lab/homepage
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
main
homepage/webserver/router/auth.go

118 lines
2.8 KiB
Go
Raw Permalink Normal View History

init
2022-12-26 01:20:43 +00:00
package router
import (
"context"
"crypto/rand"
"encoding/base64"
add jwt
2022-12-26 05:48:30 +00:00
"fmt"
init
2022-12-26 01:20:43 +00:00
"io"
add jwt
2022-12-26 05:48:30 +00:00
"iothomepage/authmod"
init
2022-12-26 01:20:43 +00:00
"log"
"net/http"
"time"
"github.com/coreos/go-oidc"
"github.com/gin-gonic/gin"
"golang.org/x/oauth2"
)
var (
// clientID = os.Getenv("GOOGLE_OAUTH2_CLIENT_ID")
// clientSecret = os.Getenv("GOOGLE_OAUTH2_CLIENT_SECRET")
deploy version 0.1
2022-12-26 04:36:19 +00:00
clientID = "iot-ws"
init
2022-12-26 01:20:43 +00:00
clientSecret = "mydwxdd-c2hbo6zcmab1mzj232zx4"
)
var config oauth2.Config
var provider *oidc.Provider
func init() {
var err error
deploy version 0.1
2022-12-26 04:36:19 +00:00
provider, err = oidc.NewProvider(context.Background(), "https://auth.godopu.net")
init
2022-12-26 01:20:43 +00:00
if err != nil {
log.Fatal(err)
}
config = oauth2.Config{
ClientID: clientID,
ClientSecret: clientSecret,
Endpoint: provider.Endpoint(),
deploy version 0.1
2022-12-26 04:36:19 +00:00
RedirectURL: "https://iot.knu.ac.kr/auth/oidc.callback",
init
2022-12-26 01:20:43 +00:00
Scopes: []string{oidc.ScopeOpenID, "profile", "email"},
}
}
func randString(nByte int) (string, error) {
b := make([]byte, nByte)
if _, err := io.ReadFull(rand.Reader, b); err != nil {
return "", err
}
return base64.RawURLEncoding.EncodeToString(b), nil
}
func setCallbackCookie(ctx *gin.Context, name, value string) {
// ctx.SetCookie(name, value, int(time.Hour.Seconds()), "", "", ctx.Request.TLS != nil, true)
c := &http.Cookie{
Name: name,
Value: value,
MaxAge: int(time.Hour.Seconds()),
Secure: ctx.Request.TLS != nil,
HttpOnly: true,
}
http.SetCookie(ctx.Writer, c)
}
func authStart(ctx *gin.Context) {
state, err := randString(16)
if err != nil {
http.Error(ctx.Writer, "Internal error", http.StatusInternalServerError)
return
}
setCallbackCookie(ctx, "state", state)
rurl := config.AuthCodeURL(state)
ctx.Redirect(http.StatusPermanentRedirect, rurl)
}
func authCallback(ctx *gin.Context) {
state, err := ctx.Cookie("state")
if err != nil {
http.Error(ctx.Writer, "state not found", http.StatusBadRequest)
return
}
if ctx.Query("state") != state {
http.Error(ctx.Writer, "state did not match", http.StatusBadRequest)
return
}
oauth2Token, err := config.Exchange(ctx, ctx.Query("code"))
if err != nil {
http.Error(ctx.Writer, "Failed to exchange token: "+err.Error(), http.StatusInternalServerError)
return
}
userInfo, err := provider.UserInfo(ctx, oauth2.StaticTokenSource(oauth2Token))
if err != nil {
http.Error(ctx.Writer, "Failed to get userinfo: "+err.Error(), http.StatusInternalServerError)
return
}
update checkAuthority
2022-12-26 06:06:41 +00:00
ss, err := authmod.IssueJWT(userInfo, time.Hour)
add jwt
2022-12-26 05:48:30 +00:00
if err != nil {
http.Error(ctx.Writer, "generate jwt error", http.StatusInternalServerError)
return
}
fmt.Println(userInfo)
init
2022-12-26 01:20:43 +00:00
c := &http.Cookie{
Name: "__edit_access_token_",
add jwt
2022-12-26 05:48:30 +00:00
Value: ss,
init
2022-12-26 01:20:43 +00:00
MaxAge: int(time.Hour.Seconds()),
Secure: ctx.Request.TLS != nil,
HttpOnly: true,
Path: "/",
}
http.SetCookie(ctx.Writer, c)
ctx.Redirect(http.StatusFound, "/edit")
}
Reference in New Issue Copy Permalink