rm
This commit is contained in:
Livio Amstutz
parent
1c76101e68
commit
7e1d2f0b13
2 changed files with 76 additions and 81 deletions
|
|
@ -1,90 +1,90 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"log"
|
||||
"net/http"
|
||||
"os"
|
||||
// import (
|
||||
// "encoding/json"
|
||||
// "fmt"
|
||||
// "log"
|
||||
// "net/http"
|
||||
// "os"
|
||||
|
||||
"github.com/caos/go-oidc/pkg/oidc"
|
||||
"github.com/caos/go-oidc/pkg/oidc/defaults"
|
||||
"github.com/caos/utils/logging"
|
||||
)
|
||||
// "github.com/caos/oidc/pkg/oidc"
|
||||
// "github.com/caos/oidc/pkg/oidc/rp"
|
||||
// "github.com/caos/utils/logging"
|
||||
// )
|
||||
|
||||
const (
|
||||
publicURL string = "/public"
|
||||
protectedURL string = "/protected"
|
||||
protectedExchangeURL string = "/protected/exchange"
|
||||
)
|
||||
// const (
|
||||
// publicURL string = "/public"
|
||||
// protectedURL string = "/protected"
|
||||
// protectedExchangeURL string = "/protected/exchange"
|
||||
// )
|
||||
|
||||
func main() {
|
||||
clientID := os.Getenv("CLIENT_ID")
|
||||
clientSecret := os.Getenv("CLIENT_SECRET")
|
||||
issuer := os.Getenv("ISSUER")
|
||||
port := os.Getenv("PORT")
|
||||
// clientID := os.Getenv("CLIENT_ID")
|
||||
// clientSecret := os.Getenv("CLIENT_SECRET")
|
||||
// issuer := os.Getenv("ISSUER")
|
||||
// port := os.Getenv("PORT")
|
||||
|
||||
// ctx := context.Background()
|
||||
// // ctx := context.Background()
|
||||
|
||||
providerConfig := &oidc.ProviderConfig{
|
||||
ClientID: clientID,
|
||||
ClientSecret: clientSecret,
|
||||
Issuer: issuer,
|
||||
}
|
||||
provider, err := defaults.NewDefaultProvider(providerConfig)
|
||||
logging.Log("APP-nx6PeF").OnError(err).Panic("error creating provider")
|
||||
// providerConfig := &oidc.ProviderConfig{
|
||||
// ClientID: clientID,
|
||||
// ClientSecret: clientSecret,
|
||||
// Issuer: issuer,
|
||||
// }
|
||||
// provider, err := rp.NewDefaultProvider(providerConfig)
|
||||
// logging.Log("APP-nx6PeF").OnError(err).Panic("error creating provider")
|
||||
|
||||
http.HandleFunc(publicURL, func(w http.ResponseWriter, r *http.Request) {
|
||||
w.Write([]byte("OK"))
|
||||
})
|
||||
// http.HandleFunc(publicURL, func(w http.ResponseWriter, r *http.Request) {
|
||||
// w.Write([]byte("OK"))
|
||||
// })
|
||||
|
||||
http.HandleFunc(protectedURL, func(w http.ResponseWriter, r *http.Request) {
|
||||
ok, token := checkToken(w, r)
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
resp, err := provider.Introspect(r.Context(), token)
|
||||
if err != nil {
|
||||
http.Error(w, err.Error(), http.StatusForbidden)
|
||||
return
|
||||
}
|
||||
data, err := json.Marshal(resp)
|
||||
if err != nil {
|
||||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
w.Write(data)
|
||||
})
|
||||
// http.HandleFunc(protectedURL, func(w http.ResponseWriter, r *http.Request) {
|
||||
// ok, token := checkToken(w, r)
|
||||
// if !ok {
|
||||
// return
|
||||
// }
|
||||
// resp, err := provider.Introspect(r.Context(), token)
|
||||
// if err != nil {
|
||||
// http.Error(w, err.Error(), http.StatusForbidden)
|
||||
// return
|
||||
// }
|
||||
// data, err := json.Marshal(resp)
|
||||
// if err != nil {
|
||||
// http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||
// return
|
||||
// }
|
||||
// w.Write(data)
|
||||
// })
|
||||
|
||||
http.HandleFunc(protectedExchangeURL, func(w http.ResponseWriter, r *http.Request) {
|
||||
ok, token := checkToken(w, r)
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
tokens, err := provider.DelegationTokenExchange(r.Context(), token, oidc.WithResource([]string{"Test"}))
|
||||
if err != nil {
|
||||
http.Error(w, "failed to exchange token: "+err.Error(), http.StatusUnauthorized)
|
||||
return
|
||||
}
|
||||
// http.HandleFunc(protectedExchangeURL, func(w http.ResponseWriter, r *http.Request) {
|
||||
// ok, token := checkToken(w, r)
|
||||
// if !ok {
|
||||
// return
|
||||
// }
|
||||
// tokens, err := provider.DelegationTokenExchange(r.Context(), token, oidc.WithResource([]string{"Test"}))
|
||||
// if err != nil {
|
||||
// http.Error(w, "failed to exchange token: "+err.Error(), http.StatusUnauthorized)
|
||||
// return
|
||||
// }
|
||||
|
||||
data, err := json.Marshal(tokens)
|
||||
if err != nil {
|
||||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
w.Write(data)
|
||||
})
|
||||
// data, err := json.Marshal(tokens)
|
||||
// if err != nil {
|
||||
// http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||
// return
|
||||
// }
|
||||
// w.Write(data)
|
||||
// })
|
||||
|
||||
lis := fmt.Sprintf("127.0.0.1:%s", port)
|
||||
log.Printf("listening on http://%s/", lis)
|
||||
log.Fatal(http.ListenAndServe(lis, nil))
|
||||
}
|
||||
|
||||
func checkToken(w http.ResponseWriter, r *http.Request) (bool, string) {
|
||||
token := r.Header.Get("authorization")
|
||||
if token == "" {
|
||||
http.Error(w, "Auth header missing", http.StatusUnauthorized)
|
||||
return false, ""
|
||||
}
|
||||
return true, token
|
||||
// lis := fmt.Sprintf("127.0.0.1:%s", port)
|
||||
// log.Printf("listening on http://%s/", lis)
|
||||
// log.Fatal(http.ListenAndServe(lis, nil))
|
||||
// }
|
||||
|
||||
// func checkToken(w http.ResponseWriter, r *http.Request) (bool, string) {
|
||||
// token := r.Header.Get("authorization")
|
||||
// if token == "" {
|
||||
// http.Error(w, "Auth header missing", http.StatusUnauthorized)
|
||||
// return false, ""
|
||||
// }
|
||||
// return true, token
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue