236 lines
4.9 KiB
Go
236 lines
4.9 KiB
Go
package auth
|
|
|
|
import (
|
|
"net/http"
|
|
"strings"
|
|
"time"
|
|
|
|
"github.com/jinzhu/copier"
|
|
"github.com/labstack/echo/v4"
|
|
|
|
"dynatron.me/x/blasphem/internal/common"
|
|
"dynatron.me/x/blasphem/pkg/auth/provider"
|
|
)
|
|
|
|
type FlowStore map[FlowID]*Flow
|
|
|
|
type FlowRequest struct {
|
|
ClientID ClientID `json:"client_id"`
|
|
Handler []*string `json:"handler"`
|
|
RedirectURI string `json:"redirect_uri"`
|
|
}
|
|
|
|
type FlowType string
|
|
|
|
const (
|
|
TypeForm FlowType = "form"
|
|
TypeCreateEntry FlowType = "create_entry"
|
|
)
|
|
|
|
type FlowID string
|
|
type Step string
|
|
|
|
const (
|
|
StepInit Step = "init"
|
|
)
|
|
|
|
type Flow struct {
|
|
Type FlowType `json:"type"`
|
|
ID FlowID `json:"flow_id"`
|
|
Handler []*string `json:"handler"`
|
|
StepID *Step `json:"step_id,omitempty"`
|
|
Schema []provider.FlowSchemaItem `json:"data_schema"`
|
|
Errors interface{} `json:"errors"`
|
|
DescPlace *string `json:"description_placeholders"`
|
|
LastStep *string `json:"last_step"`
|
|
|
|
request *FlowRequest
|
|
ctime time.Time
|
|
}
|
|
|
|
func (f *Flow) touch() {
|
|
f.ctime = time.Now()
|
|
}
|
|
|
|
func (fs FlowStore) register(f *Flow) {
|
|
fs.cull()
|
|
fs[f.ID] = f
|
|
}
|
|
|
|
func (fs FlowStore) Remove(f *Flow) {
|
|
delete(fs, f.ID)
|
|
}
|
|
|
|
const cullAge = time.Minute * 30
|
|
|
|
func (fs FlowStore) cull() {
|
|
for k, v := range fs {
|
|
if time.Now().Sub(v.ctime) > cullAge {
|
|
delete(fs, k)
|
|
}
|
|
}
|
|
}
|
|
|
|
func (fs FlowStore) Get(id FlowID) *Flow {
|
|
f, ok := fs[id]
|
|
if ok {
|
|
return f
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (a *Authenticator) NewFlow(r *FlowRequest) *Flow {
|
|
var sch []provider.FlowSchemaItem
|
|
|
|
for _, h := range r.Handler {
|
|
if h == nil {
|
|
break
|
|
}
|
|
|
|
if hand := a.Provider(*h); hand != nil {
|
|
sch = hand.FlowSchema()
|
|
break
|
|
}
|
|
}
|
|
|
|
if sch == nil {
|
|
return nil
|
|
}
|
|
|
|
flow := &Flow{
|
|
Type: TypeForm,
|
|
ID: FlowID(genUUID()),
|
|
StepID: stepPtr(StepInit),
|
|
Schema: sch,
|
|
Handler: r.Handler,
|
|
Errors: []string{},
|
|
request: r,
|
|
}
|
|
flow.touch()
|
|
|
|
a.flows.register(flow)
|
|
|
|
return flow
|
|
}
|
|
|
|
func stepPtr(s Step) *Step { return &s }
|
|
|
|
func (f *Flow) redirect(c echo.Context) {
|
|
c.Request().Header.Set("Location", f.request.RedirectURI)
|
|
}
|
|
|
|
func (f *Flow) progress(a *Authenticator, c echo.Context) error {
|
|
if f.StepID == nil {
|
|
c.Logger().Error("stepID is nil")
|
|
return c.String(http.StatusInternalServerError, "No Step ID")
|
|
}
|
|
|
|
switch *f.StepID {
|
|
case StepInit:
|
|
rm := make(map[string]interface{})
|
|
|
|
