feat: start to build a session controller to interact with an oidc provider

author: mo khan <mo@mokhan.ca> 2025-04-14 14:25:48 -0600
committer: mo khan <mo@mokhan.ca> 2025-04-14 14:25:48 -0600
commit: eb04ea074b64c9e36d0d81e0a0a23832362e97fb (patch)
tree: 675e366a4ee95a2d4053ac5cf1492570b3279cb4
parent: 88f2dd1cab10f4869077506be01d7680647fb2b2 (diff)
5 files changed, 81 insertions, 1 deletions
diff --git a/app/controllers/sessions/controller.go b/app/controllers/sessions/controller.go
new file mode 100644
index 0000000..9340ab6
--- /dev/null
+++ b/app/controllers/sessions/controller.go
@@ -0,0 +1,26 @@
+package sessions
+
+import (
+	"net/http"
+
+	"golang.org/x/oauth2"
+)
+
+type Controller struct {
+	cfg *oauth2.Config
+}
+
+func New(cfg *oauth2.Config) *Controller {
+	return &Controller{cfg: cfg}
+}
+
+func (c *Controller) MountTo(mux *http.ServeMux) {
+	mux.HandleFunc("GET /session/new", c.New)
+}
+
+func (c *Controller) New(w http.ResponseWriter, r *http.Request) {
+	w.WriteHeader(http.StatusFound)
+
+	url := c.cfg.AuthCodeURL("csrf-token", oauth2.SetAuthURLParam("audience", "sparklelab.example.com"))
+	http.Redirect(w, r, url, http.StatusFound)
+}
diff --git a/app/controllers/sessions/controller_test.go b/app/controllers/sessions/controller_test.go
new file mode 100644
index 0000000..eeafd60
--- /dev/null
+++ b/app/controllers/sessions/controller_test.go
@@ -0,0 +1,51 @@
+package sessions
+
+import (
+	"net/http"
+	"net/url"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/test"
+	"golang.org/x/oauth2"
+)
+
+func TestSessions(t *testing.T) {
+	cfg := &oauth2.Config{
+		ClientID:    "client_id",
+		RedirectURL: "https://sparklelab.example.com/callback",
+		Scopes:      []string{"openid"},
+		Endpoint: oauth2.Endpoint{
+			AuthURL:  "https://gitlab.com/oauth/authorize",
+			TokenURL: "https://gitlab.com/oauth/token",
+		},
+	}
+
+	controller := New(cfg)
+	mux := http.NewServeMux()
+	controller.MountTo(mux)
+
+	t.Run("GET /", func(t *testing.T) {
+		t.Run("Without an authenticated session", func(t *testing.T) {
+			t.Run("redirect to the OIDC Provider", func(t *testing.T) {
+				r, w := test.RequestResponse("GET", "/session/new")
+
+				mux.ServeHTTP(w, r)
+
+				require.Equal(t, http.StatusFound, w.Code)
+				require.NotEmpty(t, w.Header().Get("Location"))
+				redirectURL, err := url.Parse(w.Header().Get("Location"))
+				require.NoError(t, err)
+				assert.Equal(t, "https", redirectURL.Scheme)
+				assert.Equal(t, "gitlab.com", redirectURL.Host)
+				assert.Equal(t, "/oauth/authorize", redirectURL.Path)
+				assert.NotEmpty(t, redirectURL.Query().Get("state"))
+				assert.Equal(t, "client_id", redirectURL.Query().Get("client_id"))
+				assert.Equal(t, "openid", redirectURL.Query().Get("scope"))
+				assert.Equal(t, "https://sparklelab.example.com/callback", redirectURL.Query().Get("redirect_uri"))
+				assert.Equal(t, "code", redirectURL.Query().Get("response_type"))
+			})
+		})
+	})
+}
diff --git a/go.mod b/go.mod
index 650396b..5773311 100644
--- a/go.mod
+++ b/go.mod
@@ -7,6 +7,7 @@ require (
 	github.com/stretchr/testify v1.10.0
 	github.com/testcontainers/testcontainers-go v0.36.0
 	github.com/xlgmokha/x v0.0.0-20250412211812-8dcb68809180
+	golang.org/x/oauth2 v0.29.0
 	gotest.tools/v3 v3.5.1
 )
 
diff --git a/go.sum b/go.sum
index a5f632b..74825c2 100644
--- a/go.sum
+++ b/go.sum
@@ -144,6 +144,8 @@ golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLL
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I=
 golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
+golang.org/x/oauth2 v0.29.0 h1:WdYw2tdTK1S8olAzWHdgeqfy+Mtm9XNhv/xJsY65d98=
+golang.org/x/oauth2 v0.29.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
diff --git a/public/index.html b/public/index.html
index fe19acc..6231d7b 100644
--- a/public/index.html
+++ b/public/index.html
@@ -14,7 +14,7 @@
           <li><strong>SparkleLab</strong></li>
         </ul>
         <ul>
-          <li><a href="/oidc/new">Login</a></li>
+          <li><a href="/session/new">Login</a></li>
         </ul>
       </nav>
     </main>
author	mo khan <mo@mokhan.ca>	2025-04-14 14:25:48 -0600
committer	mo khan <mo@mokhan.ca>	2025-04-14 14:25:48 -0600
commit	eb04ea074b64c9e36d0d81e0a0a23832362e97fb (patch)
tree	675e366a4ee95a2d4053ac5cf1492570b3279cb4
parent	88f2dd1cab10f4869077506be01d7680647fb2b2 (diff)