blasphem/pkg/auth/flow.go

184 lines
3.5 KiB
Go
Raw Normal View History

2022-09-30 23:54:21 -04:00
package auth
import (
"crypto/rand"
"encoding/hex"
"net/http"
"strings"
"time"
"github.com/labstack/echo/v4"
)
type FlowStore map[FlowID]*Flow
type FlowRequest struct {
ClientID string `json:"client_id"`
Handler []*string `json:"handler"`
RedirectURI string `json:"redirect_uri"`
}
type FlowSchemaItem struct {
Type string `json:"type"`
Name string `json:"name"`
Required bool `json:"required"`
}
type FlowType string
const (
TypeForm FlowType = "form"
)
type FlowID string
type Step string
const (
StepInit Step = "init"
)
type Flow struct {
Type FlowType `json:"type"`
ID FlowID `json:"flow_id"`
Handler []*string `json:"handler"`
StepID Step `json:"step_id"`
Schema []FlowSchemaItem `json:"data_schema"`
Errors []string `json:"errors"`
DescPlace *string `json:"description_placeholders"`
LastStep *string `json:"last_step"`
request *FlowRequest
age time.Time
}
func (f *Flow) touch() {
f.age = time.Now()
}
func genFlowID() FlowID {
b := make([]byte, 16)
if _, err := rand.Read(b); err != nil {
panic(err)
}
return FlowID(hex.EncodeToString(b))
}
func (fs FlowStore) register(f *Flow) {
fs.cull()
fs[f.ID] = f
}
const cullAge = time.Minute * 30
func (fs FlowStore) cull() {
for k, v := range fs {
if time.Now().Sub(v.age) > cullAge {
delete(fs, k)
}
}
}
func (fs FlowStore) Get(id FlowID) *Flow {
f, ok := fs[id]
if ok {
return f
}
return nil
}
func (a *Authenticator) NewFlow(r *FlowRequest) *Flow {
flow := &Flow{
Type: TypeForm,
ID: genFlowID(),
StepID: StepInit,
Schema: []FlowSchemaItem{
{
Type: "string",
Name: "username",
Required: true,
},
{
Type: "string",
Name: "password",
Required: true,
},
},
Handler: r.Handler,
Errors: []string{},
request: r,
}
flow.touch()
a.Flows.register(flow)
return flow
}
func (f *Flow) progress(c echo.Context) error {
switch f.StepID {
case StepInit:
var rm map[string]interface{}
err := c.Bind(&rm)
if err != nil {
return c.String(http.StatusBadRequest, err.Error())
}
for _, si := range f.Schema {
if si.Required {
if _, ok := rm[si.Name]; !ok {
return c.String(http.StatusBadRequest, "missing required param "+si.Name)
}
}
}
// TODO: lookup creds, pass, redirect to url
default:
return c.String(http.StatusBadRequest, "unknown flow step")
}
return nil
}
2022-10-02 08:52:48 -04:00
func (a *Authenticator) LoginFlowDeleteHandler(c echo.Context) error {
flowID := c.Param("flow_id")
if flowID == "" {
return c.String(http.StatusBadRequest, "empty flow ID")
}
delete(a.Flows, FlowID(flowID))
return c.String(http.StatusOK, "deleted")
}
2022-09-30 23:54:21 -04:00
func (a *Authenticator) LoginFlowHandler(c echo.Context) error {
if c.Request().Method == http.MethodPost && strings.HasPrefix(c.Request().Header.Get(echo.HeaderContentType), "text/plain") {
// hack around the content-type, Context.JSON refuses to work otherwise
c.Request().Header.Set(echo.HeaderContentType, "application/json")
}
flowID := c.Param("flow_id")
switch flowID {
case "": // new
var flowReq FlowRequest
err := c.Bind(&flowReq)
if err != nil {
return c.String(http.StatusBadRequest, err.Error())
}
resp := a.NewFlow(&flowReq)
return c.JSON(http.StatusOK, resp)
default:
flow := a.Flows.Get(FlowID(flowID))
if flow == nil {
return c.String(http.StatusNotFound, "no such flow")
}
return flow.progress(c)
}
}