lavender/auth/providers/oauth.go

package providers

import (
	"context"
	"fmt"
	"github.com/1f349/cache"
	"github.com/1f349/lavender/auth"
	"github.com/1f349/lavender/auth/authContext"
	"github.com/1f349/lavender/database"
	"github.com/1f349/lavender/issuer"
	"github.com/1f349/lavender/url"
	"github.com/google/uuid"
	"golang.org/x/oauth2"
	"html/template"
	"net/http"
	"time"
)

type flowStateData struct {
	loginName string
	sso       *issuer.WellKnownOIDC
	redirect  string
}

var (
	_ auth.Provider = (*OAuthLogin)(nil)
	_ auth.Button   = (*OAuthLogin)(nil)
)

type OAuthLogin struct {
	DB *database.Queries

	BaseUrl *url.URL

	flow *cache.Cache[string, flowStateData]
}

func (o OAuthLogin) Init() {
	o.flow = cache.New[string, flowStateData]()
}

func (o OAuthLogin) authUrlBase(ref string) *url.URL {
	return o.BaseUrl.Resolve("oauth", o.Name(), ref)
}

func (o OAuthLogin) AccessState() auth.State { return auth.StateUnauthorized }

func (o OAuthLogin) Name() string { return "oauth" }

func (o OAuthLogin) RenderTemplate(ctx authContext.TemplateContext) error {
	// TODO: does this need to exist?
	ctx.Render(map[string]any{"Error": "no"})
	return nil
}

func (o OAuthLogin) AttemptLogin(ctx authContext.TemplateContext) error {
	rCtx := ctx.Context()

	login, ok := rCtx.Value(oauthServiceLogin(0)).(*issuer.WellKnownOIDC)
	if !ok {
		return fmt.Errorf("missing issuer wellknown")
	}
	loginName := rCtx.Value("login_full").(string)
	loginUn := rCtx.Value("login_username").(string)

	// save state for use later
	state := login.Config.Namespace + ":" + uuid.NewString()
	o.flow.Set(state, flowStateData{
		loginName: loginName,
		sso:       login,
		redirect:  ctx.Request().PostFormValue("redirect"),
	}, time.Now().Add(15*time.Minute))

	// generate oauth2 config and redirect to authorize URL
	oa2conf := login.OAuth2Config
	oa2conf.RedirectURL = o.authUrlBase("callback").String()
	nextUrl := oa2conf.AuthCodeURL(state, oauth2.SetAuthURLParam("login_name", loginUn))

	return auth.RedirectError{Target: nextUrl, Code: http.StatusFound}
}

func (o OAuthLogin) OAuthCallback(rw http.ResponseWriter, req *http.Request, info func(req *http.Request, sso *issuer.WellKnownOIDC, token *oauth2.Token) (auth.UserAuth, error), cookie func(rw http.ResponseWriter, authData auth.UserAuth, loginName string) bool, redirect func(rw http.ResponseWriter, req *http.Request)) {
	flowState, ok := o.flow.Get(req.FormValue("state"))
	if !ok {
		http.Error(rw, "Invalid flow state", http.StatusBadRequest)
		return
	}
	token, err := flowState.sso.OAuth2Config.Exchange(context.Background(), req.FormValue("code"), oauth2.SetAuthURLParam("redirect_uri", o.authUrlBase("callback").String()))
	if err != nil {
		http.Error(rw, "Failed to exchange code for token", http.StatusInternalServerError)
		return
	}

	userAuth, err := info(req, flowState.sso, token)
	if err != nil {
		http.Error(rw, "Failed to update external user info", http.StatusInternalServerError)
		return
	}

	if cookie(rw, userAuth, flowState.loginName) {
		http.Error(rw, "Failed to save login cookie", http.StatusInternalServerError)
		return
	}
	if flowState.redirect != "" {
		req.Form.Set("redirect", flowState.redirect)
	}
	redirect(rw, req)
}

func (o OAuthLogin) ButtonName() string { return o.Name() }

func (o OAuthLogin) RenderButtonTemplate(ctx context.Context, req *http.Request) template.HTML {
	// o.authUrlBase("button")
	return "<div>OAuth Login Template</div>"
}

type oauthServiceLogin int

func WithWellKnown(ctx context.Context, login *issuer.WellKnownOIDC) context.Context {
	return context.WithValue(ctx, oauthServiceLogin(0), login)
}
Start converting Svelte frontend to Astro 2024-12-06 18:41:03 +00:00			`package providers`
Start new frontend project and other changes 2024-10-25 15:08:56 +01:00
			`import (`
			`"context"`
			`"fmt"`
			`"github.com/1f349/cache"`
Start converting Svelte frontend to Astro 2024-12-06 18:41:03 +00:00			`"github.com/1f349/lavender/auth"`
Oh dear 2025-01-19 12:04:25 +00:00			`"github.com/1f349/lavender/auth/authContext"`
Start new frontend project and other changes 2024-10-25 15:08:56 +01:00			`"github.com/1f349/lavender/database"`
			`"github.com/1f349/lavender/issuer"`
Oh dear 2025-01-19 12:04:25 +00:00			`"github.com/1f349/lavender/url"`
Start new frontend project and other changes 2024-10-25 15:08:56 +01:00			`"github.com/google/uuid"`
			`"golang.org/x/oauth2"`
Rewrite login system 2024-12-09 18:40:18 +00:00			`"html/template"`
Start new frontend project and other changes 2024-10-25 15:08:56 +01:00			`"net/http"`
			`"time"`
			`)`

			`type flowStateData struct {`
			`loginName string`
			`sso *issuer.WellKnownOIDC`
			`redirect string`
			`}`

