172 lines
5.3 KiB
Go
172 lines
5.3 KiB
Go
package hydra
|
|
|
|
import (
|
|
"encoding/base64"
|
|
"encoding/json"
|
|
"net/http"
|
|
|
|
"forge.cadoles.com/wpetit/hydra-webauthn/internal/route/common"
|
|
"forge.cadoles.com/wpetit/hydra-webauthn/internal/storage"
|
|
"forge.cadoles.com/wpetit/hydra-webauthn/internal/webauthn"
|
|
"github.com/go-chi/chi"
|
|
"github.com/go-webauthn/webauthn/protocol"
|
|
"github.com/gorilla/csrf"
|
|
"github.com/pkg/errors"
|
|
"gitlab.com/wpetit/goweb/logger"
|
|
"gitlab.com/wpetit/goweb/middleware/container"
|
|
"gitlab.com/wpetit/goweb/service/session"
|
|
"gitlab.com/wpetit/goweb/service/template"
|
|
)
|
|
|
|
func serveRegisterPage(w http.ResponseWriter, r *http.Request) {
|
|
ctx := r.Context()
|
|
ctn := container.Must(ctx)
|
|
tmpl := template.Must(ctn)
|
|
webAuthn := webauthn.Must(ctn)
|
|
session := session.Must(ctn)
|
|
storageSrv := storage.Must(ctn)
|
|
|
|
token := chi.URLParam(r, "token")
|
|
registrationLink, err := storageSrv.User().GetRegistrationLinkByToken(ctx, token)
|
|
if err != nil {
|
|
if errors.Is(err, storage.ErrNotFound) {
|
|
logger.Warn(ctx, "registration link not found", logger.E(errors.WithStack(err)))
|
|
http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound)
|
|
|
|
return
|
|
}
|
|
|
|
panic(errors.Wrap(err, "could not retrieve registration link"))
|
|
}
|
|
|
|
user, err := storageSrv.User().FindUserByID(ctx, registrationLink.UserID)
|
|
if err != nil {
|
|
if errors.Is(err, storage.ErrNotFound) {
|
|
logger.Warn(ctx, "user not found", logger.E(errors.WithStack(err)))
|
|
http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound)
|
|
|
|
return
|
|
}
|
|
|
|
panic(errors.Wrap(err, "could not retrieve user"))
|
|
}
|
|
|
|
webAuthnOptions, webAuthnSessionData, err := webAuthn.BeginRegistration(user)
|
|
if err != nil {
|
|
panic(errors.Wrap(err, "could not begin discoverable login"))
|
|
}
|
|
|
|
sess, err := session.Get(w, r)
|
|
if err != nil {
|
|
panic(errors.Wrap(err, "could not retrieve session"))
|
|
}
|
|
|
|
sess.Set("webauthn", webAuthnSessionData)
|
|
|
|
if err := sess.Save(w, r); err != nil {
|
|
panic(errors.Wrap(err, "could not save session"))
|
|
}
|
|
|
|
data := common.ExtendTemplateData(w, r, template.Data{
|
|
csrf.TemplateTag: csrf.TemplateField(r),
|
|
"WebAuthnOptions": webAuthnOptions,
|
|
"Token": registrationLink.Token,
|
|
})
|
|
|
|
if err := tmpl.RenderPage(w, "register.html.tmpl", data); err != nil {
|
|
panic(errors.Wrapf(err, "could not render '%s' page", r.URL.Path))
|
|
}
|
|
}
|
|
|
|
func handleRegisterForm(w http.ResponseWriter, r *http.Request) {
|
|
ctx := r.Context()
|
|
serviceContainer := container.Must(ctx)
|
|
webAuthnService := webauthn.Must(serviceContainer)
|
|
sessionService := session.Must(serviceContainer)
|
|
storageSrv := storage.Must(serviceContainer)
|
|
|
|
token := chi.URLParam(r, "token")
|
|
registrationLink, err := storageSrv.User().GetRegistrationLinkByToken(ctx, token)
|
|
if err != nil {
|
|
if errors.Is(err, storage.ErrNotFound) {
|
|
logger.Warn(ctx, "registration link not found", logger.E(errors.WithStack(err)))
|
|
http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound)
|
|
|
|
return
|
|
}
|
|
|
|
panic(errors.Wrap(err, "could not retrieve registration link"))
|
|
}
|
|
|
|
user, err := storageSrv.User().FindUserByID(ctx, registrationLink.UserID)
|
|
if err != nil {
|
|
if errors.Is(err, storage.ErrNotFound) {
|
|
logger.Warn(ctx, "user not found", logger.E(errors.WithStack(err)))
|
|
http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound)
|
|
|
|
return
|
|
}
|
|
|
|
panic(errors.Wrap(err, "could not retrieve user"))
|
|
}
|
|
|
|
if err := r.ParseForm(); err != nil {
|
|
http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
|
|
|
|
return
|
|
}
|
|
|
|
base64Credentials := r.Form.Get("credentials")
|
|
|
|
rawCredentials, err := base64.RawURLEncoding.DecodeString(base64Credentials)
|
|
if err != nil {
|
|
logger.Error(ctx, "could not parse base64 encoded credentials", logger.E(errors.WithStack(err)))
|
|
http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
|
|
|
|
return
|
|
}
|
|
|
|
var ccr protocol.CredentialCreationResponse
|
|
if err := json.Unmarshal(rawCredentials, &ccr); err != nil {
|
|
logger.Error(ctx, "could not parse credential creation response", logger.E(errors.WithStack(err)))
|
|
http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
|
|
|
|
return
|
|
}
|
|
|
|
parsedResponse, err := ccr.Parse()
|
|
if err != nil {
|
|
logger.Error(ctx, "could not parse credential creation response", logger.E(errors.WithStack(err)))
|
|
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
|
|
|
|
return
|
|
}
|
|
|
|
sess, err := sessionService.Get(w, r)
|
|
if err != nil {
|
|
logger.Error(ctx, "could not retrieve session", logger.E(errors.WithStack(err)))
|
|
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
|
|
|
|
return
|
|
}
|
|
|
|
webAuthnSessionData := sess.Get("webauthn").(*webauthn.SessionData)
|
|
|
|
credential, err := webAuthnService.CreateCredential(user, *webAuthnSessionData, parsedResponse)
|
|
if err != nil {
|
|
logger.Error(ctx, "could not create user credential", logger.E(errors.WithStack(err)))
|
|
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
|
|
|
|
return
|
|
}
|
|
|
|
if _, err := storageSrv.User().AddUserCredential(ctx, user.ID, credential); err != nil {
|
|
logger.Error(ctx, "could not add credential", logger.E(errors.WithStack(err)))
|
|
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
|
|
|
|
return
|
|
}
|
|
|
|
http.Redirect(w, r, "/registered", http.StatusSeeOther)
|
|
}
|