luiz
/
cauth
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: luiz:v1.2.1
Branches Tags
luiz:main
luiz:fix/cleanPrint
luiz:feature/admin
luiz:v1.4.0
luiz:v1.3.3
luiz:v1.3.2
luiz:v1.3.1
luiz:v1.3.0
luiz:v1.2.1
luiz:v1.2.0
luiz:v1.1.0
luiz:v1.0.0
luiz:v0.2.0
luiz:v0.1.0
...
compare: luiz:main
Branches Tags
luiz:main
luiz:fix/cleanPrint
luiz:feature/admin
luiz:v1.4.0
luiz:v1.3.3
luiz:v1.3.2
luiz:v1.3.1
luiz:v1.3.0
luiz:v1.2.1
luiz:v1.2.0
luiz:v1.1.0
luiz:v1.0.0
luiz:v0.2.0
luiz:v0.1.0

10 Commits
v1.2.1 ... main

Author SHA1 Message Date
luiz 767e0cf9ae Merge pull request 'Include identities to user claims' (#9) from feature/Identities into main 
Reviewed-on: #9
 2025-03-25 12:28:58 +00:00
Luiz Vasconcelos 59ff04dbbc Include identities to user claims 2025-03-25 13:27:03 +01:00
luiz 5a2083aef0 Merge pull request 'Return nil if claims are not present in request' (#8) from bugfix/emptyUser into main 
Reviewed-on: #8
 2025-02-19 22:50:57 +00:00
Luiz Vasconcelos d272cfd026 Return nil if claims are not present in request 2025-02-19 23:48:53 +01:00
luiz c1b41684c5 Merge pull request 'Removed unnecessary print' (#7) from fix/cleanPrint into main 
Reviewed-on: #7
 2025-02-15 09:44:04 +00:00
Luiz Vasconcelos 77f4d32386 Removed unnecessary print 2025-02-15 10:37:32 +01:00
luiz 2343eb2000 Merge pull request 'Added missing return statement' (#6) from bugfix/adminRoute into main 
Reviewed-on: #6
 2024-11-24 16:48:10 +00:00
Luiz Vasconcelos 5cc3dcad9f Added missing return statement 2024-11-24 17:47:22 +01:00
luiz 43c2abf138 Merge pull request 'Add middleware for AdminRouter and added IsAdmin function' (#5) from feature/admin into main 
Reviewed-on: #5
 2024-11-24 15:52:53 +00:00
Luiz Vasconcelos 9d813bfd43 Add middleware for AdminRouter and added IsAdmin function 2024-11-24 16:50:11 +01:00
3 changed files with 52 additions and 14 deletions
Show Stats Expand all files Collapse all files

15
handlers.go
View File

@ -4,7 +4,6 @@ import (
"context"
"crypto/rand"
"encoding/base64"
"fmt"
"log"
"net/http"
"time"
@ -27,6 +26,12 @@ func NewHandler(oauth2Config *oauth2.Config, session SessionStorer, verifier *oi
}, nil
}
type Identity struct {
UserID string `json:"userId"`
ProviderName string `json:"providerName"`
ProviderType string `json:"providerType"`
}
type UserClaims struct {
Email string `json:"email"`
Verified bool `json:"email_verified"`
@ -34,6 +39,8 @@ type UserClaims struct {
Username string `json:"cognito:username"`
Picture string `json:"picture"`
Sub string `json:"sub"`
Groups []string `json:"cognito:groups"`
Identities []*Identity `json:"identities"`
}
func generateState() (string, error) {
@ -48,19 +55,21 @@ func generateState() (string, error) {
func (h *Handlers) SignIn(w http.ResponseWriter, r *http.Request) {
state, err := generateState()
if err != nil {
log.Println("Failed to generate state")
log.Printf("Failed to generate state: %v", err)
http.Error(w, "Something went wrong", http.StatusInternalServerError)
return
}
session, err := h.session.Get(r)
if err != nil {
log.Printf("Failed to get session: %v", err)
http.Error(w, "Failed to get session", http.StatusInternalServerError)
return
}
session.Values["state"] = state
err = session.Save(r, w)
if err != nil {
log.Printf("Failed to save session: %v", err)
http.Error(w, "Failed to save session", http.StatusInternalServerError)
return
}
@ -74,6 +83,7 @@ func (h *Handlers) CallbackHandler(w http.ResponseWriter, r *http.Request) {
session, err := h.session.Get(r)
if err != nil {
log.Printf("Failed to verify ID Token: %v", err)
http.Error(w, "Failed to get session", http.StatusInternalServerError)
return
}
@ -121,7 +131,6 @@ func (h *Handlers) CallbackHandler(w http.ResponseWriter, r *http.Request) {
session.Values["access_token"] = oauth2Token.AccessToken
session.Values["user_info"] = claims
fmt.Println(claims)
session.Options.MaxAge = int(oauth2Token.Expiry.Sub(time.Now()).Seconds())
err = session.Save(r, w)
if err != nil {

31
middleware.go
View File

@ -2,9 +2,10 @@ package cauth
import (
"context"
"github.com/lestrrat-go/jwx/jwk"
"log"
"net/http"
"github.com/lestrrat-go/jwx/jwk"
)
type contextKey string
@ -85,6 +86,32 @@ func (m *Middleware) ProtectedRouteWithRedirect(next http.Handler) http.Handler
})
}
// IsAdmin Checks if admin group is present
func IsAdmin(groups []string) bool {
for _, group := range groups {
if group == "admin" {
return true
}
}
return false
}
// AdminProtectedRoute Checks if user is member of admin group, if not return forbidden
func (m *Middleware) AdminProtectedRoute(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
userOptional := r.Context().Value(userContextKey)
if userOptional != nil {
user := userOptional.(UserClaims)
if IsAdmin(user.Groups) {
next.ServeHTTP(w, r)
return
}
}
http.Error(w, "Forbidden", http.StatusForbidden)
})
}
func GetUserFromContext(r *http.Request) *UserClaims {
userOptional := r.Context().Value(userContextKey)
if userOptional != nil {
@ -92,5 +119,5 @@ func GetUserFromContext(r *http.Request) *UserClaims {
return &user
}
return &UserClaims{}
return nil
}

8
session.go
View File

@ -3,13 +3,14 @@ package cauth
import (
"context"
"encoding/gob"
"log"
"net/http"
"github.com/coreos/go-oidc/v3/oidc"
"github.com/gorilla/sessions"
"github.com/rbcervilla/redisstore/v9"
"github.com/redis/go-redis/v9"
"golang.org/x/oauth2"
"log"
"net/http"
)
const SESSION_NAME = "auth-session"
@ -21,7 +22,7 @@ type RedisSession struct {
type RedisSessionParams struct {
RedisAddress string
RedisPassword string
//SessionSecret []byte
// SessionSecret []byte
}
type SessionStorer interface {
@ -31,6 +32,7 @@ type SessionStorer interface {
func NewRedisSessionStore(params RedisSessionParams) (SessionStorer, error) {
gob.Register(&oauth2.Token{})
gob.Register(oidc.IDToken{})
gob.Register(Identity{})
gob.Register(UserClaims{})
client := redis.NewClient(&redis.Options{
Addr: params.RedisAddress,