···
type OAuthHandler struct {
32
-
Config *config.Config
34
-
Idresolver *idresolver.Resolver
36
-
Store *sessions.CookieStore
38
-
Enforcer *rbac.Enforcer
39
-
Posthog posthog.Client
32
+
config *config.Config
34
+
idResolver *idresolver.Resolver
36
+
store *sessions.CookieStore
38
+
enforcer *rbac.Enforcer
39
+
posthog posthog.Client
43
+
config *config.Config,
45
+
idResolver *idresolver.Resolver,
47
+
store *sessions.CookieStore,
49
+
enforcer *rbac.Enforcer,
50
+
posthog posthog.Client,
52
+
return &OAuthHandler{
55
+
idResolver: idResolver,
func (o *OAuthHandler) Router() http.Handler {
···
r.Post("/login", o.login)
48
-
r.With(middleware.AuthMiddleware(o.OAuth)).Post("/logout", o.logout)
70
+
r.With(middleware.AuthMiddleware(o.oauth)).Post("/logout", o.logout)
r.Get("/oauth/client-metadata.json", o.clientMetadata)
r.Get("/oauth/jwks.json", o.jwks)
···
func (o *OAuthHandler) clientMetadata(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
w.WriteHeader(http.StatusOK)
59
-
json.NewEncoder(w).Encode(o.OAuth.ClientMetadata())
81
+
json.NewEncoder(w).Encode(o.oauth.ClientMetadata())
func (o *OAuthHandler) jwks(w http.ResponseWriter, r *http.Request) {
63
-
jwks := o.Config.OAuth.Jwks
85
+
jwks := o.config.OAuth.Jwks
pubKey, err := pubKeyFromJwk(jwks)
log.Printf("error parsing public key: %v", err)
···
func (o *OAuthHandler) login(w http.ResponseWriter, r *http.Request) {
81
-
o.Pages.Login(w, pages.LoginParams{})
103
+
o.pages.Login(w, pages.LoginParams{})
handle := strings.TrimPrefix(r.FormValue("handle"), "@")
85
-
resolved, err := o.Idresolver.ResolveIdent(r.Context(), handle)
107
+
resolved, err := o.idResolver.ResolveIdent(r.Context(), handle)
log.Println("failed to resolve handle:", err)
88
-
o.Pages.Notice(w, "login-msg", fmt.Sprintf("\"%s\" is an invalid handle.", handle))
110
+
o.pages.Notice(w, "login-msg", fmt.Sprintf("\"%s\" is an invalid handle.", handle))
91
-
self := o.OAuth.ClientMetadata()
113
+
self := o.oauth.ClientMetadata()
oauthClient, err := client.NewClient(
94
-
o.Config.OAuth.Jwks,
116
+
o.config.OAuth.Jwks,
log.Println("failed to create oauth client:", err)
100
-
o.Pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.")
122
+
o.pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.")
authServer, err := oauthClient.ResolvePdsAuthServer(r.Context(), resolved.PDSEndpoint())
log.Println("failed to resolve auth server:", err)
107
-
o.Pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.")
129
+
o.pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.")
authMeta, err := oauthClient.FetchAuthServerMetadata(r.Context(), authServer)
log.Println("failed to fetch auth server metadata:", err)
114
-
o.Pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.")
136
+
o.pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.")
dpopKey, err := helpers.GenerateKey(nil)
log.Println("failed to generate dpop key:", err)
121
-
o.Pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.")
143
+
o.pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.")
dpopKeyJson, err := json.Marshal(dpopKey)
log.Println("failed to marshal dpop key:", err)
128
-
o.Pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.")
150
+
o.pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.")
parResp, err := oauthClient.SendParAuthRequest(r.Context(), authServer, authMeta, handle, oauthScope, dpopKey)
log.Println("failed to send par auth request:", err)
135
-
o.Pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.")
157
+
o.pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.")
139
-
err = db.SaveOAuthRequest(o.Db, db.OAuthRequest{
161
+
err = db.SaveOAuthRequest(o.db, db.OAuthRequest{
Did: resolved.DID.String(),
PdsUrl: resolved.PDSEndpoint(),
···
log.Println("failed to save oauth request:", err)
151
-
o.Pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.")
173
+
o.pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.")
···
query.Add("client_id", self.ClientID)
query.Add("request_uri", parResp.RequestUri)
u.RawQuery = query.Encode()
160
-
o.Pages.HxRedirect(w, u.String())
182
+
o.pages.HxRedirect(w, u.String())
func (o *OAuthHandler) callback(w http.ResponseWriter, r *http.Request) {
state := r.FormValue("state")
167
-
oauthRequest, err := db.GetOAuthRequestByState(o.Db, state)
189
+
oauthRequest, err := db.GetOAuthRequestByState(o.db, state)
log.Println("failed to get oauth request:", err)
170
-
o.Pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.")
192
+
o.pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.")
175
-
err := db.DeleteOAuthRequestByState(o.Db, state)
197
+
err := db.DeleteOAuthRequestByState(o.db, state)
log.Println("failed to delete oauth request for state:", state, err)
···
errorDescription := r.FormValue("error_description")
if error != "" || errorDescription != "" {
log.Printf("error: %s, %s", error, errorDescription)
185
-
o.Pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.")
207
+
o.pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.")
code := r.FormValue("code")
log.Println("missing code for state: ", state)
192
-
o.Pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.")
214
+
o.pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.")
iss := r.FormValue("iss")
log.Println("missing iss for state: ", state)
199
-
o.Pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.")
221
+
o.pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.")
203
-
self := o.OAuth.ClientMetadata()
225
+
self := o.oauth.ClientMetadata()
oauthClient, err := client.NewClient(
207
-
o.Config.OAuth.Jwks,
229
+
o.config.OAuth.Jwks,
log.Println("failed to create oauth client:", err)
213
-
o.Pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.")
235
+
o.pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.")
jwk, err := helpers.ParseJWKFromBytes([]byte(oauthRequest.DpopPrivateJwk))
log.Println("failed to parse jwk:", err)
220
-
o.Pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.")
242
+
o.pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.")
···
log.Println("failed to get token:", err)
234
-
o.Pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.")
256
+
o.pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.")
if tokenResp.Scope != oauthScope {
log.Println("scope doesn't match:", tokenResp.Scope)
240
-
o.Pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.")
262
+
o.pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.")
244
-
err = o.OAuth.SaveSession(w, r, oauthRequest, tokenResp)
266
+
err = o.oauth.SaveSession(w, r, oauthRequest, tokenResp)
log.Println("failed to save session:", err)
247
-
o.Pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.")
269
+
o.pages.Notice(w, "login-msg", "Failed to authenticate. Try again later.")
log.Println("session saved successfully")
go o.addToDefaultKnot(oauthRequest.Did)
254
-
if !o.Config.Core.Dev {
255
-
err = o.Posthog.Enqueue(posthog.Capture{
276
+
if !o.config.Core.Dev {
277
+
err = o.posthog.Enqueue(posthog.Capture{
DistinctId: oauthRequest.Did,
···
func (o *OAuthHandler) logout(w http.ResponseWriter, r *http.Request) {
268
-
err := o.OAuth.ClearSession(r, w)
290
+
err := o.oauth.ClearSession(r, w)
log.Println("failed to clear session:", err)
http.Redirect(w, r, "/", http.StatusFound)
···
defaultKnot := "knot1.tangled.sh"
log.Printf("adding %s to default knot", did)
295
-
err := o.Enforcer.AddMember(defaultKnot, did)
317
+
err := o.enforcer.AddMember(defaultKnot, did)
log.Println("failed to add user to knot1.tangled.sh: ", err)
300
-
err = o.Enforcer.E.SavePolicy()
322
+
err = o.enforcer.E.SavePolicy()
log.Println("failed to add user to knot1.tangled.sh: ", err)
306
-
secret, err := db.GetRegistrationKey(o.Db, defaultKnot)
328
+
secret, err := db.GetRegistrationKey(o.db, defaultKnot)
log.Println("failed to get registration key for knot1.tangled.sh")
311
-
signedClient, err := knotclient.NewSignedClient(defaultKnot, secret, o.Config.Core.Dev)
333
+
signedClient, err := knotclient.NewSignedClient(defaultKnot, secret, o.config.Core.Dev)
resp, err := signedClient.AddMember(did)
log.Println("failed to add user to knot1.tangled.sh: ", err)
julien.rbrt.fr
anirudh.fi