err := c.Bind(&rm)
|
|
if err != nil {
|
|
return c.String(http.StatusBadRequest, err.Error())
|
|
}
|
|
|
|
for _, si := range f.Schema {
|
|
if si.Required {
|
|
if _, ok := rm[si.Name]; !ok {
|
|
return c.String(http.StatusBadRequest, "missing required param "+si.Name)
|
|
}
|
|
}
|
|
}
|
|
user, err := a.Check(f, c.Request(), rm)
|
|
switch err {
|
|
case nil:
|
|
var finishedFlow struct {
|
|
ID FlowID `json:"flow_id"`
|
|
Handler []*string `json:"handler"`
|
|
Result TokenID `json:"result"`
|
|
Title string `json:"title"`
|
|
Type FlowType `json:"type"`
|
|
Version int `json:"version"`
|
|
}
|
|
|
|
a.flows.Remove(f)
|
|
copier.Copy(&finishedFlow, f)
|
|
finishedFlow.Type = TypeCreateEntry
|
|
finishedFlow.Title = common.AppName
|
|
finishedFlow.Version = 1
|
|
finishedFlow.Result = a.NewToken(c.Request(), user, f)
|
|
|
|
f.redirect(c)
|
|
|
|
return c.JSON(http.StatusCreated, &finishedFlow)
|
|
case ErrInvalidHandler:
|
|
return c.String(http.StatusNotFound, err.Error())
|
|
case ErrInvalidAuth:
|
|
fallthrough
|
|
default:
|
|
f.Errors = map[string]interface{}{
|
|
"base": "invalid_auth",
|
|
}
|
|
return c.JSON(http.StatusOK, f)
|
|
}
|
|
default:
|
|
return c.String(http.StatusBadRequest, "unknown flow step")
|
|
}
|
|
}
|
|
|
|
func (a *Authenticator) LoginFlowDeleteHandler(c echo.Context) error {
|
|
flowID := c.Param("flow_id")
|
|
|
|
if flowID == "" {
|
|
return c.String(http.StatusBadRequest, "empty flow ID")
|
|
}
|
|
|
|
delete(a.flows, FlowID(flowID))
|
|
|
|
return c.String(http.StatusOK, "deleted")
|
|
}
|
|
|
|
func setJSON(c echo.Context) {
|
|
if c.Request().Method == http.MethodPost && strings.HasPrefix(c.Request().Header.Get(echo.HeaderContentType), "text/plain") {
|
|
// hack around the content-type, Context.JSON refuses to work otherwise
|
|
c.Request().Header.Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8)
|
|
}
|
|
}
|
|
|
|
func (a *Authenticator) BeginLoginFlowHandler(c echo.Context) error {
|
|
setJSON(c)
|
|
|
|
var flowReq FlowRequest
|
|
err := c.Bind(&flowReq)
|
|
if err != nil {
|
|
return c.String(http.StatusBadRequest, err.Error())
|
|
}
|
|
|
|
resp := a.NewFlow(&flowReq)
|
|
|
|
if resp == nil {
|
|
return c.String(http.StatusBadRequest, "no such handler")
|
|
}
|
|
|
|
return c.JSON(http.StatusOK, resp)
|
|
}
|
|
|
|
func (a *Authenticator) LoginFlowHandler(c echo.Context) error {
|
|
setJSON(c)
|
|
|
|
flowID := c.Param("flow_id")
|
|
|
|
flow := a.flows.Get(FlowID(flowID))
|
|
if flow == nil {
|
|
return c.String(http.StatusNotFound, "no such flow")
|
|
}
|
|
|
|
if time.Now().Sub(flow.ctime) > cullAge {
|
|
a.flows.Remove(flow)
|
|
|
|
return c.String(http.StatusGone, "flow timed out")
|
|
}
|
|
|
|
return flow.progress(a, c)
|
|
}
|