feat: initial commit
This commit is contained in:
commit
226d8459c7
|
@ -0,0 +1,5 @@
|
|||
/release
|
||||
/data
|
||||
/bin
|
||||
/.vscode
|
||||
/.env
|
|
@ -0,0 +1,6 @@
|
|||
/release
|
||||
/data
|
||||
/bin
|
||||
/.vscode
|
||||
/.env
|
||||
/tools
|
|
@ -0,0 +1,61 @@
|
|||
SHELL := /bin/bash
|
||||
DOCKER_IMAGE_NAME ?= reg.cadoles.com/wpetit/hydra-webauthn
|
||||
|
||||
build:
|
||||
CGO_ENABLED=0 go build -v -o bin/server ./cmd/server
|
||||
|
||||
test:
|
||||
go test -v -race ./...
|
||||
|
||||
tidy:
|
||||
go mod tidy
|
||||
|
||||
watch: tools/modd/bin/modd .env
|
||||
( set -o allexport && source .env && set +o allexport && tools/modd/bin/modd )
|
||||
|
||||
.env:
|
||||
cp .env.dist .env
|
||||
|
||||
lint:
|
||||
golangci-lint run --enable-all
|
||||
|
||||
up:
|
||||
docker-compose up --build
|
||||
|
||||
down:
|
||||
docker-compose down -v --remove-orphans
|
||||
rm -rf data/storage.sqlite*
|
||||
|
||||
docker-build:
|
||||
docker build \
|
||||
--build-arg="HTTP_PROXY=$(HTTP_PROXY)" \
|
||||
--build-arg="HTTPS_PROXY=${HTTP_PROXY}" \
|
||||
--build-arg="https_proxy=${https_proxy}" \
|
||||
--build-arg="http_proxy=${http_proxy}" \
|
||||
-t hydra-webauthn:latest \
|
||||
-f ./misc/docker/Dockerfile \
|
||||
.
|
||||
|
||||
docker-run:
|
||||
docker run \
|
||||
-it --rm \
|
||||
-p 3000:3000 \
|
||||
hydra-webauthn:latest
|
||||
|
||||
docker-release: docker-build
|
||||
docker image tag hydra-webauthn:latest $(DOCKER_IMAGE_NAME):$(DOCKER_IMAGE_TAG)
|
||||
docker image tag hydra-webauthn:latest $(DOCKER_IMAGE_NAME):latest
|
||||
docker login
|
||||
docker push $(DOCKER_IMAGE_NAME):$(DOCKER_IMAGE_TAG)
|
||||
docker push $(DOCKER_IMAGE_NAME):latest
|
||||
|
||||
clean:
|
||||
rm -rf release
|
||||
rm -rf data
|
||||
rm -rf bin
|
||||
|
||||
.PHONY: lint watch build tidy release
|
||||
|
||||
tools/modd/bin/modd:
|
||||
mkdir -p tools/modd/bin
|
||||
GOBIN=$(PWD)/tools/modd/bin go install github.com/cortesi/modd/cmd/modd@latest
|
|
@ -0,0 +1,20 @@
|
|||
# hydra-webauthn
|
||||
|
||||
["Login & Consent App"](https://www.ory.sh/hydra/docs/login-consent-flow/) pour le serveur d'authentification OpenID Connect [Hydra](https://www.ory.sh/hydra/).
|
||||
|
||||
Ce middleware permet une authentification de type "[webauthn](https://webauthn.io/)".
|
||||
|
||||
## Démarrer avec les sources
|
||||
|
||||
```shell
|
||||
# Requires Go 1.21 and docker-compose
|
||||
make watch
|
||||
```
|
||||
|
||||
### URLs
|
||||
|
||||
|URL|Description|
|
||||
|---|-----------|
|
||||
|http://localhost:4444/|Points d'entrée OIDC Hydra|
|
||||
|http://localhost:4445/|API d'administration Hydra|
|
||||
|http://localhost:3000/|Middleware Hydra hydra-webauthn (Voir ["Hydra- Login & Consent App"](https://www.ory.sh/hydra/docs/login-consent-flow/))
|
|
@ -0,0 +1,178 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"encoding/base64"
|
||||
"encoding/json"
|
||||
"log"
|
||||
"net/http"
|
||||
|
||||
"gitlab.com/wpetit/goweb/template/html"
|
||||
|
||||
"forge.cadoles.com/wpetit/hydra-webauthn/internal/config"
|
||||
"forge.cadoles.com/wpetit/hydra-webauthn/internal/hydra"
|
||||
"forge.cadoles.com/wpetit/hydra-webauthn/internal/storage"
|
||||
"forge.cadoles.com/wpetit/hydra-webauthn/internal/storage/sqlite"
|
||||
"forge.cadoles.com/wpetit/hydra-webauthn/internal/webauthn"
|
||||
|
||||
gotemplate "html/template"
|
||||
|
||||
"github.com/gorilla/sessions"
|
||||
"github.com/pkg/errors"
|
||||
"gitlab.com/wpetit/goweb/service"
|
||||
"gitlab.com/wpetit/goweb/service/build"
|
||||
"gitlab.com/wpetit/goweb/service/session"
|
||||
"gitlab.com/wpetit/goweb/service/template"
|
||||
"gitlab.com/wpetit/goweb/session/gorilla"
|
||||
)
|
||||
|
||||
func getServiceContainer(conf *config.Config) (*service.Container, error) {
|
||||
// Initialize and configure service container
|
||||
ctn := service.NewContainer()
|
||||
|
||||
ctn.Provide(build.ServiceName, build.ServiceProvider(ProjectVersion, GitRef, BuildDate))
|
||||
|
||||
// Generate random cookie authentication key if none is set
|
||||
if conf.HTTP.CookieAuthenticationKey == "" {
|
||||
log.Println("could not find cookie authentication key. generating one...")
|
||||
|
||||
cookieAuthenticationKey, err := gorilla.GenerateRandomBytes(64)
|
||||
if err != nil {
|
||||
return nil, errors.Wrap(err, "could not generate cookie authentication key")
|
||||
}
|
||||
|
||||
conf.HTTP.CookieAuthenticationKey = string(cookieAuthenticationKey)
|
||||
}
|
||||
|
||||
// Generate random cookie encryption key if none is set
|
||||
if conf.HTTP.CookieEncryptionKey == "" {
|
||||
log.Println("could not find cookie encryption key. generating one...")
|
||||
|
||||
cookieEncryptionKey, err := gorilla.GenerateRandomBytes(32)
|
||||
if err != nil {
|
||||
return nil, errors.Wrap(err, "could not generate cookie encryption key")
|
||||
}
|
||||
|
||||
conf.HTTP.CookieEncryptionKey = string(cookieEncryptionKey)
|
||||
}
|
||||
|
||||
// Generate random token signing key if none is set
|
||||
if conf.HTTP.TokenSigningKey == "" {
|
||||
log.Println("could not find token signing key. generating one...")
|
||||
|
||||
tokenSigningKey, err := gorilla.GenerateRandomBytes(64)
|
||||
if err != nil {
|
||||
return nil, errors.Wrap(err, "could not generate token signing key")
|
||||
}
|
||||
|
||||
conf.HTTP.TokenSigningKey = string(tokenSigningKey)
|
||||
}
|
||||
|
||||
// Generate random token encryption key if none is set
|
||||
if conf.HTTP.TokenEncryptionKey == "" {
|
||||
log.Println("could not find token encryption key. generating one...")
|
||||
|
||||
tokenEncryptionKey, err := gorilla.GenerateRandomBytes(32)
|
||||
if err != nil {
|
||||
return nil, errors.Wrap(err, "could not generate token encryption key")
|
||||
}
|
||||
|
||||
conf.HTTP.TokenEncryptionKey = string(tokenEncryptionKey)
|
||||
}
|
||||
|
||||
// Create and initialize HTTP session service provider
|
||||
cookieStore := sessions.NewCookieStore(
|
||||
[]byte(conf.HTTP.CookieAuthenticationKey),
|
||||
[]byte(conf.HTTP.CookieEncryptionKey),
|
||||
)
|
||||
|
||||
// Define default cookie options
|
||||
cookieStore.Options = &sessions.Options{
|
||||
Path: "/",
|
||||
HttpOnly: true,
|
||||
MaxAge: conf.HTTP.CookieMaxAge,
|
||||
SameSite: http.SameSiteStrictMode,
|
||||
}
|
||||
|
||||
ctn.Provide(
|
||||
session.ServiceName,
|
||||
gorilla.ServiceProvider("hydra-webauthn", cookieStore),
|
||||
)
|
||||
|
||||
// Create and expose template service provider
|
||||
// Create and expose template service provider
|
||||
ctn.Provide(template.ServiceName, html.ServiceProvider(
|
||||
html.NewDirectoryLoader(conf.HTTP.TemplateDir),
|
||||
html.WithHelper("marshal", func(v interface{}) (gotemplate.JS, error) {
|
||||
data, err := json.Marshal(v)
|
||||
if err != nil {
|
||||
return "", errors.WithStack(err)
|
||||
}
|
||||
|
||||
return gotemplate.JS(data), nil
|
||||
}),
|
||||
html.WithHelper("base64", func(v interface{}) (gotemplate.JS, error) {
|
||||
var b64 string
|
||||
|
||||
switch typ := v.(type) {
|
||||
case string:
|
||||
b64 = base64.RawURLEncoding.EncodeToString([]byte(typ))
|
||||
case []byte:
|
||||
b64 = base64.RawURLEncoding.EncodeToString(typ)
|
||||
case gotemplate.JS:
|
||||
b64 = base64.RawURLEncoding.EncodeToString([]byte(typ))
|
||||
default:
|
||||
return "", errors.Errorf("unexpected type '%T'", v)
|
||||
}
|
||||
|
||||
return gotemplate.JS(b64), nil
|
||||
}),
|
||||
))
|
||||
|
||||
// Create and expose config service provider
|
||||
ctn.Provide(config.ServiceName, config.ServiceProvider(conf))
|
||||
|
||||
ctn.Provide(
|
||||
hydra.ServiceName,
|
||||
hydra.ServiceProvider(
|
||||
conf.Hydra.BaseURL,
|
||||
conf.Hydra.FakeSSLTermination,
|
||||
conf.Hydra.HTTPClientTimeout,
|
||||
),
|
||||
)
|
||||
|
||||
// Create and expose webauthn service provider
|
||||
webauthnConfig := &webauthn.Config{
|
||||
RPID: conf.WebAuthn.RelyingParty.ID,
|
||||
RPDisplayName: conf.WebAuthn.RelyingParty.DisplayName,
|
||||
RPOrigins: conf.WebAuthn.RelyingParty.Origins,
|
||||
// AttestationPreference: protocol.PreferDirectAttestation,
|
||||
// AuthenticatorSelection: protocol.AuthenticatorSelection{
|
||||
// AuthenticatorAttachment: protocol.CrossPlatform,
|
||||
// },
|
||||
Debug: true,
|
||||
// EncodeUserIDAsString: true,
|
||||
// Timeouts: webauthn.TimeoutsConfig{
|
||||
// Login: webauthn.TimeoutConfig{
|
||||
// Enforce: true,
|
||||
// Timeout: ,
|
||||
// },
|
||||
// },
|
||||
}
|
||||
|
||||
ctn.Provide(
|
||||
webauthn.ServiceName,
|
||||
webauthn.ServiceProvider(webauthnConfig),
|
||||
)
|
||||
|
||||
userRepository, err := sqlite.NewUserRepository(conf.Storage.DSN)
|
||||
if err != nil {
|
||||
return nil, errors.Wrap(err, "could not create sqlite user repository")
|
||||
}
|
||||
|
||||
ctn.Provide(
|
||||
storage.ServiceName,
|
||||
storage.ServiceProvider(userRepository),
|
||||
)
|
||||
|
||||
return ctn, nil
|
||||
}
|
|
@ -0,0 +1,146 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"flag"
|
||||
"fmt"
|
||||
"log"
|
||||
"net/http"
|
||||
"os"
|
||||
|
||||
"forge.cadoles.com/wpetit/hydra-webauthn/internal/route"
|
||||
"github.com/getsentry/sentry-go"
|
||||
"github.com/go-chi/chi"
|
||||
"github.com/go-chi/chi/middleware"
|
||||
"gitlab.com/wpetit/goweb/middleware/container"
|
||||
|
||||
"forge.cadoles.com/wpetit/hydra-webauthn/internal/config"
|
||||
sentryhttp "github.com/getsentry/sentry-go/http"
|
||||
"github.com/pkg/errors"
|
||||
)
|
||||
|
||||
// nolint: gochecknoglobals
|
||||
var (
|
||||
configFile = ""
|
||||
workdir = ""
|
||||
dumpConfig = false
|
||||
version = false
|
||||
)
|
||||
|
||||
// nolint: gochecknoglobals
|
||||
var (
|
||||
GitRef = "unknown"
|
||||
ProjectVersion = "unknown"
|
||||
BuildDate = "unknown"
|
||||
)
|
||||
|
||||
// nolint: gochecknoinits
|
||||
func init() {
|
||||
flag.StringVar(&configFile, "config", configFile, "configuration file")
|
||||
flag.StringVar(&workdir, "workdir", workdir, "working directory")
|
||||
flag.BoolVar(&dumpConfig, "dump-config", dumpConfig, "dump configuration and exit")
|
||||
flag.BoolVar(&version, "version", version, "show version and exit")
|
||||
}
|
||||
|
||||
func main() {
|
||||
flag.Parse()
|
||||
|
||||
if version {
|
||||
fmt.Printf("%s (%s) - %s\n", ProjectVersion, GitRef, BuildDate)
|
||||
|
||||
os.Exit(0)
|
||||
}
|
||||
|
||||
// Switch to new working directory if defined
|
||||
if workdir != "" {
|
||||
if err := os.Chdir(workdir); err != nil {
|
||||
log.Fatalf("%+v", errors.Wrapf(err, "could not change working directory to '%s'", workdir))
|
||||
}
|
||||
}
|
||||
|
||||
// Load configuration file if defined, use default configuration otherwise
|
||||
var conf *config.Config
|
||||
|
||||
var err error
|
||||
|
||||
if configFile != "" {
|
||||
conf, err = config.NewFromFile(configFile)
|
||||
if err != nil {
|
||||
log.Fatalf("%+v", errors.Wrapf(err, "could not load config file '%s'", configFile))
|
||||
}
|
||||
} else {
|
||||
if dumpConfig {
|
||||
conf = config.NewDumpDefault()
|
||||
} else {
|
||||
conf = config.NewDefault()
|
||||
}
|
||||
}
|
||||
|
||||
// Dump configuration if asked
|
||||
if dumpConfig {
|
||||
if err := config.Dump(conf, os.Stdout); err != nil {
|
||||
log.Fatalf("%+v", errors.Wrap(err, "could not dump config"))
|
||||
}
|
||||
|
||||
os.Exit(0)
|
||||
}
|
||||
|
||||
if err := config.WithEnvironment(conf); err != nil {
|
||||
log.Fatalf("%+v", errors.Wrap(err, "could not override config with environment"))
|
||||
}
|
||||
|
||||
useSentry := conf.Sentry.DSN != ""
|
||||
|
||||
if useSentry {
|
||||
var sentryEnv string
|
||||
if conf.Sentry.Environment == "" {
|
||||
sentryEnv, _ = os.Hostname()
|
||||
} else {
|
||||
sentryEnv = conf.Sentry.Environment
|
||||
}
|
||||
|
||||
err := sentry.Init(sentry.ClientOptions{
|
||||
Dsn: conf.Sentry.DSN,
|
||||
Debug: conf.Debug,
|
||||
SampleRate: conf.Sentry.ServerSampleRate,
|
||||
Release: ProjectVersion + "-" + GitRef,
|
||||
Environment: sentryEnv,
|
||||
})
|
||||
if err != nil {
|
||||
log.Fatalf("%+v", errors.Wrap(err, "could not initialize sentry"))
|
||||
}
|
||||
|
||||
defer sentry.Flush(conf.Sentry.ServerFlushTimeout)
|
||||
}
|
||||
|
||||
// Create service container
|
||||
ctn, err := getServiceContainer(conf)
|
||||
if err != nil {
|
||||
log.Fatalf("%+v", errors.Wrap(err, "could not create service container"))
|
||||
}
|
||||
|
||||
r := chi.NewRouter()
|
||||
|
||||
// Define base middlewares
|
||||
r.Use(middleware.Logger)
|
||||
|
||||
if useSentry {
|
||||
sentryMiddleware := sentryhttp.New(sentryhttp.Options{
|
||||
Repanic: true,
|
||||
})
|
||||
|
||||
r.Use(sentryMiddleware.Handle)
|
||||
}
|
||||
|
||||
// Expose service container on router
|
||||
r.Use(container.ServiceContainer(ctn))
|
||||
|
||||
// Define routes
|
||||
if err := route.Mount(r, conf); err != nil {
|
||||
log.Fatalf("%+v", errors.Wrap(err, "could not mount http routes"))
|
||||
}
|
||||
|
||||
log.Printf("listening on '%s'", conf.HTTP.Address)
|
||||
if err := http.ListenAndServe(conf.HTTP.Address, r); err != nil {
|
||||
log.Fatalf("%+v", errors.Wrapf(err, "could not listen on '%s'", conf.HTTP.Address))
|
||||
}
|
||||
}
|
|
@ -0,0 +1,79 @@
|
|||
version: '2.4'
|
||||
services:
|
||||
postgres:
|
||||
image: postgres:16.1
|
||||
environment:
|
||||
- POSTGRES_PASSWORD=hydra
|
||||
- POSTGRES_USER=hydra
|
||||
- POSTGRES_DB=hydra
|
||||
restart: unless-stopped
|
||||
healthcheck:
|
||||
test: ["CMD", "pg_isready", "-U", "hydra", "-d", "hydra"]
|
||||
interval: 3s
|
||||
timeout: 5s
|
||||
retries: 5
|
||||
network_mode: host
|
||||
|
||||
hydra:
|
||||
image: &hydra_image oryd/hydra:v1.11
|
||||
environment: &hydra_environment
|
||||
- LOG_LEVEL=debug
|
||||
- LOG_LEAK_SENSITIVE_VALUES=true
|
||||
- SECRETS_SYSTEM=NotSoSecret123456
|
||||
- DSN=postgres://hydra:hydra@127.0.0.1:5432/hydra
|
||||
- URLS_CONSENT=http://localhost:3000/consent
|
||||
- URLS_LOGIN=http://localhost:3000/login
|
||||
- URLS_LOGOUT=http://localhost:3000/logout
|
||||
entrypoint: ""
|
||||
command: ["hydra", "serve", "all", "--dangerous-force-http", "--dangerous-allow-insecure-redirect-urls=http://localhost:8080/oauth2/callback,http://127.0.0.1:8080/oauth2/callback"]
|
||||
healthcheck:
|
||||
test: ["CMD", "/bin/sh", "-c", "wget -q --spider http://127.0.0.1:4444/.well-known/openid-configuration"]
|
||||
interval: 3s
|
||||
timeout: 5s
|
||||
retries: 5
|
||||
depends_on:
|
||||
init-hydra-database:
|
||||
condition: service_completed_successfully
|
||||
restart: unless-stopped
|
||||
network_mode: host
|
||||
|
||||
|
||||
oidc-test:
|
||||
image: reg.cadoles.com/cadoles/oidc-test:2023.11.6-stable.1557.e16b905
|
||||
environment:
|
||||
- LOG_LEVEL=0
|
||||
- HTTP_ADDRESS=0.0.0.0:8080
|
||||
- OIDC_CLIENT_ID=oidc-test
|
||||
- OIDC_CLIENT_SECRET=oidc-test-123456
|
||||
- OIDC_ISSUER_URL=http://127.0.0.1:4444/
|
||||
- OIDC_REDIRECT_URL=http://localhost:8080/oauth2/callback
|
||||
- OIDC_POST_LOGOUT_REDIRECT_URL=http://localhost:8080
|
||||
- OIDC_SKIP_ISSUER_VERIFICATION=true
|
||||
depends_on:
|
||||
init-hydra-client:
|
||||
condition: service_completed_successfully
|
||||
network_mode: host
|
||||
restart: unless-stopped
|
||||
|
||||
init-hydra-database:
|
||||
image: *hydra_image
|
||||
environment: *hydra_environment
|
||||
command: ["migrate", "sql", "-e", "--yes"]
|
||||
network_mode: host
|
||||
depends_on:
|
||||
postgres:
|
||||
condition: service_healthy
|
||||
|
||||
init-hydra-client:
|
||||
image: *hydra_image
|
||||
entrypoint: ""
|
||||
command: ["/bin/sh", "-c", "hydra clients import --endpoint http://127.0.0.1:4445 --fake-tls-termination /oidc/client.json || true"]
|
||||
environment: *hydra_environment
|
||||
depends_on:
|
||||
init-hydra-database:
|
||||
condition: service_completed_successfully
|
||||
hydra:
|
||||
condition: service_healthy
|
||||
network_mode: host
|
||||
volumes:
|
||||
- ./misc/compose/hydra/client.json:/oidc/client.json
|
|
@ -0,0 +1,66 @@
|
|||
module forge.cadoles.com/wpetit/hydra-webauthn
|
||||
|
||||
go 1.21
|
||||
|
||||
require (
|
||||
github.com/caarlos0/env/v6 v6.2.2
|
||||
github.com/davecgh/go-spew v1.1.1
|
||||
github.com/getsentry/sentry-go v0.7.0
