Skip to content

Commit

Permalink
impl oidc
Browse files Browse the repository at this point in the history
  • Loading branch information
motoki317 committed May 8, 2024
1 parent 8369db2 commit 68c2454
Show file tree
Hide file tree
Showing 27 changed files with 363 additions and 66 deletions.
7 changes: 7 additions & 0 deletions cmd/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,8 @@ import (
"github.com/traPtitech/traQ/service/fcm"
"github.com/traPtitech/traQ/service/imaging"
"github.com/traPtitech/traQ/service/message"
"github.com/traPtitech/traQ/service/oidc"
"github.com/traPtitech/traQ/service/rbac"
"github.com/traPtitech/traQ/service/search"
"github.com/traPtitech/traQ/service/variable"
"github.com/traPtitech/traQ/utils/storage"
Expand Down Expand Up @@ -469,6 +471,10 @@ func provideImageProcessorConfig(c *Config) imaging.Config {
}
}

func provideOIDCService(c *Config, repo repository.Repository, rbac rbac.RBAC) *oidc.Service {
return oidc.NewOIDCService(repo, c.Origin, rbac)
}

func provideAuthGithubProviderConfig(c *Config) auth.GithubProviderConfig {
return auth.GithubProviderConfig{
ClientID: c.ExternalAuth.GitHub.ClientID,
Expand Down Expand Up @@ -530,6 +536,7 @@ func provideRouterExternalAuthConfig(c *Config) router.ExternalAuthConfig {

func provideRouterConfig(c *Config) *router.Config {
return &router.Config{
Origin: c.Origin,
Development: c.DevMode,
Version: Version,
Revision: Revision,
Expand Down
2 changes: 1 addition & 1 deletion cmd/serve.go
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@ func serveCommand() *cobra.Command {
}
logger.Info("repository was set up")

// JWT for QRCode
// JWT
if priv := c.JWT.Keys.Private; priv != "" {
privRaw, err := os.ReadFile(priv)
if err != nil {
Expand Down
1 change: 1 addition & 0 deletions cmd/serve_wire.go
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,7 @@ func newServer(hub *hub.Hub, db *gorm.DB, repo repository.Repository, fs storage
provideServerOriginString,
provideFirebaseCredentialsFilePathString,
provideImageProcessorConfig,
provideOIDCService,
provideRouterConfig,
provideESEngineConfig,
wire.Struct(new(service.Services), "*"),
Expand Down
2 changes: 2 additions & 0 deletions cmd/wire_gen.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

