From 405ff48e0e93a6998a8cee2560649bb834fe0389 Mon Sep 17 00:00:00 2001 From: mo khan Date: Thu, 15 May 2025 09:52:49 -0600 Subject: refactor: remove oidc.OpenID struct --- app/app.go | 11 +++++++---- app/init.go | 6 ------ app/middleware/id_token.go | 8 ++++---- app/middleware/id_token_test.go | 3 +-- pkg/oidc/oidc.go | 15 --------------- pkg/oidc/oidc_test.go | 30 ------------------------------ 6 files changed, 12 insertions(+), 61 deletions(-) delete mode 100644 pkg/oidc/oidc.go delete mode 100644 pkg/oidc/oidc_test.go diff --git a/app/app.go b/app/app.go index 701a7f7..724ad16 100644 --- a/app/app.go +++ b/app/app.go @@ -4,6 +4,7 @@ import ( "net/http" "path/filepath" + xoidc "github.com/coreos/go-oidc/v3/oidc" "github.com/rs/zerolog" "github.com/xlgmokha/x/pkg/ioc" "github.com/xlgmokha/x/pkg/log" @@ -12,7 +13,7 @@ import ( "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/controllers/sparkles" "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/domain" "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/middleware" - "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/oidc" + "golang.org/x/oauth2" ) type Mountable interface { @@ -35,9 +36,11 @@ func New(rootDir string) http.Handler { mux.Handle("GET /", http.FileServer(dir)) logger := ioc.MustResolve[*zerolog.Logger](ioc.Default) - oidc := ioc.MustResolve[*oidc.OpenID](ioc.Default) users := ioc.MustResolve[domain.Repository[*domain.User]](ioc.Default) - - chain := middleware.IDToken(oidc, middleware.IDTokenFromSessionCookie)(middleware.User(users)(mux)) + chain := middleware.IDToken( + ioc.MustResolve[*xoidc.Provider](ioc.Default), + ioc.MustResolve[*oauth2.Config](ioc.Default), + middleware.IDTokenFromSessionCookie, + )(middleware.User(users)(mux)) return log.HTTP(logger)(chain) } diff --git a/app/init.go b/app/init.go index ad87424..0d3fb42 100644 --- a/app/init.go +++ b/app/init.go @@ -64,12 +64,6 @@ func init() { Scopes: []string{xoidc.ScopeOpenID, "profile", "email"}, } }) - ioc.RegisterSingleton[*oidc.OpenID](ioc.Default, func() *oidc.OpenID { - return oidc.New( - ioc.MustResolve[*xoidc.Provider](ioc.Default), - ioc.MustResolve[*oauth2.Config](ioc.Default), - ) - }) http.DefaultClient = ioc.MustResolve[*http.Client](ioc.Default) } diff --git a/app/middleware/id_token.go b/app/middleware/id_token.go index cc5e79b..bfc6289 100644 --- a/app/middleware/id_token.go +++ b/app/middleware/id_token.go @@ -3,22 +3,22 @@ package middleware import ( "net/http" - xoidc "github.com/coreos/go-oidc/v3/oidc" + "github.com/coreos/go-oidc/v3/oidc" "github.com/xlgmokha/x/pkg/log" "github.com/xlgmokha/x/pkg/x" xcfg "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/cfg" - "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/oidc" "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/pls" "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/web" + "golang.org/x/oauth2" ) -func IDToken(cfg *oidc.OpenID, parsers ...TokenParser) func(http.Handler) http.Handler { +func IDToken(provider *oidc.Provider, config *oauth2.Config, parsers ...TokenParser) func(http.Handler) http.Handler { return func(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { for _, parser := range parsers { rawIDToken := parser(r) if x.IsPresent(rawIDToken) { - verifier := cfg.Provider.VerifierContext(r.Context(), &xoidc.Config{ClientID: cfg.Config.ClientID}) + verifier := provider.VerifierContext(r.Context(), &oidc.Config{ClientID: config.ClientID}) idToken, err := verifier.Verify(r.Context(), rawIDToken.String()) if err != nil { diff --git a/app/middleware/id_token_test.go b/app/middleware/id_token_test.go index bdeaa49..6ee9ce1 100644 --- a/app/middleware/id_token_test.go +++ b/app/middleware/id_token_test.go @@ -26,8 +26,7 @@ func TestIDToken(t *testing.T) { Endpoint: srv.Provider.Endpoint(), Scopes: []string{xoidc.ScopeOpenID, "profile", "email"}, } - openID := oidc.New(srv.Provider, config) - middleware := IDToken(openID, IDTokenFromSessionCookie) + middleware := IDToken(srv.Provider, config, IDTokenFromSessionCookie) t.Run("when an active session cookie is provided", func(t *testing.T) { t.Run("attaches the token to the request context", func(t *testing.T) { diff --git a/pkg/oidc/oidc.go b/pkg/oidc/oidc.go deleted file mode 100644 index 5dc2447..0000000 --- a/pkg/oidc/oidc.go +++ /dev/null @@ -1,15 +0,0 @@ -package oidc - -import ( - "github.com/coreos/go-oidc/v3/oidc" - "golang.org/x/oauth2" -) - -type OpenID struct { - Provider *oidc.Provider - Config *oauth2.Config -} - -func New(provider *oidc.Provider, config *oauth2.Config) *OpenID { - return &OpenID{Provider: provider, Config: config} -} diff --git a/pkg/oidc/oidc_test.go b/pkg/oidc/oidc_test.go deleted file mode 100644 index 6ec35ab..0000000 --- a/pkg/oidc/oidc_test.go +++ /dev/null @@ -1,30 +0,0 @@ -package oidc - -import ( - "testing" - - "github.com/coreos/go-oidc/v3/oidc" - "github.com/stretchr/testify/assert" - "golang.org/x/oauth2" -) - -func TestOpenID(t *testing.T) { - srv := NewTestServer(t) - defer srv.Close() - - t.Run("GET /.well-known/openid-configuration", func(t *testing.T) { - openID := New( - srv.Provider, - &oauth2.Config{ - ClientID: srv.MockOIDC.ClientID, - ClientSecret: srv.MockOIDC.ClientSecret, - RedirectURL: "https://example.com/oauth/callback", - Endpoint: srv.Provider.Endpoint(), - Scopes: []string{oidc.ScopeOpenID, "profile", "email"}, - }, - ) - - assert.Equal(t, srv.AuthorizationEndpoint(), openID.Provider.Endpoint().AuthURL) - assert.Equal(t, srv.TokenEndpoint(), openID.Provider.Endpoint().TokenURL) - }) -} -- cgit v1.2.3