Skip to content
This repository has been archived by the owner on Aug 16, 2022. It is now read-only.

Commit

Permalink
fix: allow separate auth server ui domain
Browse files Browse the repository at this point in the history
  • Loading branch information
rot1024 committed Apr 8, 2022
1 parent e96f78a commit 0ce79ff
Show file tree
Hide file tree
Showing 2 changed files with 27 additions and 12 deletions.
21 changes: 11 additions & 10 deletions internal/app/auth_server.go
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,8 @@ func authEndPoints(ctx context.Context, e *echo.Echo, r *echo.Group, cfg *Server
}
domain.Path = "/"

uidomain := cfg.Config.AuthServeUIDomainURL()

config := &op.Config{
Issuer: domain.String(),
CryptoKey: sha256.Sum256([]byte(cfg.Config.AuthSrv.Key)),
Expand Down Expand Up @@ -92,7 +94,7 @@ func authEndPoints(ctx context.Context, e *echo.Echo, r *echo.Group, cfg *Server
}

// Actual login endpoint
r.POST(loginEndpoint, login(ctx, domain, storage, userUsecase))
r.POST(loginEndpoint, login(ctx, domain, uidomain, storage, userUsecase))

r.GET(logoutEndpoint, logout())

Expand Down Expand Up @@ -188,31 +190,31 @@ type loginForm struct {
AuthRequestID string `json:"id" form:"id"`
}

func login(ctx context.Context, url *url.URL, storage op.Storage, userUsecase interfaces.User) func(ctx echo.Context) error {
func login(ctx context.Context, url, uiurl *url.URL, storage op.Storage, userUsecase interfaces.User) func(ctx echo.Context) error {
return func(ec echo.Context) error {
request := new(loginForm)
err := ec.Bind(request)
if err != nil {
log.Errorln("auth: filed to parse login request")
return ec.Redirect(
http.StatusFound,
redirectURL(url, "/login", "", "Bad request!"),
redirectURL(uiurl, "/login", "", "Bad request!"),
)
}

if _, err := storage.AuthRequestByID(ctx, request.AuthRequestID); err != nil {
log.Errorf("auth: filed to parse login request: %s\n", err)
return ec.Redirect(
http.StatusFound,
redirectURL(url, "/login", "", "Bad request!"),
redirectURL(uiurl, "/login", "", "Bad request!"),
)
}

if len(request.Email) == 0 || len(request.Password) == 0 {
log.Errorln("auth: one of credentials are not provided")
return ec.Redirect(
http.StatusFound,
redirectURL(url, "/login", request.AuthRequestID, "Bad request!"),
redirectURL(uiurl, "/login", request.AuthRequestID, "Bad request!"),
)
}

Expand All @@ -232,7 +234,7 @@ func login(ctx context.Context, url *url.URL, storage op.Storage, userUsecase in
log.Errorf("auth: wrong credentials: %s\n", err)
return ec.Redirect(
http.StatusFound,
redirectURL(url, "/login", request.AuthRequestID, "Login failed; Invalid user ID or password."),
redirectURL(uiurl, "/login", request.AuthRequestID, "Login failed; Invalid user ID or password."),
)
}

Expand All @@ -242,7 +244,7 @@ func login(ctx context.Context, url *url.URL, storage op.Storage, userUsecase in
log.Errorf("auth: failed to complete the auth request: %s\n", err)
return ec.Redirect(
http.StatusFound,
redirectURL(url, "/login", request.AuthRequestID, "Bad request!"),
redirectURL(uiurl, "/login", request.AuthRequestID, "Bad request!"),
)
}

Expand All @@ -262,10 +264,9 @@ func logout() func(ec echo.Context) error {

func redirectURL(u *url.URL, p string, requestID, err string) string {
v := cloneURL(u)
if p == "" {
p = "/login"
if p != "" {
v.Path = p
}
v.Path = p
queryValues := u.Query()
queryValues.Set("id", requestID)
if err != "" {
Expand Down
18 changes: 16 additions & 2 deletions internal/app/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,7 @@ type AuthSrvConfig struct {
Dev bool
Disabled bool
Domain string
UIDomain string
Key string
DN *AuthSrvDNConfig
}
Expand All @@ -75,7 +76,7 @@ func (c AuthSrvConfig) AuthConfig(debug bool, host string) *AuthConfig {
}

var aud []string
if debug && host != "" && c.Domain != "" {
if debug && host != "" && c.Domain != "" && c.Domain != host {
aud = []string{host, c.Domain}
} else {
aud = []string{domain}
Expand Down Expand Up @@ -146,7 +147,7 @@ func ReadConfig(debug bool) (*Config, error) {
}
}

// defailt values
// default values
if debug {
c.Dev = true
}
Expand All @@ -164,6 +165,11 @@ func ReadConfig(debug bool) (*Config, error) {
if c.Host_Web == "" {
c.Host_Web = c.Host
}
if c.AuthSrv.UIDomain == "" {
c.AuthSrv.UIDomain = c.Host_Web
} else {
c.AuthSrv.UIDomain = addHTTPScheme(c.AuthSrv.UIDomain)
}

return &c, err
}
Expand Down Expand Up @@ -278,6 +284,14 @@ func (c Config) AuthServeDomainURL() *url.URL {
return u
}

func (c Config) AuthServeUIDomainURL() *url.URL {
u, err := url.Parse(c.AuthSrv.UIDomain)
if err != nil {
u = nil
}
return u
}

func addHTTPScheme(host string) string {
if host == "" {
return ""
Expand Down

0 comments on commit 0ce79ff

Please sign in to comment.