0
0
mirror of https://github.com/vx3r/wg-gen-web.git synced 2024-11-04 17:31:17 +00:00
wg-gen-web/api/v1/auth/auth.go
2021-04-06 14:23:23 +02:00

135 lines
3.5 KiB
Go

package auth
import (
"github.com/gin-gonic/gin"
"github.com/patrickmn/go-cache"
log "github.com/sirupsen/logrus"
"github.com/vx3r/wg-gen-web/auth"
"github.com/vx3r/wg-gen-web/model"
"github.com/vx3r/wg-gen-web/util"
"golang.org/x/oauth2"
"net/http"
"time"
)
// ApplyRoutes applies router to gin Router
func ApplyRoutes(r *gin.RouterGroup) {
g := r.Group("/auth")
{
g.GET("/oauth2_url", oauth2URL)
g.POST("/oauth2_exchange", oauth2Exchange)
g.GET("/user", user)
g.GET("/logout", logout)
}
}
/*
* generate redirect url to get OAuth2 code or let client know that OAuth2 is disabled
*/
func oauth2URL(c *gin.Context) {
cacheDb := c.MustGet("cache").(*cache.Cache)
state, err := util.GenerateRandomString(32)
if err != nil {
log.WithFields(log.Fields{
"err": err,
}).Error("failed to generate state random string")
c.AbortWithStatus(http.StatusInternalServerError)
}
clientId, err := util.GenerateRandomString(32)
if err != nil {
log.WithFields(log.Fields{
"err": err,
}).Error("failed to generate state random string")
c.AbortWithStatus(http.StatusInternalServerError)
}
// save clientId and state so we can retrieve for verification
cacheDb.Set(clientId, state, 5*time.Minute)
oauth2Client := c.MustGet("oauth2Client").(auth.Auth)
data := &model.Auth{
Oauth2: true,
ClientId: clientId,
State: state,
CodeUrl: oauth2Client.CodeUrl(state),
}
c.JSON(http.StatusOK, data)
}
/*
* exchange code and get user infos, if OAuth2 is disable just send fake data
*/
func oauth2Exchange(c *gin.Context) {
var loginVals model.Auth
if err := c.ShouldBind(&loginVals); err != nil {
log.WithFields(log.Fields{
"err": err,
}).Error("code and state fields are missing")
c.AbortWithStatus(http.StatusUnprocessableEntity)
return
}
cacheDb := c.MustGet("cache").(*cache.Cache)
savedState, exists := cacheDb.Get(loginVals.ClientId)
if !exists || savedState != loginVals.State {
log.WithFields(log.Fields{
"state": loginVals.State,
"savedState": savedState,
}).Error("saved state and client provided state mismatch")
c.AbortWithStatus(http.StatusBadRequest)
return
}
oauth2Client := c.MustGet("oauth2Client").(auth.Auth)
oauth2Token, err := oauth2Client.Exchange(loginVals.Code)
if err != nil {
log.WithFields(log.Fields{
"err": err,
}).Error("failed to exchange code for token")
c.AbortWithStatus(http.StatusBadRequest)
return
}
cacheDb.Delete(loginVals.ClientId)
cacheDb.Set(oauth2Token.AccessToken, oauth2Token, cache.DefaultExpiration)
c.JSON(http.StatusOK, oauth2Token.AccessToken)
}
func logout(c *gin.Context) {
cacheDb := c.MustGet("cache").(*cache.Cache)
cacheDb.Delete(c.Request.Header.Get(util.AuthTokenHeaderName))
c.JSON(http.StatusOK, gin.H{})
}
func user(c *gin.Context) {
cacheDb := c.MustGet("cache").(*cache.Cache)
oauth2Token, exists := cacheDb.Get(c.Request.Header.Get(util.AuthTokenHeaderName))
if exists && oauth2Token.(*oauth2.Token).AccessToken == c.Request.Header.Get(util.AuthTokenHeaderName) {
oauth2Client := c.MustGet("oauth2Client").(auth.Auth)
user, err := oauth2Client.UserInfo(oauth2Token.(*oauth2.Token))
if err != nil {
log.WithFields(log.Fields{
"err": err,
}).Error("failed to get user from oauth2 AccessToken")
c.AbortWithStatus(http.StatusBadRequest)
return
}
c.JSON(http.StatusOK, user)
return
}
log.WithFields(log.Fields{
"exists": exists,
util.AuthTokenHeaderName: c.Request.Header.Get(util.AuthTokenHeaderName),
}).Error("oauth2 AccessToken is not recognized")
c.AbortWithStatus(http.StatusUnauthorized)
}