109 lines
2.7 KiB
Go
109 lines
2.7 KiB
Go
package oauthapi
|
|
|
|
import (
|
|
"crypto/rand"
|
|
"crypto/rsa"
|
|
"net/http"
|
|
"time"
|
|
|
|
"git.keks.cloud/kekskurse/miniauth/pkg/miniauth"
|
|
"github.com/gin-gonic/gin"
|
|
"github.com/ory/fosite"
|
|
"github.com/ory/fosite/compose"
|
|
"github.com/ory/fosite/storage"
|
|
"github.com/rs/zerolog"
|
|
"github.com/rs/zerolog/log"
|
|
)
|
|
|
|
type OauthAPIConf struct{}
|
|
|
|
type OAuthAPI struct {
|
|
config OauthAPIConf
|
|
ma miniauth.Miniauth
|
|
log zerolog.Logger
|
|
oauth fosite.OAuth2Provider
|
|
}
|
|
|
|
func NewOauthAPI(config OauthAPIConf, ma miniauth.Miniauth) OAuthAPI {
|
|
w := OAuthAPI{}
|
|
w.config = config
|
|
w.ma = ma
|
|
l := log.With().Str("pkg", "oauthapi").Logger()
|
|
w.log = l
|
|
|
|
storage := storage.NewExampleStore()
|
|
secret := []byte("my super secret signing password")
|
|
|
|
privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
|
|
if err != nil {
|
|
w.log.Fatal().Err(err).Msg("cant create privatekey")
|
|
}
|
|
|
|
oconfig := &fosite.Config{
|
|
AccessTokenLifespan: time.Minute * 30,
|
|
GlobalSecret: secret,
|
|
}
|
|
|
|
oauth2Provider := compose.ComposeAllEnabled(oconfig, storage, privateKey)
|
|
|
|
w.oauth = oauth2Provider
|
|
return w
|
|
}
|
|
|
|
func (w OAuthAPI) RegisterRoutes(routing *gin.RouterGroup) error {
|
|
routing.GET("/auth", w.authGet)
|
|
routing.POST("/auth", w.authPost)
|
|
routing.POST("/token", w.token)
|
|
return nil
|
|
}
|
|
|
|
func (w OAuthAPI) authGet(ctx *gin.Context) {
|
|
ar, err := w.oauth.NewAuthorizeRequest(ctx, ctx.Request)
|
|
if err != nil {
|
|
log.Error().Err(err).Msg("cant create authorize request")
|
|
w.oauth.WriteAuthorizeError(ctx, ctx.Writer, ar, err)
|
|
return
|
|
}
|
|
w.log.Debug().Interface("ar", err).Msg("AuthorizeRequest")
|
|
|
|
ctx.HTML(http.StatusOK, "login.html", nil)
|
|
}
|
|
|
|
func (w OAuthAPI) authPost(ctx *gin.Context) {
|
|
ar, err := w.oauth.NewAuthorizeRequest(ctx, ctx.Request)
|
|
if err != nil {
|
|
log.Error().Err(err).Msg("cant create authorize request")
|
|
w.oauth.WriteAuthorizeError(ctx, ctx.Writer, ar, err)
|
|
return
|
|
}
|
|
|
|
mySessionData := &fosite.DefaultSession{
|
|
Username: ctx.PostForm("username"),
|
|
}
|
|
|
|
response, err := w.oauth.NewAuthorizeResponse(ctx.Request.Context(), ar, mySessionData)
|
|
if err != nil {
|
|
log.Error().Err(err).Msg("cant create response")
|
|
w.oauth.WriteAuthorizeError(ctx, ctx.Writer, ar, err)
|
|
return
|
|
}
|
|
|
|
w.oauth.WriteAuthorizeResponse(ctx, ctx.Writer, ar, response)
|
|
}
|
|
|
|
func (w OAuthAPI) token(ctx *gin.Context) {
|
|
mySessionData := new(fosite.DefaultSession)
|
|
|
|
accessRequest, err := w.oauth.NewAccessRequest(ctx, ctx.Request, mySessionData)
|
|
if err != nil {
|
|
w.oauth.WriteAccessError(ctx.Request.Context(), ctx.Writer, accessRequest, err)
|
|
return
|
|
}
|
|
|
|
response, err := w.oauth.NewAccessResponse(ctx, accessRequest)
|
|
if err != nil {
|
|
w.oauth.WriteAccessError(ctx, ctx.Writer, accessRequest, err)
|
|
return
|
|
}
|
|
w.oauth.WriteAccessResponse(ctx, ctx.Writer, accessRequest, response)
|
|
}
|