2023-02-21 12:14:29 +01:00
|
|
|
package auth
|
|
|
|
|
|
|
|
import (
|
|
|
|
"net/http"
|
|
|
|
|
|
|
|
"forge.cadoles.com/arcad/edge/pkg/app"
|
2023-02-24 14:40:28 +01:00
|
|
|
edgeHTTP "forge.cadoles.com/arcad/edge/pkg/http"
|
2023-09-29 07:41:01 +02:00
|
|
|
"forge.cadoles.com/arcad/edge/pkg/jwtutil"
|
2023-02-21 12:14:29 +01:00
|
|
|
"forge.cadoles.com/arcad/edge/pkg/module/util"
|
|
|
|
"github.com/dop251/goja"
|
|
|
|
"github.com/pkg/errors"
|
2023-04-18 17:57:16 +02:00
|
|
|
"gitlab.com/wpetit/goweb/logger"
|
2023-02-21 12:14:29 +01:00
|
|
|
)
|
|
|
|
|
2023-09-29 07:41:01 +02:00
|
|
|
const (
|
|
|
|
CookieName string = "edge-auth"
|
|
|
|
)
|
|
|
|
|
2023-02-21 12:14:29 +01:00
|
|
|
const (
|
2023-04-18 17:57:16 +02:00
|
|
|
ClaimSubject = "sub"
|
|
|
|
ClaimIssuer = "iss"
|
|
|
|
ClaimPreferredUsername = "preferred_username"
|
|
|
|
ClaimEdgeRole = "edge_role"
|
|
|
|
ClaimEdgeTenant = "edge_tenant"
|
|
|
|
ClaimEdgeEntrypoint = "edge_entrypoint"
|
2023-02-21 12:14:29 +01:00
|
|
|
)
|
|
|
|
|
|
|
|
type Module struct {
|
2023-09-29 07:41:01 +02:00
|
|
|
server *app.Server
|
|
|
|
getClaimFn GetClaimFunc
|
2023-02-21 12:14:29 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
func (m *Module) Name() string {
|
|
|
|
return "auth"
|
|
|
|
}
|
|
|
|
|
|
|
|
func (m *Module) Export(export *goja.Object) {
|
2023-02-24 14:40:28 +01:00
|
|
|
if err := export.Set("getClaim", m.getClaim); err != nil {
|
|
|
|
panic(errors.Wrap(err, "could not set 'getClaim' function"))
|
2023-02-21 12:14:29 +01:00
|
|
|
}
|
|
|
|
|
2023-02-24 14:40:28 +01:00
|
|
|
if err := export.Set("CLAIM_SUBJECT", ClaimSubject); err != nil {
|
|
|
|
panic(errors.Wrap(err, "could not set 'CLAIM_SUBJECT' property"))
|
2023-02-21 12:14:29 +01:00
|
|
|
}
|
2023-04-18 17:57:16 +02:00
|
|
|
|
|
|
|
if err := export.Set("CLAIM_TENANT", ClaimEdgeTenant); err != nil {
|
|
|
|
panic(errors.Wrap(err, "could not set 'CLAIM_TENANT' property"))
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := export.Set("CLAIM_ENTRYPOINT", ClaimEdgeEntrypoint); err != nil {
|
|
|
|
panic(errors.Wrap(err, "could not set 'CLAIM_ENTRYPOINT' property"))
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := export.Set("CLAIM_ROLE", ClaimEdgeRole); err != nil {
|
|
|
|
panic(errors.Wrap(err, "could not set 'CLAIM_ROLE' property"))
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := export.Set("CLAIM_PREFERRED_USERNAME", ClaimPreferredUsername); err != nil {
|
|
|
|
panic(errors.Wrap(err, "could not set 'CLAIM_PREFERRED_USERNAME' property"))
|
|
|
|
}
|
2023-04-24 12:16:30 +02:00
|
|
|
|
|
|
|
if err := export.Set("CLAIM_ISSUER", ClaimIssuer); err != nil {
|
|
|
|
panic(errors.Wrap(err, "could not set 'CLAIM_ISSUER' property"))
|
|
|
|
}
|
2023-02-21 12:14:29 +01:00
|
|
|
}
|
|
|
|
|
2023-02-24 14:40:28 +01:00
|
|
|
func (m *Module) getClaim(call goja.FunctionCall, rt *goja.Runtime) goja.Value {
|
2023-02-21 12:14:29 +01:00
|
|
|
ctx := util.AssertContext(call.Argument(0), rt)
|
2023-02-24 14:40:28 +01:00
|
|
|
claimName := util.AssertString(call.Argument(1), rt)
|
2023-02-21 12:14:29 +01:00
|
|
|
|
2023-02-24 14:40:28 +01:00
|
|
|
req, ok := ctx.Value(edgeHTTP.ContextKeyOriginRequest).(*http.Request)
|
2023-02-21 12:14:29 +01:00
|
|
|
if !ok {
|
2023-02-24 14:40:28 +01:00
|
|
|
panic(rt.ToValue(errors.New("could not find http request in context")))
|
2023-02-21 12:14:29 +01:00
|
|
|
}
|
|
|
|
|
2023-09-29 07:41:01 +02:00
|
|
|
claim, err := m.getClaimFn(ctx, req, claimName)
|
2023-02-21 12:14:29 +01:00
|
|
|
if err != nil {
|
2023-09-29 07:41:01 +02:00
|
|
|
if errors.Is(err, jwtutil.ErrUnauthenticated) {
|
2023-02-24 14:40:28 +01:00
|
|
|
return nil
|
|
|
|
}
|
2023-02-21 12:14:29 +01:00
|
|
|
|
2023-10-19 21:47:09 +02:00
|
|
|
logger.Error(ctx, "could not retrieve claim", logger.CapturedE(errors.WithStack(err)))
|
2023-04-18 17:57:16 +02:00
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2023-09-29 07:41:01 +02:00
|
|
|
return rt.ToValue(claim)
|
2023-02-24 14:40:28 +01:00
|
|
|
}
|
2023-02-21 12:14:29 +01:00
|
|
|
|
2023-02-24 14:40:28 +01:00
|
|
|
func ModuleFactory(funcs ...OptionFunc) app.ServerModuleFactory {
|
2023-03-10 14:33:12 +01:00
|
|
|
opt := defaultOptions()
|
2023-02-24 14:40:28 +01:00
|
|
|
for _, fn := range funcs {
|
|
|
|
fn(opt)
|
2023-02-21 12:14:29 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
return func(server *app.Server) app.ServerModule {
|
|
|
|
return &Module{
|
2023-09-29 07:41:01 +02:00
|
|
|
server: server,
|
|
|
|
getClaimFn: opt.GetClaim,
|
2023-02-21 12:14:29 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|