Initial Google Sign In

1 files changed, 30 insertions, 0 deletions

diff --git a/src/main/java/com/juick/server/api/ApiSocialLogin.java b/src/main/java/com/juick/server/api/ApiSocialLogin.java
index 8d9f9402..4a8297cd 100644
--- a/src/main/java/com/juick/server/api/ApiSocialLogin.java
+++ b/src/main/java/com/juick/server/api/ApiSocialLogin.java
@@ -24,8 +24,16 @@ import com.github.scribejava.core.model.OAuth2AccessToken;
 import com.github.scribejava.core.model.OAuthRequest;
 import com.github.scribejava.core.model.Verb;
 import com.github.scribejava.core.oauth.OAuth20Service;
+import com.google.api.client.auth.openidconnect.IdToken;
+import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken;
+import com.google.api.client.googleapis.auth.oauth2.GoogleIdTokenVerifier;
+import com.google.api.client.http.HttpTransport;
+import com.google.api.client.http.javanet.NetHttpTransport;
+import com.google.api.client.json.JsonFactory;
+import com.google.api.client.json.jackson2.JacksonFactory;
 import com.juick.model.facebook.User;
 import com.juick.server.util.HttpBadRequestException;
+import com.juick.server.util.HttpForbiddenException;
 import com.juick.service.CrosspostService;
 import com.juick.service.EmailService;
 import com.juick.service.TelegramService;
@@ -44,6 +52,8 @@ import org.springframework.web.util.UriComponentsBuilder;
 import javax.annotation.PostConstruct;
 import javax.inject.Inject;
 import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.util.Collections;
 import java.util.UUID;
 import java.util.concurrent.ExecutionException;
 
@@ -77,6 +87,8 @@ public class ApiSocialLogin {
     private String VK_SECRET;
     @Value("${telegram_token:secret}")
     private String telegramToken;
+    @Value("${google_client_id:id")
+    private String googleClientId;
 
     @Inject
     private CrosspostService crosspostService;
@@ -87,11 +99,18 @@ public class ApiSocialLogin {
     @Inject
     private TelegramService telegramService;
 
+    private final HttpTransport transport = new NetHttpTransport();
+    private final JsonFactory jsonFactory = new JacksonFactory();
+    private GoogleIdTokenVerifier verifier;
+
     @PostConstruct
     public void init() {
         facebookBuilder = new ServiceBuilder(FACEBOOK_APPID);
         twitterBuilder = new ServiceBuilder(twitterConsumerKey);
         vkBuilder = new ServiceBuilder(VK_APPID);
+        verifier = new GoogleIdTokenVerifier.Builder(transport, jsonFactory)
+                .setAudience(Collections.singletonList(googleClientId))
+                .build();
     }
 
     @GetMapping("/api/_fblogin")
@@ -268,6 +287,17 @@ public class ApiSocialLogin {
             return "redirect:/signup?type=vk&hash=" + loginhash;
         }
     }
+    @GetMapping("/api/_google")
+    public IdToken.Payload googleSignIn(@RequestParam(name = "idToken") String idTokenString)
+            throws GeneralSecurityException, IOException {
+
+        GoogleIdToken idToken = verifier.verify(idTokenString);
+        if (idToken != null) {
+            return idToken.getPayload();
+        } else {
+            throw new HttpForbiddenException();
+        }
+    }
     /*
     @GetMapping("/_tglogin")
     public String doDurovLogin(HttpServletRequest request,