diff --git a/polyculeconnect/cmd/backend/add.go b/polyculeconnect/cmd/backend/add.go index 7d21a34..2ca8c6f 100644 --- a/polyculeconnect/cmd/backend/add.go +++ b/polyculeconnect/cmd/backend/add.go @@ -59,7 +59,7 @@ func addNewBackend() { backendConf := model.Backend{ ID: backendIDUUID, Name: backendName, - OIDCConfig: model.BackendOIDCConfig{ + Config: model.BackendOIDCConfig{ ClientID: backendClientID, ClientSecret: backendClientSecret, Issuer: backendIssuer, diff --git a/polyculeconnect/cmd/backend/show.go b/polyculeconnect/cmd/backend/show.go index 6999e5c..b988978 100644 --- a/polyculeconnect/cmd/backend/show.go +++ b/polyculeconnect/cmd/backend/show.go @@ -46,10 +46,10 @@ func showBackend(backendName string, backendService backend.BackendDB) { fmt.Println("Backend config:") printProperty("ID", backendConfig.ID.String()) printProperty("Name", backendConfig.Name) - printProperty("Issuer", backendConfig.OIDCConfig.Issuer) - printProperty("Client ID", backendConfig.OIDCConfig.ClientID) - printProperty("Client secret", backendConfig.OIDCConfig.ClientSecret) - printProperty("Redirect URI", backendConfig.OIDCConfig.RedirectURI) + printProperty("Issuer", backendConfig.Config.Issuer) + printProperty("Client ID", backendConfig.Config.ClientID) + printProperty("Client secret", backendConfig.Config.ClientSecret) + printProperty("Redirect URI", backendConfig.Config.RedirectURI) } func listBackends(backendStorage backend.BackendDB) { @@ -63,7 +63,7 @@ func listBackends(backendStorage backend.BackendDB) { return } for _, b := range backends { - fmt.Printf("\t - %s: (%s) - %s\n", b.ID, b.Name, b.OIDCConfig.Issuer) + fmt.Printf("\t - %s: (%s) - %s\n", b.ID, b.Name, b.Config.Issuer) } } diff --git a/polyculeconnect/cmd/serve/serve.go b/polyculeconnect/cmd/serve/serve.go index 4e40a90..83a879b 100644 --- a/polyculeconnect/cmd/serve/serve.go +++ b/polyculeconnect/cmd/serve/serve.go @@ -16,6 +16,7 @@ import ( "git.faercol.me/faercol/polyculeconnect/polyculeconnect/logger" "git.faercol.me/faercol/polyculeconnect/polyculeconnect/server" "git.faercol.me/faercol/polyculeconnect/polyculeconnect/services" + "github.com/google/uuid" "github.com/spf13/cobra" "github.com/zitadel/oidc/v3/pkg/op" "go.uber.org/zap/exp/zapslog" @@ -51,7 +52,9 @@ func serve() { utils.Failf("failed to init user DB: %s", err.Error()) } - st := storage.Storage{LocalStorage: userDB} + backends := map[uuid.UUID]*client.OIDCClient{} + + st := storage.Storage{LocalStorage: userDB, InitializedBackends: backends} opConf := op.Config{} slogger := slog.New(zapslog.NewHandler(logger.L.Desugar().Core(), nil)) // slogger := @@ -61,29 +64,28 @@ func serve() { op.WithHttpInterceptors(middlewares.WithBackendFromRequestMiddleware), } - logger.L.Info("Initializing authentication backends") - backends := []*client.OIDCClient{} - backendConfs, err := userDB.BackendStorage().GetAllBackends(context.Background()) - if err != nil { - utils.Failf("failed to get backend configs from the DB: %s", err.Error()) - } + // logger.L.Info("Initializing authentication backends") + // backendConfs, err := userDB.BackendStorage().GetAllBackends(context.Background()) + // if err != nil { + // utils.Failf("failed to get backend configs from the DB: %s", err.Error()) + // } // TODO: check if we need to do it this way or // - do a try-loop? // - only init when using them in a request? - for _, c := range backendConfs { - logger.L.Debugf("Initializing backend %s", c.Name) - b, err := client.New(context.Background(), c, logger.L) - if err != nil { - utils.Failf("failed to init backend client: %s", err.Error()) - } - backends = append(backends, b) - } - if len(backends) == 0 { - logger.L.Warn("No auth backend loaded") - } else { - logger.L.Infof("Initialized %d auth backends", len(backends)) - } + // for _, c := range backendConfs { + // logger.L.Debugf("Initializing backend %s", c.Name) + // b, err := client.New(context.Background(), c, logger.L) + // if err != nil { + // utils.Failf("failed to init backend client: %s", err.Error()) + // } + // backends[c.ID] = b + // } + // if len(backends) == 0 { + // logger.L.Warn("No auth backend loaded") + // } else { + // logger.L.Infof("Initialized %d auth backends", len(backends)) + // } provider, err := op.NewProvider(&opConf, &st, op.StaticIssuer(conf.Issuer), options...) if err != nil { @@ -95,7 +97,7 @@ func serve() { } logger.L.Info("Initializing server") - s, err := server.New(conf, provider, logger.L) + s, err := server.New(conf, provider, &st, logger.L) if err != nil { logger.L.Fatalf("Failed to initialize server: %s", err.Error()) } diff --git a/polyculeconnect/controller/auth/authcallback.go b/polyculeconnect/controller/auth/authcallback.go new file mode 100644 index 0000000..d31bb51 --- /dev/null +++ b/polyculeconnect/controller/auth/authcallback.go @@ -0,0 +1,58 @@ +package auth + +import ( + "net/http" + + "git.faercol.me/faercol/polyculeconnect/polyculeconnect/helpers" + "git.faercol.me/faercol/polyculeconnect/polyculeconnect/internal/storage" + "github.com/google/uuid" + "go.uber.org/zap" +) + +const AuthCallbackRoute = "/callback" + +type AuthCallbackController struct { + l *zap.SugaredLogger + st *storage.Storage +} + +func NewAuthCallbackController(l *zap.SugaredLogger, st *storage.Storage) *AuthCallbackController { + return &AuthCallbackController{ + l: l, + st: st, + } +} + +func (c *AuthCallbackController) ServeHTTP(w http.ResponseWriter, r *http.Request) { + errMsg := r.URL.Query().Get("error") + if errMsg != "" { + errorDesc := r.URL.Query().Get("error_description") + c.l.Errorf("Failed to perform authentication: %s (%s)", errMsg, errorDesc) + helpers.HandleResponse(w, r, http.StatusInternalServerError, []byte("failed to perform authentication"), c.l) + return + } + + code := r.URL.Query().Get("code") + state := r.URL.Query().Get("state") + if code == "" || state == "" { + c.l.Error("Missing code or state in response") + helpers.HandleResponse(w, r, http.StatusInternalServerError, []byte("failed to perform authentication"), c.l) + return + } + + requestID, err := uuid.Parse(state) + if err != nil { + c.l.Errorf("Invalid state, should be a request UUID, but got %s: %s", state, err) + helpers.HandleResponse(w, r, http.StatusInternalServerError, []byte("failed to perform authentication"), c.l) + return + } + + err = c.st.LocalStorage.AuthRequestStorage().ValidateAuthRequest(r.Context(), requestID) + if err != nil { + c.l.Errorf("Failed to validate auth request from storage: %s", err) + helpers.HandleResponse(w, r, http.StatusInternalServerError, []byte("failed to perform authentication"), c.l) + return + } + + http.Redirect(w, r, "/authorize/callback?id="+state, http.StatusFound) +} diff --git a/polyculeconnect/controller/auth/authredirect.go b/polyculeconnect/controller/auth/authredirect.go new file mode 100644 index 0000000..e128d64 --- /dev/null +++ b/polyculeconnect/controller/auth/authredirect.go @@ -0,0 +1,63 @@ +package auth + +import ( + "net/http" + + "git.faercol.me/faercol/polyculeconnect/polyculeconnect/helpers" + "git.faercol.me/faercol/polyculeconnect/polyculeconnect/internal/storage" + "github.com/google/uuid" + "github.com/zitadel/oidc/v3/pkg/client/rp" + "go.uber.org/zap" +) + +const AuthRedirectRoute = "/perform_auth" + +type AuthRedirectController struct { + l *zap.SugaredLogger + st *storage.Storage +} + +func NewAuthRedirectController(l *zap.SugaredLogger, storage *storage.Storage) *AuthRedirectController { + return &AuthRedirectController{ + l: l, + st: storage, + } +} + +func (c *AuthRedirectController) ServeHTTP(w http.ResponseWriter, r *http.Request) { + requestIDStr := r.URL.Query().Get("request_id") + if requestIDStr == "" { + helpers.HandleResponse(w, r, http.StatusBadRequest, []byte("no request ID in request"), c.l) + return + } + + requestID, err := uuid.Parse(requestIDStr) + if err != nil { + c.l.Errorf("Invalid UUID format for request ID: %s", err) + helpers.HandleResponse(w, r, http.StatusBadRequest, []byte("invalid request id"), c.l) + return + } + + req, err := c.st.LocalStorage.AuthRequestStorage().GetAuthRequestByID(r.Context(), requestID) + if err != nil { + c.l.Errorf("Failed to get auth request from DB: %s", err) + helpers.HandleResponse(w, r, http.StatusBadRequest, []byte("unknown request id"), c.l) + return + } + + backend, err := c.st.LocalStorage.BackendStorage().GetBackendByID(r.Context(), req.BackendID) + if err != nil { + c.l.Errorf("Failed to get backend from DB: %s", err) + helpers.HandleResponse(w, r, http.StatusInternalServerError, []byte("failed to perform auth"), c.l) + return + } + + provider, err := rp.NewRelyingPartyOIDC(r.Context(), backend.Config.Issuer, backend.Config.ClientID, backend.Config.ClientSecret, backend.Config.RedirectURI, req.Scopes) + if err != nil { + c.l.Errorf("Failed to init relying party: %s", err) + helpers.HandleResponse(w, r, http.StatusInternalServerError, []byte("failed to perform auth"), c.l) + return + } + + rp.AuthURLHandler(func() string { return requestIDStr }, provider).ServeHTTP(w, r) +} diff --git a/polyculeconnect/internal/client/client.go b/polyculeconnect/internal/client/client.go index 6a933ba..6fa123d 100644 --- a/polyculeconnect/internal/client/client.go +++ b/polyculeconnect/internal/client/client.go @@ -5,35 +5,48 @@ import ( "fmt" "log/slog" - "git.faercol.me/faercol/polyculeconnect/polyculeconnect/internal/db" - "git.faercol.me/faercol/polyculeconnect/polyculeconnect/internal/model" "git.faercol.me/faercol/polyculeconnect/polyculeconnect/logger" + "github.com/google/uuid" "github.com/zitadel/oidc/v3/pkg/client/rp" "go.uber.org/zap" "go.uber.org/zap/exp/zapslog" ) +type BackendOIDCConfig struct { + Issuer string + ClientID string + ClientSecret string + RedirectURI string +} + +type Backend struct { + ID uuid.UUID + Name string + Config BackendOIDCConfig +} + +// OIDCClient is an OIDC client which is the client used to access a registered backend type OIDCClient struct { - conf *model.Backend + backend *Backend provider rp.RelyingParty ctx context.Context - st db.Storage l *zap.SugaredLogger } -func New(ctx context.Context, conf *model.Backend, l *zap.SugaredLogger) (*OIDCClient, error) { +func New(ctx context.Context, conf *Backend, l *zap.SugaredLogger) (*OIDCClient, error) { options := []rp.Option{ rp.WithLogger(slog.New(zapslog.NewHandler(logger.L.Desugar().Core(), nil))), } - pr, err := rp.NewRelyingPartyOIDC(ctx, conf.OIDCConfig.Issuer, conf.OIDCConfig.ClientID, conf.OIDCConfig.ClientSecret, conf.OIDCConfig.RedirectURI, []string{}, options...) + pr, err := rp.NewRelyingPartyOIDC(ctx, conf.Config.Issuer, conf.Config.ClientID, conf.Config.ClientSecret, conf.Config.RedirectURI, []string{}, options...) if err != nil { return nil, fmt.Errorf("failed to init relying party provider: %w", err) } - return &OIDCClient{ctx: ctx, conf: conf, provider: pr, l: l}, nil + return &OIDCClient{ctx: ctx, backend: conf, provider: pr, l: l}, nil } -func (c *OIDCClient) toto() { - c.provider.GetDeviceAuthorizationEndpoint() +func (c *OIDCClient) AuthorizationEndpoint() string { + url := rp.AuthURL(uuid.NewString(), c.provider) + return url } diff --git a/polyculeconnect/internal/db/authrequest/authrequest.go b/polyculeconnect/internal/db/authrequest/authrequest.go index 2505d1c..fd906ea 100644 --- a/polyculeconnect/internal/db/authrequest/authrequest.go +++ b/polyculeconnect/internal/db/authrequest/authrequest.go @@ -14,11 +14,12 @@ import ( var ErrNotFound = errors.New("backend not found") -const authRequestRows = `"id", "client_id", "backend_id", "scopes", "redirect_uri", "state", "nonce", "response_type", "creation_time"` +const authRequestRows = `"id", "client_id", "backend_id", "scopes", "redirect_uri", "state", "nonce", "response_type", "creation_time", "done"` type AuthRequestDB interface { GetAuthRequestByID(ctx context.Context, id uuid.UUID) (*model.AuthRequest, error) CreateAuthRequest(ctx context.Context, req model.AuthRequest) error + ValidateAuthRequest(ctx context.Context, reqID uuid.UUID) error } type sqlAuthRequestDB struct { @@ -33,7 +34,8 @@ func (db *sqlAuthRequestDB) GetAuthRequestByID(ctx context.Context, id uuid.UUID var res model.AuthRequest var scopesStr []byte - if err := row.Scan(&res.ID, &res.ClientID, &res.BackendID, &scopesStr, &res.RedirectURI, &res.State, &res.Nonce, &res.ResponseType, &res.CreationDate); err != nil { + fmt.Println(query) + if err := row.Scan(&res.ID, &res.ClientID, &res.BackendID, &scopesStr, &res.RedirectURI, &res.State, &res.Nonce, &res.ResponseType, &res.CreationDate, &res.DoneVal); err != nil { return nil, fmt.Errorf("failed to get auth request from DB: %w", err) } if err := json.Unmarshal(scopesStr, &res.Scopes); err != nil { @@ -57,11 +59,11 @@ func (db *sqlAuthRequestDB) CreateAuthRequest(ctx context.Context, req model.Aut } // TODO: when the old table is done, rename into auth_request - query := fmt.Sprintf(`INSERT INTO "auth_request_2" (%s) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)`, authRequestRows) + query := fmt.Sprintf(`INSERT INTO "auth_request_2" (%s) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10)`, authRequestRows) _, err = tx.ExecContext(ctx, query, req.ID, req.ClientID, req.BackendID, scopesStr, req.RedirectURI, req.State, - req.Nonce, req.ResponseType, req.CreationDate, req.AuthTime, + req.Nonce, req.ResponseType, req.CreationDate, false, ) if err != nil { return fmt.Errorf("failed to insert in DB: %w", err) @@ -74,6 +76,33 @@ func (db *sqlAuthRequestDB) CreateAuthRequest(ctx context.Context, req model.Aut return nil } +func (db *sqlAuthRequestDB) ValidateAuthRequest(ctx context.Context, reqID uuid.UUID) error { + logger.L.Debugf("Validating auth request %s", reqID) + tx, err := db.db.BeginTx(ctx, nil) + if err != nil { + return