111 lines
2.8 KiB
Go
111 lines
2.8 KiB
Go
package handlers
|
|
|
|
import (
|
|
"net/http"
|
|
|
|
"github.com/alexedwards/scs/v2"
|
|
"github.com/logto-io/go/client"
|
|
"github.com/logto-io/go/core"
|
|
|
|
"gitlab.unjx.de/flohoss/godash/internal/env"
|
|
)
|
|
|
|
func NewAuthHandler(env *env.Config, sessionManager *scs.SessionManager) *AuthHandler {
|
|
return &AuthHandler{
|
|
logtoConfig: &client.LogtoConfig{
|
|
Endpoint: env.OIDCIssuerUrl,
|
|
AppId: env.OIDCClientId,
|
|
AppSecret: env.OIDCClientSecret,
|
|
Scopes: []string{
|
|
core.UserScopeProfile,
|
|
core.UserScopeEmail,
|
|
core.UserScopeCustomData,
|
|
core.UserScopeIdentities,
|
|
core.UserScopeRoles,
|
|
},
|
|
},
|
|
sessionManager: sessionManager,
|
|
redirectUri: env.OIDCRedirectUri,
|
|
postSignOutRedirectUri: env.OIDCPostSignOutRedirectUri,
|
|
}
|
|
}
|
|
|
|
type AuthHandler struct {
|
|
logtoConfig *client.LogtoConfig
|
|
sessionManager *scs.SessionManager
|
|
redirectUri string
|
|
postSignOutRedirectUri string
|
|
}
|
|
|
|
func (ah *AuthHandler) authRequired(handler http.Handler) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
if ah.sessionManager == nil {
|
|
handler.ServeHTTP(w, r)
|
|
return
|
|
}
|
|
logtoClient := client.NewLogtoClient(
|
|
ah.logtoConfig,
|
|
&SessionStorage{
|
|
sessionManager: ah.sessionManager,
|
|
write: w,
|
|
request: r,
|
|
},
|
|
)
|
|
if !logtoClient.IsAuthenticated() {
|
|
http.Redirect(w, r, "/sign-in", http.StatusTemporaryRedirect)
|
|
return
|
|
}
|
|
handler.ServeHTTP(w, r)
|
|
})
|
|
}
|
|
|
|
func (ah *AuthHandler) signInHandler(w http.ResponseWriter, r *http.Request) {
|
|
logtoClient := client.NewLogtoClient(
|
|
ah.logtoConfig,
|
|
&SessionStorage{
|
|
sessionManager: ah.sessionManager,
|
|
write: w,
|
|
request: r,
|
|
},
|
|
)
|
|
signInUri, err := logtoClient.SignIn(ah.redirectUri)
|
|
if err != nil {
|
|
http.Error(w, err.Error(), http.StatusInternalServerError)
|
|
return
|
|
}
|
|
http.Redirect(w, r, signInUri, http.StatusTemporaryRedirect)
|
|
}
|
|
|
|
func (ah *AuthHandler) signInCallbackHandler(w http.ResponseWriter, r *http.Request) {
|
|
logtoClient := client.NewLogtoClient(
|
|
ah.logtoConfig,
|
|
&SessionStorage{
|
|
sessionManager: ah.sessionManager,
|
|
write: w,
|
|
request: r,
|
|
},
|
|
)
|
|
err := logtoClient.HandleSignInCallback(r)
|
|
if err != nil {
|
|
http.Error(w, err.Error(), http.StatusInternalServerError)
|
|
return
|
|
}
|
|
http.Redirect(w, r, "/", http.StatusTemporaryRedirect)
|
|
}
|
|
|
|
func (ah *AuthHandler) signOutHandler(w http.ResponseWriter, r *http.Request) {
|
|
logtoClient := client.NewLogtoClient(
|
|
ah.logtoConfig,
|
|
&SessionStorage{
|
|
sessionManager: ah.sessionManager,
|
|
write: w,
|
|
request: r,
|
|
},
|
|
)
|
|
signOutUri, err := logtoClient.SignOut(ah.postSignOutRedirectUri)
|
|
if err != nil {
|
|
http.Error(w, err.Error(), http.StatusInternalServerError)
|
|
return
|
|
}
|
|
http.Redirect(w, r, signOutUri, http.StatusTemporaryRedirect)
|
|
}
|