package auth import ( "context" "errors" "fmt" "net/http" "time" session "github.com/go-session/session/v3" "github.com/golang-jwt/jwt/v5" ) type EasyAuth struct { client Auth jwtSecret []byte } type UserClaims struct { jwt.RegisteredClaims User AuthentikUser } func NewEasyAuth(client Auth) (EasyAuth, error) { e := EasyAuth{} e.client = client e.jwtSecret = []byte("hsajedogö") return e, nil } func (e EasyAuth) GetUser(w http.ResponseWriter, r *http.Request) (AuthentikUser, bool, error) { store, err := session.Start(context.Background(), w, r) if err != nil { return AuthentikUser{}, false, err } if r.Method == http.MethodGet { store.Set("url", r.URL.String()) store.Save() } jwtData, ok := store.Get("jwt") if !ok { e.redirectAuth(w, r) return AuthentikUser{}, false, nil } jwtString := fmt.Sprintf("%s", jwtData) parsedAccessToken, _ := jwt.ParseWithClaims(jwtString, &UserClaims{}, func(token *jwt.Token) (interface{}, error) { return e.jwtSecret, nil }) claims := parsedAccessToken.Claims.(*UserClaims) return claims.User, true, nil } func (e EasyAuth) redirectAuth(w http.ResponseWriter, r *http.Request) error { redirectURL, err := e.client.GetAuthorizationURL("") if err != nil { return err } http.Redirect(w, r, redirectURL, http.StatusTemporaryRedirect) return nil } func (e EasyAuth) AuthHTTPHandler(w http.ResponseWriter, r *http.Request) { token, err := e.client.GetTokenFromCode(r.URL.Query().Get("code")) if err != nil { panic(err) // TODO: Deal with error } user := AuthentikUser{} err = e.client.GetUserInfo(token.AccessToken, &user) if err != nil { panic(err) // TODO: Deal with error } expired := time.Now().Add(5 * time.Minute) claims := UserClaims{} claims.Issuer = "EasyAuth" claims.Subject = user.Nickname claims.IssuedAt = jwt.NewNumericDate(time.Now()) claims.ExpiresAt = jwt.NewNumericDate(expired) claims.NotBefore = jwt.NewNumericDate(time.Now()) claims.User = user jwtToken := jwt.NewWithClaims(jwt.SigningMethodHS512, claims) jwtString, err := jwtToken.SignedString(e.jwtSecret) if err != nil { panic(err) // TODO: Deal with error } store, err := session.Start(context.Background(), w, r) if err != nil { panic(err) // TODO: Deal with error } store.Set("jwt", jwtString) store.Save() redirectURL, ok := store.Get("url") redirectUrlString := "/" if ok { redirectUrlString = fmt.Sprintf("%s", redirectURL) } http.Redirect(w, r, redirectUrlString, http.StatusTemporaryRedirect) } func getCookie(w http.ResponseWriter, r *http.Request, name string) (string, error) { cookie, err := r.Cookie(name) if err != nil { if errors.Is(err, http.ErrNoCookie) { return "", nil } return "", err } return cookie.Value, nil } func setCookie(w http.ResponseWriter, name, value string, expired time.Time) { cookie := http.Cookie{} cookie.Name = name cookie.Value = value cookie.Expires = expired cookie.Path = "/" cookie.MaxAge = int(time.Until(expired).Seconds()) cookie.Secure = true cookie.HttpOnly = true cookie.SameSite = http.SameSiteStrictMode http.SetCookie(w, &cookie) }