fmt.Errorf("failed to start transaction: %w", err) + } + defer func() { _ = tx.Rollback() }() + + res, err := tx.ExecContext(ctx, `UPDATE "auth_request_2" SET done = true WHERE id = $1`, reqID.String()) + if err != nil { + return fmt.Errorf("failed to update in DB: %w", err) + } + affectedRows, err := res.RowsAffected() + if err != nil { + return fmt.Errorf("failed to check number of affected rows: %w", err) + } + if affectedRows != 1 { + return ErrNotFound + } + + if err := tx.Commit(); err != nil { + return fmt.Errorf("failed to commit transaction: %w", err) + } + + return nil +} + func New(db *sql.DB) *sqlAuthRequestDB { return &sqlAuthRequestDB{db: db} } diff --git a/polyculeconnect/internal/db/backend/backend.go b/polyculeconnect/internal/db/backend/backend.go index 362ea44..f16c726 100644 --- a/polyculeconnect/internal/db/backend/backend.go +++ b/polyculeconnect/internal/db/backend/backend.go @@ -37,7 +37,7 @@ type sqlBackendDB struct { func backendFromRow(row scannable) (*model.Backend, error) { var res model.Backend - if err := row.Scan(&res.ID, &res.Name, &res.OIDCConfig.Issuer, &res.OIDCConfig.ClientID, &res.OIDCConfig.ClientSecret, &res.OIDCConfig.RedirectURI); err != nil { + if err := row.Scan(&res.ID, &res.Name, &res.Config.Issuer, &res.Config.ClientID, &res.Config.ClientSecret, &res.Config.RedirectURI); err != nil { if errors.Is(err, sql.ErrNoRows) { return nil, ErrNotFound } @@ -89,8 +89,8 @@ func (db *sqlBackendDB) AddBackend(ctx context.Context, newBackend *model.Backen _, err = tx.ExecContext( ctx, query, newBackend.ID, newBackend.Name, - newBackend.OIDCConfig.Issuer, newBackend.OIDCConfig.ClientID, - newBackend.OIDCConfig.ClientSecret, newBackend.OIDCConfig.RedirectURI, + newBackend.Config.Issuer, newBackend.Config.ClientID, + newBackend.Config.ClientSecret, newBackend.Config.RedirectURI, ) if err != nil { return fmt.Errorf("failed to insert in DB: %w", err) diff --git a/polyculeconnect/internal/middlewares/test.go b/polyculeconnect/internal/middlewares/test.go index 1f83086..13e115a 100644 --- a/polyculeconnect/internal/middlewares/test.go +++ b/polyculeconnect/internal/middlewares/test.go @@ -3,7 +3,6 @@ package middlewares import ( "context" "net/http" - "strings" ) const ( @@ -16,7 +15,7 @@ type BackendFromRequestMiddleware struct { } func (m *BackendFromRequestMiddleware) ServeHTTP(w http.ResponseWriter, r *http.Request) { - if !strings.HasPrefix(r.RequestURI, "/authorize") { + if r.URL.Path != "/authorize" { m.h.ServeHTTP(w, r) return } diff --git a/polyculeconnect/internal/model/authrequest.go b/polyculeconnect/internal/model/authrequest.go index 07324a8..65dd700 100644 --- a/polyculeconnect/internal/model/authrequest.go +++ b/polyculeconnect/internal/model/authrequest.go @@ -31,7 +31,8 @@ type AuthRequest struct { Backend *Backend UserID uuid.UUID - done bool + + DoneVal bool } func (a AuthRequest) GetID() string { @@ -94,7 +95,7 @@ func (a AuthRequest) GetSubject() string { } func (a AuthRequest) Done() bool { - return a.done + return a.DoneVal } func (a *AuthRequest) FromOIDCAuthRequest(req *oidc.AuthRequest, backendID uuid.UUID) { diff --git a/polyculeconnect/internal/model/backend.go b/polyculeconnect/internal/model/backend.go index 1453733..888a363 100644 --- a/polyculeconnect/internal/model/backend.go +++ b/polyculeconnect/internal/model/backend.go @@ -10,7 +10,7 @@ type BackendOIDCConfig struct { } type Backend struct { - ID uuid.UUID - Name string - OIDCConfig BackendOIDCConfig + ID uuid.UUID + Name string + Config BackendOIDCConfig } diff --git a/polyculeconnect/internal/model/client.go b/polyculeconnect/internal/model/client.go index f2cdda7..d9b4c46 100644 --- a/polyculeconnect/internal/model/client.go +++ b/polyculeconnect/internal/model/client.go @@ -7,6 +7,7 @@ import ( "github.com/zitadel/oidc/v3/pkg/op" ) +// ClientConfig represents the configuration for a OIDC client app type ClientConfig struct { ID string Secret string @@ -16,6 +17,7 @@ type ClientConfig struct { AuthRequest *AuthRequest } +// Client represents an OIDC client app type Client struct { ClientConfig } @@ -48,12 +50,14 @@ func (c Client) GrantTypes() []oidc.GrantType { return []oidc.GrantType{oidc.GrantTypeCode} } +// LoginURL returns the login URL for a given client app and auth request. +// This login url should be the authorization URL for the selected OIDC backend func (c Client) LoginURL(authRequestID string) string { if c.AuthRequest == nil { return "" // we don't have a request, let's return nothing } - return c.AuthRequest.Backend.OIDCConfig.Issuer + return "/perform_auth?request_id=" + authRequestID } func (c Client) AccessTokenType() op.AccessTokenType { diff --git a/polyculeconnect/internal/storage/storage.go b/polyculeconnect/internal/storage/storage.go index adc6b45..7029074 100644 --- a/polyculeconnect/internal/storage/storage.go +++ b/polyculeconnect/internal/storage/storage.go @@ -6,6 +6,7 @@ import ( "fmt" "time" + "git.faercol.me/faercol/polyculeconnect/polyculeconnect/internal/client" "git.faercol.me/faercol/polyculeconnect/polyculeconnect/internal/db" "git.faercol.me/faercol/polyculeconnect/polyculeconnect/internal/model" "git.faercol.me/faercol/polyculeconnect/polyculeconnect/logger" @@ -21,7 +22,8 @@ func ErrNotImplemented(name string) error { // Storage implements the Storage interface from zitadel/oidc/op type Storage struct { - LocalStorage db.Storage + LocalStorage db.Storage + InitializedBackends map[uuid.UUID]*client.OIDCClient } /* @@ -56,7 +58,14 @@ func (s *Storage) CreateAuthRequest(ctx context.Context, req *oidc.AuthRequest, } func (s *Storage) AuthRequestByID(ctx context.Context, requestID string) (op.AuthRequest, error) { - return nil, ErrNotImplemented("AuthRequestByID") + logger.L.Debugf("Getting auth request with ID %s", requestID) + + id, err := uuid.Parse(requestID) + if err != nil { + return nil, fmt.Errorf("invalid format for uuid: %w", err) + } + + return s.LocalStorage.AuthRequestStorage().GetAuthRequestByID(ctx, id) } func (s *Storage) AuthRequestByCode(ctx context.Context, requestCode string) (op.AuthRequest, error) { @@ -64,6 +73,7 @@ func (s *Storage) AuthRequestByCode(ctx context.Context, requestCode string) (op } func (s *Storage) SaveAuthCode(ctx context.Context, id string, code string) error { + logger.L.Debugf("Saving auth code %s for request %s", code, id) return ErrNotImplemented("SaveAuthCode") } @@ -127,6 +137,11 @@ func (s *Storage) getClientWithDetails(ctx context.Context, authRequestID uuid.U return nil, fmt.Errorf("failed to get associated client from local storage: %w", err) } + // oidcClient, ok := s.InitializedBackends[backend.ID] + // if !ok { + // return nil, fmt.Errorf("no initialized backend for ID %s", backend.ID) + // } + authRequest.Backend = backend client.AuthRequest = authRequest diff --git a/polyculeconnect/migrations/2_add_auth_request_done.down.sql