server/auth/authdb/internal/oauthid/oauthid.go - infra/luci/luci-go - Git at Google

 // Copyright 2019 The LUCI Authors.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.

 // Package oauthid implements OAuth client ID allowlist check.
 package oauthid

 import (
 	"go.chromium.org/luci/common/data/stringset"
 )

 // Well-known OAuth client_id of https://apis-explorer.appspot.com/.
 const GoogleAPIExplorerClientID = "292824132082.apps.googleusercontent.com"

 // Allowlist is OAuth client ID allowlist.
 type Allowlist struct {
 	stringset.Set
 }

 // NewAllowlist creates new populated client ID allowlist.
 func NewAllowlist(primaryID string, additionalIDs []string) Allowlist {
 	l := stringset.New(2 + len(additionalIDs))
 	l.Add(GoogleAPIExplorerClientID)
 	if primaryID != "" {
 		l.Add(primaryID)
 	}
 	for _, id := range additionalIDs {
 		if id != "" {
 			l.Add(id)
 		}
 	}
 	return Allowlist{l}
 }

 // IsAllowedOAuthClientID returns true if the given OAuth2 client ID can be used
 // to authorize access from the given email.
 func (l Allowlist) IsAllowedOAuthClientID(email, clientID string) bool {
 	return l.Has(clientID)
 }
	// Copyright 2019 The LUCI Authors.
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.

	// Package oauthid implements OAuth client ID allowlist check.
	package oauthid

	import (
	"go.chromium.org/luci/common/data/stringset"
	)

	// Well-known OAuth client_id of https://apis-explorer.appspot.com/.
	const GoogleAPIExplorerClientID = "292824132082.apps.googleusercontent.com"

	// Allowlist is OAuth client ID allowlist.
	type Allowlist struct {
	stringset.Set
	}

	// NewAllowlist creates new populated client ID allowlist.
	func NewAllowlist(primaryID string, additionalIDs []string) Allowlist {
	l := stringset.New(2 + len(additionalIDs))
	l.Add(GoogleAPIExplorerClientID)
	if primaryID != "" {
	l.Add(primaryID)
	}
	for _, id := range additionalIDs {
	if id != "" {
	l.Add(id)
	}
	}
	return Allowlist{l}
	}

	// IsAllowedOAuthClientID returns true if the given OAuth2 client ID can be used
	// to authorize access from the given email.
	func (l Allowlist) IsAllowedOAuthClientID(email, clientID string) bool {
	return l.Has(clientID)
	}