From 8e211ff4bac177465fb9adc0bfa3744ca4e1da47 Mon Sep 17 00:00:00 2001 From: mo khan Date: Thu, 15 May 2025 09:12:22 -0600 Subject: refactor: delete code that is now handled by envoy --- pkg/oidc/tokens.go | 37 ------------------------- pkg/oidc/tokens_test.go | 72 ------------------------------------------------- 2 files changed, 109 deletions(-) delete mode 100644 pkg/oidc/tokens.go delete mode 100644 pkg/oidc/tokens_test.go (limited to 'pkg') diff --git a/pkg/oidc/tokens.go b/pkg/oidc/tokens.go deleted file mode 100644 index 70d3a3d..0000000 --- a/pkg/oidc/tokens.go +++ /dev/null @@ -1,37 +0,0 @@ -package oidc - -import ( - "bytes" - "encoding/base64" - "encoding/json" - - "github.com/xlgmokha/x/pkg/serde" - "golang.org/x/oauth2" -) - -type Tokens struct { - *oauth2.Token - IDToken RawToken `json:"id_token"` -} - -func (t *Tokens) ToBase64String() (string, error) { - data, err := json.Marshal(t) - if err != nil { - return "", err - } - return base64.URLEncoding.EncodeToString(data), nil -} - -func TokensFromBase64String(encoded string) (*Tokens, error) { - decoded, err := base64.URLEncoding.DecodeString(encoded) - if err != nil { - return nil, err - } - - tokens, err := serde.FromJSON[*Tokens](bytes.NewBuffer(decoded)) - if err != nil { - return nil, err - } - - return tokens, nil -} diff --git a/pkg/oidc/tokens_test.go b/pkg/oidc/tokens_test.go deleted file mode 100644 index 42c470d..0000000 --- a/pkg/oidc/tokens_test.go +++ /dev/null @@ -1,72 +0,0 @@ -package oidc - -import ( - "bytes" - "encoding/json" - "testing" - - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" - "github.com/xlgmokha/x/pkg/serde" - "golang.org/x/oauth2" -) - -func TestTokens(t *testing.T) { - t.Run("serializes to JSON", func(t *testing.T) { - tokens := &Tokens{ - Token: &oauth2.Token{ - AccessToken: "access_token", - TokenType: "Bearer", - RefreshToken: "refresh_token", - ExpiresIn: 60 * 60, - }, - IDToken: "eyJ0eXAiOiJKV1QiLCJraWQiOiJ0ZDBTbWRKUTRxUGg1cU5Lek0yNjBDWHgyVWgtd2hHLU1Eam9PS1dmdDhFIiwiYWxnIjoiUlMyNTYifQ.eyJpc3MiOiJodHRwOi8vZ2RrLnRlc3Q6MzAwMCIsInN1YiI6IjEiLCJhdWQiOiJlMzFlMWRhMGI4ZjZiNmUzNWNhNzBjNzkwYjEzYzA0MDZlNDRhY2E2YjJiZjY3ZjU1ZGU3MzU1YTk3OWEyMjRmIiwiZXhwIjoxNzQ0NzM3NDI3LCJpYXQiOjE3NDQ3MzczMDcsImF1dGhfdGltZSI6MTc0NDczNDY0OSwic3ViX2xlZ2FjeSI6IjI0NzRjZjBiMjIxMTY4OGE1NzI5N2FjZTBlMjYwYTE1OTQ0NzU0ZDE2YjFiZDQyYzlkNjc3OWM5MDAzNjc4MDciLCJuYW1lIjoiQWRtaW5pc3RyYXRvciIsIm5pY2tuYW1lIjoicm9vdCIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QiLCJlbWFpbCI6ImFkbWluQGV4YW1wbGUuY29tIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsInByb2ZpbGUiOiJodHRwOi8vZ2RrLnRlc3Q6MzAwMC9yb290IiwicGljdHVyZSI6Imh0dHBzOi8vd3d3LmdyYXZhdGFyLmNvbS9hdmF0YXIvMjU4ZDhkYzkxNmRiOGNlYTJjYWZiNmMzY2QwY2IwMjQ2ZWZlMDYxNDIxZGJkODNlYzNhMzUwNDI4Y2FiZGE0Zj9zPTgwJmQ9aWRlbnRpY29uIiwiZ3JvdXBzX2RpcmVjdCI6WyJ0b29sYm94IiwiZ2l0bGFiLW9yZyIsImdudXdnZXQiLCJDb21taXQ0NTEiLCJqYXNoa2VuYXMiLCJmbGlnaHRqcyIsInR3aXR0ZXIiLCJnaXRsYWItZXhhbXBsZXMiLCJnaXRsYWItZXhhbXBsZXMvc2VjdXJpdHkiLCI0MTI3MDgiLCJnaXRsYWItZXhhbXBsZXMvZGVtby1ncm91cCIsImN1c3RvbS1yb2xlcy1yb290LWdyb3VwIiwiNDM0MDQ0LWdyb3VwLTEiLCI0MzQwNDQtZ3JvdXAtMiIsImdpdGxhYi1vcmcxIiwiZ2l0bGFiLW9yZy9zZWN1cmUiLCJnaXRsYWItb3JnL3NlY3VyZS9tYW5hZ2VycyIsImdpdGxhYi1vcmcvc2VjdXJpdHktcHJvZHVjdHMiLCJnaXRsYWItb3JnL3NlY3VyaXR5LXByb2R1Y3RzL2FuYWx5emVycyIsImN1c3RvbS1yb2xlcy1yb290LWdyb3VwL2FhIiwiY3VzdG9tLXJvbGVzLXJvb3QtZ3JvdXAvYWEvYWFhIiwibWFzc19pbnNlcnRfZ3JvdXBfXzBfMTAwIl19.SZu_l7tQ2Kkeogq0z8cRaDWPfv52JTo-RkiExbnud_lrfrXXneS77BIzaGKX_bzq4SM_oO_Q63AzK66B1r6Gp7ACo4DjOUEIWETg7ZBKcDzEZnresB7kmI_MJ5rfIJTmnH75GOfc_pl5l8T896TbaShN6zSpaXXIVEfhyUrflSWb4hhA7Hbwy2b6laXiaDv0qpcn1udPVYMTsll8I5ni_2yzuEPSVRgrcQoQ46OwVDZIi9tlfdT2qNVjH6FxJ3mkBcxtIVjf3_JYAawFEscg2uvQYwFWj9T6LleMknAh3QFJJMrS6mPqlXJGPUE5pTQgsBInfEikfm9PXxezA-IY6g", - } - - b, err := json.Marshal(tokens) - require.NoError(t, err) - - result, err := serde.FromJSON[map[string]interface{}](bytes.NewBuffer(b)) - require.NoError(t, err) - - assert.Equal(t, "access_token", result["access_token"]) - assert.Equal(t, "Bearer", result["token_type"]) - assert.Equal(t, "refresh_token", result["refresh_token"]) - assert.Equal(t, float64(60*60), result["expires_in"]) - }) - - t.Run("ToBase64String", func(t *testing.T) { - t.Run("serializes to Base64", func(t *testing.T) { - tokens := &Tokens{ - Token: &oauth2.Token{ - AccessToken: "access_token", - TokenType: "Bearer", - RefreshToken: "refresh_token", - ExpiresIn: 60 * 60, - }, - IDToken: "eyJ0eXAiOiJKV1QiLCJraWQiOiJ0ZDBTbWRKUTRxUGg1cU5Lek0yNjBDWHgyVWgtd2hHLU1Eam9PS1dmdDhFIiwiYWxnIjoiUlMyNTYifQ.eyJpc3MiOiJodHRwOi8vZ2RrLnRlc3Q6MzAwMCIsInN1YiI6IjEiLCJhdWQiOiJlMzFlMWRhMGI4ZjZiNmUzNWNhNzBjNzkwYjEzYzA0MDZlNDRhY2E2YjJiZjY3ZjU1ZGU3MzU1YTk3OWEyMjRmIiwiZXhwIjoxNzQ0NzM3NDI3LCJpYXQiOjE3NDQ3MzczMDcsImF1dGhfdGltZSI6MTc0NDczNDY0OSwic3ViX2xlZ2FjeSI6IjI0NzRjZjBiMjIxMTY4OGE1NzI5N2FjZTBlMjYwYTE1OTQ0NzU0ZDE2YjFiZDQyYzlkNjc3OWM5MDAzNjc4MDciLCJuYW1lIjoiQWRtaW5pc3RyYXRvciIsIm5pY2tuYW1lIjoicm9vdCIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QiLCJlbWFpbCI6ImFkbWluQGV4YW1wbGUuY29tIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsInByb2ZpbGUiOiJodHRwOi8vZ2RrLnRlc3Q6MzAwMC9yb290IiwicGljdHVyZSI6Imh0dHBzOi8vd3d3LmdyYXZhdGFyLmNvbS9hdmF0YXIvMjU4ZDhkYzkxNmRiOGNlYTJjYWZiNmMzY2QwY2IwMjQ2ZWZlMDYxNDIxZGJkODNlYzNhMzUwNDI4Y2FiZGE0Zj9zPTgwJmQ9aWRlbnRpY29uIiwiZ3JvdXBzX2RpcmVjdCI6WyJ0b29sYm94IiwiZ2l0bGFiLW9yZyIsImdudXdnZXQiLCJDb21taXQ0NTEiLCJqYXNoa