.Reader, key, crypto.SHA256, checksum.Sum(nil))
+	if err != nil {
+		return "", err
+	}
+
+	return head + "." + claim + "." + base64.RawURLEncoding.EncodeToString(sig), nil
+}