oidc-demo-app/internal/handlers/common.go

/*
Copyright CAcert Inc.
SPDX-License-Identifier: Apache-2.0

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    https://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package handlers

import (
	"encoding/base64"
	"fmt"
	"log/slog"
	"net/http"

	"github.com/gorilla/sessions"
	"github.com/nicksnyder/go-i18n/v2/i18n"
	"golang.org/x/oauth2"

	"code.cacert.org/cacert/oidc-demo-app/internal/services"
)

const (
	oauth2RedirectStateLength = 8
	sessionName               = "resource_app"
)

func Authenticate(logger *slog.Logger, oauth2Config *oauth2.Config) func(http.Handler) http.Handler {
	return func(next http.Handler) http.Handler {
		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
			session, err := GetSession(r)
			if err != nil {
				logger.ErrorContext(r.Context(), "failed to get session", "error", err)
				http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)

				return
			}

			if _, ok := session.Values[services.SessionIDToken]; ok {
				next.ServeHTTP(w, r)

				return
			}

			session.Values[services.SessionRedirectTarget] = r.URL.String()

			if err = session.Save(r, w); err != nil {
				logger.ErrorContext(r.Context(), "failed to save session", "error", err)
				http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)

				return
			}

			state, err := services.GenerateKey(oauth2RedirectStateLength)
			if err != nil {
				logger.ErrorContext(
					r.Context(), "failed to generate state for starting OIDC flow", "error", err,
				)
				http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
			}

			authURL := oauth2Config.AuthCodeURL(base64.URLEncoding.EncodeToString(state))

			w.Header().Set("Location", authURL)
			w.WriteHeader(http.StatusFound)
		})
	}
}

func GetSession(r *http.Request) (*sessions.Session, error) {
	session, err := services.GetSessionStore().Get(r, sessionName)

	if err != nil {
		return nil, fmt.Errorf("could not get session")
	}

	return session, nil
}

type I18NHandler interface {
	GetBundle() *i18n.Bundle
	GetCatalog() *services.MessageCatalog
}

func GetLocalizer(h I18NHandler, r *http.Request) *i18n.Localizer {
	accept := r.Header.Get("Accept-Language")
	localizer := i18n.NewLocalizer(h.GetBundle(), accept)

	return localizer
}

func BaseTemplateData(h I18NHandler, localizer *i18n.Localizer) map[string]interface{} {
	msg := h.GetCatalog().LookupMessage

	data := map[string]interface{}{
		"WelcomeNavLabel":   msg("IndexNavLabel", nil, localizer),
		"ProtectedNavLabel": msg("ProtectedNavLabel", nil, localizer),
	}

	return data
}
Initial OIDC resource app - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:37:31 +00:00			`/*`
Update linter, remove copyright years Git has all history information, copyright years don't provide useful additional information. 2024-05-12 08:20:06 +00:00			`Copyright CAcert Inc.`
Modernize demo application - add linter config and fix golangci-lint warnings - rename module to match new repository location - use embedded resources for static assets, templates and translations - recommend mkcert in README - require at least Go 1.19 - update and tidy dependencies - update copyright information - improve Makefile, add lint and static asset targets 2023-07-29 15:46:33 +00:00			`SPDX-License-Identifier: Apache-2.0`
Initial OIDC resource app - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:37:31 +00:00
Modernize demo application - add linter config and fix golangci-lint warnings - rename module to match new repository location - use embedded resources for static assets, templates and translations - recommend mkcert in README - require at least Go 1.19 - update and tidy dependencies - update copyright information - improve Makefile, add lint and static asset targets 2023-07-29 15:46:33 +00:00			`Licensed under the Apache License, Version 2.0 (the "License");`
			`you may not use this file except in compliance with the License.`
			`You may obtain a copy of the License at`
Initial OIDC resource app - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:37:31 +00:00
Modernize demo application - add linter config and fix golangci-lint warnings - rename module to match new repository location - use embedded resources for static assets, templates and translations - recommend mkcert in README - require at least Go 1.19 - update and tidy dependencies - update copyright information - improve Makefile, add lint and static asset targets 2023-07-29 15:46:33 +00:00			`https://www.apache.org/licenses/LICENSE-2.0`
Initial OIDC resource app - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:37:31 +00:00
Modernize demo application - add linter config and fix golangci-lint warnings - rename module to match new repository location - use embedded resources for static assets, templates and translations - recommend mkcert in README - require at least Go 1.19 - update and tidy dependencies - update copyright information - improve Makefile, add lint and static asset targets 2023-07-29 15:46:33 +00:00			`Unless required by applicable law or agreed to in writing, software`
			`distributed under the License is distributed on an "AS IS" BASIS,`
			`WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`See the License for the specific language governing permissions and`
			`limitations under the License.`
Initial OIDC resource app - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:37:31 +00:00			`*/`