2VuYXMiLCJmbGlnaHRqcyIsInR3aXR0ZXIiLCJnaXRsYWItZXhhbXBsZXMiLCJnaXRsYWItZXhhbXBsZXMvc2VjdXJpdHkiLCI0MTI3MDgiLCJnaXRsYWItZXhhbXBsZXMvZGVtby1ncm91cCIsImN1c3RvbS1yb2xlcy1yb290LWdyb3VwIiwiNDM0MDQ0LWdyb3VwLTEiLCI0MzQwNDQtZ3JvdXAtMiIsImdpdGxhYi1vcmcxIiwiZ2l0bGFiLW9yZy9zZWN1cmUiLCJnaXRsYWItb3JnL3NlY3VyZS9tYW5hZ2VycyIsImdpdGxhYi1vcmcvc2VjdXJpdHktcHJvZHVjdHMiLCJnaXRsYWItb3JnL3NlY3VyaXR5LXByb2R1Y3RzL2FuYWx5emVycyIsImN1c3RvbS1yb2xlcy1yb290LWdyb3VwL2FhIiwiY3VzdG9tLXJvbGVzLXJvb3QtZ3JvdXAvYWEvYWFhIiwibWFzc19pbnNlcnRfZ3JvdXBfXzBfMTAwIl19.SZu_l7tQ2Kkeogq0z8cRaDWPfv52JTo-RkiExbnud_lrfrXXneS77BIzaGKX_bzq4SM_oO_Q63AzK66B1r6Gp7ACo4DjOUEIWETg7ZBKcDzEZnresB7kmI_MJ5rfIJTmnH75GOfc_pl5l8T896TbaShN6zSpaXXIVEfhyUrflSWb4hhA7Hbwy2b6laXiaDv0qpcn1udPVYMTsll8I5ni_2yzuEPSVRgrcQoQ46OwVDZIi9tlfdT2qNVjH6FxJ3mkBcxtIVjf3_JYAawFEscg2uvQYwFWj9T6LleMknAh3QFJJMrS6mPqlXJGPUE5pTQgsBInfEikfm9PXxezA-IY6g", - } - - result, err := tokens.ToBase64String() - require.NoError(t, err) - - assert.Equal(t, "eyJhY2Nlc3NfdG9rZW4iOiJhY2Nlc3NfdG9rZW4iLCJ0b2tlbl90eXBlIjoiQmVhcmVyIiwicmVmcmVzaF90b2tlbiI6InJlZnJlc2hfdG9rZW4iLCJleHBpcnkiOiIwMDAxLTAxLTAxVDAwOjAwOjAwWiIsImV4cGlyZXNfaW4iOjM2MDAsImlkX3Rva2VuIjoiZXlKMGVYQWlPaUpLVjFRaUxDSnJhV1FpT2lKMFpEQlRiV1JLVVRSeFVHZzFjVTVMZWsweU5qQkRXSGd5VldndGQyaEhMVTFFYW05UFMxZG1kRGhGSWl3aVlXeG5Jam9pVWxNeU5UWWlmUS5leUpwYzNNaU9pSm9kSFJ3T2k4dloyUnJMblJsYzNRNk16QXdNQ0lzSW5OMVlpSTZJakVpTENKaGRXUWlPaUpsTXpGbE1XUmhNR0k0WmpaaU5tVXpOV05oTnpCak56a3dZakV6WXpBME1EWmxORFJoWTJFMllqSmlaalkzWmpVMVpHVTNNelUxWVRrM09XRXlNalJtSWl3aVpYaHdJam94TnpRME56TTNOREkzTENKcFlYUWlPakUzTkRRM016Y3pNRGNzSW1GMWRHaGZkR2x0WlNJNk1UYzBORGN6TkRZME9Td2ljM1ZpWDJ4bFoyRmplU0k2SWpJME56UmpaakJpTWpJeE1UWTRPR0UxTnpJNU4yRmpaVEJsTWpZd1lURTFPVFEwTnpVMFpERTJZakZpWkRReVl6bGtOamMzT1dNNU1EQXpOamM0TURjaUxDSnVZVzFsSWpvaVFXUnRhVzVwYzNSeVlYUnZjaUlzSW01cFkydHVZVzFsSWpvaWNtOXZkQ0lzSW5CeVpXWmxjbkpsWkY5MWMyVnlibUZ0WlNJNkluSnZiM1FpTENKbGJXRnBiQ0k2SW1Ga2JXbHVRR1Y0WVcxd2JHVXVZMjl0SWl3aVpXMWhhV3hmZG1WeWFXWnBaV1FpT25SeWRXVXNJbkJ5YjJacGJHVWlPaUpvZEhSd09pOHZaMlJyTG5SbGMzUTZNekF3TUM5eWIyOTBJaXdpY0dsamRIVnlaU0k2SW1oMGRIQnpPaTh2ZDNkM0xtZHlZWFpoZEdGeUxtTnZiUzloZG1GMFlYSXZNalU0WkRoa1l6a3hObVJpT0dObFlUSmpZV1ppTm1NelkyUXdZMkl3TWpRMlpXWmxNRFl4TkRJeFpHSmtPRE5sWXpOaE16VXdOREk0WTJGaVpHRTBaajl6UFRnd0ptUTlhV1JsYm5ScFkyOXVJaXdpWjNKdmRYQnpYMlJwY21WamRDSTZXeUowYjI5c1ltOTRJaXdpWjJsMGJHRmlMVzl5WnlJc0ltZHVkWGRuWlhRaUxDSkRiMjF0YVhRME5URWlMQ0pxWVhOb2EyVnVZWE1pTENKbWJHbG5hSFJxY3lJc0luUjNhWFIwWlhJaUxDSm5hWFJzWVdJdFpYaGhiWEJzWlhNaUxDSm5hWFJzWVdJdFpYaGhiWEJzWlhNdmMyVmpkWEpwZEhraUxDSTBNVEkzTURnaUxDSm5hWFJzWVdJdFpYaGhiWEJzWlhNdlpHVnRieTFuY205MWNDSXNJbU4xYzNSdmJTMXliMnhsY3kxeWIyOTBMV2R5YjNWd0lpd2lORE0wTURRMExXZHliM1Z3TFRFaUxDSTBNelF3TkRRdFozSnZkWEF0TWlJc0ltZHBkR3hoWWkxdmNtY3hJaXdpWjJsMGJHRmlMVzl5Wnk5elpXTjFjbVVpTENKbmFYUnNZV0l0YjNKbkwzTmxZM1Z5WlM5dFlXNWhaMlZ5Y3lJc0ltZHBkR3hoWWkxdmNtY3ZjMlZqZFhKcGRIa3RjSEp2WkhWamRITWlMQ0puYVhSc1lXSXRiM0puTDNObFkzVnlhWFI1TFhCeWIyUjFZM1J6TDJGdVlXeDVlbVZ5Y3lJc0ltTjFjM1J2YlMxeWIyeGxjeTF5YjI5MExXZHliM1Z3TDJGaElpd2lZM1Z6ZEc5dExYSnZiR1Z6TFhKdmIzUXRaM0p2ZFhBdllXRXZZV0ZoSWl3aWJXRnpjMTlwYm5ObGNuUmZaM0p2ZFhCZlh6QmZNVEF3SWwxOS5TWnVfbDd0UTJLa2VvZ3EwejhjUmFEV1BmdjUySlRvLVJraUV4Ym51ZF9scmZyWFhuZVM3N0JJemFHS1hfYnpxNFNNX29PX1E2M0F6SzY2QjFyNkdwN0FDbzREak9VRUlXRVRnN1pCS2NEekVabnJlc0I3a21JX01KNXJmSUpUbW5INzVHT2ZjX3BsNWw4VDg5NlRiYVNoTjZ6U3BhWFhJVkVmaHlVcmZsU1diNGhoQTdIYnd5MmI2bGFYaWFEdjBxcGNuMXVkUFZZTVRzbGw4STVuaV8yeXp1RVBTVlJncmNRb1E0Nk93VkRaSWk5dGxmZFQycU5Wakg2RnhKM21rQmN4dElWamYzX0pZQWF3RkVzY2cydXZRWXdGV2o5VDZMbGVNa25BaDNRRkpKTXJTNm1QcWxYSkdQVUU1cFRRZ3NCSW5mRWlrZm05UFh4ZXpBLUlZNmcifQ==", result) - }) - }) - - t.Run("TokensFromBase64String", func(t *testing.T) { - t.Run("deserializes from Base64", func(t *testing.T) { - s := "eyJhY2Nlc3NfdG9rZW4iOiJhY2Nlc3NfdG9rZW4iLCJ0b2tlbl90eXBlIjoiQmVhcmVyIiwicmVmcmVzaF90b2tlbiI6InJlZnJlc2hfdG9rZW4iLCJleHBpcnkiOiIwMDAxLTAxLTAxVDAwOjAwOjAwWiIsImV4cGlyZXNfaW4iOjM2MDAsImlkX3Rva2VuIjoiZXlKMGVYQWlPaUpLVjFRaUxDSnJhV1FpT2lKMFpEQlRiV1JLVVRSeFVHZzFjVTVMZWsweU5qQkRXSGd5VldndGQyaEhMVTFFYW05UFMxZG1kRGhGSWl3aVlXeG5Jam9pVWxNeU5UWWlmUS5leUpwYzNNaU9pSm9kSFJ3T2k4dloyUnJMblJsYzNRNk16QXdNQ0lzSW5OMVlpSTZJakVpTENKaGRXUWlPaUpsTXpGbE1XUmhNR0k0WmpaaU5tVXpOV05oTnpCak56a3dZakV6WXpBME1EWmxORFJoWTJFMllqSmlaalkzWmpVMVpHVTNNelUxWVRrM09XRXlNalJtSWl3aVpYaHdJam94TnpRME56TTNOREkzTENKcFlYUWlPakUzTkRRM016Y3pNRGNzSW1GMWRHaGZkR2x0WlNJNk1UYzBORGN6TkRZME9Td2ljM1ZpWDJ4bFoyRmplU0k2SWpJME56UmpaakJpTWpJeE1UWTRPR0UxTnpJNU4yRmpaVEJsTWpZd1lURTFPVFEwTnpVMFpERTJZakZpWkRReVl6bGtOamMzT1dNNU1EQXpOamM0TURjaUxDSnVZVzFsSWpvaVFXUnRhVzVwYzNSeVlYUnZjaUlzSW01cFkydHVZVzFsSWpvaWNtOXZkQ0lzSW5CeVpXWmxjbkpsWkY5MWMyVnlibUZ0WlNJNkluSnZiM1FpTENKbGJXRnBiQ0k2SW1Ga2JXbHVRR1Y0WVcxd2JHVXVZMjl0SWl3aVpXMWhhV3hmZG1WeWFXWnBaV1FpT25SeWRXVXNJbkJ5YjJacGJHVWlPaUpvZEhSd09pOHZaMlJyTG5SbGMzUTZNekF3TUM5eWIyOTBJaXdpY0dsamRIVnlaU0k2SW1oMGRIQnpPaTh2ZDNkM0xtZHlZWFpoZEdGeUxtTnZiUzloZG1GMFlYSXZNalU0WkRoa1l6a3hObVJpT0dObFlUSmpZV1ppTm1NelkyUXdZMkl3TWpRMlpXWmxNRFl4TkRJeFpHSmtPRE5sWXpOaE16VXdOREk0WTJGaVpHRTBaajl6UFRnd0ptUTlhV1JsYm5ScFkyOXVJaXdpWjNKdmRYQnpYMlJwY21WamRDSTZXeUowYjI5c1ltOTRJaXdpWjJsMGJHRmlMVzl5WnlJc0ltZHVkWGRuWlhRaUxDSkRiMjF0YVhRME5URWlMQ0pxWVhOb2EyVnVZWE1pTENKbWJHbG5hSFJxY3lJc0luUjNhWFIwWlhJaUxDSm5hWFJzWVdJdFpYaGhiWEJzWlhNaUxDSm5hWFJzWVdJdFpYaGhiWEJzWlhNdmMyVmpkWEpwZEhraUxDSTBNVEkzTURnaUxDSm5hWFJzWVdJdFpYaGhiWEJzWlhNdlpHVnRieTFuY205MWNDSXNJbU4xYzNSdmJTMXliMnhsY3kxeWIyOTBMV2R5YjNWd0lpd2lORE0wTURRMExXZHliM1Z3TFRFaUxDSTBNelF3TkRRdFozSnZkWEF0TWlJc0ltZHBkR3hoWWkxdmNtY3hJaXdpWjJsMGJHRmlMVzl5Wnk5elpXTjFjbVVpTENKbmFYUnNZV0l0YjNKbkwzTmxZM1Z5WlM5dFlXNWhaMlZ5Y3lJc0ltZHBkR3hoWWkxdmNtY3ZjMlZqZFhKcGRIa3RjSEp2WkhWamRITWlMQ0puYVhSc1lXSXRiM0puTDNObFkzVnlhWFI1TFhCeWIyUjFZM1J6TDJGdVlXeDVlbVZ5Y3lJc0ltTjFjM1J2YlMxeWIyeGxjeTF5YjI5MExXZHliM1Z3TDJGaElpd2lZM1Z6ZEc5dExYSnZiR1Z6TFhKdmIzUXRaM0p2ZFhBdllXRXZZV0ZoSWl3aWJXRnpjMTlwYm5ObGNuUmZaM0p2ZFhCZlh6QmZNVEF3SWwxOS5TWnVfbDd0UTJLa2VvZ3EwejhjUmFEV1BmdjUySlRvLVJraUV4Ym51ZF9scmZyWFhuZVM3N0JJemFHS1hfYnpxNFNNX29PX1E2M0F6SzY2QjFyNkdwN0FDbzREak9VRUlXRVRnN1pCS2NEekVabnJlc0I3a21JX01KNXJmSUpUbW5INzVHT2ZjX3BsNWw4VDg5NlRiYVNoTjZ6U3BhWFhJVkVmaHlVcmZsU1diNGhoQTdIYnd5MmI2bGFYaWFEdjBxcGNuMXVkUFZZTVRzbGw4STVuaV8yeXp1RVBTVlJncmNRb1E0Nk93VkRaSWk5dGxmZFQycU5Wakg2RnhKM21rQmN4dElWamYzX0pZQWF3RkVzY2cydXZRWXdGV2o5VDZMbGVNa25BaDNRRkpKTXJTNm1QcWxYSkdQVUU1cFRRZ3NCSW5mRWlrZm05UFh4ZXpBLUlZNmcifQ==" - - result, err := TokensFromBase64String(s) - require.NoError(t, err) - - require.NotNil(t, result) - assert.Equal(t, "access_token", result.AccessToken) - assert.Equal(t, "Bearer", result.TokenType) - assert.Equal(t, "refresh_token", result.RefreshToken) - assert.Equal(t, int64(3600), result.ExpiresIn) - assert.Equal(t, RawToken("eyJ0eXAiOiJKV1QiLCJraWQiOiJ0ZDBTbWRKUTRxUGg1cU5Lek0yNjBDWHgyVWgtd2hHLU1Eam9PS1dmdDhFIiwiYWxnIjoiUlMyNTYifQ.eyJpc3MiOiJodHRwOi8vZ2RrLnRlc3Q6MzAwMCIsInN1YiI6IjEiLCJhdWQiOiJlMzFlMWRhMGI4ZjZiNmUzNWNhNzBjNzkwYjEzYzA0MDZlNDRhY2E2YjJiZjY3ZjU1ZGU3MzU1YTk3OWEyMjRmIiwiZXhwIjoxNzQ0NzM3NDI3LCJpYXQiOjE3NDQ3MzczMDcsImF1dGhfdGltZSI6MTc0NDczNDY0OSwic3ViX2xlZ2FjeSI6IjI0NzRjZjBiMjIxMTY4OGE1NzI5N2FjZTBlMjYwYTE1OTQ0NzU0ZDE2YjFiZDQyYzlkNjc3OWM5MDAzNjc4MDciLCJuYW1lIjoiQWRtaW5pc3RyYXRvciIsIm5pY2tuYW1lIjoicm9vdCIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QiLCJlbWFpbCI6ImFkbWluQGV4YW1wbGUuY29tIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsInByb2ZpbGUiOiJodHRwOi8vZ2RrLnRlc3Q6MzAwMC9yb290IiwicGljdHVyZSI6Imh0dHBzOi8vd3d3LmdyYXZhdGFyLmNvbS9hdmF0YXIvMjU4ZDhkYzkxNmRiOGNlYTJjYWZiNmMzY2QwY2IwMjQ2ZWZlMDYxNDIxZGJkODNlYzNhMzUwNDI4Y2FiZGE0Zj9zPTgwJmQ9aWRlbnRpY29uIiwiZ3JvdXBzX2RpcmVjdCI6WyJ0b29sYm94IiwiZ2l0bGFiLW9yZyIsImdudXdnZXQiLCJDb21taXQ0NTEiLCJqYXNoa2VuYXMiLCJmbGlnaHRqcyIsInR3aXR0ZXIiLCJnaXRsYWItZXhhbXBsZXMiLCJnaXRsYWItZXhhbXBsZXMvc2VjdXJpdHkiLCI0MTI3MDgiLCJnaXRsYWItZXhhbXBsZXMvZGVtby1ncm91cCIsImN1c3RvbS1yb2xlcy1yb290LWdyb3VwIiwiNDM0MDQ0LWdyb3VwLTEiLCI0MzQwNDQtZ3JvdXAtMiIsImdpdGxhYi1vcmcxIiwiZ2l0bGFiLW9yZy9zZWN1cmUiLCJnaXRsYWItb3JnL3NlY3VyZS9tYW5hZ2VycyIsImdpdGxhYi1vcmcvc2VjdXJpdHktcHJvZHVjdHMiLCJnaXRsYWItb3JnL3NlY3VyaXR5LXByb2R1Y3RzL2FuYWx5emVycyIsImN1c3RvbS1yb2xlcy1yb290LWdyb3VwL2FhIiwiY3VzdG9tLXJvbGVzLXJvb3QtZ3JvdXAvYWEvYWFhIiwibWFzc19pbnNlcnRfZ3JvdXBfXzBfMTAwIl19.SZu_l7tQ2Kkeogq0z8cRaDWPfv52JTo-RkiExbnud_lrfrXXneS77BIzaGKX_bzq4SM_oO_Q63AzK66B1r6Gp7ACo4DjOUEIWETg7ZBKcDzEZnresB7kmI_MJ5rfIJTmnH75GOfc_pl5l8T896TbaShN6zSpaXXIVEfhyUrflSWb4hhA7Hbwy2b6laXiaDv0qpcn1udPVYMTsll8I5ni_2yzuEPSVRgrcQoQ46OwVDZIi9tlfdT2qNVjH6FxJ3mkBcxtIVjf3_JYAawFEscg2uvQYwFWj9T6LleMknAh3QFJJMrS6mPqlXJGPUE5pTQgsBInfEikfm9PXxezA-IY6g"), result.IDToken) - }) - }) -} -- cgit v1.2.3 From 930e8adfc85331d9f16a903a34c8b0cfb9c1d11a Mon Sep 17 00:00:00 2001 From: mo khan Date: Thu, 15 May 2025 09:21:57 -0600 Subject: refactor: inline usage of config variable --- pkg/oidc/id_token.go | 48 ------------------------------------------------ pkg/oidc/oidc.go | 10 +++------- 2 files changed, 3 insertions(+), 55 deletions(-) (limited to 'pkg') diff --git a/pkg/oidc/id_token.go b/pkg/oidc/id_token.go index ce3fb23..b7f21ce 100644 --- a/pkg/oidc/id_token.go +++ b/pkg/oidc/id_token.go @@ -2,52 +2,4 @@ package oidc import "github.com/coreos/go-oidc/v3/oidc" -/* -Example ID Token from GitLab OIDC Provider: - -```json - - { - "iss": "http://gdk.test:3000", - "sub": "1", - "aud": "e31e1da0b8f6b6e35ca70c790b13c0406e44aca6b2bf67f55de7355a979a224f", - "exp": 1745427493, - "iat": 1745427373, - "auth_time": 1745418001, - "sub_legacy": "2474cf0b2211688a57297ace0e260a15944754d16b1bd42c9d6779c900367807", - "name": "Administrator", - "nickname": "root", - "preferred_username": "root", - "email": "admin@example.com", - "email_verified": true, - "profile": "http://gdk.test:3000/root", - "picture": "https://www.gravatar.com/avatar/258d8dc916db8cea2cafb6c3cd0cb0246efe061421dbd83ec3a350428cabda4f?s=80&d=identicon", - "groups_direct": [ - "gitlab-org", - "toolbox", - "mass_insert_group__0_100", - "custom-roles-root-group/aa", - "custom-roles-root-group/aa/aaa", - "gnuwget", - "Commit451", - "jashkenas", - "flightjs", - "twitter", - "gitlab-examples", - "gitlab-examples/security", - "412708", - "gitlab-examples/demo-group", - "custom-roles-root-group", - "434044-group-1", - "434044-group-2", - "gitlab-org1", - "gitlab-org/secure", - "gitlab-org/secure/managers", - "gitlab-org/security-products", - "gitlab-org/security-products/analyzers" - ] - } - -``` -*/ type IDToken = oidc.IDToken diff --git a/pkg/oidc/oidc.go b/pkg/oidc/oidc.go index 4704f63..6a67d19 100644 --- a/pkg/oidc/oidc.go +++ b/pkg/oidc/oidc.go @@ -8,9 +8,8 @@ import ( ) type OpenID struct { - Provider *oidc.Provider - Config *oauth2.Config - OIDCConfig *oidc.Config + Provider *oidc.Provider + Config *oauth2.Config } func New(provider *oidc.Provider, clientID, clientSecret, callbackURL string) *OpenID { @@ -23,14 +22,11 @@ func New(provider *oidc.Provider, clientID, clientSecret, callbackURL