package auth import ( "encoding/json" "fmt" "io" "net/http" "net/url" "strings" "time" ) type User struct { Sub string `json:"sub"` } type AuthentikUser struct { User Email string `json:"email"` EmailVerified bool `json:"email_verified"` Name string `json:"name"` GivenName string `json:"given_name"` PreferredUsername string `json:"preferred_username"` Nickname string `json:"nickname"` Groups []string `json:"groups"` } type Auth struct { authConfig AuthConfig clientConfig ClientConfig } type Token struct { AccessToken string `json:"access_token"` TokenType string `json:"token_type"` ExpiredIn int `json:"expires_in"` RefreshToken string `json:"refresh_token"` CreatedAt time.Time } func NewAuthWithConfig(config ClientConfig, authConfig AuthConfig) (Auth, error) { a := Auth{} a.authConfig = authConfig a.clientConfig = config return a, nil } func NewAuthWithConfigurationURL(config ClientConfig, url string) (Auth, error) { a := Auth{} a.clientConfig = config authConfig := AuthConfig{} res, err := http.Get(url) if err != nil { return Auth{}, fmt.Errorf("%w: %q", ErrCantGetConfiguratorData, err) } defer res.Body.Close() bodyContent, err := io.ReadAll(res.Body) if err != nil { return Auth{}, fmt.Errorf("%w: %q", ErrCantGetConfiguratorData, err) } err = json.Unmarshal(bodyContent, &authConfig) if err != nil { return Auth{}, fmt.Errorf("%w: %q", ErrCantGetConfiguratorData, err) } a.authConfig = authConfig return a, nil } func (a Auth) GetAuthorizationURL(state string) (string, error) { if a.authConfig.AuthorizationEndpoint == "" { return "", fmt.Errorf("%w: %s", ErrCantGetAuthorizationURL, "AuthorizationEndpoint in config is empty") } if a.clientConfig.ClientID == "" { return "", fmt.Errorf("%w: %s", ErrCantGetAuthorizationURL, "clientid in config is empty") } url, err := url.Parse(a.authConfig.AuthorizationEndpoint) if err != nil { return "", fmt.Errorf("%w: %q", ErrCantGetAuthorizationURL, err) } values := url.Query() values.Set("client_id", a.clientConfig.ClientID) if a.clientConfig.RedirectURL != "" { values.Set("redirect_uri", a.clientConfig.RedirectURL) } if len(a.clientConfig.Scope) > 0 { values.Set("scope", strings.Join(a.clientConfig.Scope, "+")) } if state != "" { values.Set("state", state) } values.Set("response_type", "code") url.RawQuery = values.Encode() return url.String(), nil } func (a Auth) GetUserInfo(accessToken string, user any) error { req, err := http.NewRequest("GET", a.authConfig.UserinfoEndpoint, nil) req.Header.Add("Authorization", "Bearer "+accessToken) hc := http.Client{} resp, err := hc.Do(req) if err != nil { return fmt.Errorf("%w: %q", ErrCreateRequestForUserInfo, err) } defer resp.Body.Close() if resp.StatusCode != http.StatusOK { return fmt.Errorf("%w: %s (%v)", ErrCantGetUserInfo, "server response with nuon 200 status code", resp.StatusCode) } body, err := io.ReadAll(resp.Body) if err != nil { return fmt.Errorf("%w: %q", ErrCreateRequestForUserInfo, err) } err = json.Unmarshal(body, &user) if err != nil { return fmt.Errorf("%w: %s: %q", ErrCantGetUserInfo, "json unmarshal", err) } return nil } func (a Auth) GetTokenFromCode(code string) (Token, error) { form := url.Values{} form.Add("grant_type", "authorization_code") form.Add("code", code) form.Add("redirect_uri", a.clientConfig.RedirectURL) req, err := http.NewRequest("POST", a.authConfig.TokenEndpoint, strings.NewReader(form.Encode())) if err != nil { return Token{}, fmt.Errorf("%w: %q", ErrCantCreateTokenRequests, err) } req.Header.Add("Content-Type", "application/x-www-form-urlencoded") req.SetBasicAuth(a.clientConfig.ClientID, a.clientConfig.ClientSecret) hc := http.Client{} resp, err := hc.Do(req) if err != nil { return Token{}, fmt.Errorf("%w: %q", ErrCantSendRequestsForToken, err) } defer resp.Body.Close() body, err := io.ReadAll(resp.Body) if err != nil { return Token{}, fmt.Errorf("%w: %q", ErrCantSendRequestsForToken, err) } fmt.Println(string(body)) fmt.Println(resp.StatusCode) if resp.StatusCode != 200 { var er struct { Error string `json:"error"` ErrorDescription string `json:"error_description"` } err = json.Unmarshal(body, &er) if err != nil { return Token{}, fmt.Errorf("%w: %s", ErrWrongResponseFromServer, string(body)) } if er.ErrorDescription != "" { return Token{}, fmt.Errorf("%w: %s", ErrWrongResponseFromServer, er.ErrorDescription) } return Token{}, fmt.Errorf("%w: %s", ErrWrongResponseFromServer, string(body)) } t := Token{} t.CreatedAt = time.Now() err = json.Unmarshal(body, &t) if err != nil { return Token{}, fmt.Errorf("%w: %q", ErrCantGetTokenForCode, err) } return t, nil }