Add wider oauth/user perm boxes and allow wildcard oauth perms

2024-09-16 16:46:38 +01:00 · 2024-02-14 21:04:52 +00:00 · 2024-02-14 21:04:52 +00:00 · ba72697f1a
commit ba72697f1a
parent 0f37976d35
6 changed files with 11 additions and 12 deletions
--- a/go.mod
+++ b/go.mod
@ -4,7 +4,7 @@ go 1.22
 require (
 	github.com/1f349/cache v0.0.2
-	github.com/1f349/mjwt v0.2.1
+	github.com/1f349/mjwt v0.2.4
 	github.com/1f349/overlapfs v0.0.1
 	github.com/1f349/violet v0.0.13
 	github.com/MrMelon54/exit-reload v0.0.1
--- a/go.sum
+++ b/go.sum
@ -1,8 +1,8 @@
 cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 github.com/1f349/cache v0.0.2 h1:27QD6zPd9xYyvh9V1qqWq+EAt5+N+qvyGWKfnjMrhP8=
 github.com/1f349/cache v0.0.2/go.mod h1:LibAMy13dF0KO1fQA9aEjZPBCB6Y4b5kKYEQJUqc2rQ=
-github.com/1f349/mjwt v0.2.1 h1:REdiM/MaNjYQwHvI39LaMPhlvMg4Vy9SgomWMsKTNz8=
+github.com/1f349/mjwt v0.2.4 h1:FDVl2v50N1BdPjd79srRzIstZsQ/KLWWidsmJ6arPfI=
-github.com/1f349/mjwt v0.2.1/go.mod h1:KEs6jd9JjWrQW+8feP2pGAU7pdA3aYTqjkT/YQr73PU=
+github.com/1f349/mjwt v0.2.4/go.mod h1:KEs6jd9JjWrQW+8feP2pGAU7pdA3aYTqjkT/YQr73PU=
 github.com/1f349/overlapfs v0.0.1 h1:LAxBolrXFAgU0yqZtXg/C/aaPq3eoQSPpBc49BHuTp0=
 github.com/1f349/overlapfs v0.0.1/go.mod h1:I6aItQycr7nrzplmfNXp/QF9tTmKRSgY3fXmu/7Ky2o=
 github.com/1f349/violet v0.0.13 h1:lJpTz15Ea83Uc1VAISXTjtKuzr8Pe8NM4cMGp3Aiyhk=
--- a/pages/manage-apps.go.html
+++ b/pages/manage-apps.go.html
@ -61,7 +61,7 @@
            {{if .IsAdmin}}
                <div>
                    <label for="field_perms">Perms:</label>
-                    <input type="text" name="perms" id="field_perms" value="{{.Edit.Perms}}" required/>
+                    <input type="text" name="perms" id="field_perms" value="{{.Edit.Perms}}" size="100"/>
                </div>
            {{end}}
            <div>
@ -143,7 +143,7 @@
            {{if .IsAdmin}}
                <div>
                    <label for="field_perms">Perms:</label>
-                    <input type="text" name="perms" id="field_perms" required/>
+                    <input type="text" name="perms" id="field_perms"/>
                </div>
            {{end}}
            <div>
--- a/pages/manage-users.go.html
+++ b/pages/manage-users.go.html
@ -24,7 +24,7 @@
            </div>
            <div>
                <label for="field_roles">Roles:</label>
-                <input type="text" name="roles" id="field_roles" value="{{.Edit.Roles}}"/>
+                <input type="text" name="roles" id="field_roles" value="{{.Edit.Roles}}" size="100"/>
            </div>
            <div>
                <label for="field_active">Active: <input type="checkbox" name="active" id="field_active" checked/></label>
--- a/server/jwt.go
+++ b/server/jwt.go
@ -36,15 +36,14 @@ func (j *JWTAccessGenerate) Token(ctx context.Context, data *oauth2.GenerateBasi
 	}
 	beginCtx.Rollback()
-	ps := claims.NewPermStorage()
+	ps := claims.ParsePermStorage(roles)
 	var out *claims.PermStorage
 	ForEachRole(data.Client.(interface{ UsePerms() string }).UsePerms(), func(role string) {
-		if HasRole(roles, role) {
+		out = ps.Filter(strings.Split(role, " "))
 			ps.Set(role)
 		}
 	})
 	access, err = j.signer.GenerateJwt(data.UserID, "", jwt.ClaimStrings{data.TokenInfo.GetClientID()}, data.TokenInfo.GetAccessExpiresIn(), auth.AccessTokenClaims{
-		Perms: ps,
+		Perms: out,
 	})
 	if isGenRefresh {
--- a/test-client/index.html
+++ b/test-client/index.html
@ -6,7 +6,7 @@
  <script>
      const ssoService = "http://localhost:9090";
-      POP2.init(ssoService + "/authorize", "f4cdb93d-fe28-427b-b037-f03f44c86a16", "openid profile age", 500, 600);
+      POP2.init(ssoService + "/authorize", "f4cdb93d-fe28-427b-b037-f03f44c86a16", "openid profile age email", 500, 600);
      window.addEventListener("load", function () {
          doThisThing(false);