lavender/server/server.go

156 lines
3.7 KiB
Go
Raw Normal View History

2023-10-01 21:44:49 +01:00
package server
import (
2024-09-13 15:31:40 +01:00
"errors"
2023-10-03 23:20:28 +01:00
"github.com/1f349/cache"
"github.com/1f349/lavender/auth"
2024-08-19 22:37:30 +01:00
"github.com/1f349/lavender/conf"
2024-02-07 01:18:17 +00:00
"github.com/1f349/lavender/database"
2023-10-01 21:44:49 +01:00
"github.com/1f349/lavender/issuer"
"github.com/1f349/lavender/logger"
"github.com/1f349/lavender/pages"
2023-11-03 07:39:58 +00:00
"github.com/1f349/mjwt"
2024-02-07 01:18:17 +00:00
"github.com/go-oauth2/oauth2/v4/manage"
"github.com/go-oauth2/oauth2/v4/server"
2023-10-01 21:44:49 +01:00
"github.com/julienschmidt/httprouter"
"net/http"
2024-02-07 01:18:17 +00:00
"net/url"
"path"
2023-12-14 23:50:09 +00:00
"strings"
2023-10-01 21:44:49 +01:00
"time"
)
2024-02-07 01:18:17 +00:00
var errInvalidScope = errors.New("missing required scope")
2024-09-13 15:31:40 +01:00
type httpServer struct {
2024-02-07 01:18:17 +00:00
r *httprouter.Router
oauthSrv *server.Server
oauthMgr *manage.Manager
db *database.Queries
2024-08-19 22:37:30 +01:00
conf conf.Conf
signingKey *mjwt.Issuer
2024-02-07 01:18:17 +00:00
manager *issuer.Manager
2024-09-13 15:31:40 +01:00
// mailLinkCache contains a mapping of verify uuids to user uuids
mailLinkCache *cache.Cache[mailLinkKey, string]
2023-10-03 23:20:28 +01:00
authBasic *auth.BasicLogin
authOtp *auth.OtpLogin
authOAuth *auth.OAuthLogin
authSources []auth.Provider
2023-10-01 21:44:49 +01:00
}
2024-09-13 15:31:40 +01:00
type mailLink byte
2023-10-01 21:44:49 +01:00
2024-09-13 15:31:40 +01:00
const (
mailLinkDelete mailLink = iota
mailLinkResetPassword
mailLinkVerifyEmail
)
2024-09-13 15:31:40 +01:00
type mailLinkKey struct {
action mailLink
data string
}
2024-02-07 01:18:17 +00:00
2024-09-13 15:31:40 +01:00
func SetupRouter(r *httprouter.Router, config conf.Conf, db *database.Queries, signingKey *mjwt.Issuer) {
// remove last slash from baseUrl
config.BaseUrl = strings.TrimRight(config.BaseUrl, "/")
contentCache := time.Now()
authBasic := &auth.BasicLogin{DB: db}
authOtp := &auth.OtpLogin{DB: db}
authOAuth := &auth.OAuthLogin{DB: db, BaseUrl: config.BaseUrl}
authOAuth.Init()
2024-09-13 15:31:40 +01:00
hs := &httpServer{
r: r,
2024-02-07 01:18:17 +00:00
db: db,
2024-08-19 22:37:30 +01:00
conf: config,
2024-02-07 01:18:17 +00:00
signingKey: signingKey,
2024-09-13 15:31:40 +01:00
mailLinkCache: cache.New[mailLinkKey, string](),
authBasic: authBasic,
authOtp: authOtp,
authOAuth: authOAuth,
//authPasskey: &auth.PasskeyLogin{DB: db},
authSources: []auth.Provider{
authBasic,
authOtp,
},
2023-10-01 21:44:49 +01:00
}
var err error
hs.manager, err = issuer.NewManager(config.Namespace, config.SsoServices)
if err != nil {
logger.Logger.Fatal("Failed to load SSO services", "err", err)
}
2024-02-07 01:18:17 +00:00
2024-09-13 15:31:40 +01:00
SetupOpenId(r, config.BaseUrl, signingKey)
r.GET("/", hs.OptionalAuthentication(false, hs.Home))
r.POST("/logout", hs.RequireAuthentication(hs.logoutPost))
2024-02-07 01:18:17 +00:00
// theme styles
r.GET("/assets/*filepath", func(rw http.ResponseWriter, req *http.Request, params httprouter.Params) {
name := params.ByName("filepath")
if strings.Contains(name, "..") {
http.Error(rw, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
return
}
out := pages.RenderCss(path.Join("assets", name))
http.ServeContent(rw, req, path.Base(name), contentCache, out)
2023-12-17 22:46:58 +00:00
})
// login steps
r.GET("/login", hs.OptionalAuthentication(false, hs.loginGet))
r.POST("/login", hs.OptionalAuthentication(false, hs.loginPost))
r.GET("/callback", hs.OptionalAuthentication(false, hs.loginCallback))
SetupManageApps(r, hs)
SetupManageUsers(r, hs)
SetupOAuth2(r, hs, signingKey, db)
2023-11-15 09:21:09 +00:00
}
2023-10-01 21:44:49 +01:00
2024-09-13 15:31:40 +01:00
func (h *httpServer) SafeRedirect(rw http.ResponseWriter, req *http.Request) {
2024-02-07 01:18:17 +00:00
redirectUrl := req.FormValue("redirect")
if redirectUrl == "" {
http.Redirect(rw, req, "/", http.StatusFound)
return
}
parse, err := url.Parse(redirectUrl)
2023-11-15 09:21:09 +00:00
if err != nil {
2024-02-07 01:18:17 +00:00
http.Error(rw, "Failed to parse redirect url: "+redirectUrl, http.StatusBadRequest)
return
}
if parse.Scheme != "" && parse.Opaque != "" && parse.User != nil && parse.Host != "" {
http.Error(rw, "Invalid redirect url: "+redirectUrl, http.StatusBadRequest)
return
2023-10-01 21:44:49 +01:00
}
2024-02-07 01:18:17 +00:00
http.Redirect(rw, req, parse.String(), http.StatusFound)
}
func ParseClaims(claims string) map[string]bool {
m := make(map[string]bool)
for {
n := strings.IndexByte(claims, ' ')
if n == -1 {
if claims != "" {
m[claims] = true
}
break
}
2023-11-15 09:21:09 +00:00
2024-02-07 01:18:17 +00:00
a := claims[:n]
claims = claims[n+1:]
if a != "" {
m[a] = true
}
2023-11-15 09:21:09 +00:00
}
2024-02-07 01:18:17 +00:00
return m
2023-10-01 21:44:49 +01:00
}