mirror of
https://github.com/yusing/godoxy.git
synced 2025-06-04 02:42:34 +02:00
51 lines
1.3 KiB
Go
51 lines
1.3 KiB
Go
package middleware
|
|
|
|
import (
|
|
"net/http"
|
|
|
|
"github.com/yusing/go-proxy/internal/api/v1/auth"
|
|
E "github.com/yusing/go-proxy/internal/error"
|
|
)
|
|
|
|
type oidcMiddleware struct {
|
|
oauth *auth.OIDCProvider
|
|
authMux *http.ServeMux
|
|
}
|
|
|
|
var OIDC = NewMiddleware[oidcMiddleware]()
|
|
|
|
const (
|
|
OIDCMiddlewareCallbackPath = "/godoxy-auth-oidc/callback"
|
|
OIDCLogoutPath = "/logout"
|
|
)
|
|
|
|
func (amw *oidcMiddleware) finalize() error {
|
|
if !auth.IsOIDCEnabled() {
|
|
return E.New("OIDC not enabled but Auth middleware is used")
|
|
}
|
|
provider, err := auth.NewOIDCProviderFromEnv(OIDCMiddlewareCallbackPath)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
provider.SetOverrideHostEnabled(true)
|
|
amw.oauth = provider
|
|
amw.authMux = http.NewServeMux()
|
|
amw.authMux.HandleFunc(OIDCMiddlewareCallbackPath, provider.OIDCCallbackHandler)
|
|
amw.authMux.HandleFunc(OIDCLogoutPath, func(w http.ResponseWriter, r *http.Request) {
|
|
http.Error(w, "Unauthorized", http.StatusUnauthorized)
|
|
})
|
|
amw.authMux.HandleFunc("/", provider.RedirectOIDC)
|
|
return nil
|
|
}
|
|
|
|
func (amw *oidcMiddleware) before(w http.ResponseWriter, r *http.Request) (proceed bool) {
|
|
if err, _ := auth.CheckToken(w, r); err != nil {
|
|
amw.authMux.ServeHTTP(w, r)
|
|
return false
|
|
}
|
|
if r.URL.Path == OIDCLogoutPath {
|
|
auth.LogoutHandler(w, r)
|
|
return false
|
|
}
|
|
return true
|
|
}
|