TyleoDvDelaware3217/GoDoxy
1
0
Fork 0
mirror of https://github.com/yusing/godoxy.git synced 2025-06-04 02:42:34 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix OIDC middleware not working with Authentik

Browse source
This commit is contained in:
yusing 2025-01-14 12:59:48 +08:00
parent b359543434
commit 7a7c4be9fa
2 changed files with 12 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
internal/api/v1/auth/oidc.go
View file

@ -76,9 +76,6 @@ func (auth *OIDCProvider) TokenCookieName() string {
func (auth *OIDCProvider) SetIsMiddleware(enabled bool) { func (auth *OIDCProvider) SetIsMiddleware(enabled bool) {
auth.isMiddleware = enabled auth.isMiddleware = enabled
if auth.isMiddleware {
auth.oauthConfig.RedirectURL = OIDCMiddlewareCallbackPath
}
} }
func (auth *OIDCProvider) SetAllowedUsers(users []string) { func (auth *OIDCProvider) SetAllowedUsers(users []string) {
@ -152,13 +149,22 @@ func (auth *OIDCProvider) RedirectLoginPage(w http.ResponseWriter, r *http.Reque
return return
} }
q := u.Query() q := u.Query()
q.Set("redirect_uri", "https://"+r.Host+q.Get("redirect_uri")) q.Set("redirect_uri", "https://"+r.Host+OIDCMiddlewareCallbackPath+q.Get("redirect_uri"))
u.RawQuery = q.Encode() u.RawQuery = q.Encode()
redirURL = u.String() redirURL = u.String()
} }
http.Redirect(w, r, redirURL, http.StatusTemporaryRedirect) http.Redirect(w, r, redirURL, http.StatusTemporaryRedirect)
} }
func (auth *OIDCProvider) exchange(r *http.Request) (*oauth2.Token, error) {
if auth.isMiddleware {
cfg := *auth.oauthConfig
cfg.RedirectURL = "https://" + r.Host + OIDCMiddlewareCallbackPath
return cfg.Exchange(r.Context(), r.URL.Query().Get("code"))
}
return auth.oauthConfig.Exchange(r.Context(), r.URL.Query().Get("code"))
}
// OIDCCallbackHandler handles the OIDC callback. // OIDCCallbackHandler handles the OIDC callback.
func (auth *OIDCProvider) LoginCallbackHandler(w http.ResponseWriter, r *http.Request) { func (auth *OIDCProvider) LoginCallbackHandler(w http.ResponseWriter, r *http.Request) {
// For testing purposes, skip provider verification // For testing purposes, skip provider verification
@ -179,8 +185,7 @@ func (auth *OIDCProvider) LoginCallbackHandler(w http.ResponseWriter, r *http.Re
return return
} }
code := query.Get("code") oauth2Token, err := auth.exchange(r)
oauth2Token, err := auth.oauthConfig.Exchange(r.Context(), code)
if err != nil { if err != nil {
U.HandleErr(w, r, fmt.Errorf("failed to exchange token: %w", err), http.StatusInternalServerError) U.HandleErr(w, r, fmt.Errorf("failed to exchange token: %w", err), http.StatusInternalServerError)
return return

2
internal/net/http/middleware/oidc.go
View file

@ -19,7 +19,7 @@ var OIDC = NewMiddleware[oidcMiddleware]()
func (amw *oidcMiddleware) finalize() error { func (amw *oidcMiddleware) finalize() error {
if !auth.IsOIDCEnabled() { if !auth.IsOIDCEnabled() {
return E.New("OIDC not enabled but Auth middleware is used") return E.New("OIDC not enabled but ODIC middleware is used")
} }
authProvider, err := auth.NewOIDCProviderFromEnv() authProvider, err := auth.NewOIDCProviderFromEnv()
if err != nil { if err != nil {