|
||||
github.com/go-chi/chi v4.1.0+incompatible
|
||||
github.com/go-webauthn/webauthn v0.8.6
|
||||
github.com/google/uuid v1.3.0
|
||||
github.com/gorilla/csrf v1.6.2
|
||||
github.com/gorilla/sessions v1.2.0
|
||||
github.com/pkg/errors v0.9.1
|
||||
gitlab.com/wpetit/goweb v0.0.0-20231119195238-e40a8515cfad
|
||||
gopkg.in/yaml.v2 v2.4.0
|
||||
)
|
||||
|
||||
require (
|
||||
github.com/dustin/go-humanize v1.0.1 // indirect
|
||||
github.com/go-chi/chi/v5 v5.0.10 // indirect
|
||||
github.com/go-playground/locales v0.14.0 // indirect
|
||||
github.com/go-playground/universal-translator v0.18.0 // indirect
|
||||
github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect
|
||||
github.com/leodido/go-urn v1.2.1 // indirect
|
||||
github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
|
||||
golang.org/x/mod v0.8.0 // indirect
|
||||
golang.org/x/tools v0.6.0 // indirect
|
||||
gopkg.in/go-playground/validator.v9 v9.29.1 // indirect
|
||||
lukechampine.com/uint128 v1.2.0 // indirect
|
||||
modernc.org/cc/v3 v3.40.0 // indirect
|
||||
modernc.org/ccgo/v3 v3.16.13 // indirect
|
||||
modernc.org/libc v1.29.0 // indirect
|
||||
modernc.org/mathutil v1.6.0 // indirect
|
||||
modernc.org/memory v1.7.2 // indirect
|
||||
modernc.org/opt v0.1.3 // indirect
|
||||
modernc.org/strutil v1.1.3 // indirect
|
||||
modernc.org/token v1.0.1 // indirect
|
||||
)
|
||||
|
||||
require (
|
||||
cdr.dev/slog v1.6.1 // indirect
|
||||
github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
|
||||
github.com/charmbracelet/lipgloss v0.9.1 // indirect
|
||||
github.com/fxamacker/cbor/v2 v2.4.0 // indirect
|
||||
github.com/go-webauthn/x v0.1.4 // indirect
|
||||
github.com/golang-jwt/jwt/v5 v5.0.0 // indirect
|
||||
github.com/google/go-tpm v0.9.0 // indirect
|
||||
github.com/gorilla/securecookie v1.1.1 // indirect
|
||||
github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
|
||||
github.com/mattn/go-isatty v0.0.20 // indirect
|
||||
github.com/mattn/go-runewidth v0.0.15 // indirect
|
||||
github.com/mitchellh/mapstructure v1.5.0 // indirect
|
||||
github.com/muesli/reflow v0.3.0 // indirect
|
||||
github.com/muesli/termenv v0.15.2 // indirect
|
||||
github.com/oxtoacart/bpool v0.0.0-20190530202638-03653db5a59c // indirect
|
||||
github.com/rivo/uniseg v0.4.4 // indirect
|
||||
github.com/x448/float16 v0.8.4 // indirect
|
||||
go.opentelemetry.io/otel v1.21.0 // indirect
|
||||
go.opentelemetry.io/otel/trace v1.21.0 // indirect
|
||||
golang.org/x/crypto v0.15.0 // indirect
|
||||
golang.org/x/sys v0.14.0 // indirect
|
||||
golang.org/x/term v0.14.0 // indirect
|
||||
golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect
|
||||
modernc.org/sqlite v1.27.0
|
||||
)
|
|
@ -0,0 +1,333 @@
|
|||
cdr.dev/slog v1.6.1 h1:IQjWZD0x6//sfv5n+qEhbu3wBkmtBQY5DILXNvMaIv4=
|
||||
cdr.dev/slog v1.6.1/go.mod h1:eHEYQLaZvxnIAXC+XdTSNLb/kgA/X2RVSF72v5wsxEI=
|
||||
cloud.google.com/go/compute v1.23.0 h1:tP41Zoavr8ptEqaW6j+LQOnyBBhO7OkOMAGrgLopTwY=
|
||||
cloud.google.com/go/compute v1.23.0/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM=
|
||||
cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
|
||||
cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA=
|
||||
cloud.google.com/go/logging v1.7.0 h1:CJYxlNNNNAMkHp9em/YEXcfJg+rPDg7YfwoRpMU+t5I=
|
||||
cloud.google.com/go/logging v1.7.0/go.mod h1:3xjP2CjkM3ZkO73aj4ASA5wRPGGCRrPIAeNqVNkzY8M=
|
||||
cloud.google.com/go/longrunning v0.5.1 h1:Fr7TXftcqTudoyRJa113hyaqlGdiBQkp0Gq7tErFDWI=
|
||||
cloud.google.com/go/longrunning v0.5.1/go.mod h1:spvimkwdz6SPWKEt/XBij79E9fiTkHSQl/fRUUQJYJc=
|
||||
github.com/AndreasBriese/bbloom v0.0.0-20190306092124-e2d15f34fcf9/go.mod h1:bOvUY6CB00SOBii9/FifXqc0awNKxLFCL/+pkDPuyl8=
|
||||
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
|
||||
github.com/CloudyKit/fastprinter v0.0.0-20170127035650-74b38d55f37a/go.mod h1:EFZQ978U7x8IRnstaskI3IysnWY5Ao3QgZUKOXlsAdw=
|
||||
github.com/CloudyKit/jet v2.1.3-0.20180809161101-62edd43e4f88+incompatible/go.mod h1:HPYO+50pSWkPoj9Q/eq0aRGByCL6ScRlUmiEX5Zgm+w=
|
||||
github.com/Joker/hpp v1.0.0/go.mod h1:8x5n+M1Hp5hC0g8okX3sR3vFQwynaX/UgSOM9MeBKzY=
|
||||
github.com/Joker/jade v1.0.1-0.20190614124447-d475f43051e7/go.mod h1:6E6s8o2AE4KhCrqr6GRJjdC/gNfTdxkIXvuGZZda2VM=
|
||||
github.com/Shopify/goreferrer v0.0.0-20181106222321-ec9c9a553398/go.mod h1:a1uqRtAwp2Xwc6WNPJEufxJ7fx3npB4UV/JOLmbu5I0=
|
||||
github.com/ajg/form v1.5.1/go.mod h1:uL1WgH+h2mgNtvBq0339dVnzXdBETtL2LeUXaIv25UY=
|
||||
github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
|
||||
github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiErDT4WkJ2k=
|
||||
github.com/aymanbagabas/go-osc52/v2 v2.0.1/go.mod h1:uYgXzlJ7ZpABp8OJ+exZzJJhRNQ2ASbcXHWsFqH8hp8=
|
||||
github.com/aymerick/raymond v2.0.3-0.20180322193309-b565731e1464+incompatible/go.mod h1:osfaiScAUVup+UC9Nfq76eWqDhXlp+4UYaA8uhTBO6g=
|
||||
github.com/caarlos0/env/v6 v6.2.2 h1:R0NIFXaB/LhwuGrjnsldzpnVNjFU/U+hTVHt+cq0yDY=
|
||||
github.com/caarlos0/env/v6 v6.2.2/go.mod h1:3LpmfcAYCG6gCiSgDLaFR5Km1FRpPwFvBbRcjHar6Sw=
|
||||
github.com/charmbracelet/lipgloss v0.9.1 h1:PNyd3jvaJbg4jRHKWXnCj1akQm4rh8dbEzN1p/u1KWg=
|
||||
github.com/charmbracelet/lipgloss v0.9.1/go.mod h1:1mPmG4cxScwUQALAAnacHaigiiHB9Pmr+v1VEawJl6I=
|
||||
github.com/codegangsta/inject v0.0.0-20150114235600-33e0aa1cb7c0/go.mod h1:4Zcjuz89kmFXt9morQgcfYZAYZ5n8WHjt81YYWIwtTM=
|
||||
github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
|
||||
github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk=
|
||||
github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
|
||||
github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE=
|
||||
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
|
||||
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||
github.com/dgraph-io/badger v1.6.0/go.mod h1:zwt7syl517jmP8s94KqSxTlM6IMsdhYy6psNgSztDR4=
|
||||
github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
|
||||
github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw=
|
||||
github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
|
||||
github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=
|
||||
github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
|
||||
github.com/eknkc/amber v0.0.0-20171010120322-cdade1c07385/go.mod h1:0vRUJqYpeSZifjYj7uP3BG/gKcuzL9xWVV/Y+cK33KM=
|
||||
github.com/etcd-io/bbolt v1.3.3/go.mod h1:ZF2nL25h33cCyBtcyWeZ2/I3HQOfTP+0PIEvHjkjCrw=
|
||||
github.com/fasthttp-contrib/websocket v0.0.0-20160511215533-1f3b11f56072/go.mod h1:duJ4Jxv5lDcvg4QuQr0oowTf7dz4/CR8NtyCooz9HL8=
|
||||
github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M=
|
||||
github.com/flosch/pongo2 v0.0.0-20190707114632-bbf5a6c351f4/go.mod h1:T9YF2M40nIgbVgp3rreNmTged+9HrbNTIQf1PsaIiTA=
|
||||
github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
|
||||
github.com/fxamacker/cbor/v2 v2.4.0 h1:ri0ArlOR+5XunOP8CRUowT0pSJOwhW098ZCUyskZD88=
|
||||
github.com/fxamacker/cbor/v2 v2.4.0/go.mod h1:TA1xS00nchWmaBnEIxPSE5oHLuJBAVvqrtAnWBwBCVo=
|
||||
github.com/gavv/httpexpect v2.0.0+incompatible/go.mod h1:x+9tiU1YnrOvnB725RkpoLv1M62hOWzwo5OXotisrKc=
|
||||
github.com/getsentry/sentry-go v0.7.0 h1:MR2yfR4vFfv/2+iBuSnkdQwVg7N9cJzihZ6KJu7srwQ=
|
||||
github.com/getsentry/sentry-go v0.7.0/go.mod h1:pLFpD2Y5RHIKF9Bw3KH6/68DeN2K/XBJd8awjdPnUwg=
|
||||
github.com/gin-contrib/sse v0.0.0-20190301062529-5545eab6dad3/go.mod h1:VJ0WA2NBN22VlZ2dKZQPAPnyWw5XTlK1KymzLKsr59s=
|
||||
github.com/gin-gonic/gin v1.4.0/go.mod h1:OW2EZn3DO8Ln9oIKOvM++LBO+5UPHJJDH72/q/3rZdM=
|
||||
github.com/go-check/check v0.0.0-20180628173108-788fd7840127/go.mod h1:9ES+weclKsC9YodN5RgxqK/VD9HM9JsCSh7rNhMZE98=
|
||||
github.com/go-chi/chi v4.1.0+incompatible h1:ETj3cggsVIY2Xao5ExCu6YhEh5MD6JTfcBzS37R260w=
|
||||
github.com/go-chi/chi v4.1.0+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ=
|
||||
github.com/go-chi/chi/v5 v5.0.10 h1:rLz5avzKpjqxrYwXNfmjkrYYXOyLJd37pz53UFHC6vk=
|
||||
github.com/go-chi/chi/v5 v5.0.10/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8=
|
||||
github.com/go-errors/errors v1.0.1 h1:LUHzmkK3GUKUrL/1gfBUxAHzcev3apQlezX/+O7ma6w=
|
||||
github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q=
|
||||
github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY=
|
||||
github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
|
||||
github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
|
||||
github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
|
||||
github.com/go-martini/martini v0.0.0-20170121215854-22fa46961aab/go.mod h1:/P9AEU963A2AYjv4d1V5eVL1CQbEJq6aCNHDDjibzu8=
|
||||
github.com/go-playground/locales v0.14.0 h1:u50s323jtVGugKlcYeyzC0etD1HifMjqmJqb8WugfUU=
|
||||
github.com/go-playground/locales v0.14.0/go.mod h1:sawfccIbzZTqEDETgFXqTho0QybSa7l++s0DH+LDiLs=
|
||||
github.com/go-playground/universal-translator v0.18.0 h1:82dyy6p4OuJq4/CByFNOn/jYrnRPArHwAcmLoJZxyho=
|
||||
github.com/go-playground/universal-translator v0.18.0/go.mod h1:UvRDBj+xPUEGrFYl+lu/H90nyDXpg0fqeB/AQUGNTVA=
|
||||
github.com/go-webauthn/webauthn v0.8.6 h1:bKMtL1qzd2WTFkf1mFTVbreYrwn7dsYmEPjTq6QN90E=
|
||||
github.com/go-webauthn/webauthn v0.8.6/go.mod h1:emwVLMCI5yx9evTTvr0r+aOZCdWJqMfbRhF0MufyUog=
|
||||
github.com/go-webauthn/x v0.1.4 h1:sGmIFhcY70l6k7JIDfnjVBiAAFEssga5lXIUXe0GtAs=
|
||||
github.com/go-webauthn/x v0.1.4/go.mod h1:75Ug0oK6KYpANh5hDOanfDI+dvPWHk788naJVG/37H8=
|
||||
github.com/gobwas/httphead v0.0.0-20180130184737-2c6c146eadee/go.mod h1:L0fX3K22YWvt/FAX9NnzrNzcI4wNYi9Yku4O0LKYflo=
|
||||
github.com/gobwas/pool v0.2.0/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw=
|
||||
github.com/gobwas/ws v1.0.2/go.mod h1:szmBTxLgaFppYjEmNtny/v3w89xOydFnnZMcgRRu/EM=
|
||||
github.com/golang-jwt/jwt/v5 v5.0.0 h1:1n1XNM9hk7O9mnQoNBGolZvzebBQ7p93ULHRc28XJUE=
|
||||
github.com/golang-jwt/jwt/v5 v5.0.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
|
||||
github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
|
||||
github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
|
||||
github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
|
||||
github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
|
||||
github.com/gomodule/redigo v1.7.1-0.20190724094224-574c33c3df38/go.mod h1:B4C85qUVwatsJoIUNIfCRsp7qO0iAmpGFZ4EELWSbC4=
|
||||
github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
|
||||
github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
|
||||
github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
|
||||
github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=
|
||||
github.com/google/go-tpm v0.9.0 h1:sQF6YqWMi+SCXpsmS3fd21oPy/vSddwZry4JnmltHVk=
|
||||
github.com/google/go-tpm v0.9.0/go.mod h1:FkNVkc6C+IsvDI9Jw1OveJmxGZUUaKxtrpOS47QWKfU=
|
||||
github.com/google/pprof v0.0.0-20221118152302-e6195bd50e26 h1:Xim43kblpZXfIBQsbuBVKCudVG457BR2GZFIz3uw3hQ=
|
||||
github.com/google/pprof v0.0.0-20221118152302-e6195bd50e26/go.mod h1:dDKJzRmX4S37WGHujM7tX//fmj1uioxKzKxz3lo4HJo=
|
||||
github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
|
||||
github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
|
||||
github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
|
||||
github.com/gorilla/csrf v1.6.2 h1:QqQ/OWwuFp4jMKgBFAzJVW3FMULdyUW7JoM4pEWuqKg=
|
||||
github.com/gorilla/csrf v1.6.2/go.mod h1:7tSf8kmjNYr7IWDCYhd3U8Ck34iQ/Yw5CJu7bAkHEGI=
|
||||
github.com/gorilla/securecookie v1.1.1 h1:miw7JPhV+b/lAHSXz4qd/nN9jRiAFV5FwjeKyCS8BvQ=
|
||||
github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4=
|
||||
github.com/gorilla/sessions v1.2.0 h1:S7P+1Hm5V/AT9cjEcUD5uDaQSX0OE577aCXgoaKpYbQ=
|
||||
github.com/gorilla/sessions v1.2.0/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM=
|
||||
github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
|
||||
github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
|
||||
github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
|
||||
github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
|
||||
github.com/imkira/go-interpol v1.1.0/go.mod h1:z0h2/2T3XF8kyEPpRgJ3kmNv+C43p+I/CoI+jC3w2iA=
|
||||
github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
|
||||
github.com/iris-contrib/blackfriday v2.0.0+incompatible/go.mod h1:UzZ2bDEoaSGPbkg6SAB4att1aAwTmVIx/5gCVqeyUdI=
|
||||
github.com/iris-contrib/go.uuid v2.0.0+incompatible/go.mod h1:iz2lgM/1UnEf1kP0L/+fafWORmlnuysV2EMP8MW+qe0=
|
||||
github.com/iris-contrib/i18n v0.0.0-20171121225848-987a633949d0/go.mod h1:pMCz62A0xJL6I+umB2YTlFRwWXaDFA0jy+5HzGiJjqI=
|
||||
github.com/iris-contrib/schema v0.0.1/go.mod h1:urYA3uvUNG1TIIjOSCzHr9/LmbQo8LrOcOqfqxa4hXw=
|
||||
github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
|
||||
github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
|
||||
github.com/juju/errors v0.0.0-20181118221551-089d3ea4e4d5/go.mod h1:W54LbzXuIE0boCoNJfwqpmkKJ1O4TCTZMetAt6jGk7Q=
|
||||
github.com/juju/loggo v0.0.0-20180524022052-584905176618/go.mod h1:vgyd7OREkbtVEN/8IXZe5Ooef3LQePvuBm9UWj6ZL8U=
|
||||
github.com/juju/testing v0.0.0-20180920084828-472a3e8b2073/go.mod h1:63prj8cnj0tU0S9OHjGJn+b1h0ZghCndfnbQolrYTwA=
|
||||
github.com/k0kubun/colorstring v0.0.0-20150214042306-9440f1994b88/go.mod h1:3w7q1U84EfirKl04SVQ/s7nPm1ZPhiXd34z40TNz36k=
|
||||
github.com/kataras/golog v0.0.9/go.mod h1:12HJgwBIZFNGL0EJnMRhmvGA0PQGx8VFwrZtM4CqbAk=
|
||||
github.com/kataras/iris/v12 v12.0.1/go.mod h1:udK4vLQKkdDqMGJJVd/msuMtN6hpYJhg/lSzuxjhO+U=
|
||||
github.com/kataras/neffos v0.0.10/go.mod h1:ZYmJC07hQPW67eKuzlfY7SO3bC0mw83A3j6im82hfqw=
|
||||
github.com/kataras/pio v0.0.0-20190103105442-ea782b38602d/go.mod h1:NV88laa9UiiDuX9AhMbDPkGYSPugBOV6yTZB1l2K9Z0=
|
||||
github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 h1:Z9n2FFNUXsshfwJMBgNA0RU6/i7WVaAegv3PtuIHPMs=
|
||||
github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8=
|
||||
github.com/klauspost/compress v1.8.2/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A=
|
||||
github.com/klauspost/compress v1.9.0/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A=
|
||||
github.com/klauspost/cpuid v1.2.1/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek=
|
||||
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
|
||||
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
|
||||
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
|
||||
github.com/labstack/echo/v4 v4.1.11/go.mod h1:i541M3Fj6f76NZtHSj7TXnyM8n2gaodfvfxNnFqi74g=
|
||||
github.com/labstack/gommon v0.3.0/go.mod h1:MULnywXg0yavhxWKc+lOruYdAhDwPK9wf0OL7NoOu+k=
|
||||
github.com/leodido/go-urn v1.2.1 h1:BqpAaACuzVSgi/VLzGZIobT2z4v53pjosyNd9Yv6n/w=
|
||||
github.com/leodido/go-urn v1.2.1/go.mod h1:zt4jvISO2HfUBqxjfIshjdMTYS56ZS/qv49ictyFfxY=
|
||||
github.com/lucasb-eyer/go-colorful v1.2.0 h1:1nnpGOrhyZZuNyfu1QjKiUICQ74+3FNCN69Aj6K7nkY=
|
||||
github.com/lucasb-eyer/go-colorful v1.2.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0=
|
||||
github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
|
||||
github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
|
||||
github.com/mattn/go-isatty v0.0.7/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
|
||||
github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
|
||||
github.com/mattn/go-isatty v0.0.9/go.mod h1:YNRxwqDuOph6SZLI9vUUz6OYw3QyUt7WiY2yME+cCiQ=
|
||||
github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
|
||||
github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
|
||||
github.com/mattn/go-runewidth v0.0.12/go.mod h1:RAqKPSqVFrSLVXbA8x7dzmKdmGzieGRCM46jaSJTDAk=
|
||||
github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZgg3U=
|
||||
github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
|
||||
github.com/mattn/go-sqlite3 v1.14.16 h1:yOQRA0RpS5PFz/oikGwBEqvAWhWg5ufRz4ETLjwpU1Y=
|
||||
github.com/mattn/go-sqlite3 v1.14.16/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg=
|
||||
github.com/mattn/goveralls v0.0.2/go.mod h1:8d1ZMHsd7fW6IRPKQh46F2WRpyib5/X4FOpevwGNQEw=
|
||||
github.com/mediocregopher/mediocre-go-lib v0.0.0-20181029021733-cb65787f37ed/go.mod h1:dSsfyI2zABAdhcbvkXqgxOxrCsbYeHCPgrZkku60dSg=
|
||||
github.com/mediocregopher/radix/v3 v3.3.0/go.mod h1:EmfVyvspXz1uZEyPBMyGK+kjWiKQGvsUt6O3Pj+LDCQ=
|
||||
