easyauth

2024-09-26 11:00:50 +02:00 · 2024-09-26 11:00:50 +02:00 · eac592da94
commit eac592da94
parent ca16171225
4 changed files with 115 additions and 2 deletions
--- a/Readme.md
+++ b/Readme.md
@ -1,6 +1,11 @@
 Small oAuth2 Client to have an easy way to connect to Authentik
 # Auth
 ## Easy Auth
 Easy Authentification for default go http lib.
 In Process
 ## Low Level Lib / AuthClient
 The Low Level Lib (Auth) is a Client to provied the basic oAuth2 functions without state. 
--- a/easyauth.go
+++ b/easyauth.go
@ -0,0 +1,103 @@
 package kekskurseauth
 import (
 	"net/http"
 	"time"
 	"github.com/golang-jwt/jwt/v5"
 )
 type EasyAuth struct {
 	client    Auth
 	jwtSecret []byte
 }
 type UserClaims struct {
 	jwt.RegisteredClaims
 	User AuthentikUser
 }
 func NewEasyAuth(client Auth) (EasyAuth, error) {
 	e := EasyAuth{}
 	e.client = client
 	e.jwtSecret = []byte("hsajedogö")
 	return e, nil
 }
 func (e EasyAuth) GetUser(w http.ResponseWriter, r *http.Request) (AuthentikUser, bool, error) {
 	if r.Method == http.MethodGet {
 		SetCookie(w, "url", r.URL.String(), time.Now().Add(1*time.Minute))
 	}
 	cookie, err := r.Cookie("jwt")
 	if err != nil {
 		return AuthentikUser{}, false, err
 	}
 	redirectURL, err := e.client.GetAuthorizationURL("")
 	if err != nil {
 		return AuthentikUser{}, false, err
 	}
 	if cookie.Value == "" {
 		http.Redirect(w, r, redirectURL, http.StatusTemporaryRedirect)
 		return AuthentikUser{}, false, nil
 	}
 	parsedAccessToken, _ := jwt.ParseWithClaims(cookie.Value, &UserClaims{}, func(token *jwt.Token) (interface{}, error) {
 		return e.jwtSecret, nil
 	})
 	claims := parsedAccessToken.Claims.(*UserClaims)
 	return claims.User, true, nil
 }
 func (e EasyAuth) AuthHTTPHandler(w http.ResponseWriter, r *http.Request) {
 	token, err := e.client.GetTokenFromCode(r.URL.Query().Get("code"))
 	if err != nil {
 		panic(err) // TODO: Deal with error
 	}
 	user := AuthentikUser{}
 	err = e.client.GetUserInfo(token.AccessToken, &user)
 	if err != nil {
 		panic(err) // TODO: Deal with error
 	}
 	expired := time.Now().Add(5 * time.Minute)
 	claims := UserClaims{}
 	claims.Issuer = "EasyAuth"
 	claims.Subject = user.Nickname
 	claims.IssuedAt = jwt.NewNumericDate(time.Now())
 	claims.ExpiresAt = jwt.NewNumericDate(expired)
 	claims.NotBefore = jwt.NewNumericDate(time.Now())
 	claims.User = user
 	jwtToken := jwt.NewWithClaims(jwt.SigningMethodHS512, claims)
 	jwtString, err := jwtToken.SignedString(e.jwtSecret)
 	if err != nil {
 		panic(err) // TODO: Deal with error
 	}
 	SetCookie(w, "jwt", jwtString, expired)
 	_, err = w.Write([]byte("ok")) // TODO: Redirect to right page
 	if err != nil {
 		panic(err) // TODO: Deal with error
 	}
 }
 func SetCookie(w http.ResponseWriter, name, value string, expired time.Time) {
 	cookie := http.Cookie{}
 	cookie.Name = name
 	cookie.Value = value
 	cookie.Expires = expired
 	cookie.Path = "/"
 	cookie.MaxAge = int(time.Until(expired).Seconds())
 	cookie.Secure = true
 	cookie.HttpOnly = true
 	cookie.SameSite = http.SameSiteStrictMode
 	http.SetCookie(w, &cookie)
 }
--- a/go.mod
+++ b/go.mod
@ -1,8 +1,11 @@
-module git.keks.cloud/kekskurse/kekskurse-auth
+module git.keks.cloud/kekskurse/auth
 go 1.23.1
-require github.com/stretchr/testify v1.9.0
+require (
 	github.com/golang-jwt/jwt/v5 v5.2.1
 	github.com/stretchr/testify v1.9.0
 )
 require (
 	github.com/davecgh/go-spew v1.1.1 // indirect
--- a/go.sum
+++ b/go.sum
@ -1,5 +1,7 @@
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk=
 github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=