b/polyculeconnect/migrations/2_add_auth_request_done.down.sql new file mode 100644 index 0000000..1ad631c --- /dev/null +++ b/polyculeconnect/migrations/2_add_auth_request_done.down.sql @@ -0,0 +1 @@ +ALTER TABLE "auth_request_2" DROP COLUMN done; diff --git a/polyculeconnect/migrations/2_add_auth_request_done.up.sql b/polyculeconnect/migrations/2_add_auth_request_done.up.sql new file mode 100644 index 0000000..1b72baa --- /dev/null +++ b/polyculeconnect/migrations/2_add_auth_request_done.up.sql @@ -0,0 +1 @@ +ALTER TABLE "auth_request_2" ADD COLUMN done INTEGER NOT NULL DEFAULT 0; diff --git a/polyculeconnect/migrations/3_add_auth_code.down.sql b/polyculeconnect/migrations/3_add_auth_code.down.sql new file mode 100644 index 0000000..e5911b4 --- /dev/null +++ b/polyculeconnect/migrations/3_add_auth_code.down.sql @@ -0,0 +1 @@ +DROP TABLE "auth_code_2"; diff --git a/polyculeconnect/migrations/3_add_auth_code.up.sql b/polyculeconnect/migrations/3_add_auth_code.up.sql new file mode 100644 index 0000000..563af7c --- /dev/null +++ b/polyculeconnect/migrations/3_add_auth_code.up.sql @@ -0,0 +1,5 @@ +CREATE TABLE "auth_code_2" ( + id TEXT NOT NULL PRIMARY KEY, + code TEXT NOT NULL, + auth_request_id TEXT NOT NULL +); diff --git a/polyculeconnect/polyculeconnect b/polyculeconnect/polyculeconnect new file mode 100755 index 0000000..b1baa48 Binary files /dev/null and b/polyculeconnect/polyculeconnect differ diff --git a/polyculeconnect/polyculeconnect.db b/polyculeconnect/polyculeconnect.db index f599533..e4f8d2d 100644 Binary files a/polyculeconnect/polyculeconnect.db and b/polyculeconnect/polyculeconnect.db differ diff --git a/polyculeconnect/server/server.go b/polyculeconnect/server/server.go index 0785610..ea9a4be 100644 --- a/polyculeconnect/server/server.go +++ b/polyculeconnect/server/server.go @@ -9,8 +9,10 @@ import ( "os" "git.faercol.me/faercol/polyculeconnect/polyculeconnect/config" + "git.faercol.me/faercol/polyculeconnect/polyculeconnect/controller/auth" "git.faercol.me/faercol/polyculeconnect/polyculeconnect/controller/ui" "git.faercol.me/faercol/polyculeconnect/polyculeconnect/internal/middlewares" + "git.faercol.me/faercol/polyculeconnect/polyculeconnect/internal/storage" "github.com/zitadel/oidc/v3/pkg/op" "go.uber.org/zap" ) @@ -42,7 +44,7 @@ func newUnixListener(sockPath string) (net.Listener, error) { return sock, nil } -func New(appConf *config.AppConfig, oidcHandler *op.Provider, logger *zap.SugaredLogger) (*Server, error) { +func New(appConf *config.AppConfig, oidcHandler *op.Provider, st *storage.Storage, logger *zap.SugaredLogger) (*Server, error) { var listener net.Listener var addr string var err error @@ -64,8 +66,10 @@ func New(appConf *config.AppConfig, oidcHandler *op.Provider, logger *zap.Sugare } controllers := map[string]http.Handler{ - ui.StaticRoute: middlewares.WithLogger(ui.NewStaticController(appConf.StaticDir), logger), - "/": middlewares.WithLogger(ui.NewIndexController(logger, oidcHandler, appConf.StaticDir), logger), + auth.AuthCallbackRoute: middlewares.WithLogger(auth.NewAuthCallbackController(logger, st), logger), + auth.AuthRedirectRoute: middlewares.WithLogger(auth.NewAuthRedirectController(logger, st), logger), + ui.StaticRoute: middlewares.WithLogger(ui.NewStaticController(appConf.StaticDir), logger), + "/": middlewares.WithLogger(ui.NewIndexController(logger, oidcHandler, appConf.StaticDir), logger), } m := http.NewServeMux()