github.com/microcosm-cc/bluemonday v1.0.2/go.mod h1:iVP4YcDBq+n/5fb23BhYFvIMq/leAFZyRl6bYmGDlGc=
|
||||
github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
|
||||
github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
|
||||
github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
|
||||
github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
|
||||
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
|
||||
github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
|
||||
github.com/moul/http2curl v1.0.0/go.mod h1:8UbvGypXm98wA/IqH45anm5Y2Z6ep6O31QGOAZ3H0fQ=
|
||||
github.com/muesli/reflow v0.3.0 h1:IFsN6K9NfGtjeggFP+68I4chLZV2yIKsXJFNZ+eWh6s=
|
||||
github.com/muesli/reflow v0.3.0/go.mod h1:pbwTDkVPibjO2kyvBQRBxTWEEGDGq0FlB1BIKtnHY/8=
|
||||
github.com/muesli/termenv v0.15.2 h1:GohcuySI0QmI3wN8Ok9PtKGkgkFIk7y6Vpb5PvrY+Wo=
|
||||
github.com/muesli/termenv v0.15.2/go.mod h1:Epx+iuz8sNs7mNKhxzH4fWXGNpZwUaJKRS1noLXviQ8=
|
||||
github.com/nats-io/nats.go v1.8.1/go.mod h1:BrFz9vVn0fU3AcH9Vn4Kd7W0NpJ651tD5omQ3M8LwxM=
|
||||
github.com/nats-io/nkeys v0.0.2/go.mod h1:dab7URMsZm6Z/jp9Z5UGa87Uutgc2mVpXLC4B7TDb/4=
|
||||
github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c=
|
||||
github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
|
||||
github.com/onsi/ginkgo v1.10.3/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
|
||||
github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
|
||||
github.com/oxtoacart/bpool v0.0.0-20190530202638-03653db5a59c h1:rp5dCmg/yLR3mgFuSOe4oEnDDmGLROTvMragMUXpTQw=
|
||||
github.com/oxtoacart/bpool v0.0.0-20190530202638-03653db5a59c/go.mod h1:X07ZCGwUbLaax7L0S3Tw4hpejzu63ZrrQiUe6W0hcy0=
|
||||
github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
|
||||
github.com/pingcap/errors v0.11.4 h1:lFuQV/oaUMGcD2tqt+01ROSmJs75VG1ToEOkZIZ4nE4=
|
||||
github.com/pingcap/errors v0.11.4/go.mod h1:Oi8TUi2kEtXXLMJk9l1cGmz20kV3TaQ0usTwv5KuLY8=
|
||||
github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
|
||||
github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
|
||||
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
|
||||
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
|
||||
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
|
||||
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
|
||||
github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec h1:W09IVJc94icq4NjY3clb7Lk8O1qJ8BdBEF8z0ibU0rE=
|
||||
github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
|
||||
github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
|
||||
github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
|
||||
github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis=
|
||||
github.com/rivo/uniseg v0.4.4/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
|
||||
github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
|
||||
github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
|
||||
github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo=
|
||||
github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
|
||||
github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
|
||||
github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
|
||||
github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
|
||||
github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
|
||||
github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU=
|
||||
github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
|
||||
github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
|
||||
github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s=
|
||||
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
|
||||
github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
|
||||
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
|
||||
github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
|
||||
github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
|
||||
github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
|
||||
github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
|
||||
github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
|
||||
github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc=
|
||||
github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw=
|
||||
github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0=
|
||||
github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY=
|
||||
github.com/urfave/negroni v1.0.0/go.mod h1:Meg73S6kFm/4PpbYdq35yYWoCZ9mS/YSx+lKnmiohz4=
|
||||
github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
|
||||
github.com/valyala/fasthttp v1.6.0/go.mod h1:FstJa9V+Pj9vQ7OJie2qMHdwemEDaDiSdBnvPM1Su9w=
|
||||
github.com/valyala/fasttemplate v1.0.1/go.mod h1:UQGH1tvbgY+Nz5t2n7tXsz52dQxojPUpymEIMZ47gx8=
|
||||
github.com/valyala/tcplisten v0.0.0-20161114210144-ceec8f93295a/go.mod h1:v3UYOV9WzVtRmSR+PDvWpU/qWl4Wa5LApYYX4ZtKbio=
|
||||
github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
|
||||
github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
|
||||
github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
|
||||
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
|
||||
github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y=
|
||||
github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
|
||||
github.com/yalp/jsonpath v0.0.0-20180802001716-5cc68e5049a0/go.mod h1:/LWChgwKmvncFJFHJ7Gvn9wZArjbV5/FppcK2fKk/tI=
|
||||
github.com/yudai/gojsondiff v1.0.0/go.mod h1:AY32+k2cwILAkW1fbgxQ5mUmMiZFgLIV+FBNExI05xg=
|
||||
github.com/yudai/golcs v0.0.0-20170316035057-ecda9a501e82/go.mod h1:lgjkn3NuSvDfVJdfcVVdX+jpBxNmX4rDAzaS45IcYoM=
|
||||
github.com/yudai/pp v2.0.1+incompatible/go.mod h1:PuxR/8QJ7cyCkFp/aUDS+JY727OFEZkTdatxwunjIkc=
|
||||
gitlab.com/wpetit/goweb v0.0.0-20231119195238-e40a8515cfad h1:KDrx55pxLSx/Uv3Zt0eox8ed2WKA1uYhHQX85eOk03E=
|
||||
gitlab.com/wpetit/goweb v0.0.0-20231119195238-e40a8515cfad/go.mod h1:M84eg+LmLpFLZT0YTZ/IpbXjviXFW5t+xBtEgHWc/Oo=
|
||||
go.opentelemetry.io/otel v1.21.0 h1:hzLeKBZEL7Okw2mGzZ0cc4k/A7Fta0uoPgaJCr8fsFc=
|
||||
go.opentelemetry.io/otel v1.21.0/go.mod h1:QZzNPQPm1zLX4gZK4cMi+71eaorMSGT3A4znnUvNNEo=
|
||||
go.opentelemetry.io/otel/metric v1.21.0 h1:tlYWfeo+Bocx5kLEloTjbcDwBuELRrIFxwdQ36PlJu4=
|
||||
go.opentelemetry.io/otel/metric v1.21.0/go.mod h1:o1p3CA8nNHW8j5yuQLdc1eeqEaPfzug24uvsyIEJRWM=
|
||||
go.opentelemetry.io/otel/sdk v1.16.0 h1:Z1Ok1YsijYL0CSJpHt4cS3wDDh7p572grzNrBMiMWgE=
|
||||
go.opentelemetry.io/otel/sdk v1.16.0/go.mod h1:tMsIuKXuuIWPBAOrH+eHtvhTL+SntFtXF9QD68aP6p4=
|
||||
go.opentelemetry.io/otel/trace v1.21.0 h1:WD9i5gzvoUPuXIXH24ZNBudiarZDKuekPqi/E8fpfLc=
|
||||
go.opentelemetry.io/otel/trace v1.21.0/go.mod h1:LGbsEB0f9LGjN+OZaQQ26sohbOmiMR+BaslueVtS/qQ=
|
||||
golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
|
||||
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
|
||||
golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
|
||||
golang.org/x/crypto v0.15.0 h1:frVn1TEaCEaZcn3Tmd7Y2b5KKPaZ+I32Q2OA3kYp5TA=
|
||||
golang.org/x/crypto v0.15.0/go.mod h1:4ChreQoLWfG3xLDer1WdlH5NdlQ3+mwnQq1YTKY+72g=
|
||||
golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8=
|
||||
golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
|
||||
golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||
golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||
golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
|
||||
golang.org/x/net v0.0.0-20190327091125-710a502c58a2/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
|
||||
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
|
||||
golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
|
||||
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
|
||||
golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
|
||||
golang.org/x/net v0.12.0 h1:cfawfvKITfUsFCeJIHJrbSxpeu/E81khclypR0GVT50=
|
||||
golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA=
|
||||
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o=
|
||||
golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||
golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||
golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20190626221950-04f50cda93cb/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.14.0 h1:Vz7Qs629MkJkGyHxUlRHizWJRG2j8fbQKjELVSNhy7Q=
|
||||
golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
|
||||
golang.org/x/term v0.14.0 h1:LGK9IlZ8T9jvdy6cTdfKUCltatMFOehAQo9SRC46UQ8=
|
||||
golang.org/x/term v0.14.0/go.mod h1:TySc+nGkYR6qt8km8wUhuFRTVSMIX3XPR58y2lC8vww=
|
||||
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
|
||||
golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
|
||||
golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
|
||||
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
||||
golang.org/x/tools v0.0.0-20181221001348-537d06c36207/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
||||
golang.org/x/tools v0.0.0-20190327201419-c70d86f8b7cf/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
|
||||
golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
|
||||
golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM=
|
||||
golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
|
||||
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 h1:+cNy6SZtPcJQH3LJVLOSmiC7MMxXNOb3PU/VUEz+EhU=
|
||||
golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028/go.mod h1:NDW/Ps6MPRej6fsCIbMTohpP40sJ/P/vI1MoTEGwX90=
|
||||
google.golang.org/genproto v0.0.0-20230726155614-23370e0ffb3e h1:xIXmWJ303kJCuogpj0bHq+dcjcZHU+XFyc1I0Yl9cRg=
|
||||
google.golang.org/genproto v0.0.0-20230726155614-23370e0ffb3e/go.mod h1:0ggbjUrZYpy1q+ANUS30SEoGZ53cdfwtbuG7Ptgy108=
|
||||
google.golang.org/genproto/googleapis/api v0.0.0-20230706204954-ccb25ca9f130 h1:XVeBY8d/FaK4848myy41HBqnDwvxeV3zMZhwN1TvAMU=
|
||||
google.golang.org/genproto/googleapis/api v0.0.0-20230706204954-ccb25ca9f130/go.mod h1:mPBs5jNgx2GuQGvFwUvVKqtn6HsUw9nP64BedgvqEsQ=
|
||||
google.golang.org/genproto/googleapis/rpc v0.0.0-20230706204954-ccb25ca9f130 h1:2FZP5XuJY9zQyGM5N0rtovnoXjiMUEIUMvw0m9wlpLc=
|
||||
google.golang.org/genproto/googleapis/rpc v0.0.0-20230706204954-ccb25ca9f130/go.mod h1:8mL13HKkDa+IuJ8yruA3ci0q+0vsUz4m//+ottjwS5o=
|
||||
google.golang.org/grpc v1.57.0 h1:kfzNeI/klCGD2YPMUlaGNT3pxvYfga7smW3Vth8Zsiw=
|
||||
google.golang.org/grpc v1.57.0/go.mod h1:Sd+9RMTACXwmub0zcNY2c4arhtrbBYD1AUHI/dt16Mo=
|
||||
google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8=
|
||||
google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
|
||||
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
|
||||
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
||||
gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
|
||||
gopkg.in/go-playground/assert.v1 v1.2.1 h1:xoYuJVE7KT85PYWrN730RguIQO0ePzVRfFMXadIrXTM=
|
||||
gopkg.in/go-playground/assert.v1 v1.2.1/go.mod h1:9RXL0bg/zibRAgZUYszZSwO/z8Y/a8bDuhia5mkpMnE=
|
||||
gopkg.in/go-playground/validator.v8 v8.18.2/go.mod h1:RX2a/7Ha8BgOhfk7j780h4/u/RRjR0eouCJSH80/M2Y=
|
||||
gopkg.in/go-playground/validator.v9 v9.29.1 h1:SvGtYmN60a5CVKTOzMSyfzWDeZRxRuGvRQyEAKbw1xc=
|
||||
gopkg.in/go-playground/validator.v9 v9.29.1/go.mod h1:+c9/zcJMFNgbLvly1L1V+PpxWdVbfP1avr/N00E2vyQ=
|
||||
gopkg.in/mgo.v2 v2.0.0-20180705113604-9856a29383ce/go.mod h1:yeKp02qBN3iKW1OzL3MGk2IdtZzaj7SFntXj72NppTA=
|
||||
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
|
||||
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
|
||||
gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
|
||||
gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
|
||||
gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
|
||||
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
|
||||
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
|
||||
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
|
||||
lukechampine.com/uint128 v1.2.0 h1:mBi/5l91vocEN8otkC5bDLhi2KdCticRiwbdB0O+rjI=
|
||||
lukechampine.com/uint128 v1.2.0/go.mod h1:c4eWIwlEGaxC/+H1VguhU4PHXNWDCDMUlWdIWl2j1gk=
|
||||
modernc.org/cc/v3 v3.40.0 h1:P3g79IUS/93SYhtoeaHW+kRCIrYaxJ27MFPv+7kaTOw=
|
||||
modernc.org/cc/v3 v3.40.0/go.mod h1:/bTg4dnWkSXowUO6ssQKnOV0yMVxDYNIsIrzqTFDGH0=
|
||||
modernc.org/ccgo/v3 v3.16.13 h1:Mkgdzl46i5F/CNR/Kj80Ri59hC8TKAhZrYSaqvkwzUw=
|
||||
modernc.org/ccgo/v3 v3.16.13/go.mod h1:2Quk+5YgpImhPjv2Qsob1DnZ/4som1lJTodubIcoUkY=
|
||||
modernc.org/ccorpus v1.11.6 h1:J16RXiiqiCgua6+ZvQot4yUuUy8zxgqbqEEUuGPlISk=
|
||||
modernc.org/ccorpus v1.11.6/go.mod h1:2gEUTrWqdpH2pXsmTM1ZkjeSrUWDpjMu2T6m29L/ErQ=
|
||||
modernc.org/httpfs v1.0.6 h1:AAgIpFZRXuYnkjftxTAZwMIiwEqAfk8aVB2/oA6nAeM=
|
||||
modernc.org/httpfs v1.0.6/go.mod h1:7dosgurJGp0sPaRanU53W4xZYKh14wfzX420oZADeHM=
|
||||
modernc.org/libc v1.29.0 h1:tTFRFq69YKCF2QyGNuRUQxKBm1uZZLubf6Cjh/pVHXs=
|
||||
modernc.org/libc v1.29.0/go.mod h1:DaG/4Q3LRRdqpiLyP0C2m1B8ZMGkQ+cCgOIjEtQlYhQ=
|
||||
modernc.org/mathutil v1.6.0 h1:fRe9+AmYlaej+64JsEEhoWuAYBkOtQiMEU7n/XgfYi4=
|
||||
modernc.org/mathutil v1.6.0/go.mod h1:Ui5Q9q1TR2gFm0AQRqQUaBWFLAhQpCwNcuhBOSedWPo=
|
||||
modernc.org/memory v1.7.2 h1:Klh90S215mmH8c9gO98QxQFsY+W451E8AnzjoE2ee1E=
|
||||
modernc.org/memory v1.7.2/go.mod h1:NO4NVCQy0N7ln+T9ngWqOQfi7ley4vpwvARR+Hjw95E=
|
||||
modernc.org/opt v0.1.3 h1:3XOZf2yznlhC+ibLltsDGzABUGVx8J6pnFMS3E4dcq4=
|
||||
modernc.org/opt v0.1.3/go.mod h1:WdSiB5evDcignE70guQKxYUl14mgWtbClRi5wmkkTX0=
|
||||
modernc.org/sqlite v1.27.0 h1:MpKAHoyYB7xqcwnUwkuD+npwEa0fojF0B5QRbN+auJ8=
|
||||
modernc.org/sqlite v1.27.0/go.mod h1:Qxpazz0zH8Z1xCFyi5GSL3FzbtZ3fvbjmywNogldEW0=
|
||||
modernc.org/strutil v1.1.3 h1:fNMm+oJklMGYfU9Ylcywl0CO5O6nTfaowNsh2wpPjzY=
|
||||
modernc.org/strutil v1.1.3/go.mod h1:MEHNA7PdEnEwLvspRMtWTNnp2nnyvMfkimT1NKNAGbw=
|
||||
modernc.org/tcl v1.15.2 h1:C4ybAYCGJw968e+Me18oW55kD/FexcHbqH2xak1ROSY=
|
||||
modernc.org/tcl v1.15.2/go.mod h1:3+k/ZaEbKrC8ePv8zJWPtBSW0V7Gg9g8rkmhI1Kfs3c=
|
||||
modernc.org/token v1.0.1 h1:A3qvTqOwexpfZZeyI0FeGPDlSWX5pjZu9hF4lU+EKWg=
|
||||
modernc.org/token v1.0.1/go.mod h1:UGzOrNV1mAFSEB63lOFHIpNRUVMvYTc6yu1SMY/XTDM=
|
||||
modernc.org/z v1.7.3 h1:zDJf6iHjrnB+WRD88stbXokugjyc0/pB91ri1gO6LZY=
|
||||
modernc.org/z v1.7.3/go.mod h1:Ipv4tsdxZRbQyLq9Q1M6gdbkxYzdlrciF2Hi/lS7nWE=
|
|
@ -0,0 +1,27 @@
|
|||
package config
|
||||
|
||||
type APIConfig struct {
|
||||
Authentication AuthenticationConfig `yaml:"auth"`
|
||||
}
|
||||
|
||||
type AuthenticationConfig struct {
|
||||
Accounts []AccountConfig `yaml:"accounts"`
|
||||
}
|
||||
|
||||
type AccountConfig struct {
|
||||
Username string `yaml:"username"`
|
||||
Password string `ymal:"password"`
|
||||
}
|
||||
|
||||
func NewDefaultAPIConfig() APIConfig {
|
||||
return APIConfig{
|
||||
Authentication: AuthenticationConfig{
|
||||
Accounts: []AccountConfig{
|
||||
{
|
||||
Username: "admin",
|
||||
Password: "webauthn",
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
|
@ -0,0 +1,122 @@
|
|||
package config
|
||||
|
||||
import (
|
||||
"io"
|
||||
"os"
|
||||
"time"
|
||||
|
||||
"github.com/pkg/errors"
|
||||
|
||||
"github.com/caarlos0/env/v6"
|
||||
"gopkg.in/yaml.v2"
|
||||
)
|
||||
|
||||
type Config struct {
|
||||
Debug bool `yaml:"debug"`
|
||||
HTTP HTTPConfig `yaml:"http"`
|
||||
Hydra HydraConfig `yaml:"hydra"`
|
||||
Session SessionConfig `yaml:"session"`
|
||||
Sentry SentryConfig `yaml:"sentry"`
|
||||
WebAuthn WebAuthnConfig `yaml:"webauthn"`
|
||||
API APIConfig `yaml:"api"`
|
||||
Storage StorageConfig `yaml:"storage"`
|
||||
}
|
||||
|
||||
// NewFromFile retrieves the configuration from the given file
|
||||
func NewFromFile(filepath string) (*Config, error) {
|
||||
config := NewDefault()
|
||||
|
||||
data, err := os.ReadFile(filepath)
|
||||
if err != nil {
|
||||
return nil, errors.Wrapf(err, "could not read file '%s'", filepath)
|
||||
}
|
||||
|
||||
if err := yaml.Unmarshal(data, config); err != nil {
|
||||
return nil, errors.Wrapf(err, "could not unmarshal configuration")
|
||||
}
|
||||
|
||||
return config, nil
|
||||
}
|
||||
|
||||
type HydraConfig struct {
|
||||
BaseURL string `yaml:"baseURL" env:"HYDRA_BASE_URL"`
|
||||
// Fake upstream SSL termination adding the "X-Forwarded-Proto: https" to the OIDC client
|
||||
// HTTP request headers.
