2024-08-15 16:25:15 +00:00
|
|
|
package storage
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
2024-08-16 09:02:44 +00:00
|
|
|
"errors"
|
2024-08-15 16:25:15 +00:00
|
|
|
"fmt"
|
|
|
|
"time"
|
|
|
|
|
|
|
|
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/internal/db"
|
2024-08-17 13:22:37 +00:00
|
|
|
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/internal/model"
|
2024-10-06 09:28:26 +00:00
|
|
|
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/logger"
|
2024-08-15 16:25:15 +00:00
|
|
|
"github.com/go-jose/go-jose/v4"
|
2024-09-22 08:26:27 +00:00
|
|
|
"github.com/google/uuid"
|
2024-08-15 16:25:15 +00:00
|
|
|
"github.com/zitadel/oidc/v3/pkg/oidc"
|
|
|
|
"github.com/zitadel/oidc/v3/pkg/op"
|
|
|
|
)
|
|
|
|
|
|
|
|
func ErrNotImplemented(name string) error {
|
|
|
|
return fmt.Errorf("%s is not implemented", name)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Storage implements the Storage interface from zitadel/oidc/op
|
|
|
|
type Storage struct {
|
2024-08-16 09:02:44 +00:00
|
|
|
LocalStorage db.Storage
|
2024-08-15 16:25:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
Auth storage interface
|
|
|
|
*/
|
|
|
|
func (s *Storage) CreateAuthRequest(ctx context.Context, req *oidc.AuthRequest, userID string) (op.AuthRequest, error) {
|
2024-10-06 09:28:26 +00:00
|
|
|
|
|
|
|
// userID should normally be an empty string (to verify), we don't get it in our workflow from what I saw
|
|
|
|
// TODO: check this is indeed not needed / never present
|
|
|
|
logger.L.Debug("Creating a new auth request")
|
|
|
|
|
2024-08-16 09:02:44 +00:00
|
|
|
// validate that the connector is correct
|
|
|
|
backendName, ok := stringFromCtx(ctx, "backendName")
|
|
|
|
if !ok {
|
|
|
|
return nil, errors.New("no backend name provided")
|
|
|
|
}
|
2024-08-17 13:22:37 +00:00
|
|
|
selectedBackend, err := s.LocalStorage.BackendStorage().GetBackendByName(ctx, backendName)
|
2024-08-16 09:02:44 +00:00
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("failed to get backend: %w", err)
|
|
|
|
}
|
|
|
|
|
2024-08-17 13:22:37 +00:00
|
|
|
var opReq model.AuthRequest
|
|
|
|
opReq.FromOIDCAuthRequest(req, selectedBackend.ID)
|
|
|
|
|
2024-09-22 08:26:27 +00:00
|
|
|
if err := s.LocalStorage.AuthRequestStorage().CreateAuthRequest(ctx, opReq); err != nil {
|
|
|
|
return nil, fmt.Errorf("failed to save auth request: %w", err)
|
|
|
|
}
|
|
|
|
|
2024-10-06 09:28:26 +00:00
|
|
|
logger.L.Debugf("Created a new auth request for backend %s", backendName)
|
|
|
|
|
2024-08-17 13:22:37 +00:00
|
|
|
return opReq, nil
|
2024-08-15 16:25:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (s *Storage) AuthRequestByID(ctx context.Context, requestID string) (op.AuthRequest, error) {
|
|
|
|
return nil, ErrNotImplemented("AuthRequestByID")
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *Storage) AuthRequestByCode(ctx context.Context, requestCode string) (op.AuthRequest, error) {
|
|
|
|
return nil, ErrNotImplemented("AuthRequestByCode")
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *Storage) SaveAuthCode(ctx context.Context, id string, code string) error {
|
|
|
|
return ErrNotImplemented("SaveAuthCode")
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *Storage) DeleteAuthRequest(ctx context.Context, id string) error {
|
|
|
|
return ErrNotImplemented("DeleteAuthRequest")
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *Storage) CreateAccessToken(ctx context.Context, req op.TokenRequest) (accessTokenID string, expiration time.Time, err error) {
|
|
|
|
return "", time.Time{}, ErrNotImplemented("CreateAccessToken")
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *Storage) CreateAccessAndRefreshTokens(ctx context.Context, request op.TokenRequest, currentRefreshToken string) (accessTokenID string, newRefreshTokenID string, expiration time.Time, err error) {
|
|
|
|
return "", "", time.Time{}, ErrNotImplemented("CreateAccessAndRefreshTokens")
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *Storage) TokenRequestByRefreshToken(ctx context.Context, refreshTokenID string) (op.RefreshTokenRequest, error) {
|
|
|
|
return nil, ErrNotImplemented("TokenRequestByRefreshToken")
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *Storage) TerminateSession(ctx context.Context, userID string, clientID string) error {
|
|
|
|
return ErrNotImplemented("TerminateSession")
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *Storage) RevokeToken(ctx context.Context, tokenOrTokenID string, userID string, clientID string) *oidc.Error {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *Storage) GetRefreshTokenInfo(ctx context.Context, clientID string, stoken string) (string, string, error) {
|
|
|
|
return "", "", ErrNotImplemented("GetRefreshTokenInfo")
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *Storage) SigningKey(ctx context.Context) (op.SigningKey, error) {
|
|
|
|
return nil, ErrNotImplemented("SigningKey")
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *Storage) SignatureAlgorithms(ctx context.Context) ([]jose.SignatureAlgorithm, error) {
|
|
|
|
return nil, ErrNotImplemented("SignatureAlgorithms")
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *Storage) KeySet(ctx context.Context) ([]op.Key, error) {
|
|
|
|
return nil, ErrNotImplemented("KeySet")
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
OP storage
|
|
|
|
*/
|
|
|
|
|
2024-09-22 08:26:27 +00:00
|
|
|
func (s *Storage) getClientWithDetails(ctx context.Context, authRequestID uuid.UUID) (op.Client, error) {
|
2024-10-06 09:28:26 +00:00
|
|
|
logger.L.Debug("Trying to get client details from auth request")
|
|
|
|
|
2024-09-22 08:26:27 +00:00
|
|
|
authRequest, err := s.LocalStorage.AuthRequestStorage().GetAuthRequestByID(ctx, authRequestID)
|
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("failed to get authRequest from local storage: %w", err)
|
|
|
|
}
|
|
|
|
backend, err := s.LocalStorage.BackendStorage().GetBackendByID(ctx, authRequest.BackendID)
|
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("failed to get associated backend from local storage: %w", err)
|
|
|
|
}
|
|
|
|
client, err := s.LocalStorage.ClientStorage().GetClientByID(ctx, authRequest.ClientID)
|
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("failed to get associated client from local storage: %w", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
authRequest.Backend = backend
|
|
|
|
client.AuthRequest = authRequest
|
|
|
|
|
|
|
|
return client, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// We're cheating a bit here since we're using the authrequest to get its associated client
|
|
|
|
// but a request is always associated to a backend, and we really need both, so we have no
|
|
|
|
// choice here. I'll maybe need to have a more elegant solution later, but not choice for now
|
|
|
|
func (s *Storage) GetClientByClientID(ctx context.Context, id string) (op.Client, error) {
|
2024-10-06 09:28:26 +00:00
|
|
|
logger.L.Debugf("Selecting client app with ID %s", id)
|
2024-09-22 08:26:27 +00:00
|
|
|
|
|
|
|
authRequestID, err := uuid.Parse(id)
|
2024-08-15 16:25:15 +00:00
|
|
|
if err != nil {
|
2024-09-22 08:26:27 +00:00
|
|
|
// it's not a UUID, it means this was called using client_id, we just return the client without details
|
|
|
|
client, err := s.LocalStorage.ClientStorage().GetClientByID(ctx, id)
|
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("failed to get client %s from local storage: %w", id, err)
|
|
|
|
}
|
|
|
|
return client, nil
|
2024-08-15 16:25:15 +00:00
|
|
|
}
|
|
|
|
|
2024-09-22 08:26:27 +00:00
|
|
|
// we have a UUID, it means we got a requestID, so we can get all details here
|
|
|
|
return s.getClientWithDetails(ctx, authRequestID)
|
2024-08-15 16:25:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (s *Storage) AuthorizeClientIDSecret(ctx context.Context, clientID, clientSecret string) error {
|
|
|
|
return ErrNotImplemented("AuthorizeClientIDSecret")
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *Storage) SetUserinfoFromScopes(ctx context.Context, userinfo *oidc.UserInfo, userID, clientID string, scopes []string) error {
|
|
|
|
return ErrNotImplemented("SetUserinfoFromScopes")
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *Storage) SetUserinfoFromToken(ctx context.Context, userinfo *oidc.UserInfo, tokenID, subject, origin string) error {
|
|
|
|
return ErrNotImplemented("SetUserinfoFromToken")
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *Storage) SetIntrospectionFromToken(ctx context.Context, userinfo *oidc.IntrospectionResponse, tokenID, subject, clientID string) error {
|
|
|
|
return ErrNotImplemented("SetIntrospectionFromToken")
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *Storage) GetPrivateClaimsFromScopes(ctx context.Context, userID, clientID string, scopes []string) (map[string]interface{}, error) {
|
|
|
|
return nil, ErrNotImplemented("GetPrivateClaimsFromScopes")
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *Storage) GetKeyByIDAndClientID(ctx context.Context, keyID, clientID string) (*jose.JSONWebKey, error) {
|
|
|
|
return nil, ErrNotImplemented("GetKeyByIDAndClientID")
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *Storage) ValidateJWTProfileScopes(ctx context.Context, userID string, scopes []string) ([]string, error) {
|
|
|
|
return nil, ErrNotImplemented("ValidateJWTProfileScopes")
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *Storage) Health(ctx context.Context) error {
|
|
|
|
return ErrNotImplemented("Health")
|
|
|
|
}
|
2024-08-16 09:02:44 +00:00
|
|
|
|
|
|
|
func stringFromCtx(ctx context.Context, key string) (string, bool) {
|
|
|
|
rawVal := ctx.Value(key)
|
|
|
|
if rawVal == nil {
|
|
|
|
return "", false
|
|
|
|
}
|
|
|
|
|
|
|
|
val, ok := rawVal.(string)
|
|
|
|
return val, ok
|
|
|
|
}
|