diff --git a/auth_oidc.go b/auth_oidc.go index 1b66120..8a96742 100644 --- a/auth_oidc.go +++ b/auth_oidc.go @@ -17,6 +17,7 @@ import ( var ( oidcClientID = "" oidcSecret = "" + oidcRedirectURL = "https://srs.nemunai.re" oauth2Config oauth2.Config oidcVerifier *oidc.IDTokenVerifier ) @@ -24,6 +25,7 @@ var ( func init() { flag.StringVar(&oidcClientID, "oidc-clientid", oidcClientID, "ClientID for OIDC") flag.StringVar(&oidcSecret, "oidc-secret", oidcSecret, "Secret for OIDC") + flag.StringVar(&oidcRedirectURL, "oidc-redirect", oidcRedirectURL, "Base URL for the redirect after connection") router.GET("/auth/CRI", redirectOIDC_CRI) router.GET("/auth/complete", OIDC_CRI_complete) @@ -39,7 +41,7 @@ func initializeOIDC() { oauth2Config = oauth2.Config{ ClientID: oidcClientID, ClientSecret: oidcSecret, - RedirectURL: "http://localhost:8081" + baseURL + "/auth/complete", + RedirectURL: oidcRedirectURL + baseURL + "/auth/complete", // Discovery returns the OAuth2 endpoints. Endpoint: provider.Endpoint(), diff --git a/db.go b/db.go index 85c1eab..c5d3f08 100644 --- a/db.go +++ b/db.go @@ -80,6 +80,7 @@ CREATE TABLE IF NOT EXISTS surveys( id_survey INTEGER NOT NULL PRIMARY KEY AUTO_INCREMENT, title VARCHAR(255), shown BOOLEAN NOT NULL DEFAULT FALSE, + corrected BOOLEAN NOT NULL DEFAULT FALSE, start_availability TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, end_availability TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP ) DEFAULT CHARACTER SET = utf8 COLLATE = utf8_bin; diff --git a/handler.go b/handler.go index 0f22ce4..e28e993 100644 --- a/handler.go +++ b/handler.go @@ -40,7 +40,7 @@ func (r APIResponse) WriteResponse(w http.ResponseWriter) { w.Write(bts) } else if j, err := json.Marshal(r.response); err != nil { w.Header().Set("Content-Type", "application/json") - http.Error(w, fmt.Sprintf("{\"errmsg\":%q}", err), http.StatusInternalServerError) + http.Error(w, fmt.Sprintf("{\"errmsg\":%q}", err.Error()), http.StatusInternalServerError) } else { w.Header().Set("Content-Type", "application/json") w.WriteHeader(http.StatusOK) @@ -77,17 +77,17 @@ func rawHandler(f func(http.ResponseWriter, *http.Request, httprouter.Params, [] if cookie, err := r.Cookie("auth"); err == nil { if sessionid, err := base64.StdEncoding.DecodeString(cookie.Value); err != nil { w.Header().Set("Content-Type", "application/json") - http.Error(w, fmt.Sprintf(`{"errmsg": %q}`, err), http.StatusNotAcceptable) + http.Error(w, fmt.Sprintf(`{"errmsg": %q}`, err.Error()), http.StatusNotAcceptable) return } else if session, err := getSession(sessionid); err != nil { w.Header().Set("Content-Type", "application/json") - http.Error(w, fmt.Sprintf(`{"errmsg": %q}`, err), http.StatusUnauthorized) + http.Error(w, fmt.Sprintf(`{"errmsg": %q}`, err.Error()), http.StatusUnauthorized) return } else if session.IdUser == nil { user = nil } else if std, err := getUser(int(*session.IdUser)); err != nil { w.Header().Set("Content-Type", "application/json") - http.Error(w, fmt.Sprintf(`{"errmsg": %q}`, err), http.StatusUnauthorized) + http.Error(w, fmt.Sprintf(`{"errmsg": %q}`, err.Error()), http.StatusUnauthorized) return } else { user = &std @@ -98,7 +98,7 @@ func rawHandler(f func(http.ResponseWriter, *http.Request, httprouter.Params, [] for _, a := range access { if err := a(user, r); err != nil { w.Header().Set("Content-Type", "application/json") - http.Error(w, fmt.Sprintf(`{"errmsg":%q}`, err), http.StatusForbidden) + http.Error(w, fmt.Sprintf(`{"errmsg":%q}`, err.err.Error()), http.StatusForbidden) return } } @@ -159,10 +159,7 @@ func formatApiResponse(i interface{}, err error) HTTPResponse { func apiAuthHandler(f func(*User, httprouter.Params, []byte) HTTPResponse, access ...func(*User, *http.Request) *APIErrorResponse) func(http.ResponseWriter, *http.Request, httprouter.Params) { return rawHandler(formatResponseHandler(func (r *http.Request, ps httprouter.Params, b []byte) HTTPResponse { if cookie, err := r.Cookie("auth"); err != nil { - return APIErrorResponse{ - status: http.StatusForbidden, - err: errors.New("Authorization required"), - } + return f(nil, ps, b) } else if sessionid, err := base64.StdEncoding.DecodeString(cookie.Value); err != nil { return APIErrorResponse{ status: http.StatusBadRequest, @@ -174,10 +171,7 @@ func apiAuthHandler(f func(*User, httprouter.Params, []byte) HTTPResponse, acces err: err, } } else if session.IdUser == nil { - return APIErrorResponse{ - status: http.StatusForbidden, - err: errors.New("Authorization required"), - } + return f(nil, ps, b) } else if std, err := getUser(int(*session.IdUser)); err != nil { return APIErrorResponse{ status: http.StatusInternalServerError, @@ -189,6 +183,18 @@ func apiAuthHandler(f func(*User, httprouter.Params, []byte) HTTPResponse, acces }), access...) } +func loggedUser(u *User, r *http.Request) *APIErrorResponse { + if u != nil { + return nil + } else { + ret := &APIErrorResponse{ + status: http.StatusForbidden, + err: errors.New("Permission Denied"), + } + return ret + } +} + func adminRestricted(u *User, r *http.Request) *APIErrorResponse { if u != nil && u.IsAdmin { return nil diff --git a/htdocs/img/srstamps.png b/htdocs/img/srstamps.png new file mode 100644 index 0000000..080963d Binary files /dev/null and b/htdocs/img/srstamps.png differ diff --git a/htdocs/index.html b/htdocs/index.html index be125a9..99dd878 100644 --- a/htdocs/index.html +++ b/htdocs/index.html @@ -1,50 +1,57 @@ - +