package route import ( "net/http" "forge.cadoles.com/Cadoles/daddy/internal/command" "gitlab.com/wpetit/goweb/cqrs" "forge.cadoles.com/Cadoles/daddy/internal/session" "github.com/pkg/errors" "forge.cadoles.com/Cadoles/daddy/internal/config" oidc "forge.cadoles.com/wpetit/goweb-oidc" "gitlab.com/wpetit/goweb/logger" "gitlab.com/wpetit/goweb/middleware/container" ) func handleLogin(w http.ResponseWriter, r *http.Request) { ctn := container.Must(r.Context()) client := oidc.Must(ctn) client.Login(w, r) } type emailClaims struct { Email string `json:"email"` EmailVerified bool `json:"email_verified"` } func handleLoginCallback(w http.ResponseWriter, r *http.Request) { ctx := r.Context() ctn := container.Must(ctx) conf := config.Must(ctn) idToken, err := oidc.IDToken(w, r) if err != nil { logger.Error(ctx, "could not retrieve idToken", logger.E(err)) http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest) return } logger.Info(ctx, "user logged in", logger.F("sub", idToken.Subject)) claims := &emailClaims{} if err := idToken.Claims(claims); err != nil { panic(errors.WithStack(err)) } // TODO implements better UX in case of errors if claims.Email == "" { http.Error(w, "an email is expected to access this app", http.StatusForbidden) return } if !claims.EmailVerified { http.Error(w, "your email must be verified to access this app", http.StatusForbidden) return } dispatcher := cqrs.Must(ctn) cmd := &command.CreateUserCommandRequest{ Email: claims.Email, Connected: true, } if _, err := dispatcher.Exec(ctx, cmd); err != nil { panic(errors.WithStack(err)) } if err := session.SaveUserEmail(w, r, claims.Email); err != nil { panic(errors.WithStack(err)) } http.Redirect(w, r, conf.HTTP.FrontendURL, http.StatusSeeOther) }