2023-10-01 21:44:49 +01:00
|
|
|
package server
|
|
|
|
|
|
|
|
import (
|
|
|
|
_ "embed"
|
2023-10-04 14:51:38 +01:00
|
|
|
"encoding/json"
|
2023-10-03 01:14:25 +01:00
|
|
|
"github.com/google/uuid"
|
2023-10-01 21:44:49 +01:00
|
|
|
"github.com/julienschmidt/httprouter"
|
|
|
|
"html/template"
|
|
|
|
"log"
|
|
|
|
"net/http"
|
2023-10-04 14:51:38 +01:00
|
|
|
"strings"
|
2023-10-03 23:20:28 +01:00
|
|
|
"time"
|
2023-10-01 21:44:49 +01:00
|
|
|
)
|
|
|
|
|
|
|
|
var (
|
|
|
|
//go:embed flow-popup.go.html
|
|
|
|
flowPopupHtml string
|
|
|
|
flowPopupTemplate *template.Template
|
2023-10-03 23:20:28 +01:00
|
|
|
|
2023-10-04 14:51:38 +01:00
|
|
|
//go:embed flow-callback.go.html
|
|
|
|
flowCallbackHtml string
|
|
|
|
flowCallbackTemplate *template.Template
|
2023-10-01 21:44:49 +01:00
|
|
|
)
|
|
|
|
|
|
|
|
func init() {
|
|
|
|
pageParse, err := template.New("pages").Parse(flowPopupHtml)
|
|
|
|
if err != nil {
|
|
|
|
log.Fatal("flow.go: Failed to parse flow popup HTML:", err)
|
|
|
|
}
|
|
|
|
flowPopupTemplate = pageParse
|
2023-10-04 14:51:38 +01:00
|
|
|
pageParse, err = template.New("pages").Parse(flowCallbackHtml)
|
|
|
|
if err != nil {
|
|
|
|
log.Fatal("flow.go: Failed to parse flow callback HTML:", err)
|
|
|
|
}
|
|
|
|
flowCallbackTemplate = pageParse
|
2023-10-01 21:44:49 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
func (h *HttpServer) flowPopup(rw http.ResponseWriter, req *http.Request, _ httprouter.Params) {
|
|
|
|
err := flowPopupTemplate.Execute(rw, map[string]any{
|
|
|
|
"ServiceName": flowPopupTemplate,
|
2023-10-04 14:51:38 +01:00
|
|
|
"Origin": req.URL.Query().Get("origin"),
|
2023-10-01 21:44:49 +01:00
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
log.Printf("Failed to render page: %s\n", err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-10-03 23:20:28 +01:00
|
|
|
func (h *HttpServer) flowPopupPost(rw http.ResponseWriter, req *http.Request, _ httprouter.Params) {
|
2023-10-01 21:44:49 +01:00
|
|
|
login := h.manager.FindServiceFromLogin(req.PostFormValue("username"))
|
|
|
|
if login == nil {
|
|
|
|
http.Error(rw, "No login service defined for this username", http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2023-10-04 14:51:38 +01:00
|
|
|
targetOrigin := req.PostFormValue("origin")
|
|
|
|
if _, found := h.services[targetOrigin]; !found {
|
|
|
|
http.Error(rw, "Invalid target origin", http.StatusBadRequest)
|
2023-10-03 23:20:28 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
// save state for use later
|
2023-10-03 01:14:25 +01:00
|
|
|
state := login.Config.Namespace + "%" + uuid.NewString()
|
2023-10-03 23:20:28 +01:00
|
|
|
h.flowState.Set(state, flowStateData{
|
|
|
|
login,
|
2023-10-04 14:51:38 +01:00
|
|
|
targetOrigin,
|
2023-10-03 23:20:28 +01:00
|
|
|
}, time.Now().Add(15*time.Minute))
|
2023-10-01 21:44:49 +01:00
|
|
|
|
2023-10-03 23:20:28 +01:00
|
|
|
// generate oauth2 config and redirect to authorize URL
|
2023-10-04 14:51:38 +01:00
|
|
|
oa2conf := login.OAuth2Config
|
2023-10-03 01:14:25 +01:00
|
|
|
oa2conf.RedirectURL = h.baseUrl + "/callback"
|
|
|
|
nextUrl := oa2conf.AuthCodeURL(state)
|
|
|
|
http.Redirect(rw, req, nextUrl, http.StatusFound)
|
2023-10-01 21:44:49 +01:00
|
|
|
}
|
|
|
|
|
2023-10-03 23:20:28 +01:00
|
|
|
func (h *HttpServer) flowCallback(rw http.ResponseWriter, req *http.Request, _ httprouter.Params) {
|
2023-10-03 01:14:25 +01:00
|
|
|
err := req.ParseForm()
|
|
|
|
if err != nil {
|
|
|
|
http.Error(rw, "Error parsing form", http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
2023-10-01 21:44:49 +01:00
|
|
|
|
2023-10-03 23:20:28 +01:00
|
|
|
q := req.URL.Query()
|
|
|
|
state := q.Get("state")
|
2023-10-04 14:51:38 +01:00
|
|
|
n := strings.IndexByte(state, '%')
|
|
|
|
if !h.manager.CheckNamespace(state[:n]) {
|
2023-10-03 23:20:28 +01:00
|
|
|
http.Error(rw, "Invalid state", http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
v, found := h.flowState.Get(state)
|
|
|
|
if !found {
|
|
|
|
http.Error(rw, "Invalid state", http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2023-10-04 14:51:38 +01:00
|
|
|
exchange, err := v.sso.OAuth2Config.Exchange(req.Context(), q.Get("code"))
|
|
|
|
if err != nil {
|
|
|
|
http.Error(rw, "Failed to exchange code", http.StatusInternalServerError)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
client := v.sso.OAuth2Config.Client(req.Context(), exchange)
|
|
|
|
v2, err := client.Get(v.sso.UserInfoEndpoint)
|
|
|
|
if err != nil {
|
|
|
|
http.Error(rw, "Failed to get userinfo", http.StatusInternalServerError)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
defer v2.Body.Close()
|
|
|
|
if v2.StatusCode != http.StatusOK {
|
|
|
|
http.Error(rw, "Failed to get userinfo", http.StatusInternalServerError)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
var v3 any
|
|
|
|
if json.NewDecoder(v2.Body).Decode(&v3) != nil {
|
|
|
|
http.Error(rw, "Failed to decode userinfo JSON", http.StatusInternalServerError)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
_ = flowCallbackTemplate.Execute(rw, map[string]any{
|
|
|
|
"TargetOrigin": v.targetOrigin,
|
|
|
|
"TargetMessage": v3,
|
|
|
|
})
|
2023-10-01 21:44:49 +01:00
|
|
|
}
|