diff options
Diffstat (limited to 'app/controllers/sessions/service.go')
| -rw-r--r-- | app/controllers/sessions/service.go | 80 |
1 files changed, 0 insertions, 80 deletions
diff --git a/app/controllers/sessions/service.go b/app/controllers/sessions/service.go deleted file mode 100644 index c0466e4..0000000 --- a/app/controllers/sessions/service.go +++ /dev/null @@ -1,80 +0,0 @@ -package sessions - -import ( - "context" - "encoding/base64" - "errors" - "net/http" - "net/url" - "strings" - - "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/cfg" - "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/oidc" - "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/pls" - "golang.org/x/oauth2" -) - -type Service struct { - cfg *oidc.OpenID - http *http.Client -} - -func NewService(cfg *oidc.OpenID, http *http.Client) *Service { - return &Service{ - cfg: cfg, - http: http, - } -} - -func (svc *Service) GenerateRedirectURL(r *http.Request) (string, string) { - nonce := pls.GenerateRandomHex(32) - url := svc.cfg.Config.AuthCodeURL( - nonce, - oauth2.SetAuthURLParam("audience", svc.cfg.Config.ClientID), - oauth2.SetAuthURLParam("redirect_uri", svc.redirectURIFor(r)), - ) - return url, nonce -} - -func (svc *Service) Exchange(r *http.Request) (*oidc.Tokens, error) { - cookies := r.CookiesNamed(cfg.CSRFCookie) - if len(cookies) != 1 { - return nil, errors.New("Missing CSRF token") - } - - state := r.URL.Query().Get("state") - if state != cookies[0].Value { - return nil, errors.New("Invalid CSRF token") - } - - ctx := context.WithValue(r.Context(), oauth2.HTTPClient, svc.http) - - token, err := svc.cfg.Config.Exchange(ctx, r.URL.Query().Get("code")) - if err != nil { - return nil, err - } - - tokens := &oidc.Tokens{Token: token} - if rawIDToken, ok := token.Extra("id_token").(string); ok { - tokens.IDToken = oidc.RawToken(rawIDToken) - } - return tokens, nil -} - -func (svc *Service) JWTBody(ctx context.Context, raw oidc.RawToken) ([]byte, error) { - sections := strings.SplitN(raw.String(), ".", 3) - if len(sections) != 3 { - return nil, errors.New("Invalid JWT") - } - - return base64.RawURLEncoding.DecodeString(sections[1]) -} - -func (svc *Service) redirectURIFor(r *http.Request) string { - if len(svc.cfg.Config.RedirectURL) > 0 { - return svc.cfg.Config.RedirectURL - } - redirectURL, _ := url.Parse(r.URL.String()) - redirectURL.Path = "/session/callback" - return redirectURL.String() -} |