auth/easyauth.go

133 lines
2.9 KiB
Go

package auth
import (
"context"
"fmt"
"net/http"
"time"
session "github.com/go-session/session/v3"
"github.com/golang-jwt/jwt/v5"
)
type EasyAuth struct {
client Auth
JwtSecret []byte
TimeUntilJWTExpired time.Duration
}
type UserClaims struct {
jwt.RegisteredClaims
User AuthentikUser
}
func NewEasyAuth(client Auth) (EasyAuth, error) {
e := EasyAuth{}
e.client = client
e.JwtSecret = []byte("hsajedogö")
e.TimeUntilJWTExpired = 120 * time.Minute
return e, nil
}
func (e EasyAuth) CheckUser(w http.ResponseWriter, r *http.Request) (AuthentikUser, error) {
user, con, err := e.GetUser(w, r)
if err != nil {
return AuthentikUser{}, err
}
if !con {
return AuthentikUser{}, ErrUserNeedRedirect
}
return user, nil
}
func (e EasyAuth) GetUser(w http.ResponseWriter, r *http.Request) (AuthentikUser, bool, error) {
store, err := session.Start(context.Background(), w, r)
if err != nil {
return AuthentikUser{}, false, err
}
if r.Method == http.MethodGet {
store.Set("url", r.URL.String())
store.Save()
}
jwtData, ok := store.Get("jwt")
if !ok {
e.redirectAuth(w, r)
return AuthentikUser{}, false, nil
}
jwtString := fmt.Sprintf("%s", jwtData)
parsedAccessToken, _ := jwt.ParseWithClaims(jwtString, &UserClaims{}, func(token *jwt.Token) (interface{}, error) {
return e.JwtSecret, nil
})
if !parsedAccessToken.Valid {
e.redirectAuth(w, r)
return AuthentikUser{}, false, nil
}
claims := parsedAccessToken.Claims.(*UserClaims)
return claims.User, true, nil
}
func (e EasyAuth) redirectAuth(w http.ResponseWriter, r *http.Request) error {
redirectURL, err := e.client.GetAuthorizationURL("")
if err != nil {
return err
}
http.Redirect(w, r, redirectURL, http.StatusTemporaryRedirect)
return nil
}
func (e EasyAuth) AuthHTTPHandler(w http.ResponseWriter, r *http.Request) {
token, err := e.client.GetTokenFromCode(r.URL.Query().Get("code"))
if err != nil {
panic(err) // TODO: Deal with error
}
user := AuthentikUser{}
err = e.client.GetUserInfo(token.AccessToken, &user)
if err != nil {
panic(err) // TODO: Deal with error
}
expired := time.Now().Add(e.TimeUntilJWTExpired)
claims := UserClaims{}
claims.Issuer = "EasyAuth"
claims.Subject = user.Nickname
claims.IssuedAt = jwt.NewNumericDate(time.Now())
claims.ExpiresAt = jwt.NewNumericDate(expired)
claims.NotBefore = jwt.NewNumericDate(time.Now())
claims.User = user
jwtToken := jwt.NewWithClaims(jwt.SigningMethodHS512, claims)
jwtString, err := jwtToken.SignedString(e.JwtSecret)
if err != nil {
panic(err) // TODO: Deal with error
}
store, err := session.Start(context.Background(), w, r)
if err != nil {
panic(err) // TODO: Deal with error
}
store.Set("jwt", jwtString)
store.Save()
redirectURL, ok := store.Get("url")
redirectUrlString := "/"
if ok {
redirectUrlString = fmt.Sprintf("%s", redirectURL)
}
http.Redirect(w, r, redirectUrlString, http.StatusTemporaryRedirect)
}