Oh dear 2025-01-19 12:04:25 +00:00			`var (`
			`_ auth.Provider = (*OAuthLogin)(nil)`
			`_ auth.Button = (*OAuthLogin)(nil)`
			`)`
Start new frontend project and other changes 2024-10-25 15:08:56 +01:00
			`type OAuthLogin struct {`
			`DB *database.Queries`

Oh dear 2025-01-19 12:04:25 +00:00			`BaseUrl *url.URL`
Start new frontend project and other changes 2024-10-25 15:08:56 +01:00
			`flow *cache.Cache[string, flowStateData]`
			`}`

			`func (o OAuthLogin) Init() {`
			`o.flow = cache.New[string, flowStateData]()`
			`}`

Oh dear 2025-01-19 12:04:25 +00:00			`func (o OAuthLogin) authUrlBase(ref string) *url.URL {`
			`return o.BaseUrl.Resolve("oauth", o.Name(), ref)`
			`}`

Rewrite login system 2024-12-09 18:40:18 +00:00			`func (o OAuthLogin) AccessState() auth.State { return auth.StateUnauthorized }`
Start new frontend project and other changes 2024-10-25 15:08:56 +01:00
			`func (o OAuthLogin) Name() string { return "oauth" }`

Oh dear 2025-01-19 12:04:25 +00:00			`func (o OAuthLogin) RenderTemplate(ctx authContext.TemplateContext) error {`
			`// TODO: does this need to exist?`
			`ctx.Render(map[string]any{"Error": "no"})`
			`return nil`
Start new frontend project and other changes 2024-10-25 15:08:56 +01:00			`}`

Oh dear 2025-01-19 12:04:25 +00:00			`func (o OAuthLogin) AttemptLogin(ctx authContext.TemplateContext) error {`
			`rCtx := ctx.Context()`

			`login, ok := rCtx.Value(oauthServiceLogin(0)).(*issuer.WellKnownOIDC)`
Start new frontend project and other changes 2024-10-25 15:08:56 +01:00			`if !ok {`
			`return fmt.Errorf("missing issuer wellknown")`
			`}`
Oh dear 2025-01-19 12:04:25 +00:00			`loginName := rCtx.Value("login_full").(string)`
			`loginUn := rCtx.Value("login_username").(string)`
Start new frontend project and other changes 2024-10-25 15:08:56 +01:00
			`// save state for use later`
			`state := login.Config.Namespace + ":" + uuid.NewString()`
Oh dear 2025-01-19 12:04:25 +00:00			`o.flow.Set(state, flowStateData{`
			`loginName: loginName,`
			`sso: login,`
			`redirect: ctx.Request().PostFormValue("redirect"),`
			`}, time.Now().Add(15*time.Minute))`
Start new frontend project and other changes 2024-10-25 15:08:56 +01:00
			`// generate oauth2 config and redirect to authorize URL`
			`oa2conf := login.OAuth2Config`
Oh dear 2025-01-19 12:04:25 +00:00			`oa2conf.RedirectURL = o.authUrlBase("callback").String()`
Start new frontend project and other changes 2024-10-25 15:08:56 +01:00			`nextUrl := oa2conf.AuthCodeURL(state, oauth2.SetAuthURLParam("login_name", loginUn))`

Start converting Svelte frontend to Astro 2024-12-06 18:41:03 +00:00			`return auth.RedirectError{Target: nextUrl, Code: http.StatusFound}`
Start new frontend project and other changes 2024-10-25 15:08:56 +01:00			`}`

Start converting Svelte frontend to Astro 2024-12-06 18:41:03 +00:00			`func (o OAuthLogin) OAuthCallback(rw http.ResponseWriter, req http.Request, info func(req http.Request, sso issuer.WellKnownOIDC, token oauth2.Token) (auth.UserAuth, error), cookie func(rw http.ResponseWriter, authData auth.UserAuth, loginName string) bool, redirect func(rw http.ResponseWriter, req *http.Request)) {`
Start new frontend project and other changes 2024-10-25 15:08:56 +01:00			`flowState, ok := o.flow.Get(req.FormValue("state"))`
			`if !ok {`
			`http.Error(rw, "Invalid flow state", http.StatusBadRequest)`
			`return`
			`}`
Oh dear 2025-01-19 12:04:25 +00:00			`token, err := flowState.sso.OAuth2Config.Exchange(context.Background(), req.FormValue("code"), oauth2.SetAuthURLParam("redirect_uri", o.authUrlBase("callback").String()))`
Start new frontend project and other changes 2024-10-25 15:08:56 +01:00			`if err != nil {`
			`http.Error(rw, "Failed to exchange code for token", http.StatusInternalServerError)`
			`return`
			`}`

			`userAuth, err := info(req, flowState.sso, token)`
			`if err != nil {`
			`http.Error(rw, "Failed to update external user info", http.StatusInternalServerError)`
			`return`
			`}`

			`if cookie(rw, userAuth, flowState.loginName) {`
			`http.Error(rw, "Failed to save login cookie", http.StatusInternalServerError)`
			`return`
			`}`
			`if flowState.redirect != "" {`
			`req.Form.Set("redirect", flowState.redirect)`
			`}`
			`redirect(rw, req)`
			`}`

Oh dear 2025-01-19 12:04:25 +00:00			`func (o OAuthLogin) ButtonName() string { return o.Name() }`

			`func (o OAuthLogin) RenderButtonTemplate(ctx context.Context, req *http.Request) template.HTML {`
			`// o.authUrlBase("button")`
			`return "<div>OAuth Login Template</div>"`
			`}`

Start new frontend project and other changes 2024-10-25 15:08:56 +01:00			`type oauthServiceLogin int`

			`func WithWellKnown(ctx context.Context, login *issuer.WellKnownOIDC) context.Context {`
			`return context.WithValue(ctx, oauthServiceLogin(0), login)`
			`}`