string) *O Endpoint: provider.Endpoint(), Scopes: []string{oidc.ScopeOpenID, "profile", "email"}, }, - OIDCConfig: &oidc.Config{ - ClientID: clientID, - }, } } func (o *OpenID) ValidateIDToken(ctx context.Context, rawIDToken RawToken) (*IDToken, error) { - verifier := o.Provider.VerifierContext(ctx, o.OIDCConfig) + verifier := o.Provider.VerifierContext(ctx, &oidc.Config{ClientID: o.Config.ClientID}) idToken, err := verifier.Verify(ctx, rawIDToken.String()) return idToken, err } -- cgit v1.2.3 From 7605ca4106ff230cc326a6bbf059bd1dd6f5fa8d Mon Sep 17 00:00:00 2001 From: mo khan Date: Thu, 15 May 2025 09:26:52 -0600 Subject: refactor: inline usage of validate id token --- app/middleware/id_token.go | 4 +++- pkg/oidc/oidc.go | 8 -------- 2 files changed, 3 insertions(+), 9 deletions(-) (limited to 'pkg') diff --git a/app/middleware/id_token.go b/app/middleware/id_token.go index dbaf691..cc5e79b 100644 --- a/app/middleware/id_token.go +++ b/app/middleware/id_token.go @@ -3,6 +3,7 @@ package middleware import ( "net/http" + xoidc "github.com/coreos/go-oidc/v3/oidc" "github.com/xlgmokha/x/pkg/log" "github.com/xlgmokha/x/pkg/x" xcfg "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/cfg" @@ -17,7 +18,8 @@ func IDToken(cfg *oidc.OpenID, parsers ...TokenParser) func(http.Handler) http.H for _, parser := range parsers { rawIDToken := parser(r) if x.IsPresent(rawIDToken) { - idToken, err := cfg.ValidateIDToken(r.Context(), rawIDToken) + verifier := cfg.Provider.VerifierContext(r.Context(), &xoidc.Config{ClientID: cfg.Config.ClientID}) + idToken, err := verifier.Verify(r.Context(), rawIDToken.String()) if err != nil { pls.LogError(r.Context(), err) diff --git a/pkg/oidc/oidc.go b/pkg/oidc/oidc.go index 6a67d19..fc0eaee 100644 --- a/pkg/oidc/oidc.go +++ b/pkg/oidc/oidc.go @@ -1,8 +1,6 @@ package oidc import ( - "context" - "github.com/coreos/go-oidc/v3/oidc" "golang.org/x/oauth2" ) @@ -24,9 +22,3 @@ func New(provider *oidc.Provider, clientID, clientSecret, callbackURL string) *O }, } } - -func (o *OpenID) ValidateIDToken(ctx context.Context, rawIDToken RawToken) (*IDToken, error) { - verifier := o.Provider.VerifierContext(ctx, &oidc.Config{ClientID: o.Config.ClientID}) - idToken, err := verifier.Verify(ctx, rawIDToken.String()) - return idToken, err -} -- cgit v1.2.3 From a0891d0871e3db4d6b03899c58b811374bb016de Mon Sep 17 00:00:00 2001 From: mo khan Date: Thu, 15 May 2025 09:40:06 -0600 Subject: refactor: provide oauth config to oidc.New --- app/init.go | 4 +--- app/middleware/id_token_test.go | 11 ++++++++++- pkg/oidc/oidc.go | 13 ++----------- pkg/oidc/oidc_test.go | 12 +++++++++--- 4 files changed, 22 insertions(+), 18 deletions(-) (limited to 'pkg') diff --git a/app/init.go b/app/init.go index 809bfd4..ad87424 100644 --- a/app/init.go +++ b/app/init.go @@ -67,9 +67,7 @@ func init() { ioc.RegisterSingleton[*oidc.OpenID](ioc.Default, func() *oidc.OpenID { return oidc.New( ioc.MustResolve[*xoidc.Provider](ioc.Default), - cfg.OAuthClientID, - cfg.OAuthClientSecret, - cfg.OAuthRedirectURL, + ioc.MustResolve[*oauth2.Config](ioc.Default), ) }) diff --git a/app/middleware/id_token_test.go b/app/middleware/id_token_test.go index b363d2c..bdeaa49 100644 --- a/app/middleware/id_token_test.go +++ b/app/middleware/id_token_test.go @@ -4,6 +4,7 @@ import ( "net/http" "testing" + xoidc "github.com/coreos/go-oidc/v3/oidc" "github.com/oauth2-proxy/mockoidc" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" @@ -11,13 +12,21 @@ import ( xcfg "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/cfg" "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/oidc" "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/web" + "golang.org/x/oauth2" ) func TestIDToken(t *testing.T) { srv := oidc.NewTestServer(t) defer srv.Close() - openID := oidc.New(srv.Provider, srv.MockOIDC.ClientID, srv.MockOIDC.ClientSecret, "https://example.com/oauth/callback") + config := &oauth2.Config{ + ClientID: srv.MockOIDC.ClientID, + ClientSecret: srv.MockOIDC.ClientSecret, + RedirectURL: "https://example.com/oauth/callback", + Endpoint: srv.Provider.Endpoint(), + Scopes: []string{xoidc.ScopeOpenID, "profile", "email"}, + } + openID := oidc.New(srv.Provider, config) middleware := IDToken(openID, IDTokenFromSessionCookie) t.Run("when an active session cookie is provided", func(t *testing.T) { diff --git a/pkg/oidc/oidc.go b/pkg/oidc/oidc.go index fc0eaee..5dc2447 100644 --- a/pkg/oidc/oidc.go +++ b/pkg/oidc/oidc.go @@ -10,15 +10,6 @@ type OpenID struct { Config *oauth2.Config } -func New(provider *oidc.Provider, clientID, clientSecret, callbackURL string) *OpenID { - return &OpenID{ - Provider: provider, - Config: &oauth2.Config{ - ClientID: clientID, - ClientSecret: clientSecret, - RedirectURL: callbackURL, - Endpoint: provider.Endpoint(), - Scopes: []string{oidc.ScopeOpenID, "profile", "email"}, - }, - } +func New(provider *oidc.Provider, config *oauth2.Config) *OpenID { + return &OpenID{Provider: provider, Config: config} } diff --git a/pkg/oidc/oidc_test.go b/pkg/oidc/oidc_test.go index a3dc7e4..6ec35ab 100644 --- a/pkg/oidc/oidc_test.go +++ b/pkg/oidc/oidc_test.go @@ -3,7 +3,9 @@ package oidc import ( "testing" + "github.com/coreos/go-oidc/v3/oidc" "github.com/stretchr/testify/assert" + "golang.org/x/oauth2" ) func TestOpenID(t *testing.T) { @@ -13,9 +15,13 @@ func TestOpenID(t *testing.T) { t.Run("GET /.well-known/openid-configuration", func(t *testing.T) { openID := New( srv.Provider, - srv.MockOIDC.ClientID, - srv.MockOIDC.ClientSecret, - "https://example.com/oauth/callback", + &oauth2.Config{ + ClientID: srv.MockOIDC.ClientID, + ClientSecret: srv.MockOIDC.ClientSecret, + RedirectURL: "https://example.com/oauth/callback", + Endpoint: srv.Provider.Endpoint(), + Scopes: []string{oidc.ScopeOpenID, "profile", "email"}, + }, ) assert.Equal(t, srv.AuthorizationEndpoint(), openID.Provider.Endpoint().AuthURL) -- cgit v1.2.3 From 405ff48e0e93a6998a8cee2560649bb834fe0389 Mon Sep 17 00:00:00 2001 From: mo khan Date: Thu, 15 May 2025 09:52:49 -0600 Subject: refactor: remove oidc.OpenID struct --- app/app.go | 11 +++++++---- app/init.go | 6 ------ app/middleware/id_token.go | 8 ++++---- app/middleware/id_token_test.go | 3 +-- pkg/oidc/oidc.go | 15 --------------- pkg/oidc/oidc_test.go | 30 ------------------------------ 6 files changed, 12 insertions(+), 61 deletions(-) delete mode 100644 pkg/oidc/oidc.go delete mode 100644 pkg/oidc/oidc_test.go (limited to 'pkg') diff --git a/app/app.go b/app/app.go index 701a7f7..724ad16 100644 --- a/app/app.go +++ b/app/app.go @@ -4,6 +4,7 @@ import ( "net/http" "path/filepath" + xoidc "github.com/coreos/go-oidc/v3/oidc" "github.com/rs/zerolog" "github.com/xlgmokha/x/pkg/ioc" "github.com/xlgmokha/x/pkg/log" @@ -12,7 +13,7 @@ import ( "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/controllers/sparkles" "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/domain" "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/middleware" - "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/oidc" + "golang.org/x/oauth2" ) type Mountable interface { @@ -35,9 +36,11 @@ func New(rootDir string) http.Handler { mux.Handle("GET /", http.FileServer(dir)) logger := ioc.MustResolve[*zerolog.Logger](ioc.Default) - oidc := ioc.MustResolve[*oidc.OpenID](ioc.Default) users := ioc.MustResolve[domain.Repository[*domain.User]](ioc.Default) - - chain := middleware.IDToken(oidc, middleware.IDTokenFromSessionCookie)(middleware.User(users)(mux)) + chain := middleware.IDToken( + ioc.MustResolve[*xoidc.Provider](ioc.Default), + ioc.MustResolve[*oauth2.Config](ioc.Default), + middleware.IDTokenFromSessionCookie, + )(middleware.User(users)(mux)) return log.HTTP(logger)(chain) } diff --git a/app/init.go b/app/init.go index ad87424..0d3fb42 100644 --- a/app/init.go +++ b/app/init.go @@ -64,12 +64,6 @@ func init() { Scopes: []string{xoidc.ScopeOpenID, "profile", "email"}, } }) - ioc.RegisterSingleton[*oidc.OpenID](ioc.Default, func() *oidc.OpenID { - return oidc.New( - ioc.MustResolve[*xoidc.Provider](ioc.Default), - ioc.MustResolve[*oauth2.Config](ioc.Default), - ) - }) http.DefaultClient = ioc.MustResolve[*http.Client](ioc.Default) } diff --git a/app/middleware/id_token.go b/app/middleware/id_token.go index cc5e79b..bfc6289 100644 --- a/app/middleware/id_token.go +++ b/app/middleware/id_token.go @@ -3,22 +3,22 @@ package middleware import ( "net/http" - xoidc "github.com/coreos/go-oidc/v3/oidc" + "github.com/coreos/go-oidc/v3/oidc" "github.com/xlgmokha/x/pkg/log" "github.com/xlgmokha/x/pkg/x" xcfg "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/cfg" - "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/oidc" "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/pls" "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/web" + "golang.org/x/oauth2" ) -func IDToken(cfg *oidc.OpenID, parsers ...TokenParser) func(http.Handler) http.Handler { +func IDToken(provider *oidc.Provider, config *oauth2.Config, parsers ...TokenParser) func(http.Handler) http.Handler { return func(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { for _, parser := range parsers { rawIDToken := parser(r) if x.IsPresent(rawIDToken) { - verifier := cfg.Provider.VerifierContext(r.Context(), &xoidc.Config{ClientID: cfg.Config.ClientID}) + verifier := provider.VerifierContext(r.Context(), &oidc.Config{ClientID: config.ClientID}) idToken, err := verifier.Verify(r.Context(), rawIDToken.String()) if err != nil { diff --git a/app/middleware/id_token_test.go b/app/middleware/id_token_test.go index bdeaa49..6ee9ce1 100644 --- a/app/middleware/id_token_test.go +++ b/app/middleware/id_token_test.go @@ -26,8 +26,7 @@ func TestIDToken(t *testing.T) { Endpoint: srv.Provider.Endpoint(), Scopes: []string{xoidc.ScopeOpenID, "profile", "email"}, } - openID := oidc.New(srv.Provider, config) - middleware := IDToken(openID, IDTokenFromSessionCookie) + middleware := IDToken(srv.Provider, config, IDTokenFromSessionCookie) t.Run("when an active session cookie is provided", func(t *testing.T) { t.Run("attaches the token to the request context", func(t *testing.T) { diff --git a/pkg/oidc/oidc.go b/pkg/oidc/oidc.go deleted file mode 100644 index 5dc2447..0000000 --- a/pkg/oidc/oidc.go +++ /dev/null @@ -1,15 +0,0 @@ -package oidc - -import ( - "github.com/coreos/go-oidc/v3/oidc" - "golang.org/x/oauth2" -) - -type OpenID struct { - Provider *oidc.Provider - Config *oauth2.Config -} - -func New(provider *oidc.Provider, config *oauth2.Config) *OpenID { - return &OpenID{Provider: provider, Config: config} -} diff --git a/pkg/oidc/oidc_test.go b/pkg/oidc/oidc_test.go deleted file mode 100644 index 6ec35ab..0000000 --- a/pkg/oidc/oidc_test.go +++ /dev/null @@ -1,30 +0,0 @@ -package oidc - -import ( - "testing" - - "github.com/coreos/go-oidc/v3/oidc" - "github.com/stretchr/testify/assert" - "golang.org/x/oauth2" -) - -func TestOpenID(t *testing.T) { - srv := NewTestServer(t) - defer srv.Close() - - t.Run("GET /.well-known/openid-configuration", func(t *testing.T) { - openID := New( - srv.Provider, - &oauth2.Config{ - ClientID: srv.MockOIDC.ClientID, - ClientSecret: srv.MockOIDC.ClientSecret, - RedirectURL: "https://example.com/oauth/callback", - Endpoint: srv.Provider.Endpoint(), - Scopes: []string{oidc.ScopeOpenID, "profile", "email"}, - }, - ) - - assert.Equal(t, srv.AuthorizationEndpoint(), openID.Provider.Endpoint().AuthURL) - assert.Equal(t, srv.TokenEndpoint(), openID.Provider.Endpoint().TokenURL) - }) -} -- cgit v1.2.3 From c70cbe07c002bc307b86ea0ae05f62418a651683 Mon Sep 17 00:00:00 2001 From: mo khan Date: Thu, 15 May 2025 09:56:50 -0600 Subject: refactor: remove more types from oidc package --- app/cfg/cfg.go | 2 +- app/middleware/init.go | 13 +++++++++++-- app/middleware/user.go | 2 +- app/middleware/user_test.go | 2 +- pkg/oidc/custom_claims.go | 10 ---------- pkg/oidc/id_token.go | 5 ----- 6 files changed, 14 insertions(+), 20 deletions(-) delete mode 100644 pkg/oidc/custom_claims.go delete mode 100644 pkg/oidc/id_token.go (limited to 'pkg') diff --git a/app/cfg/cfg.go b/app/cfg/cfg.go index 1dffa16..e076932 100644 --- a/app/cfg/cfg.go +++ b/app/cfg/cfg.go @@ -1,10 +1,10 @@ package cfg import ( + "github.com/coreos/go-oidc/v3/oidc" "github.com/xlgmokha/x/pkg/context" "github.com/xlgmokha/x/pkg/env" "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/domain" - "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/oidc" ) var CurrentUser context.Key[*domain.User] = context.Key[*domain.User]("current_user") diff --git a/app/middleware/init.go b/app/middleware/init.go index f1a693d..874ca52 100644 --- a/app/middleware/init.go +++ b/app/middleware/init.go @@ -1,14 +1,23 @@ package middleware import ( + "github.com/coreos/go-oidc/v3/oidc" "github.com/xlgmokha/x/pkg/mapper" "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/domain" - "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/oidc" ) +type CustomClaims struct { + Name string `json:"name"` + Nickname string `json:"nickname"` + Email string `json:"email"` + ProfileURL string `json:"profile"` + Picture string `json:"picture"` + Groups []string `json:"groups_direct"` +} + func init() { mapper.Register(func(idToken *oidc.IDToken) *domain.User { - customClaims := &oidc.CustomClaims{} + customClaims := &CustomClaims{} if err := idToken.Claims(customClaims); err != nil { return &domain.User{ID: domain.ID(idToken.Subject)} } diff --git a/app/middleware/user.go b/app/middleware/user.go index c0181f9..9a88f8e 100644 --- a/app/middleware/user.go +++ b/app/middleware/user.go @@ -3,11 +3,11 @@ package middleware import ( "net/http" + "github.com/coreos/go-oidc/v3/oidc" "github.com/xlgmokha/x/pkg/mapper" "github.com/xlgmokha/x/pkg/x" "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/cfg" "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/domain" - "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/oidc" "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/pls" ) diff --git a/app/middleware/user_test.go b/app/middleware/user_test.go index e6ba09d..aed3582 100644 --- a/app/middleware/user_test.go +++ b/app/middleware/user_test.go @@ -4,13 +4,13 @@ import ( "net/http" "testing" + "github.com/coreos/go-oidc/v3/oidc" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "github.com/xlgmokha/x/pkg/test" "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/cfg" "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/db" "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/domain" - "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/oidc" "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/pls" ) diff --git a/pkg/oidc/custom_claims.go b/pkg/oidc/custom_claims.go deleted file mode 100644 index 0d89d89..0000000 --- a/pkg/oidc/custom_claims.go +++ /dev/null @@ -1,10 +0,0 @@ -package oidc - -type CustomClaims struct { - Name string `json:"name"` - Nickname string `json:"nickname"` - Email string `json:"email"` - ProfileURL string `json:"profile"` - Picture string `json:"picture"` - Groups []string `json:"groups_direct"` -} diff --git a/pkg/oidc/id_token.go b/pkg/oidc/id_token.go deleted file mode 100644 index b7f21ce..0000000 --- a/pkg/oidc/id_token.go +++ /dev/null @@ -1,5 +0,0 @@ -package oidc - -import "github.com/coreos/go-oidc/v3/oidc" - -type IDToken = oidc.IDToken -- cgit v1.2.3 From 48800c5e4e9d458ba7b6a9ab375810380091bdbb Mon Sep 17 00:00:00 2001 From: mo khan Date: Thu, 15 May 2025 10:00:04 -0600 Subject: refactor: inline usage of RawToken type --- app/middleware/raw_token.go | 7 +++++++ app/middleware/token_parser.go | 7 +++---- pkg/oidc/raw_token.go | 7 ------- 3 files changed, 10 insertions(+), 11 deletions(-) create mode 100644 app/middleware/raw_token.go delete mode 100644 pkg/oidc/raw_token.go (limited to 'pkg') diff --git a/app/middleware/raw_token.go b/app/middleware/raw_token.go new file mode 100644 index 0000000..f7aa264 --- /dev/null +++ b/app/middleware/raw_token.go @@ -0,0 +1,7 @@ +package middleware + +type RawToken string + +func (r RawToken) String() string { + return string(r) +} diff --git a/app/middleware/token_parser.go b/app/middleware/token_parser.go index 22a7af9..14d48e2 