Use gin-gonic instead of httprouter
This commit is contained in:
parent
7c719d9fd5
commit
a203cdc36a
22 changed files with 1631 additions and 1355 deletions
49
auth_oidc.go
49
auth_oidc.go
|
|
@ -11,7 +11,7 @@ import (
|
|||
"golang.org/x/oauth2"
|
||||
|
||||
"github.com/coreos/go-oidc/v3/oidc"
|
||||
"github.com/julienschmidt/httprouter"
|
||||
"github.com/gin-gonic/gin"
|
||||
)
|
||||
|
||||
var (
|
||||
|
|
@ -27,12 +27,12 @@ func init() {
|
|||
flag.StringVar(&oidcClientID, "oidc-clientid", oidcClientID, "ClientID for OIDC")
|
||||
flag.StringVar(&oidcSecret, "oidc-secret", oidcSecret, "Secret for OIDC")
|
||||
flag.StringVar(&oidcRedirectURL, "oidc-redirect", oidcRedirectURL, "Base URL for the redirect after connection")
|
||||
|
||||
router.GET("/auth/CRI", redirectOIDC_CRI)
|
||||
router.GET("/auth/complete", OIDC_CRI_complete)
|
||||
}
|
||||
|
||||
func initializeOIDC() {
|
||||
func initializeOIDC(router *gin.Engine) {
|
||||
router.GET("/auth/CRI", redirectOIDC_CRI)
|
||||
router.GET("/auth/complete", OIDC_CRI_complete)
|
||||
|
||||
if oidcClientID != "" && oidcSecret != "" {
|
||||
provider, err := oidc.NewProvider(context.Background(), "https://cri.epita.fr")
|
||||
if err != nil {
|
||||
|
|
@ -59,47 +59,48 @@ func initializeOIDC() {
|
|||
|
||||
}
|
||||
|
||||
func redirectOIDC_CRI(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
|
||||
func redirectOIDC_CRI(c *gin.Context) {
|
||||
session, err := NewSession()
|
||||
|
||||
// Save next parameter
|
||||
if len(r.URL.Query().Get("next")) > 0 {
|
||||
nextSessionMap[fmt.Sprintf("%x", session.Id)] = r.URL.Query().Get("next")
|
||||
if len(c.Request.URL.Query().Get("next")) > 0 {
|
||||
nextSessionMap[fmt.Sprintf("%x", session.Id)] = c.Request.URL.Query().Get("next")
|
||||
}
|
||||
|
||||
if err != nil {
|
||||
http.Error(w, fmt.Sprintf("{'errmsg':%q}", err.Error()), http.StatusInternalServerError)
|
||||
} else {
|
||||
http.Redirect(w, r, oauth2Config.AuthCodeURL(hex.EncodeToString(session.Id)), http.StatusFound)
|
||||
c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"errmsg": err.Error()})
|
||||
return
|
||||
}
|
||||
|
||||
c.Redirect(http.StatusFound, oauth2Config.AuthCodeURL(hex.EncodeToString(session.Id)))
|
||||
}
|
||||
|
||||
func OIDC_CRI_complete(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
|
||||
idsession, err := hex.DecodeString(r.URL.Query().Get("state"))
|
||||
func OIDC_CRI_complete(c *gin.Context) {
|
||||
idsession, err := hex.DecodeString(c.Request.URL.Query().Get("state"))
|
||||
if err != nil {
|
||||
http.Error(w, fmt.Sprintf("{'errmsg':%q}", err.Error()), http.StatusBadRequest)
|
||||
c.AbortWithStatusJSON(http.StatusBadRequest, gin.H{"errmsg": err.Error()})
|
||||
return
|
||||
}
|
||||
|
||||
session, err := getSession(idsession)
|
||||
if err != nil {
|
||||
http.Error(w, fmt.Sprintf("{'errmsg':%q}", err.Error()), http.StatusBadRequest)
|
||||
c.AbortWithStatusJSON(http.StatusBadRequest, gin.H{"errmsg": err.Error()})
|
||||
return
|
||||
}
|
||||
|
||||
oauth2Token, err := oauth2Config.Exchange(context.Background(), r.URL.Query().Get("code"))
|
||||
oauth2Token, err := oauth2Config.Exchange(context.Background(), c.Request.URL.Query().Get("code"))
|
||||
if err != nil {
|
||||
http.Error(w, "Failed to exchange token: "+err.Error(), http.StatusInternalServerError)
|
||||
c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"errmsg": "Failed to exchange token: " + err.Error()})
|
||||
return
|
||||
}
|
||||
rawIDToken, ok := oauth2Token.Extra("id_token").(string)
|
||||
if !ok {
|
||||
http.Error(w, "No id_token field in oauth2 token.", http.StatusInternalServerError)
|
||||
c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"errmsg": "No id_token field in oauth2 token."})
|
||||
return
|
||||
}
|
||||
idToken, err := oidcVerifier.Verify(context.Background(), rawIDToken)
|
||||
if err != nil {
|
||||
http.Error(w, "Failed to verify ID Token: "+err.Error(), http.StatusInternalServerError)
|
||||
c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"errmsg": "Failed to verify ID Token: " + err.Error()})
|
||||
return
|
||||
}
|
||||
|
||||
|
|
@ -112,7 +113,7 @@ func OIDC_CRI_complete(w http.ResponseWriter, r *http.Request, ps httprouter.Par
|
|||
Groups []map[string]interface{} `json:"groups"`
|
||||
}
|
||||
if err := idToken.Claims(&claims); err != nil {
|
||||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||
c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"errmsg": err.Error()})
|
||||
return
|
||||
}
|
||||
|
||||
|
|
@ -123,17 +124,17 @@ func OIDC_CRI_complete(w http.ResponseWriter, r *http.Request, ps httprouter.Par
|
|||
}
|
||||
}
|
||||
|
||||
if _, err := completeAuth(w, claims.Username, claims.Email, claims.Firstname, claims.Lastname, groups, &session); err != nil {
|
||||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||
if _, err := completeAuth(c, claims.Username, claims.Email, claims.Firstname, claims.Lastname, groups, session); err != nil {
|
||||
c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"errmsg": err.Error()})
|
||||
return
|
||||
}
|
||||
|
||||
// Retrieve next URL associated with session
|
||||
if next, ok := nextSessionMap[fmt.Sprintf("%x", session.Id)]; ok {
|
||||
http.Redirect(w, r, next, http.StatusFound)
|
||||
c.Redirect(http.StatusFound, next)
|
||||
delete(nextSessionMap, fmt.Sprintf("%x", session.Id))
|
||||
} else {
|
||||
http.Redirect(w, r, "/", http.StatusFound)
|
||||
c.Redirect(http.StatusFound, "/")
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
Reference in a new issue