123 lines
2.8 KiB
Go
123 lines
2.8 KiB
Go
package service
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"golang.org/x/oauth2"
|
|
"io/ioutil"
|
|
"net/http"
|
|
"github.com/coreos/go-oidc"
|
|
)
|
|
|
|
var cfg = &oauth2.Config{
|
|
ClientID: "client_id",
|
|
ClientSecret: "client_secret",
|
|
RedirectURL: "http://localhost:8080/callback",
|
|
Scopes: []string{"openid", "profile", "email"},
|
|
Endpoint: oauth2.Endpoint{
|
|
AuthURL: "http://localhost:8080/authorize",
|
|
TokenURL: "http://localhost:8080/token",
|
|
},
|
|
}
|
|
|
|
provider, err := oidc.NewProvider(context.Background(), "http://localhost:8080")
|
|
if err != nil {
|
|
log.Fatalf("Failed to create provider: %v", err)
|
|
}
|
|
|
|
client := &http.Client{
|
|
Transport: &oauth2.Transport{
|
|
Source: provider.TokenSource(context.Background(), &oauth2.Token{
|
|
AccessToken: accessToken,
|
|
}),
|
|
},
|
|
}
|
|
|
|
func userHandler(w http.ResponseWriter, r *http.Request) {
|
|
accessToken := r.URL.Query().Get("access_token")
|
|
if accessToken == "" {
|
|
http.Error(w, "Missing access token", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
claims, err := verifyJWT(accessToken)
|
|
if err != nil {
|
|
http.Error(w, err.Error(), http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
w.Write([]byte(fmt.Sprintf("Hello, %s!", claims.Subject)))
|
|
}
|
|
func loginHandler(w http.ResponseWriter, r *http.Request) {
|
|
url := cfg.AuthCodeURL("state", oauth2.AccessTypeOnline)
|
|
http.Redirect(w, r, url, http.StatusFound)
|
|
}
|
|
func callbackHandler(w http.ResponseWriter, r *http.Request) {
|
|
code := r.URL.Query().Get("code")
|
|
if code == "" {
|
|
http.Error(w, "Missing authorization code", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
token, err := cfg.Exchange(context.Background(), code)
|
|
if err != nil {
|
|
http.Error(w, err.Error(), http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
http.SetCookie(w, &http.Cookie{
|
|
Name: "access_token",
|
|
Value: token.AccessToken,
|
|
})
|
|
|
|
http.Redirect(w, r, "/", http.StatusFound)
|
|
}
|
|
|
|
func loginHandler(w http.ResponseWriter, r *http.Request) {
|
|
http.Redirect(w, r, cfg.AuthCodeURL("state", oauth2.AccessTypeOnline), http.StatusFound)
|
|
}
|
|
|
|
func callbackHandler(w http.ResponseWriter, r *http.Request) {
|
|
code := r.URL.Query().Get("code")
|
|
if code == "" {
|
|
http.Error(w, "Missing authorization code", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
token, err := cfg.Exchange(context.Background(), code)
|
|
if err != nil {
|
|
http.Error(w, err.Error(), http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
http.SetCookie(w, &http.Cookie{
|
|
Name: "access_token",
|
|
Value: token.AccessToken,
|
|
})
|
|
|
|
http.Redirect(w, r, "/", http.StatusFound)
|
|
}
|
|
|
|
func userHandler(w http.ResponseWriter, r *http.Request) {
|
|
accessToken, err := r.Cookie("access_token")
|
|
if err != nil {
|
|
http.Redirect(w, r, "/login", http.StatusFound)
|
|
return
|
|
}
|
|
|
|
resp, err := http.Get("http://localhost:8081/user?access_token=" + accessToken.Value)
|
|
if err != nil {
|
|
http.Error(w, err.Error(), http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
defer resp.Body.Close()
|
|
|
|
body, err := ioutil.ReadAll(resp.Body)
|
|
if err != nil {
|
|
http.Error(w, err.Error(), http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
w.Write(body)
|
|
} |