|
||||
// Required by ory/hydra in some networks topologies
|
||||
FakeSSLTermination bool `yaml:"fakeSSLTermination" env:"HYDRA_FAKE_SSL_TERMINATION"`
|
||||
HTTPClientTimeout time.Duration `yaml:"httpClientTimeout" env:"HYDRA_HTTP_CLIENT_TIMEOUT"`
|
||||
}
|
||||
|
||||
type SessionConfig struct {
|
||||
DefaultDuration int `yaml:"defaultDuration" env:"HYDRA_SESSION_DEFAULT_DURATION"`
|
||||
RememberMeDuration int `yaml:"rememberMeDuration" env:"HYDRA_SESSION_REMEMBER_ME_DURATION"`
|
||||
}
|
||||
|
||||
type SentryConfig struct {
|
||||
DSN string `yaml:"dsn" env:"SENTRY_DSN"`
|
||||
// Server events sampling rate, see https://docs.sentry.io/platforms/go/configuration/options/
|
||||
ServerSampleRate float64 `yaml:"serverSampleRate" env:"SENTRY_SERVER_SAMPLE_RATE"`
|
||||
ServerFlushTimeout time.Duration `yaml:"serverFlushTimeout" env:"SENTRY_SERVER_FLUSH_TIMEOUT"`
|
||||
Environment string `yaml:"environment" env:"SENTRY_ENVIRONMENT"`
|
||||
}
|
||||
|
||||
func NewDumpDefault() *Config {
|
||||
config := NewDefault()
|
||||
return config
|
||||
}
|
||||
|
||||
func NewDefault() *Config {
|
||||
return &Config{
|
||||
Debug: false,
|
||||
HTTP: HTTPConfig{
|
||||
Address: ":3000",
|
||||
CookieAuthenticationKey: "",
|
||||
CookieEncryptionKey: "",
|
||||
TokenEncryptionKey: "",
|
||||
TokenSigningKey: "",
|
||||
CookieMaxAge: int((time.Hour * 1).Seconds()), // 1 hour
|
||||
TemplateDir: "template",
|
||||
PublicDir: "public",
|
||||
BaseURL: "/",
|
||||
},
|
||||
Hydra: HydraConfig{
|
||||
BaseURL: "http://localhost:4445/",
|
||||
FakeSSLTermination: false,
|
||||
HTTPClientTimeout: time.Second * 30, //nolint: gomnb
|
||||
},
|
||||
Session: SessionConfig{
|
||||
DefaultDuration: int((time.Hour * 1).Seconds()), // 1 hour
|
||||
RememberMeDuration: int((time.Hour * 24 * 30).Seconds()), // 30 days
|
||||
},
|
||||
Sentry: SentryConfig{
|
||||
DSN: "",
|
||||
ServerSampleRate: 1,
|
||||
ServerFlushTimeout: 2 * time.Second,
|
||||
Environment: "",
|
||||
},
|
||||
WebAuthn: NewDefaultWebAuthnConfig(),
|
||||
API: NewDefaultAPIConfig(),
|
||||
Storage: NewDefaultStorageConfig(),
|
||||
}
|
||||
}
|
||||
|
||||
func Dump(config *Config, w io.Writer) error {
|
||||
data, err := yaml.Marshal(config)
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "could not dump config")
|
||||
}
|
||||
|
||||
if _, err := w.Write(data); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func WithEnvironment(conf *Config) error {
|
||||
if err := env.Parse(conf); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
|
@ -0,0 +1,13 @@
|
|||
package config
|
||||
|
||||
type HTTPConfig struct {
|
||||
Address string `yaml:"address" env:"HTTP_ADDRESS"`
|
||||
CookieAuthenticationKey string `yaml:"cookieAuthenticationKey" env:"HTTP_COOKIE_AUTHENTICATION_KEY"`
|
||||
CookieEncryptionKey string `yaml:"cookieEncryptionKey" env:"HTTP_COOKIE_ENCRYPTION_KEY"`
|
||||
TokenSigningKey string `yaml:"tokenSigningKey" env:"HTTP_TOKEN_SIGNING_KEY"`
|
||||
TokenEncryptionKey string `yaml:"tokenEncryptionKey" env:"HTTP_TOKEN_ENCRYPTION_KEY"`
|
||||
BaseURL string `yaml:"basePublicUrl" env:"HTTP_BASE_URL"`
|
||||
CookieMaxAge int `yaml:"cookieMaxAge" env:"HTTP_COOKIE_MAX_AGE"`
|
||||
TemplateDir string `yaml:"templateDir" env:"HTTP_TEMPLATE_DIR"`
|
||||
PublicDir string `yaml:"publicDir" env:"HTTP_PUBLIC_DIR"`
|
||||
}
|
|
@ -0,0 +1,9 @@
|
|||
package config
|
||||
|
||||
import "gitlab.com/wpetit/goweb/service"
|
||||
|
||||
func ServiceProvider(config *Config) service.Provider {
|
||||
return func(ctn *service.Container) (interface{}, error) {
|
||||
return config, nil
|
||||
}
|
||||
}
|
|
@ -0,0 +1,33 @@
|
|||
package config
|
||||
|
||||
import (
|
||||
"github.com/pkg/errors"
|
||||
"gitlab.com/wpetit/goweb/service"
|
||||
)
|
||||
|
||||
const ServiceName service.Name = "config"
|
||||
|
||||
// From retrieves the config service in the given container
|
||||
func From(container *service.Container) (*Config, error) {
|
||||
service, err := container.Service(ServiceName)
|
||||
if err != nil {
|
||||
return nil, errors.Wrapf(err, "error while retrieving '%s' service", ServiceName)
|
||||
}
|
||||
|
||||
srv, ok := service.(*Config)
|
||||
if !ok {
|
||||
return nil, errors.Errorf("retrieved service is not a valid '%s' service", ServiceName)
|
||||
}
|
||||
|
||||
return srv, nil
|
||||
}
|
||||
|
||||
// Must retrieves the config service in the given container or panic otherwise
|
||||
func Must(container *service.Container) *Config {
|
||||
srv, err := From(container)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
||||
return srv
|
||||
}
|
|
@ -0,0 +1,13 @@
|
|||
package config
|
||||
|
||||
type StorageConfig struct {
|
||||
Driver string `yaml:"driver"`
|
||||
DSN string `yaml:"dsn"`
|
||||
}
|
||||
|
||||
func NewDefaultStorageConfig() StorageConfig {
|
||||
return StorageConfig{
|
||||
Driver: "sqlite",
|
||||
DSN: "./data/storage.sqlite?mode=rw&_pragma=foreign_keys(1)&_pragma=busy_timeout=150000&_pragma=journal_mode=WAL",
|
||||
}
|
||||
}
|
|
@ -0,0 +1,21 @@
|
|||
package config
|
||||
|
||||
type WebAuthnConfig struct {
|
||||
RelyingParty WebAuthnRelyingPartyConfig `yaml:"relyingParty"`
|
||||
}
|
||||
|
||||
type WebAuthnRelyingPartyConfig struct {
|
||||
ID string `yaml:"id"`
|
||||
DisplayName string `yaml:"displayName"`
|
||||
Origins []string `yaml:"origins"`
|
||||
}
|
||||
|
||||
func NewDefaultWebAuthnConfig() WebAuthnConfig {
|
||||
return WebAuthnConfig{
|
||||
RelyingParty: WebAuthnRelyingPartyConfig{
|
||||
ID: "localhost",
|
||||
DisplayName: "WebAuthn",
|
||||
Origins: []string{"http://localhost:3000"},
|
||||
},
|
||||
}
|
||||
}
|
|
@ -0,0 +1,263 @@
|
|||
package hydra
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"encoding/json"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"time"
|
||||
|
||||
"github.com/pkg/errors"
|
||||
)
|
||||
|
||||
type Client struct {
|
||||
baseURL *url.URL
|
||||
http *http.Client
|
||||
}
|
||||
|
||||
func (c *Client) LoginRequest(challenge string) (*LoginResponse, error) {
|
||||
u := fromURL(*c.baseURL, "/oauth2/auth/requests/login", url.Values{
|
||||
"login_challenge": []string{challenge},
|
||||
})
|
||||
|
||||
res, err := c.http.Get(u)
|
||||
if err != nil {
|
||||
return nil, errors.Wrap(err, "could not retrieve login response")
|
||||
}
|
||||
|
||||
if res.StatusCode < http.StatusOK || res.StatusCode >= http.StatusBadRequest {
|
||||
return nil, errors.Wrapf(ErrUnexpectedHydraResponse, "hydra responded with status code '%d'", res.StatusCode)
|
||||
}
|
||||
|
||||
defer res.Body.Close()
|
||||
|
||||
decoder := json.NewDecoder(res.Body)
|
||||
loginRes := &LoginResponse{}
|
||||
|
||||
if err := decoder.Decode(loginRes); err != nil {
|
||||
return nil, errors.Wrap(err, "could not decode json response")
|
||||
}
|
||||
|
||||
return loginRes, nil
|
||||
}
|
||||
|
||||
func (c *Client) AcceptLoginRequest(challenge string, req *AcceptLoginRequest) (*AcceptResponse, error) {
|
||||
u := fromURL(*c.baseURL, "/oauth2/auth/requests/login/accept", url.Values{
|
||||
"login_challenge": []string{challenge},
|
||||
})
|
||||
|
||||
res := &AcceptResponse{}
|
||||
|
||||
if err := c.putJSON(u, req, res); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return res, nil
|
||||
}
|
||||
|
||||
func (c *Client) RejectLoginRequest(challenge string, req *RejectRequest) (*RejectResponse, error) {
|
||||
u := fromURL(*c.baseURL, "/oauth2/auth/requests/login/reject", url.Values{
|
||||
"login_challenge": []string{challenge},
|
||||
})
|
||||
|
||||
res := &RejectResponse{}
|
||||
|
||||
if err := c.putJSON(u, req, res); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return res, nil
|
||||
}
|
||||
|
||||
func (c *Client) LogoutRequest(challenge string) (*LogoutResponse, error) {
|
||||
u := fromURL(*c.baseURL, "/oauth2/auth/requests/logout", url.Values{
|
||||
"logout_challenge": []string{challenge},
|
||||
})
|
||||
|
||||
res, err := c.http.Get(u)
|
||||
if err != nil {
|
||||
return nil, errors.Wrap(err, "could not retrieve logout response")
|
||||
}
|
||||
|
||||
if res.StatusCode < http.StatusOK || res.StatusCode >= http.StatusBadRequest {
|
||||
return nil, errors.Wrapf(ErrUnexpectedHydraResponse, "hydra responded with status code '%d'", res.StatusCode)
|
||||
}
|
||||
|
||||
defer res.Body.Close()
|
||||
|
||||
decoder := json.NewDecoder(res.Body)
|
||||
logoutRes := &LogoutResponse{}
|
||||
|
||||
if err := decoder.Decode(logoutRes); err != nil {
|
||||
return nil, errors.Wrap(err, "could not decode json response")
|
||||
}
|
||||
|
||||
return logoutRes, nil
|
||||
}
|
||||
|
||||
func (c *Client) AcceptLogoutRequest(challenge string) (*AcceptResponse, error) {
|
||||
u := fromURL(*c.baseURL, "/oauth2/auth/requests/logout/accept", url.Values{
|
||||
"logout_challenge": []string{challenge},
|
||||
})
|
||||
|
||||
res := &AcceptResponse{}
|
||||
|
||||
if err := c.putJSON(u, nil, res); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return res, nil
|
||||
}
|
||||
|
||||
func (c *Client) RejectLogoutRequest(challenge string, req *RejectRequest) (*RejectResponse, error) {
|
||||
u := fromURL(*c.baseURL, "/oauth2/auth/requests/logout/reject", url.Values{
|
||||
"logout_challenge": []string{challenge},
|
||||
})
|
||||
|
||||
res := &RejectResponse{}
|
||||
|
||||
if err := c.putJSON(u, req, res); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return res, nil
|
||||
}
|
||||
|
||||
func (c *Client) ConsentRequest(challenge string) (*ConsentResponse, error) {
|
||||
u := fromURL(*c.baseURL, "/oauth2/auth/requests/consent", url.Values{
|
||||
"consent_challenge": []string{challenge},
|
||||
})
|
||||
|
||||
res, err := c.http.Get(u)
|
||||
if err != nil {
|
||||
return nil, errors.Wrap(err, "could not retrieve login response")
|
||||
}
|
||||
|
||||
if res.StatusCode < http.StatusOK || res.StatusCode >= http.StatusBadRequest {
|
||||
return nil, errors.Wrapf(ErrUnexpectedHydraResponse, "hydra responded with status code '%d'", res.StatusCode)
|
||||
}
|
||||
|
||||
defer res.Body.Close()
|
||||
|
||||
decoder := json.NewDecoder(res.Body)
|
||||
consentRes := &ConsentResponse{}
|
||||
|
||||
if err := decoder.Decode(consentRes); err != nil {
|
||||
return nil, errors.Wrap(err, "could not decode json response")
|
||||
}
|
||||
|
||||
return consentRes, nil
|
||||
}
|
||||
|
||||
func (c *Client) AcceptConsentRequest(challenge string, req *AcceptConsentRequest) (*AcceptResponse, error) {
|
||||
u := fromURL(*c.baseURL, "/oauth2/auth/requests/consent/accept", url.Values{
|
||||
"consent_challenge": []string{challenge},
|
||||
})
|
||||
|
||||
res := &AcceptResponse{}
|
||||
|
||||
if err := c.putJSON(u, req, res); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return res, nil
|
||||
}
|
||||
|
||||
func (c *Client) RejectConsentRequest(challenge string, req *RejectRequest) (*RejectResponse, error) {
|
||||
u := fromURL(*c.baseURL, "/oauth2/auth/requests/consent/reject", url.Values{
|
||||
"consent_challenge": []string{challenge},
|
||||
})
|
||||
|
||||
res := &RejectResponse{}
|
||||
|
||||
if err := c.putJSON(u, req, res); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return res, nil
|
||||
}
|
||||
|
||||
func (c *Client) LoginChallenge(r *http.Request) (string, error) {
|
||||
return c.challenge(r, "login_challenge")
|
||||
}
|
||||
|
||||
func (c *Client) ConsentChallenge(r *http.Request) (string, error) {
|
||||
return c.challenge(r, "consent_challenge")
|
||||
}
|
||||
|
||||
func (c *Client) LogoutChallenge(r *http.Request) (string, error) {
|
||||
return c.challenge(r, "logout_challenge")
|
||||
}
|
||||
|
||||
func (c *Client) challenge(r *http.Request, name string) (string, error) {
|
||||
challenge := r.URL.Query().Get(name)
|
||||
if challenge == "" {
|
||||
return "", ErrChallengeNotFound
|
||||
}
|
||||
|
||||
return challenge, nil
|
||||
}
|
||||
|
||||
func (c *Client) putJSON(u string, payload interface{}, result interface{}) error {
|
||||
var buf bytes.Buffer
|
||||
|
||||
encoder := json.NewEncoder(&buf)
|
||||
if err := encoder.Encode(payload); err != nil {
|
||||
return errors.Wrap(err, "could not encode request body")
|
||||
}
|
||||
|
||||
req, err := http.NewRequest("PUT", u, &buf)
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "could not create request")
|
||||
}
|
||||
|
||||
res, err := c.http.Do(req)
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "could not retrieve login response")
|
||||
}
|
||||
|
||||
if res.StatusCode < http.StatusOK || res.StatusCode >= http.StatusBadRequest {
|
||||
return errors.Wrapf(ErrUnexpectedHydraResponse, "hydra responded with status code '%d'", res.StatusCode)
|
||||
}
|
||||
|
||||
defer res.Body.Close()
|
||||
|
||||
decoder := json.NewDecoder(res.Body)
|
||||
|
||||
if err := decoder.Decode(result); err != nil {
|
||||
return errors.Wrap(err, "could not decode json response")
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func fromURL(url url.URL, path string, query url.Values) string {
|
||||
url.Path = path
|
||||
url.RawQuery = query.Encode()
|
||||
|
||||
return url.String()
|
||||
}
|
||||
|
||||
type fakeSSLTerminationTransport struct {
|
||||
T http.RoundTripper
|
||||
}
|
||||
|
||||
func (t *fakeSSLTerminationTransport) RoundTrip(req *http.Request) (*http.Response, error) {
|
||||
req.Header.Add("X-Forwarded-Proto", "https")
|
||||
return t.T.RoundTrip(req)
|
||||
}
|
||||
|
||||
func NewClient(baseURL *url.URL, fakeSSLTermination bool, httpTimeout time.Duration) *Client {
|
||||
httpClient := &http.Client{
|
||||
Timeout: httpTimeout,
|
||||
}
|
||||
|
||||
if fakeSSLTermination {
|
||||
httpClient.Transport = &fakeSSLTerminationTransport{http.DefaultTransport}
|
||||
}
|
||||
|
||||
return &Client{
|
||||
baseURL: baseURL,
|
||||
http: httpClient,
|
||||
}
|
||||
}
|
|
@ -0,0 +1,8 @@
|
|||
package hydra
|
||||
|
||||
import "errors"
|
||||
|
||||
var (
|
||||
ErrUnexpectedHydraResponse = errors.New("unexpected hydra response")
|
||||
ErrChallengeNotFound = errors.New("challenge not found")
|
||||
)
|
|
@ -0,0 +1,30 @@
|
|||
package hydra
|
||||
|
||||
import (
|
||||
"net/url"
|
||||
"time"
|
||||
|
||||
"github.com/pkg/errors"
|
||||
"gitlab.com/wpetit/goweb/service"
|
||||
)
|
||||
|
||||
func ServiceProvider(rawBaseURL string, fakeSSLTermination bool, httpTimeout time.Duration) service.Provider {
|
||||
var (
|
||||
baseURL *url.URL
|
||||
err error
|
||||
)
|
||||
|
||||
baseURL, err = url.Parse(rawBaseURL)
|
||||
if err != nil {
|
||||
err = errors.Wrap(err, "could not parse base url")
|
||||
}
|
||||
|
||||
client := NewClient(baseURL, fakeSSLTermination, httpTimeout)
|
||||
|
||||
return func(ctn *service.Container) (interface{}, error) {
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return client, nil
|
||||
}
|
||||
}
|
|
@ -0,0 +1,29 @@
|
|||
package hydra
|
||||
|
||||
type AcceptLoginRequest struct {
|
||||
Subject string `json:"subject"`
|
||||
Remember bool `json:"remember"`
|
||||
RememberFor int `json:"remember_for"`
|
||||
ACR string `json:"acr"`
|
||||
Context map[string]interface{} `json:"context"`
|
||||
}
|
||||
|
||||
type AcceptLogoutRequest struct{}
|
||||
|
||||
type AcceptConsentRequest struct {
|
||||
GrantScope []string `json:"grant_scope"`
|
||||
GrantAccessTokenAudience []string `json:"grant_access_token_audience"`
|
||||
Remember bool `json:"remember"`
|
||||
RememberFor int `json:"remember_for"`
|
||||
Session AcceptConsentSession `json:"session"`
|
||||
}
|
||||
|
||||
type AcceptConsentSession struct {
|
||||
AccessToken map[string]interface{} `json:"access_token"`
|
||||
IDToken map[string]interface{} `json:"id_token"`
|
||||
}
|
||||
|
||||
type RejectRequest struct {
|
||||
Error string `json:"error"`
|
||||
ErrorDescription string `json:"error_description"`
|
||||
}
|
|
@ -0,0 +1,88 @@
|
|||
package hydra
|
||||
|
||||
import "time"
|
||||
|
||||
// https://www.ory.sh/hydra/docs/reference/api#get-a-login-request
|
||||
|
||||
type ClientResponseFragment struct {
|
||||
AllowCORSOrigins []string `json:"allowed_cors_origins"`
|
||||
Audience []string `json:"audience"`
|
||||
BackChannelLogoutSessionRequired bool `json:"backchannel_logout_session_required"`
|
||||
BackChannelLogoutURI string `json:"backchannel_logout_uri"`
|
||||
ClientID string `json:"client_id"`
|
||||
ClientName string `json:"client_name"`
|
||||
ClientSecret string `json:"client_secret"`
|
||||
ClientSecretExpiresAt int `json:"client_secret_expires_at"`
|
||||
ClientURI string `json:"client_uri"`
|
||||
Contacts []string `json:"contacts"`
|
||||
CreatedAt time.Time `json:"created_at"`
|
||||
FrontChannelLogoutSessionRequired bool `json:"frontchannel_logout_session_required"`
|
||||
FrontChannelLogoutURL string `json:"frontchannel_logout_uri"`
|
||||
GrantTypes []string `json:"grant_types"`
|
||||
JWKS map[string]interface{} `json:"jwks"`
|
||||
JwksURI string `json:"jwks_uri"`
|
||||
LogoURI string `json:"logo_uri"`
|
||||
Metadata map[string]interface{} `json:"metadata"`
|
||||
Owner string `json:"owner"`
|
||||
PolicyURI string `json:"policy_uri"`
|
||||
PostLogoutRedirectURIs []string `json:"post_logout_redirect_uris"`
|
||||
RedirectURIs []string `json:"redirect_uris"`
|
||||
RequestObjectSigningAlg string `json:"request_object_signing_alg"`
|
||||
RequestURIs []string `json:"request_uris"`
|
||||
ResponseTypes []string `json:"response_types"`
|
||||
Scope string `json:"scope"`
|
||||
SectorIdentifierURI string `json:"sector_identifier_uri"`
|
||||
SubjectType string `json:"subject_type"`
|
||||
TokenEndpointAuthMethod string `json:"token_endpoint_auth_method"`
|
||||
TosURI string `json:"tos_uri"`
|
||||
UpdatedAt time.Time `json:"updated_at"`
|
||||
UserInfoSignedResponseAlg string `json:"userinfo_signed_response_alg"`
|
||||
}
|
||||
|
||||
type OidcContextResponseFragment struct {
|
||||
ACRValues []string `json:"acr_values"`
|
||||
Display string `json:"display"`
|
||||
IDTokenHintClaims map[string]interface{} `json:"id_token_hint_claims"`
|
||||
LoginHint string `json:"login_hint"`
|
||||
UILocales []string `json:"ui_locales"`
|
||||
}
|
||||
|
||||
type LoginResponse struct {
|
||||
Challenge string `json:"challenge"`
|
||||
Skip bool `json:"skip"`
|
||||
Subject string `json:"subject"`
|
||||
Client ClientResponseFragment `json:"client"`
|
||||
RequestURL string `json:"request_url"`
|
||||
RequestedScope []string `json:"requested_scope"`
|
||||
OidcContext OidcContextResponseFragment `json:"oidc_context"`
|
||||
RequestedAccessTokenAudience []string `json:"requested_access_token_audience"`
|
||||
SessionID string `json:"session_id"`
|
||||
}
|
||||
|
||||
type AcceptResponse struct {
|
||||
RedirectTo string `json:"redirect_to"`
|
||||
}
|
||||
|
||||
type RejectResponse struct {
|
||||
RedirectTo string `json:"redirect_to"`
|
||||
}
|
||||
|
||||
type LogoutResponse struct {
|
||||
Subject string `json:"subject"`
|
||||
SessionID string `json:"sid"`
|
||||
RPInitiated bool `json:"rp_initiated"`
|
||||
RequestURL string `json:"request_url"`
|
||||
}
|
||||
|
||||
type ConsentResponse struct {
|
||||
Challenge string `json:"challenge"`
|
||||
Skip bool `json:"skip"`
|
||||
Subject string `json:"subject"`
|
||||
Client ClientResponseFragment `json:"client"`
|
||||
RequestURL string `json:"request_url"`
|
||||
RequestedScope []string `json:"requested_scope"`
|
||||
OidcContext OidcContextResponseFragment `json:"oidc_context"`
|
||||
RequestedAccessTokenAudience []string `json:"requested_access_token_audience"`
|
||||
SessionID string `json:"session_id"`
|
||||
Context map[string]interface{} `json:"context"`
|
||||
}
|
|
@ -0,0 +1,33 @@
|
|||
package hydra
|
||||
|
||||
import (
|
||||
"github.com/pkg/errors"
|
||||
"gitlab.com/wpetit/goweb/service"
|
||||
)
|
||||
|
||||
const ServiceName service.Name = "hydra"
|
||||
|
||||
// From retrieves the hydra service in the given container
|
||||
func From(container *service.Container) (*Client, error) {
|
||||
service, err := container.Service(ServiceName)
|
||||
if err != nil {
|
||||
return nil, errors.Wrapf(err, "error while retrieving '%s' service", ServiceName)
|
||||
}
|
||||
|
||||
srv, ok := service.(*Client)
|
||||
if !ok {
|
||||
return nil, errors.Errorf("retrieved service is not a valid '%s' service", ServiceName)
|
||||
}
|
||||
|
||||
return srv, nil
|
||||
}
|
||||
|
||||
// Must retrieves the hydra service in the given container or panic otherwise
|
||||
func Must(container *service.Container) *Client {
|
||||
srv, err := From(container)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
||||
return srv
|
||||
}
|
|
@ -0,0 +1,52 @@
|
|||
package api
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
|
||||
"forge.cadoles.com/wpetit/hydra-webauthn/internal/storage"
