lavender/server/server.go

package server

import (
	"bytes"
	"fmt"
	"github.com/1f349/cache"
	"github.com/1f349/lavender/issuer"
	"github.com/1f349/lavender/theme"
	"github.com/1f349/mjwt"
	"github.com/julienschmidt/httprouter"
	"github.com/rs/cors"
	"log"
	"net/http"
	"strings"
	"sync/atomic"
	"time"
)

type HttpServer struct {
	Server    *http.Server
	r         *httprouter.Router
	conf      atomic.Pointer[Conf]
	manager   atomic.Pointer[issuer.Manager]
	signer    mjwt.Signer
	flowState *cache.Cache[string, flowStateData]
	services  atomic.Pointer[map[string]AllowedClient]
}

type flowStateData struct {
	sso    *issuer.WellKnownOIDC
	target AllowedClient
}

func NewHttpServer(conf Conf, signer mjwt.Signer) *HttpServer {
	r := httprouter.New()

	// remove last slash from baseUrl
	{
		l := len(conf.BaseUrl)
		if conf.BaseUrl[l-1] == '/' {
			conf.BaseUrl = conf.BaseUrl[:l-1]
		}
	}

	hs := &HttpServer{
		Server: &http.Server{
			Addr:              conf.Listen,
			Handler:           r,
			ReadTimeout:       time.Minute,
			ReadHeaderTimeout: time.Minute,
			WriteTimeout:      time.Minute,
			IdleTimeout:       time.Minute,
			MaxHeaderBytes:    2500,
		},
		r:         r,
		signer:    signer,
		flowState: cache.New[string, flowStateData](),
	}
	err := hs.UpdateConfig(conf)
	if err != nil {
		log.Fatalln("Failed to load initial config:", err)
		return nil
	}

	r.GET("/", func(rw http.ResponseWriter, req *http.Request, _ httprouter.Params) {
		rw.WriteHeader(http.StatusOK)
		_, _ = fmt.Fprintln(rw, "What is this?")
	})
	r.GET("/popup", hs.flowPopup)
	r.POST("/popup", hs.flowPopupPost)
	r.GET("/callback", hs.flowCallback)

	r.GET("/theme/style.css", func(rw http.ResponseWriter, req *http.Request, params httprouter.Params) {
		http.ServeContent(rw, req, "style.css", time.Now(), bytes.NewReader(theme.DefaultThemeCss))
	})

	// setup CORS options for `/verify` and `/refresh` endpoints
	var corsAccessControl = cors.New(cors.Options{
		AllowOriginFunc: func(origin string) bool {
			load := hs.services.Load()
			_, ok := (*load)[strings.TrimSuffix(origin, "/")]
			return ok
		},
		AllowedMethods:   []string{http.MethodPost, http.MethodOptions},
		AllowedHeaders:   []string{"Content-Type"},
		AllowCredentials: true,
	})

	// `/verify` and `/refresh` need CORS headers to be usable on other domains
	r.POST("/verify", func(rw http.ResponseWriter, req *http.Request, params httprouter.Params) {
		corsAccessControl.ServeHTTP(rw, req, func(writer http.ResponseWriter, request *http.Request) {
			hs.verifyHandler(rw, req, params)
		})
	})
	r.POST("/refresh", func(rw http.ResponseWriter, req *http.Request, params httprouter.Params) {
		corsAccessControl.ServeHTTP(rw, req, func(writer http.ResponseWriter, request *http.Request) {
			hs.refreshHandler(rw, req, params)
		})
	})
	r.OPTIONS("/refresh", func(rw http.ResponseWriter, req *http.Request, params httprouter.Params) {
		corsAccessControl.ServeHTTP(rw, req, func(_ http.ResponseWriter, _ *http.Request) {})
	})
	return hs
}

func (h *HttpServer) UpdateConfig(conf Conf) error {
	m, err := issuer.NewManager(conf.SsoServices)
	if err != nil {
		return fmt.Errorf("failed to reload SSO service manager: %w", err)
	}

	clientLookup := make(map[string]AllowedClient)
	for _, i := range conf.AllowedClients {
		clientLookup[i.Url.String()] = i
	}

	h.conf.Store(&conf)
	h.manager.Store(m)
	h.services.Store(&clientLookup)
	return nil
}
Start coding lavender 2023-10-01 21:44:49 +01:00			`package server`

