handlers.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"crypto/rand"
 	"encoding/base64"
+	"fmt"
 	"log"
 	"net/http"
 	"time"
@@ -26,21 +27,14 @@ func NewHandler(oauth2Config *oauth2.Config, session SessionStorer, verifier *oi
 	}, nil
 }
 
-type Identity struct {
-	UserID       string `json:"userId"`
-	ProviderName string `json:"providerName"`
-	ProviderType string `json:"providerType"`
-}
-
 type UserClaims struct {
-	Email      string      `json:"email"`
-	Verified   bool        `json:"email_verified"`
-	Name       string      `json:"given_name"`
-	Username   string      `json:"cognito:username"`
-	Picture    string      `json:"picture"`
-	Sub        string      `json:"sub"`
-	Groups     []string    `json:"cognito:groups"`
-	Identities []*Identity `json:"identities"`
+	Email    string   `json:"email"`
+	Verified bool     `json:"email_verified"`
+	Name     string   `json:"given_name"`
+	Username string   `json:"cognito:username"`
+	Picture  string   `json:"picture"`
+	Sub      string   `json:"sub"`
+	Groups   []string `json:"cognito:groups"`
 }
 
 func generateState() (string, error) {
@@ -55,21 +49,19 @@ func generateState() (string, error) {
 func (h *Handlers) SignIn(w http.ResponseWriter, r *http.Request) {
 	state, err := generateState()
 	if err != nil {
-		log.Printf("Failed to generate state: %v", err)
+		log.Println("Failed to generate state")
 		http.Error(w, "Something went wrong", http.StatusInternalServerError)
 		return
 	}
 
 	session, err := h.session.Get(r)
 	if err != nil {
-		log.Printf("Failed to get session: %v", err)
 		http.Error(w, "Failed to get session", http.StatusInternalServerError)
 		return
 	}
 	session.Values["state"] = state
 	err = session.Save(r, w)
 	if err != nil {
-		log.Printf("Failed to save session: %v", err)
 		http.Error(w, "Failed to save session", http.StatusInternalServerError)
 		return
 	}
@@ -83,7 +75,6 @@ func (h *Handlers) CallbackHandler(w http.ResponseWriter, r *http.Request) {
 
 	session, err := h.session.Get(r)
 	if err != nil {
-		log.Printf("Failed to verify ID Token: %v", err)
 		http.Error(w, "Failed to get session", http.StatusInternalServerError)
 		return
 	}
@@ -131,6 +122,7 @@ func (h *Handlers) CallbackHandler(w http.ResponseWriter, r *http.Request) {
 	session.Values["access_token"] = oauth2Token.AccessToken
 	session.Values["user_info"] = claims
 
+	fmt.Println(claims)
 	session.Options.MaxAge = int(oauth2Token.Expiry.Sub(time.Now()).Seconds())
 	err = session.Save(r, w)
 	if err != nil {

middleware.go

@@ -2,10 +2,9 @@ package cauth
 
 import (
 	"context"
+	"github.com/lestrrat-go/jwx/jwk"
 	"log"
 	"net/http"
-
-	"github.com/lestrrat-go/jwx/jwk"
 )
 
 type contextKey string
@@ -104,7 +103,6 @@ func (m *Middleware) AdminProtectedRoute(next http.Handler) http.Handler {
 			user := userOptional.(UserClaims)
 			if IsAdmin(user.Groups) {
 				next.ServeHTTP(w, r)
-				return
 			}
 		}
 
@@ -119,5 +117,5 @@ func GetUserFromContext(r *http.Request) *UserClaims {
 		return &user
 	}
 
-	return nil
+	return &UserClaims{}
 }

session.go

@@ -3,14 +3,13 @@ package cauth
 import (
 	"context"
 	"encoding/gob"
-	"log"
-	"net/http"
-
 	"github.com/coreos/go-oidc/v3/oidc"
 	"github.com/gorilla/sessions"
 	"github.com/rbcervilla/redisstore/v9"
 	"github.com/redis/go-redis/v9"
 	"golang.org/x/oauth2"
+	"log"
+	"net/http"
 )
 
 const SESSION_NAME = "auth-session"
@@ -22,7 +21,7 @@ type RedisSession struct {
 type RedisSessionParams struct {
 	RedisAddress  string
 	RedisPassword string
-	// SessionSecret []byte
+	//SessionSecret []byte
 }
 
 type SessionStorer interface {
@@ -32,7 +31,6 @@ type SessionStorer interface {
 func NewRedisSessionStore(params RedisSessionParams) (SessionStorer, error) {
 	gob.Register(&oauth2.Token{})
 	gob.Register(oidc.IDToken{})
-	gob.Register(Identity{})
 	gob.Register(UserClaims{})
 	client := redis.NewClient(&redis.Options{
 		Addr:     params.RedisAddress,