|
||||
"github.com/pkg/errors"
|
||||
"gitlab.com/wpetit/goweb/api"
|
||||
"gitlab.com/wpetit/goweb/logger"
|
||||
"gitlab.com/wpetit/goweb/middleware/container"
|
||||
)
|
||||
|
||||
type CreateUserRequest struct {
|
||||
Username string `json:"username" validate:"required"`
|
||||
Attributes map[string]any `json:"attributes"`
|
||||
}
|
||||
|
||||
type CreateUserResponse struct {
|
||||
User *storage.User `json:"user"`
|
||||
}
|
||||
|
||||
func CreateUser(w http.ResponseWriter, r *http.Request) {
|
||||
createUserReq := &CreateUserRequest{}
|
||||
if ok := api.Bind(w, r, createUserReq); !ok {
|
||||
return
|
||||
}
|
||||
|
||||
ctx := r.Context()
|
||||
ctn := container.Must(ctx)
|
||||
storageSrv := storage.Must(ctn)
|
||||
|
||||
user, err := storageSrv.User().CreateUser(ctx, createUserReq.Username, createUserReq.Attributes)
|
||||
if err != nil {
|
||||
if errors.Is(err, storage.ErrAlreadyExist) {
|
||||
logger.Warn(ctx, "user already exists", logger.E(errors.WithStack(err)), logger.F("username", createUserReq.Username))
|
||||
api.ErrorResponse(w, http.StatusConflict, ErrCodeAlreadyExist, nil)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
logger.Error(ctx, "could not create user", logger.E(errors.WithStack(err)))
|
||||
api.ErrorResponse(w, http.StatusInternalServerError, api.ErrCodeUnknownError, nil)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
response := CreateUserResponse{
|
||||
User: user,
|
||||
}
|
||||
|
||||
api.DataResponse(w, http.StatusCreated, response)
|
||||
}
|
|
@ -0,0 +1,8 @@
|
|||
package api
|
||||
|
||||
import "gitlab.com/wpetit/goweb/api"
|
||||
|
||||
var (
|
||||
ErrCodeAlreadyExist api.ErrorCode = "already-exist"
|
||||
ErrNotModified api.ErrorCode = "not-modified"
|
||||
)
|
|
@ -0,0 +1,45 @@
|
|||
package api
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
|
||||
"forge.cadoles.com/wpetit/hydra-webauthn/internal/storage"
|
||||
"github.com/go-chi/chi"
|
||||
"github.com/pkg/errors"
|
||||
"gitlab.com/wpetit/goweb/api"
|
||||
"gitlab.com/wpetit/goweb/logger"
|
||||
"gitlab.com/wpetit/goweb/middleware/container"
|
||||
)
|
||||
|
||||
type GenerateRegistrationLinkResponse struct {
|
||||
RegistrationLink *storage.RegistrationLink `json:"registrationLink"`
|
||||
}
|
||||
|
||||
func GenerateRegistrationLink(w http.ResponseWriter, r *http.Request) {
|
||||
userID := chi.URLParam(r, "userID")
|
||||
|
||||
ctx := r.Context()
|
||||
ctn := container.Must(ctx)
|
||||
storageSrv := storage.Must(ctn)
|
||||
|
||||
registrationLink, err := storageSrv.User().GenerateRegistrationLink(ctx, userID)
|
||||
if err != nil {
|
||||
if errors.Is(err, storage.ErrNotFound) {
|
||||
logger.Warn(ctx, "user not found", logger.E(errors.WithStack(err)), logger.F("userID", userID))
|
||||
api.ErrorResponse(w, http.StatusNotFound, api.ErrCodeNotFound, nil)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
logger.Error(ctx, "could not generate registration link", logger.E(errors.WithStack(err)))
|
||||
api.ErrorResponse(w, http.StatusInternalServerError, api.ErrCodeUnknownError, nil)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
response := GenerateRegistrationLinkResponse{
|
||||
RegistrationLink: registrationLink,
|
||||
}
|
||||
|
||||
api.DataResponse(w, http.StatusCreated, response)
|
||||
}
|
|
@ -0,0 +1,45 @@
|
|||
package api
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
|
||||
"forge.cadoles.com/wpetit/hydra-webauthn/internal/storage"
|
||||
"github.com/go-chi/chi"
|
||||
"github.com/pkg/errors"
|
||||
"gitlab.com/wpetit/goweb/api"
|
||||
"gitlab.com/wpetit/goweb/logger"
|
||||
"gitlab.com/wpetit/goweb/middleware/container"
|
||||
)
|
||||
|
||||
type GetRegistrationLinkResponse struct {
|
||||
RegistrationLink *storage.RegistrationLink `json:"registrationLink"`
|
||||
}
|
||||
|
||||
func GetRegistrationLink(w http.ResponseWriter, r *http.Request) {
|
||||
userID := chi.URLParam(r, "userID")
|
||||
|
||||
ctx := r.Context()
|
||||
ctn := container.Must(ctx)
|
||||
storageSrv := storage.Must(ctn)
|
||||
|
||||
registrationLink, err := storageSrv.User().GetRegistrationLink(ctx, userID)
|
||||
if err != nil {
|
||||
if errors.Is(err, storage.ErrNotFound) {
|
||||
logger.Warn(ctx, "registration link or associated user not found", logger.E(errors.WithStack(err)), logger.F("userID", userID))
|
||||
api.ErrorResponse(w, http.StatusNotFound, api.ErrCodeNotFound, nil)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
logger.Error(ctx, "could not get registration link", logger.E(errors.WithStack(err)))
|
||||
api.ErrorResponse(w, http.StatusInternalServerError, api.ErrCodeUnknownError, nil)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
response := GetRegistrationLinkResponse{
|
||||
RegistrationLink: registrationLink,
|
||||
}
|
||||
|
||||
api.DataResponse(w, http.StatusOK, response)
|
||||
}
|
|
@ -0,0 +1,45 @@
|
|||
package api
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
|
||||
"forge.cadoles.com/wpetit/hydra-webauthn/internal/storage"
|
||||
"github.com/go-chi/chi"
|
||||
"github.com/pkg/errors"
|
||||
"gitlab.com/wpetit/goweb/api"
|
||||
"gitlab.com/wpetit/goweb/logger"
|
||||
"gitlab.com/wpetit/goweb/middleware/container"
|
||||
)
|
||||
|
||||
type GetUserResponse struct {
|
||||
User *storage.User `json:"user"`
|
||||
}
|
||||
|
||||
func GetUser(w http.ResponseWriter, r *http.Request) {
|
||||
userID := chi.URLParam(r, "userID")
|
||||
|
||||
ctx := r.Context()
|
||||
ctn := container.Must(ctx)
|
||||
storageSrv := storage.Must(ctn)
|
||||
|
||||
user, err := storageSrv.User().FindUserByID(ctx, userID)
|
||||
if err != nil {
|
||||
if errors.Is(err, storage.ErrNotFound) {
|
||||
logger.Warn(ctx, "could not find user", logger.E(errors.WithStack(err)), logger.F("userID", userID))
|
||||
api.ErrorResponse(w, http.StatusNotFound, api.ErrCodeNotFound, nil)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
logger.Error(ctx, "could not get user", logger.E(errors.WithStack(err)))
|
||||
api.ErrorResponse(w, http.StatusInternalServerError, api.ErrCodeUnknownError, nil)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
response := GetUserResponse{
|
||||
User: user,
|
||||
}
|
||||
|
||||
api.DataResponse(w, http.StatusOK, response)
|
||||
}
|
|
@ -0,0 +1,42 @@
|
|||
package api
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
|
||||
"forge.cadoles.com/wpetit/hydra-webauthn/internal/storage"
|
||||
"github.com/pkg/errors"
|
||||
"gitlab.com/wpetit/goweb/api"
|
||||
"gitlab.com/wpetit/goweb/logger"
|
||||
"gitlab.com/wpetit/goweb/middleware/container"
|
||||
)
|
||||
|
||||
type ListUsersResponse struct {
|
||||
Users []storage.UserHeader `json:"users"`
|
||||
}
|
||||
|
||||
func ListUsers(w http.ResponseWriter, r *http.Request) {
|
||||
ctx := r.Context()
|
||||
ctn := container.Must(ctx)
|
||||
storageSrv := storage.Must(ctn)
|
||||
|
||||
users, err := storageSrv.User().ListUsers(ctx)
|
||||
if err != nil {
|
||||
if errors.Is(err, storage.ErrNotFound) {
|
||||
logger.Warn(ctx, "could not list users", logger.E(errors.WithStack(err)))
|
||||
api.ErrorResponse(w, http.StatusNotFound, api.ErrCodeNotFound, nil)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
logger.Error(ctx, "could not get user", logger.E(errors.WithStack(err)))
|
||||
api.ErrorResponse(w, http.StatusInternalServerError, api.ErrCodeUnknownError, nil)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
response := ListUsersResponse{
|
||||
Users: users,
|
||||
}
|
||||
|
||||
api.DataResponse(w, http.StatusOK, response)
|
||||
}
|
|
@ -0,0 +1,33 @@
|
|||
package api
|
||||
|
||||
import (
|
||||
"forge.cadoles.com/wpetit/hydra-webauthn/internal/config"
|
||||
"github.com/go-chi/chi"
|
||||
"github.com/go-chi/chi/middleware"
|
||||
)
|
||||
|
||||
func Mount(r *chi.Mux, config *config.Config) error {
|
||||
basicAuth := middleware.BasicAuth("Hydra WebAuthn", toCredentials(config.API.Authentication.Accounts))
|
||||
|
||||
r.Route("/api/v1", func(r chi.Router) {
|
||||
r.Use(basicAuth)
|
||||
r.Post("/users", CreateUser)
|
||||
r.Get("/users/{userID}", GetUser)
|
||||
r.Get("/users", ListUsers)
|
||||
r.Post("/users/{userID}/registration-link", GenerateRegistrationLink)
|
||||
r.Get("/users/{userID}/registration-link", GetRegistrationLink)
|
||||
r.Put("/users/{userID}", UpdateUser)
|
||||
})
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func toCredentials(accounts []config.AccountConfig) map[string]string {
|
||||
credentials := make(map[string]string, len(accounts))
|
||||
|
||||
for _, acc := range accounts {
|
||||
credentials[acc.Username] = acc.Password
|
||||
}
|
||||
|
||||
return credentials
|
||||
}
|
|
@ -0,0 +1,85 @@
|
|||
package api
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
|
||||
"forge.cadoles.com/wpetit/hydra-webauthn/internal/storage"
|
||||
"github.com/go-chi/chi"
|
||||
"github.com/pkg/errors"
|
||||
"gitlab.com/wpetit/goweb/api"
|
||||
"gitlab.com/wpetit/goweb/logger"
|
||||
"gitlab.com/wpetit/goweb/middleware/container"
|
||||
)
|
||||
|
||||
type UpdateUserRequest struct {
|
||||
Username *string `json:"username"`
|
||||
Attributes *map[string]any `json:"attributes"`
|
||||
}
|
||||
|
||||
type UpdateUserResponse struct {
|
||||
User *storage.User `json:"user"`
|
||||
}
|
||||
|
||||
func UpdateUser(w http.ResponseWriter, r *http.Request) {
|
||||
userID := chi.URLParam(r, "userID")
|
||||
|
||||
updateUserReq := &UpdateUserRequest{}
|
||||
if ok := api.Bind(w, r, updateUserReq); !ok {
|
||||
return
|
||||
}
|
||||
|
||||
ctx := r.Context()
|
||||
ctn := container.Must(ctx)
|
||||
storageSrv := storage.Must(ctn)
|
||||
|
||||
var (
|
||||
user *storage.User
|
||||
err error
|
||||
)
|
||||
|
||||
if updateUserReq.Username != nil {
|
||||
user, err = storageSrv.User().UpdateUserUsername(ctx, userID, *updateUserReq.Username)
|
||||
if err != nil {
|
||||
if errors.Is(err, storage.ErrNotFound) {
|
||||
logger.Warn(ctx, "could not find user", logger.E(errors.WithStack(err)), logger.F("userID", userID))
|
||||
api.ErrorResponse(w, http.StatusNotFound, api.ErrCodeNotFound, nil)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
logger.Error(ctx, "could not update username", logger.E(errors.WithStack(err)))
|
||||
api.ErrorResponse(w, http.StatusInternalServerError, api.ErrCodeUnknownError, nil)
|
||||
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
if updateUserReq.Attributes != nil {
|
||||
user, err = storageSrv.User().UpdateUserAttributes(ctx, userID, *updateUserReq.Attributes)
|
||||
if err != nil {
|
||||
if errors.Is(err, storage.ErrNotFound) {
|
||||
logger.Warn(ctx, "could not find user", logger.E(errors.WithStack(err)), logger.F("userID", userID))
|
||||
api.ErrorResponse(w, http.StatusNotFound, api.ErrCodeNotFound, nil)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
logger.Error(ctx, "could not update attributes", logger.E(errors.WithStack(err)), logger.F("userID", userID))
|
||||
api.ErrorResponse(w, http.StatusInternalServerError, api.ErrCodeUnknownError, nil)
|
||||
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
if user == nil {
|
||||
api.ErrorResponse(w, http.StatusBadRequest, ErrNotModified, nil)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
response := UpdateUserResponse{
|
||||
User: user,
|
||||
}
|
||||
|
||||
api.DataResponse(w, http.StatusOK, response)
|
||||
}
|
|
@ -0,0 +1,58 @@
|
|||
package common
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
"strings"
|
||||
|
||||
"forge.cadoles.com/wpetit/hydra-webauthn/internal/config"
|
||||
"github.com/pkg/errors"
|
||||
"gitlab.com/wpetit/goweb/middleware/container"
|
||||
"gitlab.com/wpetit/goweb/service"
|
||||
"gitlab.com/wpetit/goweb/service/template"
|
||||
"gitlab.com/wpetit/goweb/template/html"
|
||||
)
|
||||
|
||||
func ExtendTemplateData(w http.ResponseWriter, r *http.Request, data template.Data) template.Data {
|
||||
ctn := container.Must(r.Context())
|
||||
data, err := template.Extend(data,
|
||||
html.WithFlashes(w, r, ctn),
|
||||
template.WithBuildInfo(w, r, ctn),
|
||||
withBaseURL(w, r, ctn),
|
||||
)
|
||||
if err != nil {
|
||||
panic(errors.Wrap(err, "could not extend template data"))
|
||||
}
|
||||
|
||||
return data
|
||||
}
|
||||
|
||||
func withBaseURL(w http.ResponseWriter, r *http.Request, ctn *service.Container) template.DataExtFunc {
|
||||
return func(data template.Data) (template.Data, error) {
|
||||
conf, err := config.From(ctn)
|
||||
if err != nil {
|
||||
return nil, errors.WithStack(err)
|
||||
}
|
||||
|
||||
data["BaseURL"] = strings.TrimSuffix(conf.HTTP.BaseURL, "/")
|
||||
|
||||
return data, nil
|
||||
}
|
||||
}
|
||||
|
||||
func RenderErrorPage(w http.ResponseWriter, r *http.Request, statusCode int, title, description string) error {
|
||||
ctn := container.Must(r.Context())
|
||||
tmpl := template.Must(ctn)
|
||||
|
||||
data := ExtendTemplateData(w, r, template.Data{
|
||||
"ErrorTitle": title,
|
||||
"ErrorDescription": description,
|
||||
})
|
||||
|
||||
w.WriteHeader(statusCode)
|
||||
|
||||
if err := tmpl.RenderPage(w, "error.html.tmpl", data); err != nil {
|
||||
return errors.Wrap(err, "could not render error page")
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
|
@ -0,0 +1,21 @@
|
|||
package route
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
|
||||
"forge.cadoles.com/wpetit/hydra-webauthn/internal/route/common"
|
||||
"github.com/pkg/errors"
|
||||
"gitlab.com/wpetit/goweb/middleware/container"
|
||||
"gitlab.com/wpetit/goweb/service/template"
|
||||
)
|
||||
|
||||
func serveHomePage(w http.ResponseWriter, r *http.Request) {
|
||||
ctn := container.Must(r.Context())
|
||||
tmpl := template.Must(ctn)
|
||||
|
||||
data := common.ExtendTemplateData(w, r, template.Data{})
|
||||
|
||||
if err := tmpl.RenderPage(w, "home.html.tmpl", data); err != nil {
|
||||
panic(errors.Wrapf(err, "could not render '%s' page", r.URL.Path))
|
||||
}
|
||||
}
|
|
@ -0,0 +1,50 @@
|
|||
package hydra
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
|
||||
"forge.cadoles.com/wpetit/hydra-webauthn/internal/hydra"
|
||||
"github.com/pkg/errors"
|
||||
"gitlab.com/wpetit/goweb/middleware/container"
|
||||
)
|
||||
|
||||
func serveConsentPage(w http.ResponseWriter, r *http.Request) {
|
||||
ctn := container.Must(r.Context())
|
||||
hydr := hydra.Must(ctn)
|
||||
|
||||
challenge, err := hydr.ConsentChallenge(r)
|
||||
if err != nil {
|
||||
if err == hydra.ErrChallengeNotFound {
|
||||
http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
panic(errors.Wrap(err, "could not retrieve consent challenge"))
|
||||
}
|
||||
|
||||
consentRes, err := hydr.ConsentRequest(challenge)
|
||||
if err != nil {
|
||||
panic(errors.Wrap(err, "could not retrieve hydra consent response"))
|
||||
}
|
||||
|
||||
userAttributes, ok := consentRes.Context["userAttributes"].(map[string]any)
|
||||
if !ok {
|
||||
userAttributes = make(map[string]any)
|
||||
}
|
||||
|
||||
acceptConsentReq := &hydra.AcceptConsentRequest{
|
||||
GrantScope: consentRes.RequestedScope,
|
||||
GrantAccessTokenAudience: consentRes.RequestedAccessTokenAudience,
|
||||
Session: hydra.AcceptConsentSession{
|
||||
IDToken: userAttributes,
|
||||
},
|
||||
}
|
||||
|
||||
acceptRes, err := hydr.AcceptConsentRequest(challenge, acceptConsentReq)
|
||||
if err != nil {
|
||||
panic(errors.Wrap(err, "could not accept hydra consent request"))
|
||||
}
|
||||
|
||||
http.Redirect(w, r, acceptRes.RedirectTo, http.StatusTemporaryRedirect)
|
||||
}
|
|
@ -0,0 +1,272 @@
|
|||
package hydra
|
||||
|
||||
import (
|
||||
"encoding/base64"
|
||||
"encoding/gob"
|
||||
"encoding/json"
|
||||
"net/http"
|
||||
|
||||
"forge.cadoles.com/wpetit/hydra-webauthn/internal/config"
|
||||
"forge.cadoles.com/wpetit/hydra-webauthn/internal/hydra"
|
||||
"forge.cadoles.com/wpetit/hydra-webauthn/internal/route/common"
|
||||
"forge.cadoles.com/wpetit/hydra-webauthn/internal/storage"
|
||||
"forge.cadoles.com/wpetit/hydra-webauthn/internal/webauthn"
|
||||
"github.com/getsentry/sentry-go"
|
||||
"github.com/go-webauthn/webauthn/protocol"
|
||||
"github.com/gorilla/csrf"
|
||||
"github.com/pkg/errors"
|
||||
"gitlab.com/wpetit/goweb/logger"
|
||||
"gitlab.com/wpetit/goweb/middleware/container"
|
||||
"gitlab.com/wpetit/goweb/service/session"
|
||||
"gitlab.com/wpetit/goweb/service/template"
|
||||
)
|
||||
|
||||
func init() {
|
||||
gob.Register(&webauthn.SessionData{})
|
||||
}
|
||||
|
||||
func serveLoginPage(w http.ResponseWriter, r *http.Request) {
|
||||
ctn := container.Must(r.Context())
|
||||
hydr := hydra.Must(ctn)
|
||||
|
||||
challenge, err := hydr.LoginChallenge(r)
|
||||
if err != nil {
|
||||
if errors.Is(err, hydra.ErrChallengeNotFound) {
|
||||
err := common.RenderErrorPage(
|
||||
w, r,
|
||||
http.StatusBadRequest,
|
||||
"Requête invalide",
|
||||
"Certaines informations requises afin de réaliser votre requête sont absentes.",
|
||||
)
|
||||
if err != nil {
|
||||
panic(errors.Wrapf(err, "could not render '%s' page", r.URL.Path))
|
||||
}
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
panic(errors.Wrap(err, "could not retrieve login challenge"))
|
||||
}
|
||||
|
||||
res, err := hydr.LoginRequest(challenge)
|
||||
if err != nil {
|
||||
panic(errors.Wrap(err, "could not retrieve hydra login response"))
|
||||
}
|
||||
|
||||
if res.Skip {
|
||||
accept := &hydra.AcceptLoginRequest{
|
||||
Subject: res.Subject,
|
||||
Context: map[string]interface{}{
|
||||
"username": res.Subject,
|
||||
},
|
||||
}
|
||||
|
||||
res, err := hydr.AcceptLoginRequest(challenge, accept)
|
||||
if err != nil {
|
||||
panic(errors.Wrap(err, "could not retrieve hydra accept response"))
|
||||
}
|
||||
|
||||
http.Redirect(w, r, res.RedirectTo, http.StatusSeeOther)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
tmpl := template.Must(ctn)
|
||||
|
||||
data := common.ExtendTemplateData(w, r, template.Data{
|
||||
csrf.TemplateTag: csrf.TemplateField(r),
|
||||
"LoginChallenge": challenge,
|
||||
"ClientName": res.Client.ClientName,
|
||||
"ClientURI": res.Client.ClientURI,
|
||||
"Username": "",
|
||||
"RememberMe": "",
|
||||
"CredentialAssertion": nil,
|
||||
})
|
||||
|
||||
if err := tmpl.RenderPage(w, "login.html.tmpl", data); err != nil {
|
||||
panic(errors.Wrapf(err, "could not render '%s' page", r.URL.Path))
|
||||
}
|
||||
}
|
||||
|
||||
func handleLoginForm(w http.ResponseWriter, r *http.Request) {
|
||||
ctx := r.Context()
|
||||
ctn := container.Must(ctx)
|
||||
tmpl := template.Must(ctn)
|
||||
hydr := hydra.Must(ctn)
|
||||
strg := storage.Must(ctn)
|
||||
conf := config.Must(ctn)
|
||||
wbth := webauthn.Must(ctn)
|
||||
sesn := session.Must(ctn)
|
||||
|
||||
if err := r.ParseForm(); err != nil {
|
||||
http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
challenge := r.Form.Get("challenge")
|
||||
|
||||
if challenge == "" {
|
||||
err := common.RenderErrorPage(
|
||||
w, r,
|
||||
http.StatusBadRequest,
|
||||
"Requête invalide",
|
||||
"Certaines informations requises sont manquantes pour pouvoir réaliser votre requête.",
|
||||
)
|
||||
if err != nil {
|
||||
panic(errors.Wrapf(err, "could not render '%s' page", r.URL.Path))
|
||||
}
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
res, err := hydr.LoginRequest(challenge)
|
||||
if err != nil {
|
||||
panic(errors.Wrap(err, "could not retrieve hydra login response"))
|
||||
}
|
||||
|
||||
username := r.Form.Get("username")
|
||||
rememberMe := r.Form.Get("rememberme") == "on"
|
||||
|
||||
renderPage := func(assertionRequest *protocol.CredentialAssertion) {
|
||||
data := common.ExtendTemplateData(w, r, template.Data{
|
||||
csrf.TemplateTag: csrf.TemplateField(r),
|
||||
"LoginChallenge": challenge,
|
||||
"Username": username,
|
||||
"RememberMe": rememberMe,
|
||||
"AssertionRequest": assertionRequest,
|
||||
"ClientName": res.Client.ClientName,
|
||||
"ClientURI": res.Client.ClientURI,
|
||||
})
|
||||
|
||||
if err := tmpl.RenderPage(w, "login.html.tmpl", data); err != nil {
|
||||
panic(errors.Wrapf(err, "could not render '%s' page", r.URL.Path))
|
||||
}
|
||||
}
|
||||
|
||||
sess, err := sesn.Get(w, r)
|
||||
if err != nil {
|
||||
panic(errors.Wrap(err, "could not retrieve session"))
|
||||
}
|
||||
|
||||
renderFlashError := func(message string) {
|
||||
sess.AddFlash(session.FlashError, message)
|
||||
|
||||
if err := sess.Save(w, r); err != nil {
|
||||
panic(errors.Wrap(err, "could not save session"))
|
||||
}
|
||||
|
||||
renderPage(nil)
|
||||
}
|
||||
|
||||
user, err := strg.User().FindUserByUsername(ctx, username)
|
||||
if err != nil {
|
||||
if errors.Is(err, storage.ErrNotFound) {
|
||||
renderFlashError("Impossible de trouver un compte associé à ce nom d'utilisateur.")
