init

2024-09-12 01:11:03 +08:00
parent 118e1ec0a5
commit c7a02db8fe
8 changed files with 203 additions and 0 deletions
--- a/service/ssoServer.go
+++ b/service/ssoServer.go
@ -0,0 +1,123 @@
+package service
+
+import (
+	"context"
+	"fmt"
+	"golang.org/x/oauth2"
+	"io/ioutil"
+	"net/http"
+	"github.com/coreos/go-oidc"
+)
+
+var cfg = &oauth2.Config{
+	ClientID:     "client_id",
+	ClientSecret: "client_secret",
+	RedirectURL:  "http://localhost:8080/callback",
+	Scopes:       []string{"openid", "profile", "email"},
+	Endpoint: oauth2.Endpoint{
+		AuthURL:  "http://localhost:8080/authorize",
+		TokenURL: "http://localhost:8080/token",
+	},
+}
+
+provider, err := oidc.NewProvider(context.Background(), "http://localhost:8080")
+if err != nil {
+log.Fatalf("Failed to create provider: %v", err)
+}
+
+client := &http.Client{
+Transport: &oauth2.Transport{
+Source: provider.TokenSource(context.Background(), &oauth2.Token{
+AccessToken: accessToken,
+}),
+},
+}
+
+func userHandler(w http.ResponseWriter, r *http.Request) {
+	accessToken := r.URL.Query().Get("access_token")
+	if accessToken == "" {
+		http.Error(w, "Missing access token", http.StatusBadRequest)
+		return
+	}
+
+	claims, err := verifyJWT(accessToken)
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusBadRequest)
+		return
+	}
+
+	w.Write([]byte(fmt.Sprintf("Hello, %s!", claims.Subject)))
+}
+func loginHandler(w http.ResponseWriter, r *http.Request) {
+	url := cfg.AuthCodeURL("state", oauth2.AccessTypeOnline)
+	http.Redirect(w, r, url, http.StatusFound)
+}
+func callbackHandler(w http.ResponseWriter, r *http.Request) {
+	code := r.URL.Query().Get("code")
+	if code == "" {
+		http.Error(w, "Missing authorization code", http.StatusBadRequest)
+		return
+	}
+
+	token, err := cfg.Exchange(context.Background(), code)
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusBadRequest)
+		return
+	}
+
+	http.SetCookie(w, &http.Cookie{
+		Name:  "access_token",
+		Value: token.AccessToken,
+	})
+
+	http.Redirect(w, r, "/", http.StatusFound)
+}
+
+func loginHandler(w http.ResponseWriter, r *http.Request) {
+	http.Redirect(w, r, cfg.AuthCodeURL("state", oauth2.AccessTypeOnline), http.StatusFound)
+}
+
+func callbackHandler(w http.ResponseWriter, r *http.Request) {
+	code := r.URL.Query().Get("code")
+	if code == "" {
+		http.Error(w, "Missing authorization code", http.StatusBadRequest)
+		return
+	}
+
+	token, err := cfg.Exchange(context.Background(), code)
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusBadRequest)
+		return
+	}
+
+	http.SetCookie(w, &http.Cookie{
+		Name:  "access_token",
+		Value: token.AccessToken,
+	})
+
+	http.Redirect(w, r, "/", http.StatusFound)
+}
+
+func userHandler(w http.ResponseWriter, r *http.Request) {
+	accessToken, err := r.Cookie("access_token")
+	if err != nil {
+		http.Redirect(w, r, "/login", http.StatusFound)
+		return
+	}
+
+	resp, err := http.Get("http://localhost:8081/user?access_token=" + accessToken.Value)
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusBadRequest)
+		return
+	}
+
+	defer resp.Body.Close()
+
+	body, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusBadRequest)
+		return
+	}
+
+	w.Write(body)
+}