			`package handlers`

			`import (`
			`"encoding/base64"`
Modernize demo application - add linter config and fix golangci-lint warnings - rename module to match new repository location - use embedded resources for static assets, templates and translations - recommend mkcert in README - require at least Go 1.19 - update and tidy dependencies - update copyright information - improve Makefile, add lint and static asset targets 2023-07-29 15:46:33 +00:00			`"fmt"`
Switch from logrus to log/slog Use log/slog from the Go standard library to reduce dependencies. 2024-05-12 10:02:27 +00:00			`"log/slog"`
Initial OIDC resource app - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:37:31 +00:00			`"net/http"`

Add separate protected resource page This commit adds a separate protected resource page to demonstrate how to selectively require logins. Add code to improve client performance by providing modification timestamps and Cache-Control headers for embedded static files. 2023-08-03 14:46:28 +00:00			`"github.com/gorilla/sessions"`
			`"github.com/nicksnyder/go-i18n/v2/i18n"`
Modernize demo application - add linter config and fix golangci-lint warnings - rename module to match new repository location - use embedded resources for static assets, templates and translations - recommend mkcert in README - require at least Go 1.19 - update and tidy dependencies - update copyright information - improve Makefile, add lint and static asset targets 2023-07-29 15:46:33 +00:00			`"golang.org/x/oauth2"`
Initial OIDC resource app - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:37:31 +00:00
Move internal packages 2023-07-29 15:53:26 +00:00			`"code.cacert.org/cacert/oidc-demo-app/internal/services"`
Initial OIDC resource app - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:37:31 +00:00			`)`

Modernize demo application - add linter config and fix golangci-lint warnings - rename module to match new repository location - use embedded resources for static assets, templates and translations - recommend mkcert in README - require at least Go 1.19 - update and tidy dependencies - update copyright information - improve Makefile, add lint and static asset targets 2023-07-29 15:46:33 +00:00			`const (`
			`oauth2RedirectStateLength = 8`
Add separate protected resource page This commit adds a separate protected resource page to demonstrate how to selectively require logins. Add code to improve client performance by providing modification timestamps and Cache-Control headers for embedded static files. 2023-08-03 14:46:28 +00:00			`sessionName = "resource_app"`
Modernize demo application - add linter config and fix golangci-lint warnings - rename module to match new repository location - use embedded resources for static assets, templates and translations - recommend mkcert in README - require at least Go 1.19 - update and tidy dependencies - update copyright information - improve Makefile, add lint and static asset targets 2023-07-29 15:46:33 +00:00			`)`

