daddy/internal/route/login.go

82 lines
1.8 KiB
Go

package route
import (
"net/http"
"forge.cadoles.com/Cadoles/daddy/internal/command"
"gitlab.com/wpetit/goweb/cqrs"
"forge.cadoles.com/Cadoles/daddy/internal/session"
"github.com/pkg/errors"
"forge.cadoles.com/Cadoles/daddy/internal/config"
oidc "forge.cadoles.com/wpetit/goweb-oidc"
"gitlab.com/wpetit/goweb/logger"
"gitlab.com/wpetit/goweb/middleware/container"
)
func handleLogin(w http.ResponseWriter, r *http.Request) {
ctn := container.Must(r.Context())
client := oidc.Must(ctn)
client.Login(w, r)
}
type emailClaims struct {
Email string `json:"email"`
EmailVerified bool `json:"email_verified"`
}
func handleLoginCallback(w http.ResponseWriter, r *http.Request) {
ctx := r.Context()
ctn := container.Must(ctx)
conf := config.Must(ctn)
idToken, err := oidc.IDToken(w, r)
if err != nil {
logger.Error(ctx, "could not retrieve idToken", logger.E(err))
http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
return
}
logger.Info(ctx, "user logged in", logger.F("sub", idToken.Subject))
claims := &emailClaims{}
if err := idToken.Claims(claims); err != nil {
panic(errors.WithStack(err))
}
// TODO implements better UX in case of errors
if claims.Email == "" {
http.Error(w, "an email is expected to access this app", http.StatusForbidden)
return
}
if !claims.EmailVerified {
http.Error(w, "your email must be verified to access this app", http.StatusForbidden)
return
}
dispatcher := cqrs.Must(ctn)
cmd := &command.CreateUserCommandRequest{
Email: claims.Email,
Connected: true,
}
if _, err := dispatcher.Exec(ctx, cmd); err != nil {
panic(errors.WithStack(err))
}
if err := session.SaveUserEmail(w, r, claims.Email); err != nil {
panic(errors.WithStack(err))
}
http.Redirect(w, r, conf.HTTP.FrontendURL, http.StatusSeeOther)
}