			`import (`
Add dark mode to UIs 2023-12-17 22:46:58 +00:00			`"bytes"`
Start coding lavender 2023-10-01 21:44:49 +01:00			`"fmt"`
Continue adding to popup flow 2023-10-03 23:20:28 +01:00			`"github.com/1f349/cache"`
Start coding lavender 2023-10-01 21:44:49 +01:00			`"github.com/1f349/lavender/issuer"`
Add dark mode to UIs 2023-12-17 22:46:58 +00:00			`"github.com/1f349/lavender/theme"`
Update mjwt library 2023-11-03 07:39:58 +00:00			`"github.com/1f349/mjwt"`
Start coding lavender 2023-10-01 21:44:49 +01:00			`"github.com/julienschmidt/httprouter"`
Start implementing refresh tokens 2023-12-05 18:10:47 +00:00			`"github.com/rs/cors"`
Add loads of test cases 2023-10-08 15:24:59 +01:00			`"log"`
Start coding lavender 2023-10-01 21:44:49 +01:00			`"net/http"`
Trim / from end of origin 2023-12-14 23:50:09 +00:00			`"strings"`
Add reloading config 2023-11-15 09:21:09 +00:00			`"sync/atomic"`
Start coding lavender 2023-10-01 21:44:49 +01:00			`"time"`
			`)`

			`type HttpServer struct {`
Add reloading config 2023-11-15 09:21:09 +00:00			`Server *http.Server`
Add loads of test cases 2023-10-08 15:24:59 +01:00			`r *httprouter.Router`
Add reloading config 2023-11-15 09:21:09 +00:00			`conf atomic.Pointer[Conf]`
			`manager atomic.Pointer[issuer.Manager]`
Add loads of test cases 2023-10-08 15:24:59 +01:00			`signer mjwt.Signer`
			`flowState *cache.Cache[string, flowStateData]`
Add reloading config 2023-11-15 09:21:09 +00:00			`services atomic.Pointer[map[string]AllowedClient]`
Continue adding to popup flow 2023-10-03 23:20:28 +01:00			`}`

			`type flowStateData struct {`
Allowed client specific perms 2023-10-26 11:30:04 +01:00			`sso *issuer.WellKnownOIDC`
			`target AllowedClient`
Start coding lavender 2023-10-01 21:44:49 +01:00			`}`

Add reloading config 2023-11-15 09:21:09 +00:00			`func NewHttpServer(conf Conf, signer mjwt.Signer) *HttpServer {`
Start coding lavender 2023-10-01 21:44:49 +01:00			`r := httprouter.New()`

Generate oauth2 config from login SSO service metadata 2023-10-03 01:14:25 +01:00			`// remove last slash from baseUrl`
			`{`
Add loads of test cases 2023-10-08 15:24:59 +01:00			`l := len(conf.BaseUrl)`
			`if conf.BaseUrl[l-1] == '/' {`
			`conf.BaseUrl = conf.BaseUrl[:l-1]`
Generate oauth2 config from login SSO service metadata 2023-10-03 01:14:25 +01:00			`}`
			`}`

Start coding lavender 2023-10-01 21:44:49 +01:00			`hs := &HttpServer{`
Add reloading config 2023-11-15 09:21:09 +00:00			`Server: &http.Server{`
			`Addr: conf.Listen,`
			`Handler: r,`
			`ReadTimeout: time.Minute,`
			`ReadHeaderTimeout: time.Minute,`
			`WriteTimeout: time.Minute,`
			`IdleTimeout: time.Minute,`
			`MaxHeaderBytes: 2500,`
			`},`
Add loads of test cases 2023-10-08 15:24:59 +01:00			`r: r,`
			`signer: signer,`
			`flowState: cache.New[string, flowStateData](),`
Add reloading config 2023-11-15 09:21:09 +00:00			`}`
			`err := hs.UpdateConfig(conf)`
			`if err != nil {`
			`log.Fatalln("Failed to load initial config:", err)`
			`return nil`
Start coding lavender 2023-10-01 21:44:49 +01:00			`}`

			`r.GET("/", func(rw http.ResponseWriter, req *http.Request, _ httprouter.Params) {`
			`rw.WriteHeader(http.StatusOK)`
			`_, _ = fmt.Fprintln(rw, "What is this?")`
			`})`
			`r.GET("/popup", hs.flowPopup)`
			`r.POST("/popup", hs.flowPopupPost)`
			`r.GET("/callback", hs.flowCallback)`
Start implementing refresh tokens 2023-12-05 18:10:47 +00:00
Add dark mode to UIs 2023-12-17 22:46:58 +00:00			`r.GET("/theme/style.css", func(rw http.ResponseWriter, req *http.Request, params httprouter.Params) {`
			`http.ServeContent(rw, req, "style.css", time.Now(), bytes.NewReader(theme.DefaultThemeCss))`
			`})`

Add CORS headers to /verify endpoint 2023-12-14 23:41:39 +00:00			// setup CORS options for `/verify` and `/refresh` endpoints
Start implementing refresh tokens 2023-12-05 18:10:47 +00:00			`var corsAccessControl = cors.New(cors.Options{`
			`AllowOriginFunc: func(origin string) bool {`
			`load := hs.services.Load()`
Trim / from end of origin 2023-12-14 23:50:09 +00:00			`_, ok := (*load)[strings.TrimSuffix(origin, "/")]`
Start implementing refresh tokens 2023-12-05 18:10:47 +00:00			`return ok`
			`},`
			`AllowedMethods: []string{http.MethodPost, http.MethodOptions},`
			`AllowedHeaders: []string{"Content-Type"},`
			`AllowCredentials: true,`
			`})`
Add CORS headers to /verify endpoint 2023-12-14 23:41:39 +00:00
			// `/verify` and `/refresh` need CORS headers to be usable on other domains
			`r.POST("/verify", func(rw http.ResponseWriter, req *http.Request, params httprouter.Params) {`
			`corsAccessControl.ServeHTTP(rw, req, func(writer http.ResponseWriter, request *http.Request) {`
			`hs.verifyHandler(rw, req, params)`
			`})`
			`})`
Start implementing refresh tokens 2023-12-05 18:10:47 +00:00			`r.POST("/refresh", func(rw http.ResponseWriter, req *http.Request, params httprouter.Params) {`
			`corsAccessControl.ServeHTTP(rw, req, func(writer http.ResponseWriter, request *http.Request) {`
			`hs.refreshHandler(rw, req, params)`
			`})`
			`})`
			`r.OPTIONS("/refresh", func(rw http.ResponseWriter, req *http.Request, params httprouter.Params) {`
			`corsAccessControl.ServeHTTP(rw, req, func(_ http.ResponseWriter, _ *http.Request) {})`
			`})`
Add reloading config 2023-11-15 09:21:09 +00:00			`return hs`
			`}`
Start coding lavender 2023-10-01 21:44:49 +01:00
Add reloading config 2023-11-15 09:21:09 +00:00			`func (h *HttpServer) UpdateConfig(conf Conf) error {`
			`m, err := issuer.NewManager(conf.SsoServices)`
			`if err != nil {`
			`return fmt.Errorf("failed to reload SSO service manager: %w", err)`
Start coding lavender 2023-10-01 21:44:49 +01:00			`}`
Add reloading config 2023-11-15 09:21:09 +00:00
			`clientLookup := make(map[string]AllowedClient)`
			`for _, i := range conf.AllowedClients {`
			`clientLookup[i.Url.String()] = i`
			`}`

			`h.conf.Store(&conf)`
			`h.manager.Store(m)`
			`h.services.Store(&clientLookup)`
			`return nil`
Start coding lavender 2023-10-01 21:44:49 +01:00			`}`