rm
This commit is contained in:
Livio Amstutz
parent
1c76101e68
commit
7e1d2f0b13
2 changed files with 76 additions and 81 deletions
|
|
@ -1,90 +1,90 @@
|
||||||
package main
|
package main
|
||||||
|
|
||||||
import (
|
// import (
|
||||||
"encoding/json"
|
// "encoding/json"
|
||||||
"fmt"
|
// "fmt"
|
||||||
"log"
|
// "log"
|
||||||
"net/http"
|
// "net/http"
|
||||||
"os"
|
// "os"
|
||||||
|
|
||||||
"github.com/caos/go-oidc/pkg/oidc"
|
// "github.com/caos/oidc/pkg/oidc"
|
||||||
"github.com/caos/go-oidc/pkg/oidc/defaults"
|
// "github.com/caos/oidc/pkg/oidc/rp"
|
||||||
"github.com/caos/utils/logging"
|
// "github.com/caos/utils/logging"
|
||||||
)
|
// )
|
||||||
|
|
||||||
const (
|
// const (
|
||||||
publicURL string = "/public"
|
// publicURL string = "/public"
|
||||||
protectedURL string = "/protected"
|
// protectedURL string = "/protected"
|
||||||
protectedExchangeURL string = "/protected/exchange"
|
// protectedExchangeURL string = "/protected/exchange"
|
||||||
)
|
// )
|
||||||
|
|
||||||
func main() {
|
func main() {
|
||||||
clientID := os.Getenv("CLIENT_ID")
|
// clientID := os.Getenv("CLIENT_ID")
|
||||||
clientSecret := os.Getenv("CLIENT_SECRET")
|
// clientSecret := os.Getenv("CLIENT_SECRET")
|
||||||
issuer := os.Getenv("ISSUER")
|
// issuer := os.Getenv("ISSUER")
|
||||||
port := os.Getenv("PORT")
|
// port := os.Getenv("PORT")
|
||||||
|
|
||||||
// ctx := context.Background()
|
// // ctx := context.Background()
|
||||||
|
|
||||||
providerConfig := &oidc.ProviderConfig{
|
// providerConfig := &oidc.ProviderConfig{
|
||||||
ClientID: clientID,
|
// ClientID: clientID,
|
||||||
ClientSecret: clientSecret,
|
// ClientSecret: clientSecret,
|
||||||
Issuer: issuer,
|
// Issuer: issuer,
|
||||||
}
|
// }
|
||||||
provider, err := defaults.NewDefaultProvider(providerConfig)
|
// provider, err := rp.NewDefaultProvider(providerConfig)
|
||||||
logging.Log("APP-nx6PeF").OnError(err).Panic("error creating provider")
|
// logging.Log("APP-nx6PeF").OnError(err).Panic("error creating provider")
|
||||||
|
|
||||||
http.HandleFunc(publicURL, func(w http.ResponseWriter, r *http.Request) {
|
// http.HandleFunc(publicURL, func(w http.ResponseWriter, r *http.Request) {
|
||||||
w.Write([]byte("OK"))
|
// w.Write([]byte("OK"))
|
||||||
})
|
// })
|
||||||
|
|
||||||
http.HandleFunc(protectedURL, func(w http.ResponseWriter, r *http.Request) {
|
// http.HandleFunc(protectedURL, func(w http.ResponseWriter, r *http.Request) {
|
||||||
ok, token := checkToken(w, r)
|
// ok, token := checkToken(w, r)
|
||||||
if !ok {
|
// if !ok {
|
||||||
return
|
// return
|
||||||
}
|
// }
|
||||||
resp, err := provider.Introspect(r.Context(), token)
|
// resp, err := provider.Introspect(r.Context(), token)
|
||||||
if err != nil {
|
// if err != nil {
|
||||||
http.Error(w, err.Error(), http.StatusForbidden)
|
// http.Error(w, err.Error(), http.StatusForbidden)
|
||||||
return
|
// return
|
||||||
}
|
// }
|
||||||
data, err := json.Marshal(resp)
|
// data, err := json.Marshal(resp)
|
||||||
if err != nil {
|
// if err != nil {
|
||||||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
// http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||||
return
|
// return
|
||||||
}
|
// }
|
||||||
w.Write(data)
|
// w.Write(data)
|
||||||
})
|
// })
|
||||||
|
|
||||||
http.HandleFunc(protectedExchangeURL, func(w http.ResponseWriter, r *http.Request) {
|
// http.HandleFunc(protectedExchangeURL, func(w http.ResponseWriter, r *http.Request) {
|
||||||
ok, token := checkToken(w, r)
|
// ok, token := checkToken(w, r)
|
||||||
if !ok {
|
// if !ok {
|
||||||
return
|
// return
|
||||||
}
|
// }
|
||||||
tokens, err := provider.DelegationTokenExchange(r.Context(), token, oidc.WithResource([]string{"Test"}))
|
// tokens, err := provider.DelegationTokenExchange(r.Context(), token, oidc.WithResource([]string{"Test"}))
|
||||||
if err != nil {
|
// if err != nil {
|
||||||
http.Error(w, "failed to exchange token: "+err.Error(), http.StatusUnauthorized)
|
// http.Error(w, "failed to exchange token: "+err.Error(), http.StatusUnauthorized)
|
||||||
return
|
// return
|
||||||
}
|
// }
|
||||||
|
|
||||||
data, err := json.Marshal(tokens)
|
// data, err := json.Marshal(tokens)
|
||||||
if err != nil {
|
// if err != nil {
|
||||||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
// http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||||
return
|
// return
|
||||||
}
|
// }
|
||||||
w.Write(data)
|
// w.Write(data)
|
||||||
})
|
// })
|
||||||
|
|
||||||
lis := fmt.Sprintf("127.0.0.1:%s", port)
|
// lis := fmt.Sprintf("127.0.0.1:%s", port)
|
||||||
log.Printf("listening on http://%s/", lis)
|
// log.Printf("listening on http://%s/", lis)
|
||||||
log.Fatal(http.ListenAndServe(lis, nil))
|
// log.Fatal(http.ListenAndServe(lis, nil))
|
||||||
}
|
// }
|
||||||
|
|
||||||
func checkToken(w http.ResponseWriter, r *http.Request) (bool, string) {
|
// func checkToken(w http.ResponseWriter, r *http.Request) (bool, string) {
|
||||||
token := r.Header.Get("authorization")
|
// token := r.Header.Get("authorization")
|
||||||
if token == "" {
|
// if token == "" {
|
||||||
http.Error(w, "Auth header missing", http.StatusUnauthorized)
|
// http.Error(w, "Auth header missing", http.StatusUnauthorized)
|
||||||
return false, ""
|
// return false, ""
|
||||||
}
|
// }
|
||||||
return true, token
|
// return true, token
|
||||||
}
|
}
|
||||||
|
|
|
||||||
5
main.go
5
main.go
|
|
@ -1,5 +0,0 @@
|
||||||
package main
|
|
||||||
import "fmt"
|
|
||||||
func main() {
|
|
||||||
fmt.Println("hello world")
|
|
||||||
}
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue