53 lines
1.0 KiB
Go
53 lines
1.0 KiB
Go
package oidc
|
|
|
|
import (
|
|
"log"
|
|
"net/http"
|
|
|
|
"github.com/coreos/go-oidc"
|
|
"github.com/pkg/errors"
|
|
"gitlab.com/wpetit/goweb/middleware/container"
|
|
"gitlab.com/wpetit/goweb/service/session"
|
|
)
|
|
|
|
const (
|
|
SessionOIDCTokenKey = "oidc-token"
|
|
SessionOIDCStateKey = "oidc-state"
|
|
)
|
|
|
|
func Middleware(next http.Handler) http.Handler {
|
|
fn := func(w http.ResponseWriter, r *http.Request) {
|
|
if _, err := IDToken(w, r); err != nil {
|
|
ctn := container.Must(r.Context())
|
|
|
|
log.Println("retrieving oidc client")
|
|
|
|
client := Must(ctn)
|
|
|
|
client.Redirect(w, r)
|
|
|
|
return
|
|
}
|
|
|
|
next.ServeHTTP(w, r)
|
|
}
|
|
|
|
return http.HandlerFunc(fn)
|
|
}
|
|
|
|
func IDToken(w http.ResponseWriter, r *http.Request) (*oidc.IDToken, error) {
|
|
ctn := container.Must(r.Context())
|
|
|
|
sess, err := session.Must(ctn).Get(w, r)
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, "could not retrieve session")
|
|
}
|
|
|
|
idToken, ok := sess.Get(SessionOIDCTokenKey).(*oidc.IDToken)
|
|
if !ok || idToken == nil {
|
|
return nil, errors.New("invalid id token")
|
|
}
|
|
|
|
return idToken, nil
|
|
}
|