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
panic(errors.Wrap(err, "could not find user"))
|
||||
}
|
||||
|
||||
if !r.Form.Has("assertion") {
|
||||
if len(user.WebAuthnCredentials()) == 0 {
|
||||
renderFlashError("Aucune clé n'est encore associée à ce compte. Contactez votre administrateur.")
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
assertionRequest, webAuthnSessionData, err := wbth.BeginLogin(user)
|
||||
if err != nil {
|
||||
panic(errors.Wrap(err, "could not begin webauthn login"))
|
||||
}
|
||||
|
||||
sess.Set("webauthn", webAuthnSessionData)
|
||||
|
||||
if err := sess.Save(w, r); err != nil {
|
||||
panic(errors.Wrap(err, "could not save session"))
|
||||
}
|
||||
|
||||
renderPage(assertionRequest)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
webAuthnSessionData, ok := sess.Get("webauthn").(*webauthn.SessionData)
|
||||
if !ok {
|
||||
panic(errors.New("could not retrieve webauthn session data"))
|
||||
}
|
||||
|
||||
base64Assertion := r.Form.Get("assertion")
|
||||
if base64Assertion == "" {
|
||||
renderFlashError("Authentification échouée.")
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
rawAssertion, err := base64.RawURLEncoding.DecodeString(base64Assertion)
|
||||
if err != nil {
|
||||
logger.Error(ctx, "could not parse base64 encoded assertion", logger.E(errors.WithStack(err)))
|
||||
http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
var car protocol.CredentialAssertionResponse
|
||||
if err := json.Unmarshal(rawAssertion, &car); err != nil {
|
||||
logger.Error(ctx, "could not parse credential assertion response", logger.E(errors.WithStack(err)))
|
||||
http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
parsedResponse, err := car.Parse()
|
||||
if err != nil {
|
||||
logger.Error(ctx, "could not parse credential assertion response", logger.E(errors.WithStack(err)))
|
||||
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
if _, err := wbth.ValidateLogin(user, *webAuthnSessionData, parsedResponse); err != nil {
|
||||
logger.Error(ctx, "could not authenticate user", logger.E(errors.WithStack(err)))
|
||||
renderFlashError("Authentification échouée.")
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
rememberFor := conf.Session.DefaultDuration
|
||||
if rememberMe {
|
||||
rememberFor = conf.Session.RememberMeDuration
|
||||
}
|
||||
|
||||
accept := &hydra.AcceptLoginRequest{
|
||||
Subject: user.Username,
|
||||
Remember: rememberMe,
|
||||
RememberFor: rememberFor,
|
||||
Context: map[string]any{
|
||||
"userAttributes": user.Attributes,
|
||||
},
|
||||
}
|
||||
|
||||
loginRes, err := hydr.AcceptLoginRequest(challenge, accept)
|
||||
if err != nil {
|
||||
sentry.CaptureException(err)
|
||||
logger.Error(ctx, "could not retrieve hydra accept response", logger.E(err))
|
||||
|
||||
err := common.RenderErrorPage(
|
||||
w, r,
|
||||
http.StatusBadRequest,
|
||||
"Lien invalide",
|
||||
"Le lien de connexion utilisé est invalide ou a expiré.",
|
||||
)
|
||||
if err != nil {
|
||||
panic(errors.Wrapf(err, "could not render '%s' page", r.URL.Path))
|
||||
}
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
http.Redirect(w, r, loginRes.RedirectTo, http.StatusSeeOther)
|
||||
}
|
|
@ -0,0 +1,47 @@
|
|||
package hydra
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
|
||||
"forge.cadoles.com/wpetit/hydra-webauthn/internal/hydra"
|
||||
"github.com/pkg/errors"
|
||||
"gitlab.com/wpetit/goweb/middleware/container"
|
||||
"gitlab.com/wpetit/goweb/service/session"
|
||||
)
|
||||
|
||||
func serveLogoutPage(w http.ResponseWriter, r *http.Request) {
|
||||
ctn := container.Must(r.Context())
|
||||
hydr := hydra.Must(ctn)
|
||||
|
||||
challenge, err := hydr.LogoutChallenge(r)
|
||||
if err != nil {
|
||||
if errors.Is(err, hydra.ErrChallengeNotFound) {
|
||||
http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
panic(errors.Wrap(err, "could not retrieve logout challenge"))
|
||||
}
|
||||
|
||||
_, err = hydr.LogoutRequest(challenge)
|
||||
if err != nil {
|
||||
panic(errors.Wrap(err, "could not retrieve hydra logout response"))
|
||||
}
|
||||
|
||||
acceptRes, err := hydr.AcceptLogoutRequest(challenge)
|
||||
if err != nil {
|
||||
panic(errors.Wrap(err, "could not retrieve hydra accept logout response"))
|
||||
}
|
||||
|
||||
sess, err := session.Must(ctn).Get(w, r)
|
||||
if err != nil {
|
||||
panic(errors.Wrap(err, "could not retrieve session"))
|
||||
}
|
||||
|
||||
if err := sess.Delete(w, r); err != nil {
|
||||
panic(errors.Wrap(err, "could not delete session"))
|
||||
}
|
||||
|
||||
http.Redirect(w, r, acceptRes.RedirectTo, http.StatusSeeOther)
|
||||
}
|
|
@ -0,0 +1,34 @@
|
|||
package hydra
|
||||
|
||||
import (
|
||||
"forge.cadoles.com/wpetit/hydra-webauthn/internal/config"
|
||||
|
||||
"github.com/go-chi/chi"
|
||||
"github.com/gorilla/csrf"
|
||||
"github.com/pkg/errors"
|
||||
"gitlab.com/wpetit/goweb/session/gorilla"
|
||||
)
|
||||
|
||||
func Mount(r *chi.Mux, config *config.Config) error {
|
||||
csrfSecret, err := gorilla.GenerateRandomBytes(32)
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "could not generate CSRF secret")
|
||||
}
|
||||
|
||||
csrfMiddleware := csrf.Protect(
|
||||
csrfSecret,
|
||||
csrf.Secure(false),
|
||||
)
|
||||
|
||||
r.Group(func(r chi.Router) {
|
||||
r.Use(csrfMiddleware)
|
||||
r.Get("/login", serveLoginPage)
|
||||
r.Post("/login", handleLoginForm)
|
||||
r.Get("/logout", serveLogoutPage)
|
||||
r.Get("/consent", serveConsentPage)
|
||||
r.Get("/register/{token}", serveRegisterPage)
|
||||
r.Post("/register/{token}", handleRegisterForm)
|
||||
})
|
||||
|
||||
return nil
|
||||
}
|
|
@ -0,0 +1,171 @@
|
|||
package hydra
|
||||
|
||||
import (
|
||||
"encoding/base64"
|
||||
"encoding/json"
|
||||
"net/http"
|
||||
|
||||
"forge.cadoles.com/wpetit/hydra-webauthn/internal/route/common"
|
||||
"forge.cadoles.com/wpetit/hydra-webauthn/internal/storage"
|
||||
"forge.cadoles.com/wpetit/hydra-webauthn/internal/webauthn"
|
||||
"github.com/go-chi/chi"
|
||||
"github.com/go-webauthn/webauthn/protocol"
|
||||
"github.com/gorilla/csrf"
|
||||
"github.com/pkg/errors"
|
||||
"gitlab.com/wpetit/goweb/logger"
|
||||
"gitlab.com/wpetit/goweb/middleware/container"
|
||||
"gitlab.com/wpetit/goweb/service/session"
|
||||
"gitlab.com/wpetit/goweb/service/template"
|
||||
)
|
||||
|
||||
func serveRegisterPage(w http.ResponseWriter, r *http.Request) {
|
||||
ctx := r.Context()
|
||||
ctn := container.Must(ctx)
|
||||
tmpl := template.Must(ctn)
|
||||
webAuthn := webauthn.Must(ctn)
|
||||
session := session.Must(ctn)
|
||||
storageSrv := storage.Must(ctn)
|
||||
|
||||
token := chi.URLParam(r, "token")
|
||||
registrationLink, err := storageSrv.User().GetRegistrationLinkByToken(ctx, token)
|
||||
if err != nil {
|
||||
if errors.Is(err, storage.ErrNotFound) {
|
||||
logger.Warn(ctx, "registration link not found", logger.E(errors.WithStack(err)))
|
||||
http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
panic(errors.Wrap(err, "could not retrieve registration link"))
|
||||
}
|
||||
|
||||
user, err := storageSrv.User().FindUserByID(ctx, registrationLink.UserID)
|
||||
if err != nil {
|
||||
if errors.Is(err, storage.ErrNotFound) {
|
||||
logger.Warn(ctx, "user not found", logger.E(errors.WithStack(err)))
|
||||
http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
panic(errors.Wrap(err, "could not retrieve user"))
|
||||
}
|
||||
|
||||
webAuthnOptions, webAuthnSessionData, err := webAuthn.BeginRegistration(user)
|
||||
if err != nil {
|
||||
panic(errors.Wrap(err, "could not begin discoverable login"))
|
||||
}
|
||||
|
||||
sess, err := session.Get(w, r)
|
||||
if err != nil {
|
||||
panic(errors.Wrap(err, "could not retrieve session"))
|
||||
}
|
||||
|
||||
sess.Set("webauthn", webAuthnSessionData)
|
||||
|
||||
if err := sess.Save(w, r); err != nil {
|
||||
panic(errors.Wrap(err, "could not save session"))
|
||||
}
|
||||
|
||||
data := common.ExtendTemplateData(w, r, template.Data{
|
||||
csrf.TemplateTag: csrf.TemplateField(r),
|
||||
"WebAuthnOptions": webAuthnOptions,
|
||||
"Token": registrationLink.Token,
|
||||
})
|
||||
|
||||
if err := tmpl.RenderPage(w, "register.html.tmpl", data); err != nil {
|
||||
panic(errors.Wrapf(err, "could not render '%s' page", r.URL.Path))
|
||||
}
|
||||
}
|
||||
|
||||
func handleRegisterForm(w http.ResponseWriter, r *http.Request) {
|
||||
ctx := r.Context()
|
||||
serviceContainer := container.Must(ctx)
|
||||
webAuthnService := webauthn.Must(serviceContainer)
|
||||
sessionService := session.Must(serviceContainer)
|
||||
storageSrv := storage.Must(serviceContainer)
|
||||
|
||||
token := chi.URLParam(r, "token")
|
||||
registrationLink, err := storageSrv.User().GetRegistrationLinkByToken(ctx, token)
|
||||
if err != nil {
|
||||
if errors.Is(err, storage.ErrNotFound) {
|
||||
logger.Warn(ctx, "registration link not found", logger.E(errors.WithStack(err)))
|
||||
http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
panic(errors.Wrap(err, "could not retrieve registration link"))
|
||||
}
|
||||
|
||||
user, err := storageSrv.User().FindUserByID(ctx, registrationLink.UserID)
|
||||
if err != nil {
|
||||
if errors.Is(err, storage.ErrNotFound) {
|
||||
logger.Warn(ctx, "user not found", logger.E(errors.WithStack(err)))
|
||||
http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
panic(errors.Wrap(err, "could not retrieve user"))
|
||||
}
|
||||
|
||||
if err := r.ParseForm(); err != nil {
|
||||
http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
base64Credentials := r.Form.Get("credentials")
|
||||
|
||||
rawCredentials, err := base64.RawURLEncoding.DecodeString(base64Credentials)
|
||||
if err != nil {
|
||||
logger.Error(ctx, "could not parse base64 encoded credentials", logger.E(errors.WithStack(err)))
|
||||
http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
var ccr protocol.CredentialCreationResponse
|
||||
if err := json.Unmarshal(rawCredentials, &ccr); err != nil {
|
||||
logger.Error(ctx, "could not parse credential creation response", logger.E(errors.WithStack(err)))
|
||||
http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
parsedResponse, err := ccr.Parse()
|
||||
if err != nil {
|
||||
logger.Error(ctx, "could not parse credential creation response", logger.E(errors.WithStack(err)))
|
||||
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
sess, err := sessionService.Get(w, r)
|
||||
if err != nil {
|
||||
logger.Error(ctx, "could not retrieve session", logger.E(errors.WithStack(err)))
|
||||
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
webAuthnSessionData := sess.Get("webauthn").(*webauthn.SessionData)
|
||||
|
||||
credential, err := webAuthnService.CreateCredential(user, *webAuthnSessionData, parsedResponse)
|
||||
if err != nil {
|
||||
logger.Error(ctx, "could not create user credential", logger.E(errors.WithStack(err)))
|
||||
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
if _, err := storageSrv.User().AddUserCredential(ctx, user.ID, credential); err != nil {
|
||||
logger.Error(ctx, "could not add credential", logger.E(errors.WithStack(err)))
|
||||
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
http.Redirect(w, r, "/registered", http.StatusSeeOther)
|
||||
}
|
|
@ -0,0 +1,22 @@
|
|||
package route
|
||||
|
||||
import (
|
||||
"forge.cadoles.com/wpetit/hydra-webauthn/internal/config"
|
||||
"forge.cadoles.com/wpetit/hydra-webauthn/internal/route/api"
|
||||
"forge.cadoles.com/wpetit/hydra-webauthn/internal/route/hydra"
|
||||
|
||||
"github.com/go-chi/chi"
|
||||
"gitlab.com/wpetit/goweb/static"
|
||||
)
|
||||
|
||||
func Mount(r *chi.Mux, config *config.Config) error {
|
||||
|
||||
r.Get("/", serveHomePage)
|
||||
hydra.Mount(r, config)
|
||||
api.Mount(r, config)
|
||||
|
||||
notFoundHandler := r.NotFoundHandler()
|
||||
r.Get("/*", static.Dir(config.HTTP.PublicDir, "", notFoundHandler))
|
||||
|
||||
return nil
|
||||
}
|
|
@ -0,0 +1,8 @@
|
|||
package storage
|
||||
|
||||
import "github.com/go-webauthn/webauthn/webauthn"
|
||||
|
||||
type Credential struct {
|
||||
ID string `json:"id"`
|
||||
Credential *webauthn.Credential `json:"credential"`
|
||||
}
|
|
@ -0,0 +1,8 @@
|
|||
package storage
|
||||
|
||||
import "errors"
|
||||
|
||||
var (
|
||||
ErrAlreadyExist = errors.New("already exist")
|
||||
ErrNotFound = errors.New("not found")
|
||||
)
|
|
@ -0,0 +1,7 @@
|
|||
package storage
|
||||
|
||||
import "github.com/google/uuid"
|
||||
|
||||
func NewID() string {
|
||||
return uuid.New().String()
|
||||
}
|
|
@ -0,0 +1,15 @@
|
|||
package storage
|
||||
|
||||
import (
|
||||
"gitlab.com/wpetit/goweb/service"
|
||||
)
|
||||
|
||||
func ServiceProvider(userRepo UserRepository) service.Provider {
|
||||
srv := &Service{
|
||||
userRepository: userRepo,
|
||||
}
|
||||
|
||||
return func(ctn *service.Container) (interface{}, error) {
|
||||
return srv, nil
|
||||
}
|
||||
}
|
|
@ -0,0 +1,17 @@
|
|||
package storage
|
||||
|
||||
import "time"
|
||||
|
||||
type RegistrationLink struct {
|
||||
Token string `json:"token"`
|
||||
UserID string `json:"userId"`
|
||||
CreatedAt time.Time `json:"createdAt"`
|
||||
}
|
||||
|
||||
func NewRegistrationLink(userID string) *RegistrationLink {
|
||||
return &RegistrationLink{
|
||||
UserID: userID,
|
||||
Token: NewID(),
|
||||
CreatedAt: time.Now(),
|
||||
}
|
||||
}
|
|
@ -0,0 +1,41 @@
|
|||
package storage
|
||||
|
||||
import (
|
||||
"github.com/pkg/errors"
|
||||
"gitlab.com/wpetit/goweb/service"
|
||||
)
|
||||
|
||||
const ServiceName service.Name = "storage"
|
||||
|
||||
// From retrieves the storage service in the given container
|
||||
func From(container *service.Container) (*Service, error) {
|
||||
service, err := container.Service(ServiceName)
|
||||
if err != nil {
|
||||
return nil, errors.Wrapf(err, "error while retrieving '%s' service", ServiceName)
|
||||
}
|
||||
|
||||
srv, ok := service.(*Service)
|
||||
if !ok {
|
||||
return nil, errors.Errorf("retrieved service is not a valid '%s' service", ServiceName)
|
||||
}
|
||||
|
||||
return srv, nil
|
||||
}
|
||||
|
||||
// Must retrieves the storage service in the given container or panic otherwise
|
||||
func Must(container *service.Container) *Service {
|
||||
srv, err := From(container)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
||||
return srv
|
||||
}
|
||||
|
||||
type Service struct {
|
||||
userRepository UserRepository
|
||||
}
|
||||
|
||||
func (s *Service) User() UserRepository {
|
||||
return s.userRepository
|
||||
}
|
|
@ -0,0 +1,682 @@
|
|||
package sqlite
|
||||
|
||||
import (
|
||||
"context"
|
||||
"database/sql"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"forge.cadoles.com/wpetit/hydra-webauthn/internal/storage"
|
||||
"github.com/go-webauthn/webauthn/webauthn"
|
||||
"github.com/pkg/errors"
|
||||
"gitlab.com/wpetit/goweb/logger"
|
||||
|
||||
_ "embed"
|
||||
|
||||
_ "modernc.org/sqlite"
|
||||
)
|
||||
|
||||
type UserRepository struct {
|
||||
db *sql.DB
|
||||
sqliteBusyRetryMaxAttempts int
|
||||
}
|
||||
|
||||
// Create implements storage.UserRepository.
|
||||
func (r *UserRepository) CreateUser(ctx context.Context, username string, attributes map[string]any) (*storage.User, error) {
|
||||
user := storage.NewUser(username, attributes)
|
||||
|
||||
err := r.withTxRetry(ctx, func(tx *sql.Tx) error {
|
||||
query := `SELECT COUNT(id) FROM users WHERE username = $1`
|
||||
args := []any{
|
||||
user.Username,
|
||||
}
|
||||
|
||||
row := tx.QueryRowContext(ctx, query, args...)
|
||||
|
||||
var count int64
|
||||
if err := row.Scan(&count); err != nil {
|
||||
return errors.WithStack(err)
|
||||
}
|
||||
|
||||
if err := row.Err(); err != nil {
|
||||
return errors.WithStack(err)
|
||||
}
|
||||
|
||||
if count > 0 {
|
||||
return errors.WithStack(storage.ErrAlreadyExist)
|
||||
}
|
||||
|
||||
query = `
|
||||
INSERT INTO users (id, username, attributes, created_at, updated_at)
|
||||
VALUES ($1, $2, $3, $4, $4)
|
||||
`
|
||||
|
||||
rawAttributes, err := json.Marshal(user.Attributes)
|
||||
if err != nil {
|
||||
return errors.WithStack(err)
|
||||
}
|
||||
|
||||
args = []any{
|
||||
user.ID,
|
||||
user.Username,
|
||||
rawAttributes,
|
||||
user.CreatedAt,
|
||||
user.UpdatedAt,
|
||||
}
|
||||
|
||||
if _, err := tx.ExecContext(ctx, query, args...); err != nil {
|
||||
return errors.WithStack(err)
|
||||
}
|
||||
|
||||
return nil
|
||||
})
|
||||
if err != nil {
|
||||
return nil, errors.WithStack(err)
|
||||
}
|
||||
|
||||
return user, nil
|
||||
}
|
||||
|
||||
// DeleteUserByID implements storage.UserRepository.
|
||||
func (*UserRepository) DeleteUserByID(ctx context.Context, username string) error {
|
||||
panic("unimplemented")
|
||||
}
|
||||
|
||||
// FindUserByUsername implements storage.UserRepository.
|
||||
func (r *UserRepository) FindUserByUsername(ctx context.Context, username string) (*storage.User, error) {
|
||||
user, err := r.findUserBy(ctx, "username", username)
|
||||
if err != nil {
|
||||
return nil, errors.WithStack(err)
|
||||
}
|
||||
|
||||
return user, nil
|
||||
}
|
||||
|
||||
// FindUserByID implements storage.UserRepository.
|
||||
func (r *UserRepository) FindUserByID(ctx context.Context, userID string) (*storage.User, error) {
|
||||
user, err := r.findUserBy(ctx, "id", userID)
|
||||
if err != nil {
|
||||
return nil, errors.WithStack(err)
|
||||
}
|
||||
|
||||
return user, nil
|
||||
}
|
||||
|
||||
func (r *UserRepository) findUserBy(ctx context.Context, column string, value any) (*storage.User, error) {
|
||||
user := &storage.User{}
|
||||
err := r.withTxRetry(ctx, func(tx *sql.Tx) error {
|
||||
query := fmt.Sprintf(`SELECT id, username, attributes, created_at, updated_at FROM users WHERE %s = $1`, column)
|
||||
args := []any{
|
||||
value,
|
||||
}
|
||||
|
||||
var rawAttributes []byte
|
||||
|
||||
row := tx.QueryRowContext(ctx, query, args...)
|
||||
if err := row.Scan(&user.ID, &user.Username, &rawAttributes, &user.CreatedAt, &user.UpdatedAt); err != nil {
|
||||
if errors.Is(err, sql.ErrNoRows) {
|
||||
return errors.WithStack(storage.ErrNotFound)
|
||||
}
|
||||
|
||||
return errors.WithStack(err)
|
||||
}
|
||||
|
||||
if err := row.Err(); err != nil {
|
||||
return errors.WithStack(err)
|
||||
}
|
||||
|
||||
if err := json.Unmarshal(rawAttributes, &user.Attributes); err != nil {
|
||||
return errors.WithStack(err)
|
||||
}
|
||||
|
||||
if user.Attributes == nil {
|
||||
user.Attributes = make(map[string]any)
|
||||
}
|
||||
|
||||
query = `SELECT credential FROM user_credentials WHERE user_id = $1`
|
||||
args = []any{
|
||||
user.ID,
|
||||
}
|
||||
|
||||
rows, err := tx.QueryContext(ctx, query, args...)