Switch from logrus to log/slog Use log/slog from the Go standard library to reduce dependencies. 2024-05-12 10:02:27 +00:00			`func Authenticate(logger slog.Logger, oauth2Config oauth2.Config) func(http.Handler) http.Handler {`
Initial OIDC resource app - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:37:31 +00:00			`return func(next http.Handler) http.Handler {`
			`return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
Add separate protected resource page This commit adds a separate protected resource page to demonstrate how to selectively require logins. Add code to improve client performance by providing modification timestamps and Cache-Control headers for embedded static files. 2023-08-03 14:46:28 +00:00			`session, err := GetSession(r)`
Initial OIDC resource app - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:37:31 +00:00			`if err != nil {`
Switch from logrus to log/slog Use log/slog from the Go standard library to reduce dependencies. 2024-05-12 10:02:27 +00:00			`logger.ErrorContext(r.Context(), "failed to get session", "error", err)`
			`http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)`
Modernize demo application - add linter config and fix golangci-lint warnings - rename module to match new repository location - use embedded resources for static assets, templates and translations - recommend mkcert in README - require at least Go 1.19 - update and tidy dependencies - update copyright information - improve Makefile, add lint and static asset targets 2023-07-29 15:46:33 +00:00
Initial OIDC resource app - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:37:31 +00:00			`return`
			`}`
Modernize demo application - add linter config and fix golangci-lint warnings - rename module to match new repository location - use embedded resources for static assets, templates and translations - recommend mkcert in README - require at least Go 1.19 - update and tidy dependencies - update copyright information - improve Makefile, add lint and static asset targets 2023-07-29 15:46:33 +00:00
Add separate protected resource page This commit adds a separate protected resource page to demonstrate how to selectively require logins. Add code to improve client performance by providing modification timestamps and Cache-Control headers for embedded static files. 2023-08-03 14:46:28 +00:00			`if _, ok := session.Values[services.SessionIDToken]; ok {`
Initial OIDC resource app - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:37:31 +00:00			`next.ServeHTTP(w, r)`
Modernize demo application - add linter config and fix golangci-lint warnings - rename module to match new repository location - use embedded resources for static assets, templates and translations - recommend mkcert in README - require at least Go 1.19 - update and tidy dependencies - update copyright information - improve Makefile, add lint and static asset targets 2023-07-29 15:46:33 +00:00
Initial OIDC resource app - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:37:31 +00:00			`return`
			`}`
Modernize demo application - add linter config and fix golangci-lint warnings - rename module to match new repository location - use embedded resources for static assets, templates and translations - recommend mkcert in README - require at least Go 1.19 - update and tidy dependencies - update copyright information - improve Makefile, add lint and static asset targets 2023-07-29 15:46:33 +00:00
Add separate protected resource page This commit adds a separate protected resource page to demonstrate how to selectively require logins. Add code to improve client performance by providing modification timestamps and Cache-Control headers for embedded static files. 2023-08-03 14:46:28 +00:00			`session.Values[services.SessionRedirectTarget] = r.URL.String()`
Modernize demo application - add linter config and fix golangci-lint warnings - rename module to match new repository location - use embedded resources for static assets, templates and translations - recommend mkcert in README - require at least Go 1.19 - update and tidy dependencies - update copyright information - improve Makefile, add lint and static asset targets 2023-07-29 15:46:33 +00:00
Initial OIDC resource app - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:37:31 +00:00			`if err = session.Save(r, w); err != nil {`
Switch from logrus to log/slog Use log/slog from the Go standard library to reduce dependencies. 2024-05-12 10:02:27 +00:00			`logger.ErrorContext(r.Context(), "failed to save session", "error", err)`
			`http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)`
Modernize demo application - add linter config and fix golangci-lint warnings - rename module to match new repository location - use embedded resources for static assets, templates and translations - recommend mkcert in README - require at least Go 1.19 - update and tidy dependencies - update copyright information - improve Makefile, add lint and static asset targets 2023-07-29 15:46:33 +00:00
Initial OIDC resource app - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:37:31 +00:00			`return`
			`}`
Modernize demo application - add linter config and fix golangci-lint warnings - rename module to match new repository location - use embedded resources for static assets, templates and translations - recommend mkcert in README - require at least Go 1.19 - update and tidy dependencies - update copyright information - improve Makefile, add lint and static asset targets 2023-07-29 15:46:33 +00:00
Switch from logrus to log/slog Use log/slog from the Go standard library to reduce dependencies. 2024-05-12 10:02:27 +00:00			`state, err := services.GenerateKey(oauth2RedirectStateLength)`
			`if err != nil {`
			`logger.ErrorContext(`
			`r.Context(), "failed to generate state for starting OIDC flow", "error", err,`
			`)`
			`http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)`
			`}`

