From cb4144edda6d64cd0f3defdadfdbec57de28c27e Mon Sep 17 00:00:00 2001 From: mo khan Date: Mon, 21 Apr 2025 12:17:58 -0600 Subject: refactor: rename middleware --- pkg/web/middleware/id_token.go | 56 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 pkg/web/middleware/id_token.go (limited to 'pkg/web/middleware/id_token.go') diff --git a/pkg/web/middleware/id_token.go b/pkg/web/middleware/id_token.go new file mode 100644 index 0000000..a32c77b --- /dev/null +++ b/pkg/web/middleware/id_token.go @@ -0,0 +1,56 @@ +package middleware + +import ( + "net/http" + + "github.com/xlgmokha/x/pkg/log" + "github.com/xlgmokha/x/pkg/x" + "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/key" + "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/oidc" +) + +type TokenParser func(*http.Request) oidc.RawToken + +func IDTokenFromSessionCookie(r *http.Request) oidc.RawToken { + cookies := r.CookiesNamed("session") + + if len(cookies) != 1 { + return "" + } + + tokens, err := oidc.TokensFromBase64String(cookies[0].Value) + if err != nil { + log.WithFields(r.Context(), log.Fields{"error": err}) + return "" + } + + return tokens.IDToken +} + +func IDToken(cfg *oidc.OpenID) func(http.Handler) http.Handler { + parsers := []TokenParser{IDTokenFromSessionCookie} + + return func(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + for _, parser := range parsers { + rawIDToken := parser(r) + if !x.IsZero(rawIDToken) { + verifier := cfg.Provider.VerifierContext(r.Context(), cfg.OIDCConfig) + idToken, err := verifier.Verify(r.Context(), rawIDToken.String()) + if err != nil { + log.WithFields(r.Context(), log.Fields{"error": err}) + } else { + log.WithFields(r.Context(), log.Fields{"id_token": idToken}) + next.ServeHTTP( + w, + r.WithContext(key.IDToken.With(r.Context(), idToken)), + ) + return + } + } + } + + next.ServeHTTP(w, r) + }) + } +} -- cgit v1.2.3