feat: use htmx to render partials

author: mo khan <mo@mokhan.ca> 2025-04-25 21:25:40 -0600
committer: mo khan <mo@mokhan.ca> 2025-04-28 09:07:31 -0600
commit: 9b01d1616e130a589151bf1273e41181ecc727f4 (patch)
tree: 639ec3b3c3857042a551c8e88b09413f590ebcec /app/middleware
parent: 13ab8de7d09b5d4b10132828277d17ba0543b901 (diff)
6 files changed, 36 insertions, 26 deletions
diff --git a/app/middleware/id_token.go b/app/middleware/id_token.go
index da39f43..f0a3c74 100644
--- a/app/middleware/id_token.go
+++ b/app/middleware/id_token.go
@@ -7,38 +7,20 @@ import (
 	"github.com/xlgmokha/x/pkg/x"
 	xcfg "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/cfg"
 	"gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/oidc"
+	"gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/web/cookie"
 )
 
-type TokenParser func(*http.Request) oidc.RawToken
-
-func IDTokenFromSessionCookie(r *http.Request) oidc.RawToken {
-	cookies := r.CookiesNamed("session")
-
-	if len(cookies) != 1 {
-		return ""
-	}
-
-	tokens, err := oidc.TokensFromBase64String(cookies[0].Value)
-	if err != nil {
-		log.WithFields(r.Context(), log.Fields{"error": err})
-		return ""
-	}
-
-	return tokens.IDToken
-}
-
-func IDToken(cfg *oidc.OpenID) func(http.Handler) http.Handler {
-	parsers := []TokenParser{IDTokenFromSessionCookie}
-
+func IDToken(cfg *oidc.OpenID, parsers ...TokenParser) func(http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			for _, parser := range parsers {
 				rawIDToken := parser(r)
-				if !x.IsZero(rawIDToken) {
+				if x.IsPresent(rawIDToken) {
 					verifier := cfg.Provider.VerifierContext(r.Context(), cfg.OIDCConfig)
 					idToken, err := verifier.Verify(r.Context(), rawIDToken.String())
 					if err != nil {
 						log.WithFields(r.Context(), log.Fields{"error": err})
+						cookie.Expire(w, r, "session")
 					} else {
 						log.WithFields(r.Context(), log.Fields{"id_token": idToken})
 						next.ServeHTTP(
diff --git a/app/middleware/id_token_test.go b/app/middleware/id_token_test.go
index 607c028..53ac126 100644
--- a/app/middleware/id_token_test.go
+++ b/app/middleware/id_token_test.go
@@ -36,7 +36,7 @@ func TestIDToken(t *testing.T) {
 	)
 	require.NoError(t, err)
 
-	middleware := IDToken(openID)
+	middleware := IDToken(openID, IDTokenFromSessionCookie)
 
 	t.Run("when an active session cookie is provided", func(t *testing.T) {
 		t.Run("attaches the token to the request context", func(t *testing.T) {
diff --git a/app/middleware/require_user.go b/app/middleware/require_user.go
index d0d5355..8f54a04 100644
--- a/app/middleware/require_user.go
+++ b/app/middleware/require_user.go
@@ -10,7 +10,7 @@ func RequireUser() func(http.Handler) http.Handler {
 			if IsLoggedIn(r) {
 				next.ServeHTTP(w, r)
 			} else {
-				w.WriteHeader(http.StatusNotFound)
+				http.Redirect(w, r, "/", http.StatusFound)
 			}
 		})
 	}
diff --git a/app/middleware/require_user_test.go b/app/middleware/require_user_test.go
index 48afff7..794f347 100644
--- a/app/middleware/require_user_test.go
+++ b/app/middleware/require_user_test.go
@@ -4,6 +4,7 @@ import (
 	"net/http"
 	"testing"
 
+	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/cfg"
 	"gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/domain"
@@ -22,7 +23,8 @@ func TestRequireUser(t *testing.T) {
 			}))
 			server.ServeHTTP(w, r)
 
-			require.Equal(t, http.StatusNotFound, w.Code)
+			require.Equal(t, http.StatusFound, w.Code)
+			assert.Equal(t, "/", w.Header().Get("Location"))
 		})
 	})
 
diff --git a/app/middleware/token_parser.go b/app/middleware/token_parser.go
new file mode 100644
index 0000000..a719b2f
--- /dev/null
+++ b/app/middleware/token_parser.go
@@ -0,0 +1,26 @@
+package middleware
+
+import (
+	"net/http"
+
+	"github.com/xlgmokha/x/pkg/log"
+	"gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/oidc"
+)
+
+type TokenParser func(*http.Request) oidc.RawToken
+
+func IDTokenFromSessionCookie(r *http.Request) oidc.RawToken {
+	cookies := r.CookiesNamed("session")
+
+	if len(cookies) != 1 {
+		return ""
+	}
+
+	tokens, err := oidc.TokensFromBase64String(cookies[0].Value)
+	if err != nil {
+		log.WithFields(r.Context(), log.Fields{"error": err})
+		return ""
+	}
+
+	return tokens.IDToken
+}
diff --git a/app/middleware/user.go b/app/middleware/user.go
index e2f1ce3..21455ba 100644
--- a/app/middleware/user.go
+++ b/app/middleware/user.go
@@ -21,7 +21,7 @@ func User(db domain.Repository[*domain.User]) func(http.Handler) http.Handler {
 			}
 
 			user := db.Find(domain.ID(idToken.Subject))
-			if x.IsZero(user) {
+			if !x.IsPresent(user) {
 				user = mapper.MapFrom[*oidc.IDToken, *domain.User](idToken)
 				if err := db.Save(user); err != nil {
 					log.WithFields(r.Context(), log.Fields{"error": err})
author	mo khan <mo@mokhan.ca>	2025-04-25 21:25:40 -0600
committer	mo khan <mo@mokhan.ca>	2025-04-28 09:07:31 -0600
commit	9b01d1616e130a589151bf1273e41181ecc727f4 (patch)
tree	639ec3b3c3857042a551c8e88b09413f590ebcec /app/middleware
parent	13ab8de7d09b5d4b10132828277d17ba0543b901 (diff)