8 changes: 6 additions & 2 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ go 1.22.2
require (
cloud.google.com/go/profiler v0.4.0
firebase.google.com/go v3.13.0+incompatible
github.com/MicahParks/jwkset v0.3.1
github.com/NYTimes/gziphandler v1.1.1
github.com/aws/aws-sdk-go-v2 v1.26.1
github.com/aws/aws-sdk-go-v2/config v1.27.11
Expand Down Expand Up @@ -50,6 +51,7 @@ require (
github.com/spf13/pflag v1.0.5
github.com/spf13/viper v1.18.2
github.com/stretchr/testify v1.9.0
github.com/zitadel/oidc v1.13.4
go.uber.org/zap v1.27.0
golang.org/x/crypto v0.23.0
golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842
Expand Down Expand Up @@ -127,6 +129,7 @@ require (
github.com/google/uuid v1.6.0 // indirect
github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
github.com/googleapis/gax-go/v2 v2.12.4 // indirect
github.com/gorilla/securecookie v1.1.2 // indirect
github.com/hashicorp/hcl v1.0.0 // indirect
github.com/hpcloud/tail v1.0.0 // indirect
github.com/imdario/mergo v0.3.12 // indirect
Expand Down Expand Up @@ -157,8 +160,8 @@ require (
github.com/sagikazarmark/locafero v0.4.0 // indirect
github.com/sagikazarmark/slog-shim v0.1.0 // indirect
github.com/sanity-io/litter v1.5.5 // indirect
github.com/sergi/go-diff v1.0.0 // indirect
github.com/sirupsen/logrus v1.8.1 // indirect
github.com/sergi/go-diff v1.2.0 // indirect
github.com/sirupsen/logrus v1.9.0 // indirect
github.com/sourcegraph/conc v0.3.0 // indirect
github.com/spf13/afero v1.11.0 // indirect
github.com/spf13/cast v1.6.0 // indirect
Expand Down Expand Up @@ -192,6 +195,7 @@ require (
google.golang.org/protobuf v1.34.1 // indirect
gopkg.in/fsnotify.v1 v1.4.7 // indirect
gopkg.in/ini.v1 v1.67.0 // indirect
gopkg.in/square/go-jose.v2 v2.6.0 // indirect
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
moul.io/http2curl/v2 v2.3.0 // indirect
Expand Down
20 changes: 18 additions & 2 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,8 @@ firebase.google.com/go v3.13.0+incompatible/go.mod h1:xlah6XbEyW6tbfSklcfe5FHJIw
github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 h1:w+iIsaOQNcT7OZ575w+acHgRric5iCyQh+xv+KJ4HB8=
github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
github.com/MicahParks/jwkset v0.3.1 h1:DIVazR/elD8CLWPblrVo610TzovIDYMcvlM4X0UT0vQ=
github.com/MicahParks/jwkset v0.3.1/go.mod h1:Ob0sxSgMmQZFg4GO59PVBnfm+jtdQ1MJbfZDU90tEwM=
github.com/Microsoft/go-winio v0.6.0 h1:slsWYD/zyx7lCXoZVlvQrj0hPTM1HI4+v1sIda2yDvg=
github.com/Microsoft/go-winio v0.6.0/go.mod h1:cTAf44im0RAYeL23bpB+fzCyDH2MJiz2BO69KH/soAE=
github.com/NYTimes/gziphandler v1.1.1 h1:ZUDjpQae29j0ryrS0u/B8HZfJBtBQHjqw2rQ2cqUQ3I=
Expand Down Expand Up @@ -211,6 +213,8 @@ github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeN
github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=
github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU=
github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
github.com/google/martian/v3 v3.3.2 h1:IqNFLAmvJOgVlpdEBiQbDc2EwKW77amAycfTuWKdfvw=
github.com/google/martian/v3 v3.3.2/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk=
github.com/google/pprof v0.0.0-20230602150820-91b7bce49751 h1:hR7/MlvK23p6+lIw9SN1TigNLn9ZnF3W4SYRKq2gAHs=
Expand All @@ -231,6 +235,8 @@ github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfF
github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0=
github.com/googleapis/gax-go/v2 v2.12.4 h1:9gWcmF85Wvq4ryPFvGFaOgPIs1AQX0d0bcbGw4Z96qg=
github.com/googleapis/gax-go/v2 v2.12.4/go.mod h1:KYEYLorsnIGDi/rPC8b5TdlB9kbKoFubselGIoBMCwI=
github.com/gorilla/securecookie v1.1.2 h1:YCIWL56dvtr73r6715mJs5ZvhtnY73hBvEF8kXD8ePA=
github.com/gorilla/securecookie v1.1.2/go.mod h1:NfCASbcHqRSY+3a8tlWJwsQap2VX5pwzwo4h3eOamfo=
github.com/gorilla/websocket v1.5.1 h1:gmztn0JnHVt9JZquRuzLw3g4wouNVzKL15iLr/zn/QY=
github.com/gorilla/websocket v1.5.1/go.mod h1:x3kM2JMyaluk02fnUJpQuwD2dCS5NDG2ZHL0uE0tcaY=
github.com/guregu/null v4.0.0+incompatible h1:4zw0ckM7ECd6FNNddc3Fu4aty9nTlpkkzH7dPn4/4Gw=
Expand Down Expand Up @@ -366,11 +372,13 @@ github.com/sanity-io/litter v1.5.5/go.mod h1:9gzJgR2i4ZpjZHsKvUXIRQVk7P+yM3e+jAF
github.com/sapphi-red/midec v0.5.2 h1:7R69uT6BMyWT+XGkBTI14TqgRNCBa5qo+bFgr5OSPIg=
github.com/sapphi-red/midec v0.5.2/go.mod h1:LjZZZoars2NdhvLzAsC7MoGmxHzWUqiRY6r73gXqBmo=
github.com/seccomp/libseccomp-golang v0.9.2-0.20220502022130-f33da4d89646/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg=
github.com/sergi/go-diff v1.0.0 h1:Kpca3qRNrduNnOQeazBd0ysaKrUJiIuISHxogkT9RPQ=
github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo=
github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ=
github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE=
github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e h1:MRM5ITcdelLK2j1vwZ3Je0FKVCfqOLp5zO6trqMLYs0=
github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e/go.mod h1:XV66xRDqSt+GTGFMVlhk3ULuV0y9ZmzeVGR4mloJI3M=
github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo=
Expand All @@ -393,6 +401,7 @@ github.com/stretchr/testify v0.0.0-20161117074351-18a02ba4a312/go.mod h1:a8OnRci
github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
Expand Down Expand Up @@ -434,6 +443,8 @@ github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de
github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
github.com/zitadel/oidc v1.13.4 h1:+k2GKqP9Ld9S2MSFlj+KaNsoZ3J9oy+Ezw51EzSFuC8=
github.com/zitadel/oidc v1.13.4/go.mod h1:3h2DhUcP02YV6q/CA/BG4yla0o6rXjK+DkJGK/dwJfw=
go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0 h1:4Pp6oUg3+e/6M4C0A/3kJ2VYa++dsWVTtGgLVj5xtHg=
Expand Down Expand Up @@ -555,6 +566,7 @@ golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBc
golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220712014510-0a85c31ab51e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
Expand Down Expand Up @@ -649,16 +661,20 @@ google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFW
google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
gopkg.in/fsnotify.v1 v1.4.7 h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4=
gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
gopkg.in/square/go-jose.v2 v2.6.0 h1:NGk74WTnPKBNUhNzQX7PYcTLUjoq7mzKk2OKbvwk2iI=
gopkg.in/square/go-jose.v2 v2.6.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
Expand Down
1 change: 1 addition & 0 deletions migration/current.go
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@ func Migrations() []*gormigrate.Migration {
v32(), // ユーザーの表示名上限を32文字に
v33(), // 未読テーブルにチャンネルIDカラムを追加 / インデックス類の更新 / 不要なレコードの削除
v34(), // 未読テーブルのcreated_atカラムをメッセージテーブルを元に更新 / カラム名を変更
v35(), // OIDC実装のためProfileロールを追加
}
}