|
||||
if err != nil {
|
||||
return errors.WithStack(err)
|
||||
}
|
||||
|
||||
defer func() {
|
||||
if err := rows.Close(); err != nil {
|
||||
logger.Error(ctx, "could not close rows", logger.E(errors.WithStack(err)))
|
||||
}
|
||||
}()
|
||||
|
||||
user.Credentials = make([]webauthn.Credential, 0)
|
||||
|
||||
for rows.Next() {
|
||||
var (
|
||||
rawCredential []byte
|
||||
credential webauthn.Credential
|
||||
)
|
||||
|
||||
if err := rows.Scan(&rawCredential); err != nil {
|
||||
return errors.WithStack(err)
|
||||
}
|
||||
|
||||
if err := json.Unmarshal(rawCredential, &credential); err != nil {
|
||||
return errors.WithStack(err)
|
||||
}
|
||||
|
||||
user.Credentials = append(user.Credentials, credential)
|
||||
}
|
||||
|
||||
if err := rows.Err(); err != nil {
|
||||
return errors.WithStack(err)
|
||||
}
|
||||
|
||||
return nil
|
||||
})
|
||||
if err != nil {
|
||||
return nil, errors.WithStack(err)
|
||||
}
|
||||
|
||||
return user, nil
|
||||
}
|
||||
|
||||
// List implements storage.UserRepository.
|
||||
func (r *UserRepository) ListUsers(ctx context.Context) ([]storage.UserHeader, error) {
|
||||
users := make([]storage.UserHeader, 0)
|
||||
|
||||
err := r.withTxRetry(ctx, func(tx *sql.Tx) error {
|
||||
query := `SELECT id, username, created_at, updated_at FROM users`
|
||||
|
||||
rows, err := tx.QueryContext(ctx, query)
|
||||
if err != nil {
|
||||
return errors.WithStack(err)
|
||||
}
|
||||
|
||||
defer func() {
|
||||
if err := rows.Close(); err != nil {
|
||||
logger.Error(ctx, "could not close rows", logger.E(errors.WithStack(err)))
|
||||
}
|
||||
}()
|
||||
|
||||
for rows.Next() {
|
||||
user := storage.UserHeader{}
|
||||
if err := rows.Scan(&user.ID, &user.Username, &user.CreatedAt, &user.UpdatedAt); err != nil {
|
||||
return errors.WithStack(err)
|
||||
}
|
||||
|
||||
users = append(users, user)
|
||||
}
|
||||
|
||||
if err := rows.Err(); err != nil {
|
||||
return errors.WithStack(err)
|
||||
}
|
||||
|
||||
return nil
|
||||
})
|
||||
if err != nil {
|
||||
return nil, errors.WithStack(err)
|
||||
}
|
||||
|
||||
return users, nil
|
||||
}
|
||||
|
||||
// UpdateUsername implements storage.UserRepository.
|
||||
func (r *UserRepository) UpdateUserUsername(ctx context.Context, userID string, username string) (*storage.User, error) {
|
||||
var user *storage.User
|
||||
|
||||
err := r.withTxRetry(ctx, func(tx *sql.Tx) error {
|
||||
query := `SELECT COUNT(id) FROM users WHERE id = $1`
|
||||
args := []any{
|
||||
userID,
|
||||
}
|
||||
|
||||
row := tx.QueryRowContext(ctx, query, args...)
|
||||
|
||||
var count int64
|
||||
if err := row.Scan(&count); err != nil {
|
||||
return errors.WithStack(err)
|
||||
}
|
||||
|
||||
if err := row.Err(); err != nil {
|
||||
return errors.WithStack(err)
|
||||
}
|
||||
|
||||
if count == 0 {
|
||||
return errors.WithStack(storage.ErrNotFound)
|
||||
}
|
||||
|
||||
query = `
|
||||
UPDATE users SET username = $1, updated_at = $2 WHERE id = $3
|
||||
RETURNING id, username, attributes, created_at, updated_at
|
||||
`
|
||||
|
||||
args = []any{
|
||||
username,
|
||||
time.Now(),
|
||||
userID,
|
||||
}
|
||||
|
||||
var rawAttributes []byte
|
||||
|
||||
user = &storage.User{}
|
||||
|
||||
row = tx.QueryRowContext(ctx, query, args...)
|
||||
if err := row.Scan(&user.ID, &user.Username, &rawAttributes, &user.CreatedAt, &user.UpdatedAt); err != nil {
|
||||
return errors.WithStack(err)
|
||||
}
|
||||
|
||||
if err := row.Err(); err != nil {
|
||||
return errors.WithStack(err)
|
||||
}
|
||||
|
||||
if err := json.Unmarshal(rawAttributes, &user.Attributes); err != nil {
|
||||
return errors.WithStack(err)
|
||||
}
|
||||
|
||||
if user.Attributes == nil {
|
||||
user.Attributes = make(map[string]any)
|
||||
}
|
||||
|
||||
return nil
|
||||
})
|
||||
if err != nil {
|
||||
return nil, errors.WithStack(err)
|
||||
}
|
||||
|
||||
return user, nil
|
||||
}
|
||||
|
||||
// Update implements storage.UserRepository.
|
||||
func (r *UserRepository) UpdateUserAttributes(ctx context.Context, userID string, attributes map[string]any) (*storage.User, error) {
|
||||
var user *storage.User
|
||||
|
||||
err := r.withTxRetry(ctx, func(tx *sql.Tx) error {
|
||||
query := `SELECT COUNT(id) FROM users WHERE id = $1`
|
||||
args := []any{
|
||||
userID,
|
||||
}
|
||||
|
||||
row := tx.QueryRowContext(ctx, query, args...)
|
||||
|
||||
var count int64
|
||||
if err := row.Scan(&count); err != nil {
|
||||
return errors.WithStack(err)
|
||||
}
|
||||
|
||||
if err := row.Err(); err != nil {
|
||||
return errors.WithStack(err)
|
||||
}
|
||||
|
||||
if count == 0 {
|
||||
return errors.WithStack(storage.ErrNotFound)
|
||||
}
|
||||
|
||||
query = `
|
||||
UPDATE users SET attributes = $1, updated_at = $2 WHERE id = $3
|
||||
RETURNING id, username, attributes, created_at, updated_at
|
||||
`
|
||||
|
||||
rawAttributes, err := json.Marshal(attributes)
|
||||
if err != nil {
|
||||
return errors.WithStack(err)
|
||||
}
|
||||
|
||||
args = []any{
|
||||
rawAttributes,
|
||||
time.Now(),
|
||||
userID,
|
||||
}
|
||||
|
||||
user = &storage.User{}
|
||||
|
||||
row = tx.QueryRowContext(ctx, query, args...)
|
||||
if err := row.Scan(&user.ID, &user.Username, &rawAttributes, &user.CreatedAt, &user.UpdatedAt); err != nil {
|
||||
return errors.WithStack(err)
|
||||
}
|
||||
|
||||
if err := row.Err(); err != nil {
|
||||
return errors.WithStack(err)
|
||||
}
|
||||
|
||||
if err := json.Unmarshal(rawAttributes, &user.Attributes); err != nil {
|
||||
return errors.WithStack(err)
|
||||
}
|
||||
|
||||
if user.Attributes == nil {
|
||||
user.Attributes = make(map[string]any)
|
||||
}
|
||||
|
||||
return nil
|
||||
})
|
||||
if err != nil {
|
||||
return nil, errors.WithStack(err)
|
||||
}
|
||||
|
||||
return user, nil
|
||||
}
|
||||
|
||||
// AddCredential implements storage.UserRepository.
|
||||
func (r *UserRepository) AddUserCredential(ctx context.Context, userID string, credential *webauthn.Credential) (string, error) {
|
||||
credentialID := storage.NewID()
|
||||
|
||||
err := r.withTxRetry(ctx, func(tx *sql.Tx) error {
|
||||
exists, err := r.userExists(ctx, tx, userID)
|
||||
if err != nil {
|
||||
return errors.WithStack(err)
|
||||
}
|
||||
|
||||
if !exists {
|
||||
return errors.WithStack(storage.ErrNotFound)
|
||||
}
|
||||
|
||||
query := `
|
||||
INSERT INTO user_credentials (id, user_id, credential, created_at)
|
||||
VALUES ($1, $2, $3, $4)
|
||||
`
|
||||
|
||||
rawCredential, err := json.Marshal(credential)
|
||||
if err != nil {
|
||||
return errors.WithStack(err)
|
||||
}
|
||||
|
||||
args := []any{
|
||||
credentialID,
|
||||
userID,
|
||||
rawCredential,
|
||||
time.Now(),
|
||||
}
|
||||
|
||||
if _, err := tx.ExecContext(ctx, query, args...); err != nil {
|
||||
return errors.WithStack(err)
|
||||
}
|
||||
|
||||
return nil
|
||||
})
|
||||
if err != nil {
|
||||
return "", errors.WithStack(err)
|
||||
}
|
||||
|
||||
return credentialID, nil
|
||||
}
|
||||
|
||||
// RemoveCredential implements storage.UserRepository.
|
||||
func (r *UserRepository) RemoveUserCredential(ctx context.Context, userID string, credentialID string) error {
|
||||
err := r.withTxRetry(ctx, func(tx *sql.Tx) error {
|
||||
exists, err := r.userExists(ctx, tx, userID)
|
||||
if err != nil {
|
||||
return errors.WithStack(err)
|
||||
}
|
||||
|
||||
if !exists {
|
||||
return errors.WithStack(storage.ErrNotFound)
|
||||
}
|
||||
|
||||
query := `
|
||||
DELETE FROM user_credentials WHERE id = $1 AND user_id = $2
|
||||
`
|
||||
|
||||
args := []any{
|
||||
credentialID,
|
||||
userID,
|
||||
}
|
||||
|
||||
if _, err := tx.ExecContext(ctx, query, args...); err != nil {
|
||||
return errors.WithStack(err)
|
||||
}
|
||||
|
||||
return nil
|
||||
})
|
||||
if err != nil {
|
||||
return errors.WithStack(err)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// GenerateRegistrationLink implements storage.UserRepository.
|
||||
func (r *UserRepository) GenerateRegistrationLink(ctx context.Context, userID string) (*storage.RegistrationLink, error) {
|
||||
registrationLink := storage.NewRegistrationLink(userID)
|
||||
|
||||
err := r.withTxRetry(ctx, func(tx *sql.Tx) error {
|
||||
exists, err := r.userExists(ctx, tx, userID)
|
||||
if err != nil {
|
||||
return errors.WithStack(err)
|
||||
}
|
||||
|
||||
if !exists {
|
||||
return errors.WithStack(storage.ErrNotFound)
|
||||
}
|
||||
|
||||
query := `DELETE FROM registration_links WHERE user_id = $1`
|
||||
args := []any{
|
||||
registrationLink.UserID,
|
||||
}
|
||||
|
||||
if _, err := tx.ExecContext(ctx, query, args...); err != nil {
|
||||
return errors.WithStack(err)
|
||||
}
|
||||
|
||||
query = `
|
||||
INSERT INTO registration_links (token, user_id, created_at)
|
||||
VALUES ($1, $2, $3)
|
||||
`
|
||||
|
||||
args = []any{
|
||||
registrationLink.Token,
|
||||
registrationLink.UserID,
|
||||
registrationLink.CreatedAt,
|
||||
}
|
||||
|
||||
if _, err := tx.ExecContext(ctx, query, args...); err != nil {
|
||||
return errors.WithStack(err)
|
||||
}
|
||||
|
||||
return nil
|
||||
})
|
||||
if err != nil {
|
||||
return nil, errors.WithStack(err)
|
||||
}
|
||||
|
||||
return registrationLink, nil
|
||||
}
|
||||
|
||||
// ClearRegistrationLink implements storage.UserRepository.
|
||||
func (*UserRepository) ClearRegistrationLink(ctx context.Context, userID string) error {
|
||||
panic("unimplemented")
|
||||
}
|
||||
|
||||
// GetRegistrationLink implements storage.UserRepository.
|
||||
func (r *UserRepository) GetRegistrationLink(ctx context.Context, userID string) (*storage.RegistrationLink, error) {
|
||||
registrationLink := &storage.RegistrationLink{}
|
||||
err := r.withTxRetry(ctx, func(tx *sql.Tx) error {
|
||||
query := `SELECT token, user_id, created_at FROM registration_links WHERE user_id = $1`
|
||||
args := []any{
|
||||
userID,
|
||||
}
|
||||
|
||||
row := tx.QueryRowContext(ctx, query, args...)
|
||||
if err := row.Scan(®istrationLink.Token, ®istrationLink.UserID, ®istrationLink.CreatedAt); err != nil {
|
||||
if errors.Is(err, sql.ErrNoRows) {
|
||||
return errors.WithStack(storage.ErrNotFound)
|
||||
}
|
||||
|
||||
return errors.WithStack(err)
|
||||
}
|
||||
|
||||
if err := row.Err(); err != nil {
|
||||
return errors.WithStack(err)
|
||||
}
|
||||
|
||||
return nil
|
||||
})
|
||||
if err != nil {
|
||||
return nil, errors.WithStack(err)
|
||||
}
|
||||
|
||||
return registrationLink, nil
|
||||
}
|
||||
|
||||
// GetRegistrationLinkByToken implements storage.UserRepository.
|
||||
func (r *UserRepository) GetRegistrationLinkByToken(ctx context.Context, token string) (*storage.RegistrationLink, error) {
|
||||
registrationLink := &storage.RegistrationLink{}
|
||||
err := r.withTxRetry(ctx, func(tx *sql.Tx) error {
|
||||
query := `SELECT token, user_id, created_at FROM registration_links WHERE token = $1`
|
||||
args := []any{
|
||||
token,
|
||||
}
|
||||
|
||||
row := tx.QueryRowContext(ctx, query, args...)
|
||||
if err := row.Scan(®istrationLink.Token, ®istrationLink.UserID, ®istrationLink.CreatedAt); err != nil {
|
||||
if errors.Is(err, sql.ErrNoRows) {
|
||||
return errors.WithStack(storage.ErrNotFound)
|
||||
}
|
||||
|
||||
return errors.WithStack(err)
|
||||
}
|
||||
|
||||
if err := row.Err(); err != nil {
|
||||
return errors.WithStack(err)
|
||||
}
|
||||
|
||||
return nil
|
||||
})
|
||||
if err != nil {
|
||||
return nil, errors.WithStack(err)
|
||||
}
|
||||
|
||||
return registrationLink, nil
|
||||
}
|
||||
|
||||
func (r *UserRepository) userExists(ctx context.Context, tx *sql.Tx, userID string) (bool, error) {
|
||||
query := `SELECT COUNT(id) FROM users WHERE id = $1`
|
||||
args := []any{
|
||||
userID,
|
||||
}
|
||||
|
||||
row := tx.QueryRowContext(ctx, query, args...)
|
||||
|
||||
var count int64
|
||||
if err := row.Scan(&count); err != nil {
|
||||
return false, errors.WithStack(err)
|
||||
}
|
||||
|
||||
if err := row.Err(); err != nil {
|
||||
return false, errors.WithStack(err)
|
||||
}
|
||||
|
||||
return count >= 1, nil
|
||||
}
|
||||
|
||||
func (r *UserRepository) withTxRetry(ctx context.Context, fn func(*sql.Tx) error) error {
|
||||
attempts := 0
|
||||
max := r.sqliteBusyRetryMaxAttempts
|
||||
|
||||
ctx = logger.With(ctx, logger.F("max", max))
|
||||
|
||||
var err error
|
||||
for {
|
||||
ctx = logger.With(ctx)
|
||||
|
||||
if attempts >= max {
|
||||
logger.Debug(ctx, "transaction retrying failed", logger.F("attempts", attempts))
|
||||
|
||||
return errors.Wrapf(err, "transaction failed after %d attempts", max)
|
||||
}
|
||||
|
||||
err = r.withTx(ctx, fn)
|
||||
if err != nil {
|
||||
if !strings.Contains(err.Error(), "(5) (SQLITE_BUSY)") {
|
||||
return errors.WithStack(err)
|
||||
}
|
||||
|
||||
err = errors.WithStack(err)
|
||||
|
||||
logger.Warn(ctx, "database is busy", logger.E(err))
|
||||
|
||||
wait := time.Duration(8<<(attempts+1)) * time.Millisecond
|
||||
|
||||
logger.Debug(
|
||||
ctx, "database is busy, waiting before retrying transaction",
|
||||
logger.F("wait", wait.String()),
|
||||
logger.F("attempts", attempts),
|
||||
)
|
||||
|
||||
timer := time.NewTimer(wait)
|
||||
select {
|
||||
case <-timer.C:
|
||||
attempts++
|
||||
continue
|
||||
|
||||
case <-ctx.Done():
|
||||
if err := ctx.Err(); err != nil {
|
||||
return errors.WithStack(err)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
}
|
||||
|
||||
func (r *UserRepository) withTx(ctx context.Context, fn func(*sql.Tx) error) error {
|
||||
tx, err := r.db.BeginTx(ctx, nil)
|
||||
if err != nil {
|
||||
return errors.WithStack(err)
|
||||
}
|
||||
|
||||
defer func() {
|
||||
if err := tx.Rollback(); err != nil {
|
||||
if errors.Is(err, sql.ErrTxDone) {
|
||||
return
|
||||
}
|
||||
|
||||
err = errors.WithStack(err)
|
||||
logger.Error(ctx, "could not rollback transaction", logger.CapturedE(err))
|
||||
}
|
||||
}()
|
||||
|
||||
if err := fn(tx); err != nil {
|
||||
return errors.WithStack(err)
|
||||
}
|
||||
|
||||
if err := tx.Commit(); err != nil {
|
||||
return errors.WithStack(err)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func NewUserRepository(dsn string) (*UserRepository, error) {
|
||||
db, err := sql.Open("sqlite", dsn)
|
||||
if err != nil {
|
||||
return nil, errors.WithStack(err)
|
||||
}
|
||||
|
||||
if err := applyUserRepositoryMigration(db); err != nil {
|
||||
return nil, errors.Wrap(err, "could not migrate schema")
|
||||
}
|
||||
|
||||
return &UserRepository{db, 5}, nil
|
||||
}
|
||||
|
||||
var _ storage.UserRepository = &UserRepository{}
|
||||
|
||||
//go:embed user_repository.sql
|
||||
var userRepositoryMigrationScript string
|
||||
|
||||
func applyUserRepositoryMigration(db *sql.DB) error {
|
||||
if err := db.Ping(); err != nil {
|
||||
return errors.WithStack(err)
|
||||
}
|
||||
|
||||
if _, err := db.Exec(userRepositoryMigrationScript); err != nil {
|
||||
return errors.WithStack(err)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
|
@ -0,0 +1,22 @@
|
|||
CREATE TABLE IF NOT EXISTS users (
|
||||
id TEXT NOT NULL PRIMARY KEY,
|
||||
username TEXT NOT NULL UNIQUE,
|
||||
attributes JSON NOT NULL,
|
||||
created_at DATETIME NOT NULL,
|
||||
updated_at DATETIME NOT NULL
|
||||
);
|
||||
|
||||
CREATE TABLE IF NOT EXISTS registration_links (
|
||||
token TEXT NOT NULL PRIMARY KEY,
|
||||
user_id TEXT NOT NULL,
|
||||
created_at DATETIME NOT NULL,
|
||||
FOREIGN KEY(user_id) REFERENCES users(id)
|
||||
);
|
||||
|
||||
CREATE TABLE IF NOT EXISTS user_credentials (
|
||||
id TEXT NOT NULL PRIMARY KEY,
|
||||
user_id TEXT NOT NULL,
|
||||
credential JSON NOT NULL,
|
||||
created_at DATETIME NOT NULL,
|
||||
FOREIGN KEY(user_id) REFERENCES users(id)
|
||||
);
|
|
@ -0,0 +1,65 @@
|
|||
package storage
|
||||
|
||||
import (
|
||||
"time"
|
||||
|
||||
"github.com/go-webauthn/webauthn/webauthn"
|
||||
)
|
||||
|
||||
type UserHeader struct {
|
||||
ID string `json:"id"`
|
||||
Username string `json:"username"`
|
||||
|
||||
CreatedAt time.Time `json:"createdAt"`
|
||||
UpdatedAt time.Time `json:"updatedAt"`
|
||||
}
|
||||
|
||||
type User struct {
|
||||
UserHeader
|
||||
|
||||
Attributes map[string]any `json:"attributes"`
|
||||
Credentials []webauthn.Credential `json:"credentials"`
|
||||
}
|
||||
|
||||
// WebAuthnCredentials implements webauthn.User.
|
||||
func (u *User) WebAuthnCredentials() []webauthn.Credential {
|
||||
return u.Credentials
|
||||
}
|
||||
|
||||
// WebAuthnDisplayName implements webauthn.User.
|
||||
func (u *User) WebAuthnDisplayName() string {
|
||||
return u.Username
|
||||
}
|
||||
|
||||
// WebAuthnID implements webauthn.User.
|
||||
func (u *User) WebAuthnID() []byte {
|
||||
return []byte(u.ID)
|
||||
}
|
||||
|
||||
// WebAuthnIcon implements webauthn.User.
|
||||
func (u *User) WebAuthnIcon() string {
|
||||
return ""
|
||||
}
|
||||
|
||||
// WebAuthnName implements webauthn.User.
