96 lines
2.9 KiB
Go
96 lines
2.9 KiB
Go
package main
|
|
|
|
import (
|
|
"net/http"
|
|
"net/url"
|
|
|
|
"github.com/gookit/goutil/dump"
|
|
"zeevdiukman.com/zprox/internal/config"
|
|
"zeevdiukman.com/zprox/pkg/helper"
|
|
)
|
|
|
|
func CallbackHandler(w http.ResponseWriter, r *http.Request) {
|
|
config.Wrapper(func(c *config.Config) {
|
|
// ctx := context.Background()
|
|
query := r.URL.Query()
|
|
|
|
code := query.Get("code")
|
|
state := query.Get("state")
|
|
|
|
verifier := app.SessionManager.GetString(r.Context(), "code_verifier")
|
|
if verifier == "" {
|
|
http.Error(w, "Code verifier not found in session", http.StatusBadRequest)
|
|
return
|
|
}
|
|
expectedState := app.SessionManager.GetString(r.Context(), "state")
|
|
if state != expectedState {
|
|
http.Error(w, "Invalid state parameter", http.StatusBadRequest)
|
|
return
|
|
}
|
|
// originalURL, err := decodeState(state)
|
|
// if err != nil {
|
|
// dump.P(err.Error())
|
|
// http.Error(w, "Invalid state", http.StatusBadRequest)
|
|
// return
|
|
// }
|
|
originalPath := app.SessionManager.GetString(r.Context(), "original_path")
|
|
|
|
authName := c.GetAuthNameByDomain(r.Host)
|
|
token, fullResponse, e := exchangeCode(code, verifier, c, authName)
|
|
if e != nil {
|
|
dump.Println("exchangeCode: " + e.Error())
|
|
}
|
|
|
|
app.SessionManager.Put(r.Context(), "access_token", token.AccessToken)
|
|
app.SessionManager.Put(r.Context(), "full_token", fullResponse)
|
|
|
|
// SetAuthHeader(w, token.AccessToken)
|
|
http.Redirect(w, r, originalPath, http.StatusFound)
|
|
// http.Redirect(w, r, originalURL, http.StatusFound)
|
|
})
|
|
}
|
|
func LogoutHandler(w http.ResponseWriter, r *http.Request) {
|
|
config.Wrapper(func(c *config.Config) {
|
|
|
|
//TODO: only after returninig, delete the session!
|
|
app.SessionManager.Remove(r.Context(), "access_token")
|
|
app.SessionManager.Remove(r.Context(), "full_token")
|
|
|
|
authName := c.DataMaps.DomainToAuth[r.Host]
|
|
a := c.Auth[authName]
|
|
u := a.OpenID.EndPoints.Logout
|
|
http.Redirect(w, r, u, http.StatusFound)
|
|
})
|
|
|
|
}
|
|
|
|
func LoginHandler(w http.ResponseWriter, r *http.Request) {
|
|
config.Wrapper(func(c *config.Config) {
|
|
|
|
authName := c.DataMaps.DomainToAuth[r.Host]
|
|
|
|
// state := helper.RandStringByBits(64)
|
|
nonce := helper.RandStringByBits(64)
|
|
authURL, _ := url.Parse(c.Auth[authName].OpenID.EndPoints.Auth)
|
|
query := authURL.Query()
|
|
|
|
codeVerifier, _ := generateCodeVerifier()
|
|
codeChallenge := generateCodeChallenge(codeVerifier)
|
|
|
|
originalPath := app.SessionManager.GetString(r.Context(), "original_path")
|
|
state := generateState(url.QueryEscape(originalPath))
|
|
query.Set("client_id", c.Auth[authName].OpenID.ClientID)
|
|
query.Set("response_type", "code")
|
|
query.Set("scope", "openid")
|
|
query.Set("redirect_uri", c.Auth[authName].OpenID.RedirectURI)
|
|
query.Set("code_challenge", codeChallenge)
|
|
query.Set("code_challenge_method", "S256")
|
|
query.Set("state", state)
|
|
query.Set("nonce", nonce)
|
|
authURL.RawQuery = query.Encode()
|
|
app.SessionManager.Put(r.Context(), "state", state)
|
|
app.SessionManager.Put(r.Context(), "code_verifier", codeVerifier)
|
|
http.Redirect(w, r, authURL.String(), http.StatusFound)
|
|
})
|
|
|
|
}
|