From c5e0ac6f38194b6127a959606f5ccde5b8b2d62a Mon Sep 17 00:00:00 2001
From: yusing <yusing@6uo.me>
Date: Tue, 14 Jan 2025 04:08:16 +0800
Subject: [PATCH] allow override allowed_user in middleware, fix typos

---
 internal/api/v1/auth/oidc.go                | 8 ++++----
 internal/net/http/middleware/middlewares.go | 2 +-
 internal/net/http/middleware/oidc.go        | 7 ++++++-
 3 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/internal/api/v1/auth/oidc.go b/internal/api/v1/auth/oidc.go
index 25b5b82..f6694d1 100644
--- a/internal/api/v1/auth/oidc.go
+++ b/internal/api/v1/auth/oidc.go
@@ -107,16 +107,16 @@ func (auth *OIDCProvider) CheckToken(w http.ResponseWriter, r *http.Request) err
 	return nil
 }
 
-// generateState generates a random string for ODIC state.
-const odicStateLength = 32
+// generateState generates a random string for OIDC state.
+const oidcStateLength = 32
 
 func generateState() (string, error) {
-	b := make([]byte, odicStateLength)
+	b := make([]byte, oidcStateLength)
 	_, err := rand.Read(b)
 	if err != nil {
 		return "", err
 	}
-	return base64.URLEncoding.EncodeToString(b)[:odicStateLength], nil
+	return base64.URLEncoding.EncodeToString(b)[:oidcStateLength], nil
 }
 
 // RedirectOIDC initiates the OIDC login flow.
diff --git a/internal/net/http/middleware/middlewares.go b/internal/net/http/middleware/middlewares.go
index 0477601..1785083 100644
--- a/internal/net/http/middleware/middlewares.go
+++ b/internal/net/http/middleware/middlewares.go
@@ -14,7 +14,7 @@ import (
 var allMiddlewares = map[string]*Middleware{
 	"redirecthttp": RedirectHTTP,
 
-	"auth": OIDC,
+	"oidc": OIDC,
 
 	"request":        ModifyRequest,
 	"modifyrequest":  ModifyRequest,
diff --git a/internal/net/http/middleware/oidc.go b/internal/net/http/middleware/oidc.go
index 968b6b0..464a662 100644
--- a/internal/net/http/middleware/oidc.go
+++ b/internal/net/http/middleware/oidc.go
@@ -8,7 +8,7 @@ import (
 )
 
 type oidcMiddleware struct {
-	AllowedUsers []string
+	AllowedUsers []string `json:"allowed_users"`
 
 	auth          auth.Provider
 	authMux       *http.ServeMux
@@ -30,7 +30,12 @@ func (amw *oidcMiddleware) finalize() error {
 	if err != nil {
 		return err
 	}
+
 	authProvider.SetOverrideHostEnabled(true)
+	if len(amw.AllowedUsers) > 0 {
+		authProvider.SetAllowedUsers(amw.AllowedUsers)
+	}
+
 	amw.authMux = http.NewServeMux()
 	amw.authMux.HandleFunc(OIDCMiddlewareCallbackPath, authProvider.LoginCallbackHandler)
 	amw.authMux.HandleFunc(OIDCLogoutPath, func(w http.ResponseWriter, r *http.Request) {