Expand Down
48 changes: 48 additions & 0 deletions migration/v35.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
package migration

import (
"github.com/go-gormigrate/gormigrate/v2"
"gorm.io/gorm"
)

// v35 OIDC実装のためProfileロールを追加
func v35() *gormigrate.Migration {
return &gormigrate.Migration{
ID: "35",
Migrate: func(db *gorm.DB) error {
v := v35UserRole{
Name: "profile",
Oauth2Scope: true,
System: true,
Permissions: []v35RolePermission{
{
Role: "profile",
Permission: "get_me",
},
},
}
return db.Create(v).Error
},
}
}

type v35UserRole struct {
Name string `gorm:"type:varchar(30);not null;primaryKey"`
Oauth2Scope bool `gorm:"type:boolean;not null;default:false"`
System bool `gorm:"type:boolean;not null;default:false"`

Permissions []v35RolePermission `gorm:"constraint:user_role_permissions_role_user_roles_name_foreign,OnUpdate:CASCADE,OnDelete:CASCADE;foreignKey:Role;references:Name"`
}

func (*v35UserRole) TableName() string {
return "user_roles"
}

type v35RolePermission struct {
Role string `gorm:"type:varchar(30);not null;primaryKey"`
Permission string `gorm:"type:varchar(30);not null;primaryKey"`
}

func (*v35RolePermission) TableName() string {
return "user_role_permissions"
}
15 changes: 13 additions & 2 deletions model/oauth2.go
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ import (

vd "github.com/go-ozzo/ozzo-validation/v4"
"github.com/gofrs/uuid"
"github.com/samber/lo"
"gorm.io/gorm"

"github.com/traPtitech/traQ/utils/validator"
Expand All @@ -28,6 +29,11 @@ type AccessScope string
// AccessScopes AccessScopeのセット
type AccessScopes map[AccessScope]struct{}

// SupportedAccessScopes 対応するスコープ一覧を返します
func SupportedAccessScopes() []string {
return []string{"read", "write", "manage_bot", "openid", "profile"}
}

