Add wider oauth/user perm boxes and allow wildcard oauth perms

This commit is contained in:
Melon 2024-02-14 21:04:52 +00:00
parent 0f37976d35
commit ba72697f1a
Signed by: melon
GPG Key ID: 6C9D970C50D26A25
6 changed files with 11 additions and 12 deletions

2
go.mod
View File

@ -4,7 +4,7 @@ go 1.22
require ( require (
github.com/1f349/cache v0.0.2 github.com/1f349/cache v0.0.2
github.com/1f349/mjwt v0.2.1 github.com/1f349/mjwt v0.2.4
github.com/1f349/overlapfs v0.0.1 github.com/1f349/overlapfs v0.0.1
github.com/1f349/violet v0.0.13 github.com/1f349/violet v0.0.13
github.com/MrMelon54/exit-reload v0.0.1 github.com/MrMelon54/exit-reload v0.0.1

4
go.sum
View File

@ -1,8 +1,8 @@
cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
github.com/1f349/cache v0.0.2 h1:27QD6zPd9xYyvh9V1qqWq+EAt5+N+qvyGWKfnjMrhP8= github.com/1f349/cache v0.0.2 h1:27QD6zPd9xYyvh9V1qqWq+EAt5+N+qvyGWKfnjMrhP8=
github.com/1f349/cache v0.0.2/go.mod h1:LibAMy13dF0KO1fQA9aEjZPBCB6Y4b5kKYEQJUqc2rQ= github.com/1f349/cache v0.0.2/go.mod h1:LibAMy13dF0KO1fQA9aEjZPBCB6Y4b5kKYEQJUqc2rQ=
github.com/1f349/mjwt v0.2.1 h1:REdiM/MaNjYQwHvI39LaMPhlvMg4Vy9SgomWMsKTNz8= github.com/1f349/mjwt v0.2.4 h1:FDVl2v50N1BdPjd79srRzIstZsQ/KLWWidsmJ6arPfI=
github.com/1f349/mjwt v0.2.1/go.mod h1:KEs6jd9JjWrQW+8feP2pGAU7pdA3aYTqjkT/YQr73PU= github.com/1f349/mjwt v0.2.4/go.mod h1:KEs6jd9JjWrQW+8feP2pGAU7pdA3aYTqjkT/YQr73PU=
github.com/1f349/overlapfs v0.0.1 h1:LAxBolrXFAgU0yqZtXg/C/aaPq3eoQSPpBc49BHuTp0= github.com/1f349/overlapfs v0.0.1 h1:LAxBolrXFAgU0yqZtXg/C/aaPq3eoQSPpBc49BHuTp0=
github.com/1f349/overlapfs v0.0.1/go.mod h1:I6aItQycr7nrzplmfNXp/QF9tTmKRSgY3fXmu/7Ky2o= github.com/1f349/overlapfs v0.0.1/go.mod h1:I6aItQycr7nrzplmfNXp/QF9tTmKRSgY3fXmu/7Ky2o=
github.com/1f349/violet v0.0.13 h1:lJpTz15Ea83Uc1VAISXTjtKuzr8Pe8NM4cMGp3Aiyhk= github.com/1f349/violet v0.0.13 h1:lJpTz15Ea83Uc1VAISXTjtKuzr8Pe8NM4cMGp3Aiyhk=

View File

@ -61,7 +61,7 @@
{{if .IsAdmin}} {{if .IsAdmin}}
<div> <div>
<label for="field_perms">Perms:</label> <label for="field_perms">Perms:</label>
<input type="text" name="perms" id="field_perms" value="{{.Edit.Perms}}" required/> <input type="text" name="perms" id="field_perms" value="{{.Edit.Perms}}" size="100"/>
</div> </div>
{{end}} {{end}}
<div> <div>
@ -143,7 +143,7 @@
{{if .IsAdmin}} {{if .IsAdmin}}
<div> <div>
<label for="field_perms">Perms:</label> <label for="field_perms">Perms:</label>
<input type="text" name="perms" id="field_perms" required/> <input type="text" name="perms" id="field_perms"/>
</div> </div>
{{end}} {{end}}
<div> <div>

View File

@ -24,7 +24,7 @@
</div> </div>
<div> <div>
<label for="field_roles">Roles:</label> <label for="field_roles">Roles:</label>
<input type="text" name="roles" id="field_roles" value="{{.Edit.Roles}}"/> <input type="text" name="roles" id="field_roles" value="{{.Edit.Roles}}" size="100"/>
</div> </div>
<div> <div>
<label for="field_active">Active: <input type="checkbox" name="active" id="field_active" checked/></label> <label for="field_active">Active: <input type="checkbox" name="active" id="field_active" checked/></label>

View File

@ -36,15 +36,14 @@ func (j *JWTAccessGenerate) Token(ctx context.Context, data *oauth2.GenerateBasi
} }
beginCtx.Rollback() beginCtx.Rollback()
ps := claims.NewPermStorage() ps := claims.ParsePermStorage(roles)
var out *claims.PermStorage
ForEachRole(data.Client.(interface{ UsePerms() string }).UsePerms(), func(role string) { ForEachRole(data.Client.(interface{ UsePerms() string }).UsePerms(), func(role string) {
if HasRole(roles, role) { out = ps.Filter(strings.Split(role, " "))
ps.Set(role)
}
}) })
access, err = j.signer.GenerateJwt(data.UserID, "", jwt.ClaimStrings{data.TokenInfo.GetClientID()}, data.TokenInfo.GetAccessExpiresIn(), auth.AccessTokenClaims{ access, err = j.signer.GenerateJwt(data.UserID, "", jwt.ClaimStrings{data.TokenInfo.GetClientID()}, data.TokenInfo.GetAccessExpiresIn(), auth.AccessTokenClaims{
Perms: ps, Perms: out,
}) })
if isGenRefresh { if isGenRefresh {

View File

@ -6,7 +6,7 @@
<script> <script>
const ssoService = "http://localhost:9090"; const ssoService = "http://localhost:9090";
POP2.init(ssoService + "/authorize", "f4cdb93d-fe28-427b-b037-f03f44c86a16", "openid profile age", 500, 600); POP2.init(ssoService + "/authorize", "f4cdb93d-fe28-427b-b037-f03f44c86a16", "openid profile age email", 500, 600);
window.addEventListener("load", function () { window.addEventListener("load", function () {
doThisThing(false); doThisThing(false);