|
||||
func (u *User) WebAuthnName() string {
|
||||
return u.Username
|
||||
}
|
||||
|
||||
func NewUser(username string, attributes map[string]any) *User {
|
||||
now := time.Now()
|
||||
return &User{
|
||||
UserHeader: UserHeader{
|
||||
ID: NewID(),
|
||||
Username: username,
|
||||
|
||||
CreatedAt: now,
|
||||
UpdatedAt: now,
|
||||
},
|
||||
|
||||
Attributes: attributes,
|
||||
Credentials: make([]webauthn.Credential, 0),
|
||||
}
|
||||
}
|
||||
|
||||
var _ webauthn.User = &User{}
|
|
@ -0,0 +1,27 @@
|
|||
package storage
|
||||
|
||||
import (
|
||||
"context"
|
||||
|
||||
"github.com/go-webauthn/webauthn/webauthn"
|
||||
)
|
||||
|
||||
type UserRepository interface {
|
||||
CreateUser(ctx context.Context, username string, attributes map[string]any) (*User, error)
|
||||
|
||||
UpdateUserUsername(ctx context.Context, userID string, username string) (*User, error)
|
||||
UpdateUserAttributes(ctx context.Context, userID string, attributes map[string]any) (*User, error)
|
||||
|
||||
AddUserCredential(ctx context.Context, userID string, credential *webauthn.Credential) (string, error)
|
||||
RemoveUserCredential(ctx context.Context, userID string, credentialID string) error
|
||||
|
||||
GenerateRegistrationLink(ctx context.Context, userID string) (*RegistrationLink, error)
|
||||
GetRegistrationLink(ctx context.Context, userID string) (*RegistrationLink, error)
|
||||
GetRegistrationLinkByToken(ctx context.Context, token string) (*RegistrationLink, error)
|
||||
ClearRegistrationLink(ctx context.Context, userID string) error
|
||||
|
||||
DeleteUserByID(ctx context.Context, userID string) error
|
||||
FindUserByID(ctx context.Context, userID string) (*User, error)
|
||||
FindUserByUsername(ctx context.Context, username string) (*User, error)
|
||||
ListUsers(ctx context.Context) ([]UserHeader, error)
|
||||
}
|
|
@ -0,0 +1,29 @@
|
|||
package webauthn
|
||||
|
||||
import (
|
||||
"github.com/go-webauthn/webauthn/webauthn"
|
||||
"github.com/pkg/errors"
|
||||
"gitlab.com/wpetit/goweb/service"
|
||||
)
|
||||
|
||||
type Config = webauthn.Config
|
||||
type TimeoutsConfig = webauthn.TimeoutsConfig
|
||||
type TimeoutConfig = webauthn.TimeoutConfig
|
||||
type LoginOption = webauthn.LoginOption
|
||||
type SessionData = webauthn.SessionData
|
||||
|
||||
var WithAllowedCredentials = webauthn.WithAllowedCredentials
|
||||
var WithAssertionExtensions = webauthn.WithAssertionExtensions
|
||||
var WithUserVerification = webauthn.WithUserVerification
|
||||
var WithAppIdExtension = webauthn.WithAppIdExtension
|
||||
|
||||
func ServiceProvider(config *Config) service.Provider {
|
||||
webauthn, err := webauthn.New(config)
|
||||
|
||||
return func(ctn *service.Container) (interface{}, error) {
|
||||
if err != nil {
|
||||
return nil, errors.WithStack(err)
|
||||
}
|
||||
return webauthn, nil
|
||||
}
|
||||
}
|
|
@ -0,0 +1,34 @@
|
|||
package webauthn
|
||||
|
||||
import (
|
||||
"github.com/go-webauthn/webauthn/webauthn"
|
||||
"github.com/pkg/errors"
|
||||
"gitlab.com/wpetit/goweb/service"
|
||||
)
|
||||
|
||||
const ServiceName service.Name = "webauthn"
|
||||
|
||||
// From retrieves the webauthn service in the given container
|
||||
func From(container *service.Container) (*webauthn.WebAuthn, error) {
|
||||
service, err := container.Service(ServiceName)
|
||||
if err != nil {
|
||||
return nil, errors.Wrapf(err, "error while retrieving '%s' service", ServiceName)
|
||||
}
|
||||
|
||||
srv, ok := service.(*webauthn.WebAuthn)
|
||||
if !ok {
|
||||
return nil, errors.Errorf("retrieved service is not a valid '%s' service", ServiceName)
|
||||
}
|
||||
|
||||
return srv, nil
|
||||
}
|
||||
|
||||
// Must retrieves the config service in the given container or panic otherwise
|
||||
func Must(container *service.Container) *webauthn.WebAuthn {
|
||||
srv, err := From(container)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
||||
return srv
|
||||
}
|
|
@ -0,0 +1,35 @@
|
|||
{
|
||||
"client_id": "oidc-test",
|
||||
"client_name": "OIDC Test",
|
||||
"client_secret": "oidc-test-123456",
|
||||
"client_uri": "http://localhost:8080",
|
||||
"grant_types": [
|
||||
"authorization_code",
|
||||
"refresh_token",
|
||||
"client_credentials",
|
||||
"implicit"
|
||||
],
|
||||
"jwks": {},
|
||||
"logo_uri": "",
|
||||
"metadata": {},
|
||||
"owner": "",
|
||||
"policy_uri": "",
|
||||
"post_logout_redirect_uris": [
|
||||
"http://localhost:8080"
|
||||
],
|
||||
"redirect_uris": [
|
||||
"http://localhost:8080/oauth2/callback"
|
||||
],
|
||||
"request_object_signing_alg": "RS256",
|
||||
"response_types": [
|
||||
"token",
|
||||
"code",
|
||||
"id_token"
|
||||
],
|
||||
"scope": "openid profile email",
|
||||
"skip_consent": false,
|
||||
"subject_type": "public",
|
||||
"token_endpoint_auth_method": "client_secret_basic",
|
||||
"tos_uri": "",
|
||||
"userinfo_signed_response_alg": "none"
|
||||
}
|
|
@ -0,0 +1,24 @@
|
|||
FROM golang:1.21 AS build
|
||||
|
||||
ARG HTTP_PROXY=
|
||||
ARG HTTPS_PROXY=
|
||||
ARG http_proxy=
|
||||
ARG https_proxy=
|
||||
|
||||
RUN apt-get update && apt-get install -y build-essential git bash
|
||||
|
||||
COPY . /src
|
||||
|
||||
WORKDIR /src
|
||||
|
||||
RUN make ARCH_TARGETS=amd64 release
|
||||
|
||||
FROM busybox
|
||||
|
||||
COPY --from=build /src/release/server-linux-amd64 /app
|
||||
|
||||
WORKDIR /app
|
||||
|
||||
EXPOSE 3000
|
||||
|
||||
CMD ["bin/server", "-workdir", "/app", "-config", "server.yml"]
|
|
@ -0,0 +1,17 @@
|
|||
**/*.go
|
||||
!**/*_test.go
|
||||
data/config.yml
|
||||
template/**/*
|
||||
modd.conf {
|
||||
prep: make build
|
||||
prep: [ -e data/config.yml ] || ( mkdir -p data && bin/server -dump-config > data/config.yml )
|
||||
daemon: bin/server -config ./data/config.yml
|
||||
}
|
||||
|
||||
**/*.go {
|
||||
prep: make test
|
||||
}
|
||||
|
||||
docker-compose.yml {
|
||||
daemon: make up
|
||||
}
|
|
@ -0,0 +1,3 @@
|
|||
body {
|
||||
background-color: hsla(217, 15%, 95%, 1);
|
||||
}
|
|
@ -0,0 +1,91 @@
|
|||
(function(HydraWebAuthn) {
|
||||
|
||||
HydraWebAuthn.base64ToArrayBuffer = function(base64) {
|
||||
var binaryString = HydraWebAuthn.fromBase64URL(base64);
|
||||
var bytes = new Uint8Array(binaryString.length);
|
||||
for (var i = 0; i < binaryString.length; i++) {
|
||||
bytes[i] = binaryString.charCodeAt(i);
|
||||
}
|
||||
return bytes.buffer;
|
||||
}
|
||||
|
||||
HydraWebAuthn.arrayBufferToBase64 = function( buffer ) {
|
||||
var binary = '';
|
||||
var bytes = new Uint8Array( buffer );
|
||||
var len = bytes.byteLength;
|
||||
for (var i = 0; i < len; i++) {
|
||||
binary += String.fromCharCode( bytes[ i ] );
|
||||
}
|
||||
return window.btoa( binary );
|
||||
}
|
||||
|
||||
HydraWebAuthn.toJSONCredentials = function(credentials) {
|
||||
return {
|
||||
id: credentials.id,
|
||||
rawId: HydraWebAuthn.toBase64URL(credentials.rawId),
|
||||
authenticatorAttachment: credentials.authenticatorAttachment,
|
||||
type: "public-key",
|
||||
clientExtensionResults: (() => {
|
||||
const results = credentials.getClientExtensionResults();
|
||||
return Object.keys(results).reduce((json, key) => {
|
||||
json[key] = HydraWebAuthn.urlsafe(HydraWebAuthn.arrayBufferToBase64(results[key]))
|
||||
return json;
|
||||
}, {})
|
||||
})(),
|
||||
response: {
|
||||
attestationObject: HydraWebAuthn.urlsafe(HydraWebAuthn.arrayBufferToBase64(credentials.response.attestationObject)),
|
||||
clientDataJSON: HydraWebAuthn.urlsafe(HydraWebAuthn.arrayBufferToBase64(credentials.response.clientDataJSON))
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
HydraWebAuthn.toJSONAssertion = function(assertion) {
|
||||
return {
|
||||
id: assertion.id,
|
||||
rawId: HydraWebAuthn.urlsafe(HydraWebAuthn.arrayBufferToBase64(assertion.rawId)),
|
||||
type: "public-key",
|
||||
response: {
|
||||
authenticatorData: HydraWebAuthn.urlsafe(HydraWebAuthn.arrayBufferToBase64(assertion.response.authenticatorData)),
|
||||
clientDataJSON: HydraWebAuthn.urlsafe(HydraWebAuthn.arrayBufferToBase64(assertion.response.clientDataJSON)),
|
||||
signature: HydraWebAuthn.urlsafe(HydraWebAuthn.arrayBufferToBase64(assertion.response.signature)),
|
||||
userHandle: assertion.response.userHandle
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
HydraWebAuthn.base64 = function(str) {
|
||||
return HydraWebAuthn.bytesToBase64(new TextEncoder().encode(str));
|
||||
}
|
||||
|
||||
HydraWebAuthn.toBase64URL = function(str) {
|
||||
return HydraWebAuthn.urlsafe(HydraWebAuthn.base64(str));
|
||||
}
|
||||
|
||||
HydraWebAuthn.fromBase64URL = function(str) {
|
||||
str = str
|
||||
.replace(/-/g, '+')
|
||||
.replace(/_/g, '/');
|
||||
|
||||
var pad = str.length % 4;
|
||||
if(pad) {
|
||||
if(pad === 1) {
|
||||
throw new Error('InvalidLengthError: Input base64url string is the wrong length to determine padding');
|
||||
}
|
||||
str += new Array(5-pad).join('=');
|
||||
}
|
||||
|
||||
return atob(str);
|
||||
}
|
||||
|
||||
HydraWebAuthn.urlsafe = function(base64) {
|
||||
return base64.replace(/\+/g, '-')
|
||||
.replace(/\//g, '_')
|
||||
.replace(/=+$/, '')
|
||||
}
|
||||
|
||||
HydraWebAuthn.bytesToBase64 = function(bytes) {
|
||||
const binString = String.fromCodePoint(...bytes);
|
||||
return btoa(binString);
|
||||
}
|
||||
|
||||
}(window.HydraWebAuthn = {}))
|
|
@ -0,0 +1,20 @@
|
|||
const rawAssertionRequest = HydraWebAuthn.fromBase64URL(document.currentScript.dataset.assertionRequest);
|
||||
const assertionRequest = JSON.parse(rawAssertionRequest);
|
||||
assertionRequest.publicKey.challenge = HydraWebAuthn.base64ToArrayBuffer(assertionRequest.publicKey.challenge)
|
||||
assertionRequest.publicKey.allowCredentials.forEach(credential => credential.id = HydraWebAuthn.base64ToArrayBuffer(credential.id))
|
||||
|
||||
console.log("Assertion request", assertionRequest)
|
||||
|
||||
navigator.credentials.get(assertionRequest)
|
||||
.then(assertion => {
|
||||
console.log("Assertion", assertion)
|
||||
if (assertion) {
|
||||
const jsonAssertion = JSON.stringify(HydraWebAuthn.toJSONAssertion(assertion), null, 2);
|
||||
console.log(jsonAssertion);
|
||||
document.getElementById("assertion").value = HydraWebAuthn.toBase64URL(jsonAssertion);
|
||||
}
|
||||
}).catch(err => {
|
||||
console.error(err);
|
||||
}).finally(() => {
|
||||
document.getElementById("login").submit();
|
||||
})
|
|
@ -0,0 +1,17 @@
|
|||
const rawWebAuthnOptions = HydraWebAuthn.fromBase64URL(document.currentScript.dataset.webAuthnOptions);
|
||||
const webAuthnOptions = JSON.parse(rawWebAuthnOptions);
|
||||
|
||||
webAuthnOptions.publicKey.challenge = HydraWebAuthn.base64ToArrayBuffer(webAuthnOptions.publicKey.challenge);
|
||||
webAuthnOptions.publicKey.user.id = HydraWebAuthn.base64ToArrayBuffer(webAuthnOptions.publicKey.user.id);
|
||||
|
||||
console.log(webAuthnOptions)
|
||||
|
||||
function generateCredentials() {
|
||||
navigator.credentials.create(webAuthnOptions).then(credentials => {
|
||||
if (!credentials) return;
|
||||
const jsonCredentials = JSON.stringify(HydraWebAuthn.toJSONCredentials(credentials), null, 2);
|
||||
console.log(jsonCredentials);
|
||||
document.getElementById("credentials").value = HydraWebAuthn.toBase64URL(jsonCredentials);
|
||||
document.getElementById("register").submit();
|
||||
}).catch(err => console.error(err));
|
||||
}
|
|
@ -0,0 +1,19 @@
|
|||
{{define "base"}}
|
||||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||
<title>{{block "title" . -}}{{- end}}</title>
|
||||
{{- block "head_style" . -}}
|
||||
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bulma@0.9.4/css/bulma.min.css" />
|
||||
<link rel="stylesheet" href="{{ .BaseURL }}/css/style.css" />
|
||||
{{end}}
|
||||
{{- block "head_script" . -}}{{end}}
|
||||
</head>
|
||||
<body>
|
||||
{{- block "body" . -}}{{- end -}}
|
||||
{{- block "body_script" . -}}{{end}}
|
||||
</body>
|
||||
</html>
|
||||
{{end}}
|
|
@ -0,0 +1,24 @@
|
|||
{{define "flash"}}
|
||||
<div class="flash has-margin-top-small mb-3">
|
||||
{{- range .Flashes -}}
|
||||
{{- if eq .Type "error" -}}
|
||||
{{template "flash_message" map "Title" "Erreur" "MessageClass" "is-danger" "Message" .Message }}
|
||||
{{- else if eq .Type "warn" -}}
|
||||
{{template "flash_message" map "Title" "Attention" "MessageClass" "is-warning" "Message" .Message }}
|
||||
{{- else if eq .Type "success" -}}
|
||||
{{template "flash_message" map "Title" "Succès" "MessageClass" "is-success" "Message" .Message }}
|
||||
{{- else -}}
|
||||
{{template "flash_message" map "Title" "Information" "MessageClass" "is-info" "Message" .Message }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
</div>
|
||||
{{end}}
|
||||
|
||||
{{define "flash_message" -}}
|
||||
<div class="message {{.MessageClass}}">
|
||||
<div class="message-body">
|
||||
<span class="has-text-weight-bold">{{.Title}}</span>
|
||||
<p>{{.Message}}</p>
|
||||
</div>
|
||||
</div>
|
||||
{{- end}}
|
|
@ -0,0 +1,7 @@
|
|||
{{define "footer"}}
|
||||
<p class="has-margin-top-small has-text-right is-size-7 has-text-grey">
|
||||
Version: {{ .BuildInfo.ProjectVersion }} -
|
||||
Réf.: {{ .BuildInfo.GitRef }} -
|
||||
Date de construction: {{ .BuildInfo.BuildDate }}
|
||||
</p>
|
||||
{{end}}
|
|
@ -0,0 +1,35 @@
|
|||
{{define "title"}}Autorisation{{end}}
|
||||
{{define "body"}}
|
||||
<section class="hero is-fullheight">
|
||||
<div class="hero-body">
|
||||
<div class="container">
|
||||
<div class="columns">
|
||||
<div class="column is-4 is-offset-4">
|
||||
{{template "flash" .}}
|
||||
<p class="has-text-black title has-text-centered">
|
||||
Demande d'autorisation
|
||||
</p>
|
||||
<p class="has-text-black subtitle has-text-centered">
|
||||
Autorisez vous l'application à utiliser ces informations vous concernant ?
|
||||
</p>
|
||||
<div class="box">
|
||||
<form action="{{ .BaseURL }}/consent" method="POST">
|
||||
{{range .RequestedScope}}
|
||||
<div class="">
|
||||
<label class="checkbox">
|
||||
<input type="checkbox" name="scope_{{ . }}">
|
||||
{{ . }}
|
||||
</label>
|
||||
</div>
|
||||
{{end}}
|
||||
{{ .csrfField }}
|
||||
<input name="challenge" type="hidden" value="{{ .ConsentChallenge }}" />
|
||||
<button type="submit" class="button is-link is-medium is-block is-fullwidth">Autoriser</button>
|
||||
</form>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</section>
|
||||
{{end}}
|
||||
{{template "base" .}}
|
|
@ -0,0 +1,20 @@
|
|||
{{define "title"}}Erreur{{end}}
|
||||
{{define "body"}}
|
||||
<section class="hero is-fullheight">
|
||||
<div class="hero-body">
|
||||
<div class="container">
|
||||
<div class="columns">
|
||||
<div class="column is-4 is-offset-4">
|
||||
<div class="message is-danger">
|
||||
<div class="message-body">
|
||||
<p class="title is-size-4 has-text-danger">{{ .ErrorTitle }}</p>
|
||||
<p>{{ .ErrorDescription }}</p>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</section>
|
||||
{{end}}
|
||||
{{template "base" .}}
|
|
@ -0,0 +1,22 @@
|
|||
{{define "title"}}Connexion{{end}}
|
||||
{{define "body"}}
|
||||
<section class="hero is-fullheight">
|
||||
<div class="hero-body">
|
||||
<div class="container has-text-centered">
|
||||
<div class="columns">
|
||||
<div class="column is-4 is-offset-4">
|
||||
<p class="has-text-black title">
|
||||
Hydra Web<span class="has-text-grey">Authn</span>
|
||||
</p>
|
||||
<p class="is-size-7">
|
||||
Version: {{ .BuildInfo.ProjectVersion }} |
|
||||
Réf.: {{ .BuildInfo.GitRef }} |
|
||||
Date de construction: {{ .BuildInfo.BuildDate }}
|
||||
</p>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</section>
|
||||
{{end}}
|
||||
{{template "base" .}}
|
|
@ -0,0 +1,53 @@
|
|||
{{define "title"}}Connexion{{end}}
|
||||
{{define "body"}}
|
||||
<section class="hero is-fullheight">
|
||||
<div class="hero-body">
|
||||
<div class="container">
|
||||
<div class="columns">
|
||||
<div class="column is-6 is-offset-3">
|
||||
{{template "flash" .}}
|
||||
<p class="has-text-black title has-text-centered">
|
||||
Authentification sur <br /><a href="{{ .ClientURI }}" class="has-text-info">{{ .ClientName }}</a>
|
||||
</p>
|
||||
<div>
|
||||
<noscript>
|
||||
<div class="message is-danger">
|
||||
<div class="message-body">
|
||||
L'activation de JavaScript est nécessaire afin de pouvoir vous authentifier !
|
||||
</div>
|
||||
</div>
|
||||
</noscript>
|
||||
<div class="box">
|
||||
<form id="login" method="POST">
|
||||
<div class="field">
|
||||
<label for="username" class="label">Nom d'utilisateur</label>
|
||||
<div class="control">
|
||||
<input id="username" class="input" name="username" type="text" placeholder="jdoe" value="{{ .Username }}" required>
|
||||
</div>
|
||||
</div>
|
||||
<div>
|
||||
<label for="rememberme" class="checkbox">
|
||||
<input type="checkbox" id="rememberme" name="rememberme" {{if .RememberMe }}checked="true"{{end}} >
|
||||
Se souvenir de moi
|
||||
</label>
|
||||
</div>
|
||||
{{if .AssertionRequest}}
|
||||
<input type="hidden" id="assertion" name="assertion" />
|
||||
{{end}}
|
||||
{{ .csrfField }}
|
||||
<input name="challenge" type="hidden" value="{{ .LoginChallenge }}" />
|
||||
<input type="submit" value="Envoyer" class="button is-fullwidth is-primary mt-3" />
|
||||
</form>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</section>
|
||||
{{if .AssertionRequest}}
|
||||
<script type="text/javascript" src="{{ .BaseURL }}/js/hydra-webauthn.js"></script>
|
||||
<script type="text/javascript" src="{{ .BaseURL }}/js/login.js" data-assertion-request="{{ base64 ( marshal .AssertionRequest ) }}"></script>
|
||||
{{end}}
|
||||
{{end}}
|
||||
{{template "base" .}}
|
|
@ -0,0 +1,28 @@
|
|||
{{define "title"}}S'enregistrer{{end}}
|
||||
{{define "body"}}
|
||||
<section class="hero is-fullheight">
|
||||
<div class="hero-body">
|
||||
<div class="container">
|
||||
<div class="columns">
|
||||
<div class="column is-4 is-offset-4">
|
||||
{{template "flash" .}}
|
||||
<p class="has-text-black title has-text-centered mt-2">
|
||||
Finaliser votre compte
|
||||
</p>
|
||||
<p>Cliquer sur le bouton ci-dessous pour générer une paire de clés cryptographiques qui sera associée à votre compte.</p>
|
||||
<div class="button is-link is-medium is-block is-fullwidth mt-5" onclick="generateCredentials()">
|
||||
Générer
|
||||
</div>
|
||||
<form id="register" action="{{ .BaseURL }}/register/{{ .Token }}" method="POST">
|
||||
{{ .csrfField }}
|
||||
<input type="hidden" id="credentials" name="credentials" />
|
||||
</form>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</section>
|
||||
<script type="text/javascript" src="{{ .BaseURL }}/js/hydra-webauthn.js"></script>
|
||||
<script type="text/javascript" src="{{ .BaseURL }}/js/register.js" data-web-authn-options="{{ base64 ( marshal .WebAuthnOptions ) }}"></script>
|
||||
{{end}}
|
||||
{{template "base" .}}
|
Loading…
Reference in New Issue