mirror of
https://github.com/1f349/lavender.git
synced 2024-12-22 15:44:07 +00:00
Send access and refresh token to use apis
This commit is contained in:
parent
7c3b36c9ae
commit
01d03fef9d
@ -3,9 +3,16 @@
|
|||||||
<head>
|
<head>
|
||||||
<title>{{.ServiceName}}</title>
|
<title>{{.ServiceName}}</title>
|
||||||
<script>
|
<script>
|
||||||
let loginData = {target:{{.TargetOrigin}}, message:{{.TargetMessage}}};
|
let loginData = {
|
||||||
|
target:{{.TargetOrigin}},
|
||||||
|
userinfo:{{.TargetMessage}},
|
||||||
|
tokens: {
|
||||||
|
access:{{.AccessToken}},
|
||||||
|
refresh:{{.RefreshToken}},
|
||||||
|
},
|
||||||
|
};
|
||||||
window.addEventListener("load", function () {
|
window.addEventListener("load", function () {
|
||||||
window.opener.postMessage(loginData.message, loginData.target);
|
window.opener.postMessage(loginData, loginData.target);
|
||||||
});
|
});
|
||||||
</script>
|
</script>
|
||||||
</head>
|
</head>
|
||||||
|
@ -5,6 +5,9 @@ import (
|
|||||||
_ "embed"
|
_ "embed"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"github.com/MrMelon54/mjwt/auth"
|
||||||
|
"github.com/MrMelon54/mjwt/claims"
|
||||||
|
"github.com/golang-jwt/jwt/v4"
|
||||||
"github.com/google/uuid"
|
"github.com/google/uuid"
|
||||||
"github.com/julienschmidt/httprouter"
|
"github.com/julienschmidt/httprouter"
|
||||||
"golang.org/x/oauth2"
|
"golang.org/x/oauth2"
|
||||||
@ -117,18 +120,47 @@ func (h *HttpServer) flowCallback(rw http.ResponseWriter, req *http.Request, _ h
|
|||||||
http.Error(rw, "Failed to get userinfo", http.StatusInternalServerError)
|
http.Error(rw, "Failed to get userinfo", http.StatusInternalServerError)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
var v3 any
|
|
||||||
if json.NewDecoder(v2.Body).Decode(&v3) != nil {
|
var v3 map[string]any
|
||||||
|
if err = json.NewDecoder(v2.Body).Decode(&v3); err != nil {
|
||||||
fmt.Println("Failed to decode userinfo:", err)
|
fmt.Println("Failed to decode userinfo:", err)
|
||||||
http.Error(rw, "Failed to decode userinfo JSON", http.StatusInternalServerError)
|
http.Error(rw, "Failed to decode userinfo JSON", http.StatusInternalServerError)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO: generate signed mjwt object
|
sub, ok := v3["sub"].(string)
|
||||||
|
if !ok {
|
||||||
|
http.Error(rw, "Invalid value in userinfo", http.StatusInternalServerError)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
aud, ok := v3["aud"].(string)
|
||||||
|
if !ok {
|
||||||
|
http.Error(rw, "Invalid value in userinfo", http.StatusInternalServerError)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
ps := claims.NewPermStorage()
|
||||||
|
nsSub := sub + "@" + v.sso.Config.Namespace
|
||||||
|
ati := uuid.NewString()
|
||||||
|
accessToken, err := h.signer.GenerateJwt(nsSub, ati, jwt.ClaimStrings{aud}, 15*time.Minute, auth.AccessTokenClaims{
|
||||||
|
Perms: ps,
|
||||||
|
})
|
||||||
|
if err != nil {
|
||||||
|
http.Error(rw, "Error generating access token", http.StatusInternalServerError)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
refreshToken, err := h.signer.GenerateJwt(nsSub, uuid.NewString(), jwt.ClaimStrings{aud}, 15*time.Minute, auth.RefreshTokenClaims{AccessTokenId: ati})
|
||||||
|
if err != nil {
|
||||||
|
http.Error(rw, "Error generating refresh token", http.StatusInternalServerError)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
_ = flowCallbackTemplate.Execute(rw, map[string]any{
|
_ = flowCallbackTemplate.Execute(rw, map[string]any{
|
||||||
"ServiceName": h.serviceName,
|
"ServiceName": h.serviceName,
|
||||||
"TargetOrigin": v.targetOrigin,
|
"TargetOrigin": v.targetOrigin,
|
||||||
"TargetMessage": v3,
|
"TargetMessage": v3,
|
||||||
|
"AccessToken": accessToken,
|
||||||
|
"RefreshToken": refreshToken,
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user