99 lines
2.0 KiB
Go
99 lines
2.0 KiB
Go
|
package oidc
|
||
|
|
||
|
import (
|
||
|
"encoding/gob"
|
||
|
"log"
|
||
|
"net/http"
|
||
|
|
||
|
"github.com/coreos/go-oidc"
|
||
|
"github.com/pkg/errors"
|
||
|
"gitlab.com/wpetit/goweb/logger"
|
||
|
"gitlab.com/wpetit/goweb/middleware/container"
|
||
|
"gitlab.com/wpetit/goweb/service/session"
|
||
|
)
|
||
|
|
||
|
const (
|
||
|
SessionOIDCTokenKey = "oidc-token"
|
||
|
SessionOIDCStateKey = "oidc-state"
|
||
|
)
|
||
|
|
||
|
func init() {
|
||
|
gob.Register(&oidc.IDToken{})
|
||
|
}
|
||
|
|
||
|
func Middleware(next http.Handler) http.Handler {
|
||
|
fn := func(w http.ResponseWriter, r *http.Request) {
|
||
|
if _, err := IDToken(w, r); err != nil {
|
||
|
ctn := container.Must(r.Context())
|
||
|
|
||
|
log.Println("retrieving oidc client")
|
||
|
|
||
|
client := Must(ctn)
|
||
|
|
||
|
client.Login(w, r)
|
||
|
|
||
|
return
|
||
|
}
|
||
|
|
||
|
next.ServeHTTP(w, r)
|
||
|
}
|
||
|
|
||
|
return http.HandlerFunc(fn)
|
||
|
}
|
||
|
|
||
|
func HandleCallback(next http.Handler) http.Handler {
|
||
|
fn := func(w http.ResponseWriter, r *http.Request) {
|
||
|
ctx := r.Context()
|
||
|
ctn := container.Must(ctx)
|
||
|
client := Must(ctn)
|
||
|
|
||
|
idToken, err := client.Validate(w, r)
|
||
|
if err != nil {
|
||
|
logger.Error(ctx, "could not validate oidc token", logger.E(err))
|
||
|
|
||
|
http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
|
||
|
|
||
|
return
|
||
|
}
|
||
|
|
||
|
sess, err := session.Must(ctn).Get(w, r)
|
||
|
if err != nil {
|
||
|
panic(errors.Wrap(err, "could not retrieve session"))
|
||
|
}
|
||
|
|
||
|
sess.Set(SessionOIDCTokenKey, idToken)
|
||
|
|
||
|
if err := sess.Save(w, r); err != nil {
|
||
|
panic(errors.Wrap(err, "could not save session"))
|
||
|
}
|
||
|
|
||
|
next.ServeHTTP(w, r)
|
||
|
}
|
||
|
|
||
|
return http.HandlerFunc(fn)
|
||
|
}
|
||
|
|
||
|
func Logout(w http.ResponseWriter, r *http.Request) {
|
||
|
// ctx := r.Context()
|
||
|
// ctn := container.Must(ctx)
|
||
|
// client := Must(ctn)
|
||
|
|
||
|
// client
|
||
|
}
|
||
|
|
||
|
func IDToken(w http.ResponseWriter, r *http.Request) (*oidc.IDToken, error) {
|
||
|
ctn := container.Must(r.Context())
|
||
|
|
||
|
sess, err := session.Must(ctn).Get(w, r)
|
||
|
if err != nil {
|
||
|
return nil, errors.Wrap(err, "could not retrieve session")
|
||
|
}
|
||
|
|
||
|
idToken, ok := sess.Get(SessionOIDCTokenKey).(*oidc.IDToken)
|
||
|
if !ok || idToken == nil {
|
||
|
return nil, errors.New("invalid id token")
|
||
|
}
|
||
|
|
||
|
return idToken, nil
|
||
|
}
|