Add basic support to store auth_requests (#48)
Some checks failed
/ docker-build-only (push) Failing after 29s
/ go-test (push) Failing after 1m15s

This commit is contained in:
Melora Hugues 2024-08-17 15:22:37 +02:00
parent 13f65707e7
commit 741e638c78
4 changed files with 136 additions and 4 deletions

View file

@ -3,6 +3,7 @@ package middlewares
import ( import (
"context" "context"
"net/http" "net/http"
"strings"
) )
const ( const (
@ -15,6 +16,11 @@ type BackendFromRequestMiddleware struct {
} }
func (m *BackendFromRequestMiddleware) ServeHTTP(w http.ResponseWriter, r *http.Request) { func (m *BackendFromRequestMiddleware) ServeHTTP(w http.ResponseWriter, r *http.Request) {
if !strings.HasPrefix(r.RequestURI, "/authorize") {
m.h.ServeHTTP(w, r)
return
}
if err := r.ParseForm(); err != nil { if err := r.ParseForm(); err != nil {
// TODO: handle this better // TODO: handle this better
w.WriteHeader(http.StatusBadRequest) w.WriteHeader(http.StatusBadRequest)

View file

@ -0,0 +1,116 @@
package model
import (
"fmt"
"strings"
"time"
"github.com/google/uuid"
"github.com/zitadel/oidc/v3/pkg/oidc"
)
// AuthRequest also implements the op.AuthRequest interface
type AuthRequest struct {
ID uuid.UUID
ClientID string
Scopes []string
RedirectURI string
State string
Nonce string
ResponseType string
CreationDate time.Time
AuthTime time.Time
// TODO mapping to claims to be added I guess
CodeChallenge string
CodeChallengeMethod string
BackendID uuid.UUID
UserID uuid.UUID
done bool
}
func (a AuthRequest) GetID() string {
return a.ID.String()
}
func (a AuthRequest) GetACR() string {
return "" // TODO: the hell is ACR???
}
func (a AuthRequest) GetAMR() []string {
return []string{} // TODO: the hell is this???
}
func (a AuthRequest) GetAudience() []string {
return []string{a.ID.String()} // TODO: check if we need to return something else
}
func (a AuthRequest) GetAuthTime() time.Time {
return a.AuthTime
}
func (a AuthRequest) GetClientID() string {
return a.ClientID
}
func (a AuthRequest) GetCodeChallenge() *oidc.CodeChallenge {
return &oidc.CodeChallenge{
Challenge: a.CodeChallenge,
Method: oidc.CodeChallengeMethod(a.CodeChallengeMethod),
}
}
func (a AuthRequest) GetNonce() string {
return a.Nonce
}
func (a AuthRequest) GetRedirectURI() string {
return a.RedirectURI
}
func (a AuthRequest) GetResponseType() oidc.ResponseType {
return oidc.ResponseType(a.ResponseType)
}
func (a AuthRequest) GetResponseMode() oidc.ResponseMode {
return oidc.ResponseModeQuery // TODO: check if this is good
}
func (a AuthRequest) GetScopes() []string {
return a.Scopes
}
func (a AuthRequest) GetState() string {
return a.State
}
func (a AuthRequest) GetSubject() string {
return a.UserID.String()
}
func (a AuthRequest) Done() bool {
return a.done
}
func (a *AuthRequest) FromOIDCAuthRequest(req *oidc.AuthRequest, backendID uuid.UUID) {
fmt.Println(req)
a.ID = uuid.New()
a.ClientID = req.ClientID
a.Scopes = strings.Split(req.Scopes.String(), " ")
a.RedirectURI = req.RedirectURI
a.State = req.State
a.Nonce = req.Nonce
a.ResponseType = string(req.ResponseType)
a.CreationDate = time.Now().UTC()
a.CodeChallenge = req.CodeChallenge
a.CodeChallengeMethod = string(req.CodeChallengeMethod)
a.BackendID = backendID
fmt.Println(a)
}

View file

@ -13,6 +13,7 @@ type ClientConfig struct {
RedirectURIs []string RedirectURIs []string
TrustedPeers []string TrustedPeers []string
Name string Name string
AuthRequest *AuthRequest
} }
type Client struct { type Client struct {
@ -47,8 +48,13 @@ func (c Client) GrantTypes() []oidc.GrantType {
return []oidc.GrantType{oidc.GrantTypeCode} return []oidc.GrantType{oidc.GrantTypeCode}
} }
func (c Client) LoginURL(id string) string { func (c Client) LoginURL(authRequestID string) string {
return id // here we have the requestID, meaning we should:
// - get the request from its ID
// - get the associated backend
// - build the correct URI to use as a redirection, which is from the backend
// - afterwards would should basically handle it as a OIDC client
return authRequestID
} }
func (c Client) AccessTokenType() op.AccessTokenType { func (c Client) AccessTokenType() op.AccessTokenType {

View file

@ -7,6 +7,7 @@ import (
"time" "time"
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/internal/db" "git.faercol.me/faercol/polyculeconnect/polyculeconnect/internal/db"
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/internal/model"
"github.com/go-jose/go-jose/v4" "github.com/go-jose/go-jose/v4"
"github.com/zitadel/oidc/v3/pkg/oidc" "github.com/zitadel/oidc/v3/pkg/oidc"
"github.com/zitadel/oidc/v3/pkg/op" "github.com/zitadel/oidc/v3/pkg/op"
@ -30,12 +31,15 @@ func (s *Storage) CreateAuthRequest(ctx context.Context, req *oidc.AuthRequest,
if !ok { if !ok {
return nil, errors.New("no backend name provided") return nil, errors.New("no backend name provided")
} }
_, err := s.LocalStorage.BackendStorage().GetBackendByName(ctx, backendName) selectedBackend, err := s.LocalStorage.BackendStorage().GetBackendByName(ctx, backendName)
if err != nil { if err != nil {
return nil, fmt.Errorf("failed to get backend: %w", err) return nil, fmt.Errorf("failed to get backend: %w", err)
} }
return nil, ErrNotImplemented("CreateAuthRequest") var opReq model.AuthRequest
opReq.FromOIDCAuthRequest(req, selectedBackend.ID)
return opReq, nil
} }
func (s *Storage) AuthRequestByID(ctx context.Context, requestID string) (op.AuthRequest, error) { func (s *Storage) AuthRequestByID(ctx context.Context, requestID string) (op.AuthRequest, error) {