package auth import ( "context" "fmt" "net/http" "time" session "github.com/go-session/session/v3" "github.com/golang-jwt/jwt/v5" ) type EasyAuth struct { client Auth JwtSecret []byte TimeUntilJWTExpired time.Duration } type UserClaims struct { jwt.RegisteredClaims User AuthentikUser } func NewEasyAuth(client Auth) (EasyAuth, error) { e := EasyAuth{} e.client = client e.JwtSecret = []byte("hsajedogö") e.TimeUntilJWTExpired = 120 * time.Minute return e, nil } func (e EasyAuth) CheckUser(w http.ResponseWriter, r *http.Request) (AuthentikUser, error) { user, con, err := e.GetUser(w, r) if err != nil { return AuthentikUser{}, err } if !con { return AuthentikUser{}, ErrUserNeedRedirect } return user, nil } func (e EasyAuth) GetUser(w http.ResponseWriter, r *http.Request) (AuthentikUser, bool, error) { store, err := session.Start(context.Background(), w, r) if err != nil { return AuthentikUser{}, false, err } if r.Method == http.MethodGet { store.Set("url", r.URL.String()) store.Save() } jwtData, ok := store.Get("jwt") if !ok { e.redirectAuth(w, r) return AuthentikUser{}, false, nil } jwtString := fmt.Sprintf("%s", jwtData) parsedAccessToken, _ := jwt.ParseWithClaims(jwtString, &UserClaims{}, func(token *jwt.Token) (interface{}, error) { return e.JwtSecret, nil }) if !parsedAccessToken.Valid { e.redirectAuth(w, r) return AuthentikUser{}, false, nil } claims := parsedAccessToken.Claims.(*UserClaims) return claims.User, true, nil } func (e EasyAuth) redirectAuth(w http.ResponseWriter, r *http.Request) error { redirectURL, err := e.client.GetAuthorizationURL("") if err != nil { return err } http.Redirect(w, r, redirectURL, http.StatusTemporaryRedirect) return nil } func (e EasyAuth) AuthHTTPHandler(w http.ResponseWriter, r *http.Request) { token, err := e.client.GetTokenFromCode(r.URL.Query().Get("code")) if err != nil { panic(err) // TODO: Deal with error } user := AuthentikUser{} err = e.client.GetUserInfo(token.AccessToken, &user) if err != nil { panic(err) // TODO: Deal with error } expired := time.Now().Add(e.TimeUntilJWTExpired) claims := UserClaims{} claims.Issuer = "EasyAuth" claims.Subject = user.Nickname claims.IssuedAt = jwt.NewNumericDate(time.Now()) claims.ExpiresAt = jwt.NewNumericDate(expired) claims.NotBefore = jwt.NewNumericDate(time.Now()) claims.User = user jwtToken := jwt.NewWithClaims(jwt.SigningMethodHS512, claims) jwtString, err := jwtToken.SignedString(e.JwtSecret) if err != nil { panic(err) // TODO: Deal with error } store, err := session.Start(context.Background(), w, r) if err != nil { panic(err) // TODO: Deal with error } store.Set("jwt", jwtString) store.Save() redirectURL, ok := store.Get("url") redirectUrlString := "/" if ok { redirectUrlString = fmt.Sprintf("%s", redirectURL) } http.Redirect(w, r, redirectUrlString, http.StatusTemporaryRedirect) }