listy/auth/routes.go

package auth

import (
	"context"
	"net/http"

	"gitea.ravianand.me/Dan6erbond/listy/core"
	"gitea.ravianand.me/Dan6erbond/listy/internal"
	"gitea.ravianand.me/Dan6erbond/listy/users"
	"github.com/zmb3/spotify/v2"
)

func RegisterRoutes(app *core.App) {
	app.Mux.Get("/auth/oidc/spotify/redirect", Redirect(app))
	app.Mux.Get("/auth/oidc/spotify/callback", Callback(app))
}

func Redirect(app *core.App) func(w http.ResponseWriter, r *http.Request) {
	return func(w http.ResponseWriter, r *http.Request) {
		state, _ := internal.GenerateRandomString(16)

		session, _ := app.SessionStore.Get(r, "oidc")
		session.Values["state"] = state

		if err := session.Save(r, w); err != nil {
			http.Error(w, err.Error(), http.StatusInternalServerError)
			return
		}

		url := app.SpotifyAuth.AuthURL(state)
		http.Redirect(w, r, url, http.StatusSeeOther)
	}
}

func Callback(app *core.App) func(w http.ResponseWriter, r *http.Request) {
	return func(w http.ResponseWriter, r *http.Request) {
		ctx := context.Background()

		session, _ := app.SessionStore.Get(r, "oidc")
		state, ok := session.Values["state"]

		if !ok {
			http.Error(w, "No state found", http.StatusInternalServerError)
			return
		}

		// use the same state string here that you used to generate the URL
		token, err := app.SpotifyAuth.Token(r.Context(), state.(string), r)
		if err != nil {
			http.Error(w, "Couldn't get token", http.StatusNotFound)
			return
		}

		spotifyClient := spotify.New(app.SpotifyAuth.Client(r.Context(), token))

		user, _ := spotifyClient.CurrentUser(ctx)

		users.SaveUserToken(ctx, app, user.ID, token)
	}
}