2024-09-26 09:06:17 +00:00
|
|
|
package auth
|
2024-09-26 09:00:50 +00:00
|
|
|
|
|
|
|
|
import (
|
2024-09-26 09:20:49 +00:00
|
|
|
"errors"
|
2024-09-26 09:00:50 +00:00
|
|
|
"net/http"
|
|
|
|
|
"time"
|
|
|
|
|
|
|
|
|
|
"github.com/golang-jwt/jwt/v5"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type EasyAuth struct {
|
|
|
|
|
client Auth
|
|
|
|
|
jwtSecret []byte
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type UserClaims struct {
|
|
|
|
|
jwt.RegisteredClaims
|
|
|
|
|
User AuthentikUser
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func NewEasyAuth(client Auth) (EasyAuth, error) {
|
|
|
|
|
e := EasyAuth{}
|
|
|
|
|
e.client = client
|
|
|
|
|
e.jwtSecret = []byte("hsajedogö")
|
|
|
|
|
return e, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (e EasyAuth) GetUser(w http.ResponseWriter, r *http.Request) (AuthentikUser, bool, error) {
|
|
|
|
|
if r.Method == http.MethodGet {
|
|
|
|
|
SetCookie(w, "url", r.URL.String(), time.Now().Add(1*time.Minute))
|
|
|
|
|
}
|
|
|
|
|
cookie, err := r.Cookie("jwt")
|
|
|
|
|
if err != nil {
|
2024-09-26 09:20:49 +00:00
|
|
|
if errors.Is(err, http.ErrNoCookie) {
|
|
|
|
|
e.redirectAuth(w, r)
|
|
|
|
|
return AuthentikUser{}, false, nil
|
|
|
|
|
}
|
2024-09-26 09:00:50 +00:00
|
|
|
return AuthentikUser{}, false, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if cookie.Value == "" {
|
2024-09-26 09:20:49 +00:00
|
|
|
e.redirectAuth(w, r)
|
2024-09-26 09:00:50 +00:00
|
|
|
return AuthentikUser{}, false, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
parsedAccessToken, _ := jwt.ParseWithClaims(cookie.Value, &UserClaims{}, func(token *jwt.Token) (interface{}, error) {
|
|
|
|
|
return e.jwtSecret, nil
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
claims := parsedAccessToken.Claims.(*UserClaims)
|
|
|
|
|
|
|
|
|
|
return claims.User, true, nil
|
|
|
|
|
}
|
|
|
|
|
|
2024-09-26 09:20:49 +00:00
|
|
|
func (e EasyAuth) redirectAuth(w http.ResponseWriter, r *http.Request) error {
|
|
|
|
|
redirectURL, err := e.client.GetAuthorizationURL("")
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
http.Redirect(w, r, redirectURL, http.StatusTemporaryRedirect)
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2024-09-26 09:00:50 +00:00
|
|
|
func (e EasyAuth) AuthHTTPHandler(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
token, err := e.client.GetTokenFromCode(r.URL.Query().Get("code"))
|
|
|
|
|
if err != nil {
|
|
|
|
|
panic(err) // TODO: Deal with error
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
user := AuthentikUser{}
|
|
|
|
|
err = e.client.GetUserInfo(token.AccessToken, &user)
|
|
|
|
|
if err != nil {
|
|
|
|
|
panic(err) // TODO: Deal with error
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
expired := time.Now().Add(5 * time.Minute)
|
|
|
|
|
|
|
|
|
|
claims := UserClaims{}
|
|
|
|
|
claims.Issuer = "EasyAuth"
|
|
|
|
|
claims.Subject = user.Nickname
|
|
|
|
|
claims.IssuedAt = jwt.NewNumericDate(time.Now())
|
|
|
|
|
claims.ExpiresAt = jwt.NewNumericDate(expired)
|
|
|
|
|
claims.NotBefore = jwt.NewNumericDate(time.Now())
|
|
|
|
|
claims.User = user
|
|
|
|
|
|
|
|
|
|
jwtToken := jwt.NewWithClaims(jwt.SigningMethodHS512, claims)
|
|
|
|
|
jwtString, err := jwtToken.SignedString(e.jwtSecret)
|
|
|
|
|
if err != nil {
|
|
|
|
|
panic(err) // TODO: Deal with error
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
SetCookie(w, "jwt", jwtString, expired)
|
|
|
|
|
|
|
|
|
|
_, err = w.Write([]byte("ok")) // TODO: Redirect to right page
|
|
|
|
|
if err != nil {
|
|
|
|
|
panic(err) // TODO: Deal with error
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func SetCookie(w http.ResponseWriter, name, value string, expired time.Time) {
|
|
|
|
|
cookie := http.Cookie{}
|
|
|
|
|
cookie.Name = name
|
|
|
|
|
cookie.Value = value
|
|
|
|
|
cookie.Expires = expired
|
|
|
|
|
cookie.Path = "/"
|
|
|
|
|
cookie.MaxAge = int(time.Until(expired).Seconds())
|
|
|
|
|
cookie.Secure = true
|
|
|
|
|
cookie.HttpOnly = true
|
|
|
|
|
cookie.SameSite = http.SameSiteStrictMode
|
|
|
|
|
|
|
|
|
|
http.SetCookie(w, &cookie)
|
|
|
|
|
}
|
