1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
package sessions
import (
"fmt"
"net/http"
"github.com/xlgmokha/x/pkg/serde"
"gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/oidc"
"golang.org/x/oauth2"
)
type Controller struct {
cfg *oidc.OpenID
}
func New(cfg *oidc.OpenID) *Controller {
return &Controller{cfg: cfg}
}
func (c *Controller) MountTo(mux *http.ServeMux) {
mux.HandleFunc("GET /session/new", c.New)
mux.HandleFunc("GET /session/callback", c.Create)
}
func (c *Controller) New(w http.ResponseWriter, r *http.Request) {
// TODO:: Generate and store nonce and use as state param to compare as a CSRF token
url := c.cfg.Config.AuthCodeURL("todo-csrf-token", oauth2.SetAuthURLParam("audience", "todo"))
http.Redirect(w, r, url, http.StatusFound)
}
func (c *Controller) Create(w http.ResponseWriter, r *http.Request) {
token, err := c.cfg.Config.Exchange(r.Context(), r.URL.Query().Get("code"))
if err != nil {
fmt.Printf("%v\n", err)
}
err = serde.ToJSON(w, token)
if err != nil {
fmt.Printf("%v\n", err)
return
}
if rawIDToken, ok := token.Extra("id_token").(string); ok {
idToken, err := oidc.NewIDToken(rawIDToken)
if err != nil {
fmt.Printf("%v\n", err)
return
}
err = serde.ToJSON(w, idToken)
if err != nil {
fmt.Printf("%v\n", err)
return
}
}
}
|