			`authURL := oauth2Config.AuthCodeURL(base64.URLEncoding.EncodeToString(state))`
Modernize demo application - add linter config and fix golangci-lint warnings - rename module to match new repository location - use embedded resources for static assets, templates and translations - recommend mkcert in README - require at least Go 1.19 - update and tidy dependencies - update copyright information - improve Makefile, add lint and static asset targets 2023-07-29 15:46:33 +00:00
Use oauth2.AuthCodeURL to simplify Authenticate 2023-08-03 21:54:03 +00:00			`w.Header().Set("Location", authURL)`
Initial OIDC resource app - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:37:31 +00:00			`w.WriteHeader(http.StatusFound)`
			`})`
			`}`
			`}`

Add separate protected resource page This commit adds a separate protected resource page to demonstrate how to selectively require logins. Add code to improve client performance by providing modification timestamps and Cache-Control headers for embedded static files. 2023-08-03 14:46:28 +00:00			`func GetSession(r http.Request) (sessions.Session, error) {`
			`session, err := services.GetSessionStore().Get(r, sessionName)`
Switch from logrus to log/slog Use log/slog from the Go standard library to reduce dependencies. 2024-05-12 10:02:27 +00:00
Add separate protected resource page This commit adds a separate protected resource page to demonstrate how to selectively require logins. Add code to improve client performance by providing modification timestamps and Cache-Control headers for embedded static files. 2023-08-03 14:46:28 +00:00			`if err != nil {`
			`return nil, fmt.Errorf("could not get session")`
Modernize demo application - add linter config and fix golangci-lint warnings - rename module to match new repository location - use embedded resources for static assets, templates and translations - recommend mkcert in README - require at least Go 1.19 - update and tidy dependencies - update copyright information - improve Makefile, add lint and static asset targets 2023-07-29 15:46:33 +00:00			`}`

Add separate protected resource page This commit adds a separate protected resource page to demonstrate how to selectively require logins. Add code to improve client performance by providing modification timestamps and Cache-Control headers for embedded static files. 2023-08-03 14:46:28 +00:00			`return session, nil`
			`}`

			`type I18NHandler interface {`
			`GetBundle() *i18n.Bundle`
			`GetCatalog() *services.MessageCatalog`
			`}`

			`func GetLocalizer(h I18NHandler, r http.Request) i18n.Localizer {`
			`accept := r.Header.Get("Accept-Language")`
			`localizer := i18n.NewLocalizer(h.GetBundle(), accept)`

			`return localizer`
			`}`

			`func BaseTemplateData(h I18NHandler, localizer *i18n.Localizer) map[string]interface{} {`
			`msg := h.GetCatalog().LookupMessage`

			`data := map[string]interface{}{`
			`"WelcomeNavLabel": msg("IndexNavLabel", nil, localizer),`
			`"ProtectedNavLabel": msg("ProtectedNavLabel", nil, localizer),`
Initial OIDC resource app - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:37:31 +00:00			`}`
Modernize demo application - add linter config and fix golangci-lint warnings - rename module to match new repository location - use embedded resources for static assets, templates and translations - recommend mkcert in README - require at least Go 1.19 - update and tidy dependencies - update copyright information - improve Makefile, add lint and static asset targets 2023-07-29 15:46:33 +00:00
Add separate protected resource page This commit adds a separate protected resource page to demonstrate how to selectively require logins. Add code to improve client performance by providing modification timestamps and Cache-Control headers for embedded static files. 2023-08-03 14:46:28 +00:00			`return data`
Initial OIDC resource app - copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc 2021-09-11 11:37:31 +00:00			`}`