pangolin_mirror/badger
1
0
Fork 0
mirror of https://github.com/fosrl/badger.git synced 2026-03-02 16:56:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

initial implementation of new reource auth method middleware

Browse Source
This commit is contained in:
Milo Schwartz
2024-11-16 22:42:09 -05:00
parent 58ed0f6c45
commit 199194b352
1 changed files with 83 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

96
main.go
View File

@@ -1,19 +1,42 @@
package badger package badger
import ( import (
"bytes"
"context" "context"
"encoding/json"
"fmt" "fmt"
"net/http" "net/http"
"net/url" "net/url"
) )
const SessionCookieName = "session" const AppSSOSessionCookieName = "session"
const ResourceSessionCookieName = "resource_session"
type Config struct { type Config struct {
AppBaseUrl string `json:"appBaseUrl"` AppBaseUrl string `json:"appBaseUrl"`
APIBaseUrl string `json:"apiBaseUrl"` APIBaseUrl string `json:"apiBaseUrl"`
} }
type CookieData struct {
Session *string `json:"session"`
ResourceSession *string `json:"resource_session"`
}
type VerifyBody struct {
Cookies CookieData `json:"cookies"`
OriginalRequestURL string `json:"originalRequestURL"`
RequestScheme *string `json:"scheme"`
RequestHost *string `json:"host"`
RequestPath *string `json:"path"`
RequestMethod *string `json:"method"`
TLS bool `json:"tls"`
}
type VerifyResponse struct {
Valid bool `json:"valid"`
RedirectURL *string `json:"redirectUrl"`
}
func CreateConfig() *Config { func CreateConfig() *Config {
return &Config{} return &Config{}
} }
@@ -35,29 +58,76 @@ func New(ctx context.Context, next http.Handler, config *Config, name string) (h
} }
func (p *Badger) ServeHTTP(rw http.ResponseWriter, req *http.Request) { func (p *Badger) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
cookie, err := req.Cookie(SessionCookieName) verifyURL := fmt.Sprintf("%s/badger/verify-session", p.apiBaseUrl)
cookies := extractCookies(req)
originalRequestURL := url.QueryEscape(fmt.Sprintf("%s://%s%s", p.getScheme(req), req.Host, req.URL.RequestURI()))
cookieData := VerifyBody{
Cookies: CookieData{
Session: cookies.Session,
ResourceSession: cookies.ResourceSession,
},
OriginalRequestURL: originalRequestURL,
RequestScheme: &req.URL.Scheme,
RequestHost: &req.Host,
RequestPath: &req.URL.Path,
RequestMethod: &req.Method,
TLS: req.TLS != nil,
}
jsonData, err := json.Marshal(cookieData)
if err != nil { if err != nil {
originalRequestURL := url.QueryEscape(fmt.Sprintf("%s://%s%s", p.getScheme(req), req.Host, req.URL.RequestURI())) http.Error(rw, "Internal Server Error", http.StatusInternalServerError)
http.Redirect(rw, req, fmt.Sprintf("%s/auth/login?redirect=%s", p.appBaseUrl, originalRequestURL), http.StatusFound)
return return
} }
sessionID := cookie.Value resp, err := http.Post(verifyURL, "application/json", bytes.NewBuffer(jsonData))
verifyURL := fmt.Sprintf("%s/badger/verify-user?sessionId=%s", p.apiBaseUrl, sessionID) if err != nil {
http.Error(rw, "Internal Server Error", http.StatusInternalServerError)
return
}
defer resp.Body.Close()
resp, err := http.Get(verifyURL) if resp.StatusCode != http.StatusOK {
if err != nil || resp.StatusCode != http.StatusOK { http.Error(rw, "Internal Server Error", http.StatusInternalServerError)
if resp != nil && resp.StatusCode == http.StatusUnauthorized { return
http.Redirect(rw, req, p.appBaseUrl, http.StatusFound) }
} else {
http.Error(rw, "Internal Server Error", http.StatusInternalServerError) var result VerifyResponse
} err = json.NewDecoder(resp.Body).Decode(&result)
if err != nil {
http.Error(rw, "Internal Server Error", http.StatusInternalServerError)
return
}
if result.RedirectURL != nil && *result.RedirectURL != "" {
http.Redirect(rw, req, *result.RedirectURL, http.StatusFound)
return
}
if !result.Valid { // only do this if for some reason the API doesn't return a redirect and it's not valid
http.Error(rw, "Unauthorized", http.StatusUnauthorized)
return return
} }
p.next.ServeHTTP(rw, req) p.next.ServeHTTP(rw, req)
} }
func extractCookies(req *http.Request) CookieData {
var cookies CookieData
if appSSOSessionCookie, err := req.Cookie(AppSSOSessionCookieName); err == nil {
cookies.Session = &appSSOSessionCookie.Value
}
if resourceSessionCookie, err := req.Cookie(ResourceSessionCookieName); err == nil {
cookies.ResourceSession = &resourceSessionCookie.Value
}
return cookies
}
func (p *Badger) getScheme(req *http.Request) string { func (p *Badger) getScheme(req *http.Request) string {
if req.TLS != nil { if req.TLS != nil {
return "https" return "https"