100644 --- a/app/middleware/token_parser.go +++ b/app/middleware/token_parser.go @@ -5,17 +5,16 @@ import ( "github.com/xlgmokha/x/pkg/x" "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/cfg" - "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/oidc" ) -type TokenParser x.Mapper[*http.Request, oidc.RawToken] +type TokenParser x.Mapper[*http.Request, RawToken] -func IDTokenFromSessionCookie(r *http.Request) oidc.RawToken { +func IDTokenFromSessionCookie(r *http.Request) RawToken { cookies := r.CookiesNamed(cfg.IDTokenCookie) if len(cookies) != 1 { return "" } - return oidc.RawToken(cookies[0].Value) + return RawToken(cookies[0].Value) } diff --git a/pkg/oidc/raw_token.go b/pkg/oidc/raw_token.go deleted file mode 100644 index 08bd1e5..0000000 --- a/pkg/oidc/raw_token.go +++ /dev/null @@ -1,7 +0,0 @@ -package oidc - -type RawToken string - -func (r RawToken) String() string { - return string(r) -} -- cgit v1.2.3 From ca3fb0f032ab338a10379807d97e0d31c3afca35 Mon Sep 17 00:00:00 2001 From: mo khan Date: Thu, 15 May 2025 11:41:16 -0600 Subject: refactor: move NewOIDCProvider to web package --- app/init.go | 3 +-- pkg/oidc/provider.go | 27 --------------------------- pkg/oidc/test_server.go | 6 ++---- pkg/web/oidc.go | 27 +++++++++++++++++++++++++++ 4 files changed, 30 insertions(+), 33 deletions(-) delete mode 100644 pkg/oidc/provider.go create mode 100644 pkg/web/oidc.go (limited to 'pkg') diff --git a/app/init.go b/app/init.go index 0d3fb42..cb9680d 100644 --- a/app/init.go +++ b/app/init.go @@ -15,7 +15,6 @@ import ( "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/controllers/sparkles" "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/db" "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/domain" - "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/oidc" "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/web" "golang.org/x/oauth2" ) @@ -51,7 +50,7 @@ func init() { }) ioc.Register[*xoidc.Provider](ioc.Default, func() *xoidc.Provider { ctx := context.WithValue(context.Background(), oauth2.HTTPClient, ioc.MustResolve[*http.Client](ioc.Default)) - return oidc.NewProvider(ctx, cfg.OIDCIssuer, func(err error) { + return web.NewOIDCProvider(ctx, cfg.OIDCIssuer, func(err error) { ioc.MustResolve[*zerolog.Logger](ioc.Default).Err(err).Send() }) }) diff --git a/pkg/oidc/provider.go b/pkg/oidc/provider.go deleted file mode 100644 index 31f7577..0000000 --- a/pkg/oidc/provider.go +++ /dev/null @@ -1,27 +0,0 @@ -package oidc - -import ( - "context" - - "github.com/coreos/go-oidc/v3/oidc" -) - -func NewProvider(ctx context.Context, issuer string, report func(error)) *oidc.Provider { - provider, err := oidc.NewProvider(ctx, issuer) - if err == nil { - return provider - } - - report(err) - - config := &oidc.ProviderConfig{ - IssuerURL: issuer, - AuthURL: issuer + "/oauth/authorize", - TokenURL: issuer + "/oauth/token", - DeviceAuthURL: "", - UserInfoURL: issuer + "/oauth/userinfo", - JWKSURL: issuer + "/oauth/disovery/keys", - Algorithms: []string{"RS256"}, - } - return config.NewProvider(ctx) -} diff --git a/pkg/oidc/test_server.go b/pkg/oidc/test_server.go index 81b37ca..80f2c9a 100644 --- a/pkg/oidc/test_server.go +++ b/pkg/oidc/test_server.go @@ -29,10 +29,8 @@ func NewTestServer(t *testing.T) *TestServer { next.ServeHTTP(w, r) }) }) - - provider := NewProvider(t.Context(), srv.Issuer(), func(err error) { - require.NoError(t, err) - }) + provider, err := oidc.NewProvider(t.Context(), srv.Issuer()) + require.NoError(t, err) return &TestServer{ srv, diff --git a/pkg/web/oidc.go b/pkg/web/oidc.go new file mode 100644 index 0000000..707a1b5 --- /dev/null +++ b/pkg/web/oidc.go @@ -0,0 +1,27 @@ +package web + +import ( + "context" + + "github.com/coreos/go-oidc/v3/oidc" +) + +func NewOIDCProvider(ctx context.Context, issuer string, report func(error)) *oidc.Provider { + provider, err := oidc.NewProvider(ctx, issuer) + if err == nil { + return provider + } + + report(err) + + config := &oidc.ProviderConfig{ + IssuerURL: issuer, + AuthURL: issuer + "/oauth/authorize", + TokenURL: issuer + "/oauth/token", + DeviceAuthURL: "", + UserInfoURL: issuer + "/oauth/userinfo", + JWKSURL: issuer + "/oauth/disovery/keys", + Algorithms: []string{"RS256"}, + } + return config.NewProvider(ctx) +} -- cgit v1.2.3 From 5f94e430d68f99dc3315ae23ee907b1d60c4d38e Mon Sep 17 00:00:00 2001 From: mo khan Date: Thu, 15 May 2025 12:59:39 -0600 Subject: refactor: rename TestServer to OIDCServer --- app/middleware/id_token_test.go | 3 +- pkg/oidc/test_server.go | 84 -------------------------------------- pkg/web/oidc_server.go | 84 ++++++++++++++++++++++++++++++++++++++ test/integration/container_test.go | 6 +-- 4 files changed, 88 insertions(+), 89 deletions(-) delete mode 100644 pkg/oidc/test_server.go create mode 100644 pkg/web/oidc_server.go (limited to 'pkg') diff --git a/app/middleware/id_token_test.go b/app/middleware/id_token_test.go index 015ef0d..9b96a50 100644 --- a/app/middleware/id_token_test.go +++ b/app/middleware/id_token_test.go @@ -11,13 +11,12 @@ import ( "github.com/xlgmokha/x/pkg/test" "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/cfg" xcfg "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/cfg" - "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/oidc" "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/web" "golang.org/x/oauth2" ) func TestIDToken(t *testing.T) { - srv := oidc.NewTestServer(t) + srv := web.NewOIDCServer(t) defer srv.Close() config := &oauth2.Config{ diff --git a/pkg/oidc/test_server.go b/pkg/oidc/test_server.go deleted file mode 100644 index 80f2c9a..0000000 --- a/pkg/oidc/test_server.go +++ /dev/null @@ -1,84 +0,0 @@ -package oidc - -import ( - "net/http" - "strconv" - "testing" - "time" - - "github.com/coreos/go-oidc/v3/oidc" - "github.com/oauth2-proxy/mockoidc" - "github.com/stretchr/testify/require" - "golang.org/x/oauth2" -) - -type TestServer struct { - *mockoidc.MockOIDC - *oauth2.Config - *oidc.Provider - *testing.T -} - -func NewTestServer(t *testing.T) *TestServer { - srv, err := mockoidc.Run() - require.NoError(t, err) - - srv.AddMiddleware(func(next http.Handler) http.Handler { - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - t.Logf("%v %v %v\n", r.Method, r.URL.Path, r.URL.Query()) - next.ServeHTTP(w, r) - }) - }) - provider, err := oidc.NewProvider(t.Context(), srv.Issuer()) - require.NoError(t, err) - - return &TestServer{ - srv, - &oauth2.Config{ - ClientID: srv.ClientID, - ClientSecret: srv.ClientSecret, - RedirectURL: "https://example.com/oauth/callback", - Endpoint: provider.Endpoint(), - Scopes: []string{oidc.ScopeOpenID, "profile", "email"}, - }, - provider, - t, - } -} - -func (srv *TestServer) CreateAuthorizationCodeFor(user mockoidc.User) string { - code := strconv.FormatInt(time.Now().Unix(), 10) - srv.QueueUser(user) - srv.QueueCode(code) - - http.Get(srv.AuthCodeURL("state")) - - return code -} - -func (srv *TestServer) CreateTokenFor(user mockoidc.User) *oauth2.Token { - code := srv.CreateAuthorizationCodeFor(user) - token, err := srv.Exchange(srv.Context(), code) - require.NoError(srv, err) - return token -} - -func (srv *TestServer) CreateTokensFor(user mockoidc.User) (*oauth2.Token, string) { - token := srv.CreateTokenFor(user) - rawIDToken, ok := token.Extra("id_token").(string) - require.True(srv, ok) - return token, rawIDToken -} - -func (srv *TestServer) Verify(rawIDToken string) *oidc.IDToken { - idToken, err := srv. - Verifier(&oidc.Config{ClientID: srv.MockOIDC.Config().ClientID}). - Verify(srv.Context(), rawIDToken) - require.NoError(srv, err) - - return idToken -} - -func (s *TestServer) Close() { - s.Shutdown() -} diff --git a/pkg/web/oidc_server.go b/pkg/web/oidc_server.go new file mode 100644 index 0000000..31ef572 --- /dev/null +++ b/pkg/web/oidc_server.go @@ -0,0 +1,84 @@ +package web + +import ( + "net/http" + "strconv" + "testing" + "time" + + "github.com/coreos/go-oidc/v3/oidc" + "github.com/oauth2-proxy/mockoidc" + "github.com/stretchr/testify/require" + "golang.org/x/oauth2" +) + +type OIDCServer struct { + *mockoidc.MockOIDC + *oauth2.Config + *oidc.Provider + *testing.T +} + +func NewOIDCServer(t *testing.T) *OIDCServer { + srv, err := mockoidc.Run() + require.NoError(t, err) + + srv.AddMiddleware(func(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + t.Logf("%v %v %v\n", r.Method, r.URL.Path, r.URL.Query()) + next.ServeHTTP(w, r) + }) + }) + provider, err := oidc.NewProvider(t.Context(), srv.Issuer()) + require.NoError(t, err) + + return &OIDCServer{ + srv, + &oauth2.Config{ + ClientID: srv.ClientID, + ClientSecret: srv.ClientSecret, + RedirectURL: "https://example.com/oauth/callback", + Endpoint: provider.Endpoint(), + Scopes: []string{oidc.ScopeOpenID, "profile", "email"}, + }, + provider, + t, + } +} + +func (srv *OIDCServer) CreateAuthorizationCodeFor(user mockoidc.User) string { + code := strconv.FormatInt(time.Now().Unix(), 10) + srv.QueueUser(user) + srv.QueueCode(code) + + http.Get(srv.AuthCodeURL("state")) + + return code +} + +func (srv *OIDCServer) CreateTokenFor(user mockoidc.User) *oauth2.Token { + code := srv.CreateAuthorizationCodeFor(user) + token, err := srv.Exchange(srv.Context(), code) + require.NoError(srv, err) + return token +} + +func (srv *OIDCServer) CreateTokensFor(user mockoidc.User) (*oauth2.Token, string) { + token := srv.CreateTokenFor(user) + rawIDToken, ok := token.Extra("id_token").(string) + require.True(srv, ok) + return token, rawIDToken +} + +func (srv *OIDCServer) Verify(rawIDToken string) *oidc.IDToken { + idToken, err := srv. + Verifier(&oidc.Config{ClientID: srv.MockOIDC.Config().ClientID}). + Verify(srv.Context(), rawIDToken) + require.NoError(srv, err) + + return idToken +} + +func (s *OIDCServer) Close() { + s.Shutdown() +} diff --git a/test/integration/container_test.go b/test/integration/container_test.go index 4768c98..73724fb 100644 --- a/test/integration/container_test.go +++ b/test/integration/container_test.go @@ -14,10 +14,10 @@ import ( "github.com/stretchr/testify/require" "github.com/testcontainers/testcontainers-go" "github.com/xlgmokha/x/pkg/env" - "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/oidc" + "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/web" ) -func environmentVariables(srv *oidc.TestServer) map[string]string { +func environmentVariables(srv *web.OIDCServer) map[string]string { return map[string]string{ "APP_ENV": "test", "DEBUG": env.Fetch("DEBUG", ""), @@ -32,7 +32,7 @@ func TestContainer(t *testing.T) { ctx, cancel := context.WithTimeout(context.Background(), 60*time.Second) defer cancel() - srv := oidc.NewTestServer(t) + srv := web.NewOIDCServer(t) defer srv.Close() container := NewContainer(t, ctx, environmentVariables(srv)) -- cgit v1.2.3