// Value database/sql/driver.Valuer 実装
func (arr AccessScopes) Value() (driver.Value, error) {
return arr.String(), nil
Expand Down Expand Up @@ -112,7 +118,8 @@ func (arr AccessScopes) StringArray() (r []string) {
// Validate github.com/go-ozzo/ozzo-validation.Validatable 実装
func (arr AccessScopes) Validate() error {
// TODO カスタムスコープに対応
return vd.Validate(arr.StringArray(), vd.Each(vd.Required, vd.In("read", "write", "manage_bot")))
scopes := lo.Map(SupportedAccessScopes(), func(s string, _ int) any { return s })
return vd.Validate(arr.StringArray(), vd.Each(vd.Required, vd.In(scopes...)))
}

// OAuth2Authorize OAuth2 認可データの構造体
Expand Down Expand Up @@ -226,9 +233,13 @@ func (t *OAuth2Token) GetAvailableScopes(request AccessScopes) (result AccessSco
return
}

func (t *OAuth2Token) Deadline() time.Time {
return t.CreatedAt.Add(time.Duration(t.ExpiresIn) * time.Second)
}

// IsExpired 有効期限が切れているかどうか
func (t *OAuth2Token) IsExpired() bool {
return t.CreatedAt.Add(time.Duration(t.ExpiresIn) * time.Second).Before(time.Now())
return t.Deadline().Before(time.Now())
}

// IsRefreshEnabled リフレッシュトークンが有効かどうか
Expand Down
3 changes: 3 additions & 0 deletions router/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@ import (

// Config APIサーバー設定
type Config struct {
// Origin サーバーオリジン (e.g. https://q.trap.jp)
Origin string
// 開発モードかどうか
Development bool
// Version サーバーバージョン
Expand Down Expand Up @@ -66,6 +68,7 @@ func (c ExternalAuthConfig) ValidProviders() map[string]bool {

func provideOAuth2Config(c *Config) oauth2.Config {
return oauth2.Config{
Origin: c.Origin,
AccessTokenExp: c.AccessTokenExp,
IsRefreshEnabled: c.IsRefreshEnabled,
}
Expand Down
18 changes: 11 additions & 7 deletions router/oauth2/authorization_endpoint.go
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ import (
vd "github.com/go-ozzo/ozzo-validation/v4"
"github.com/google/go-querystring/query"
"github.com/labstack/echo/v4"
"github.com/samber/lo"
"go.uber.org/zap"

"github.com/traPtitech/traQ/model"
Expand Down Expand Up @@ -52,16 +53,17 @@ func (r authorizeRequest) Validate() error {
}

type responseType struct {
Code bool
Token bool
None bool
Code bool
Token bool
IDToken bool
None bool
}

func (t responseType) valid() bool {
if t.None {
return !t.Code && !t.Token
return !t.Code && !t.Token && !t.IDToken
}
return t.Code || t.Token
return t.Code || t.Token || t.IDToken
}

// AuthorizationEndpointHandler 認可エンドポイントのハンドラ
Expand Down Expand Up @@ -102,7 +104,7 @@ func (h *Handler) AuthorizationEndpointHandler(c echo.Context) error {

// PKCE確認
if len(req.CodeChallengeMethod) > 0 {
if req.CodeChallengeMethod != "plain" && req.CodeChallengeMethod != "S256" {
if !lo.Contains(supportedCodeChallengeMethods, req.CodeChallengeMethod) {
q.Set("error", errInvalidRequest)
redirectURI.RawQuery = q.Encode()
return c.Redirect(http.StatusFound, redirectURI.String())
Expand Down Expand Up @@ -132,13 +134,15 @@ func (h *Handler) AuthorizationEndpointHandler(c echo.Context) error {
}

// ResponseType確認
types := responseType{false, false, false}
var types responseType
for _, v := range strings.Fields(req.ResponseType) {
switch v {
case "code":
types.Code = true
case "token":
types.Token = true
case "id_token":
types.IDToken = true
case "none":
types.None = true
default:
Expand Down
2 changes: 1 addition & 1 deletion router/oauth2/authorization_endpoint_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -530,7 +530,7 @@ func TestHandlers_AuthorizationDecideHandler(t *testing.T) {
Scopes: scopesReadWrite,
ValidScopes: scopesRead,
State: "state",
Types: responseType{true, false, false},
Types: responseType{Code: true},
AccessTime: time.Now(),
Nonce: "nonce",
},
Expand Down
Loading

0 comments on commit 68c2454

Please sign in to comment.