feature: basic auth0 support (#78)

* feature: basic auth0 support

* refactor: improve auth flow

* refactor: extract HttpServer config

* feature: merge HTTP API layer with Let's Encrypt

management/http_server/handler/callback.go

@@ -0,0 +1,96 @@
+package handler
+
+import (
+	"context"
+	"github.com/coreos/go-oidc"
+	"github.com/gorilla/sessions"
+	"github.com/wiretrustee/wiretrustee/management/http_server/middleware"
+	"log"
+	"net/http"
+)
+
+// Callback handler used to receive a callback from the identity provider
+type Callback struct {
+	authenticator *middleware.Authenticator
+	sessionStore  sessions.Store
+}
+
+func NewCallback(authenticator *middleware.Authenticator, sessionStore sessions.Store) *Callback {
+	return &Callback{
+		authenticator: authenticator,
+		sessionStore:  sessionStore,
+	}
+}
+
+// ServeHTTP checks the user session, verifies the state, verifies the token, stores user profile in a session,
+// and in case of the successful auth redirects user to the main page
+func (h *Callback) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	session, err := h.sessionStore.Get(r, "auth-session")
+	if err != nil {
+		//todo redirect to the error page stating: "error occurred plz try again later and a link to login"
+		//http.Error(w, err.Error(), http.StatusInternalServerError)
+		http.Redirect(w, r, "/login", http.StatusSeeOther)
+		return
+	}
+
+	if r.URL.Query().Get("state") != session.Values["state"] {
+		//todo redirect to the error page stating: "error authenticating plz try to login once again"
+		//http.Error(w, "invalid state parameter", http.StatusBadRequest)
+		http.Redirect(w, r, "/login", http.StatusSeeOther)
+		return
+	}
+
+	token, err := h.authenticator.Config.Exchange(context.TODO(), r.URL.Query().Get("code"))
+	if err != nil {
+		log.Printf("no token found: %v", err)
+		//todo redirect to the error page stating: "error authenticating plz try to login once again"
+		//w.WriteHeader(http.StatusUnauthorized)
+		http.Redirect(w, r, "/login", http.StatusSeeOther)
+		return
+	}
+
+	rawIDToken, ok := token.Extra("id_token").(string)
+	if !ok {
+		//todo redirect to the error page stating: "error occurred plz try again later and a link to login"
+		//http.Error(w, "no id_token field in oauth2 token.", http.StatusInternalServerError)
+		http.Redirect(w, r, "/login", http.StatusSeeOther)
+		return
+	}
+
+	oidcConfig := &oidc.Config{
+		ClientID: h.authenticator.Config.ClientID,
+	}
+
+	idToken, err := h.authenticator.Provider.Verifier(oidcConfig).Verify(context.TODO(), rawIDToken)
+
+	if err != nil {
+		//todo redirect to the error page stating: "error occurred plz try again later and a link to login"
+		//http.Error(w, "failed to verify ID Token: "+err.Error(), http.StatusInternalServerError)
+		http.Redirect(w, r, "/login", http.StatusSeeOther)
+		return
+	}
+
+	// get the userInfo from the token
+	var profile map[string]interface{}
+	if err := idToken.Claims(&profile); err != nil {
+		//todo redirect to the error page stating: "error occurred plz try again later and a link to login"
+		//http.Error(w, err.Error(), http.StatusInternalServerError)
+		http.Redirect(w, r, "/login", http.StatusSeeOther)
+		return
+	}
+
+	session.Values["id_token"] = rawIDToken
+	session.Values["access_token"] = token.AccessToken
+	session.Values["profile"] = profile
+
+	err = session.Save(r, w)
+	if err != nil {
+		//todo redirect to the error page stating: "error occurred plz try again later and a link to login"
+		//http.Error(w, err.Error(), http.StatusInternalServerError)
+		http.Redirect(w, r, "/login", http.StatusSeeOther)
+		return
+	}
+
+	// redirect to logged in page
+	http.Redirect(w, r, "/dashboard", http.StatusSeeOther)
+}