authorizer/server/handlers/oauth_login.go

package handlers

import (
	"net/http"
	"strings"

	"github.com/authorizerdev/authorizer/server/constants"
	"github.com/authorizerdev/authorizer/server/envstore"
	"github.com/authorizerdev/authorizer/server/oauth"
	"github.com/authorizerdev/authorizer/server/sessionstore"
	"github.com/authorizerdev/authorizer/server/utils"
	"github.com/gin-gonic/gin"
	"github.com/google/uuid"
)

// OAuthLoginHandler set host in the oauth state that is useful for redirecting to oauth_callback
func OAuthLoginHandler() gin.HandlerFunc {
	return func(c *gin.Context) {
		hostname := utils.GetHost(c)
		redirectURL := c.Query("redirectURL")
		roles := c.Query("roles")

		if redirectURL == "" {
			c.JSON(400, gin.H{
				"error": "invalid redirect url",
			})
			return
		}

		if roles != "" {
			// validate role
			rolesSplit := strings.Split(roles, ",")

			// use protected roles verification for admin login only.
			// though if not associated with user, it will be rejected from oauth_callback
			if !utils.IsValidRoles(append([]string{}, append(envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyRoles), envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyProtectedRoles)...)...), rolesSplit) {
				c.JSON(400, gin.H{
					"error": "invalid role",
				})
				return
			}
		} else {
			roles = strings.Join(envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyDefaultRoles), ",")
		}

		uuid := uuid.New()
		oauthStateString := uuid.String() + "___" + redirectURL + "___" + roles

		provider := c.Param("oauth_provider")
		isProviderConfigured := true
		switch provider {
		case constants.SignupMethodGoogle:
			if oauth.OAuthProviders.GoogleConfig == nil {
				isProviderConfigured = false
				break
			}
			sessionstore.SetState(oauthStateString, constants.SignupMethodGoogle)
			// during the init of OAuthProvider authorizer url might be empty
			oauth.OAuthProviders.GoogleConfig.RedirectURL = hostname + "/oauth_callback/google"
			url := oauth.OAuthProviders.GoogleConfig.AuthCodeURL(oauthStateString)
			c.Redirect(http.StatusTemporaryRedirect, url)
		case constants.SignupMethodGithub:
			if oauth.OAuthProviders.GithubConfig == nil {
				isProviderConfigured = false
				break
			}
			sessionstore.SetState(oauthStateString, constants.SignupMethodGithub)
			oauth.OAuthProviders.GithubConfig.RedirectURL = hostname + "/oauth_callback/github"
			url := oauth.OAuthProviders.GithubConfig.AuthCodeURL(oauthStateString)
			c.Redirect(http.StatusTemporaryRedirect, url)
		case constants.SignupMethodFacebook:
			if oauth.OAuthProviders.FacebookConfig == nil {
				isProviderConfigured = false
				break
			}
			sessionstore.SetState(oauthStateString, constants.SignupMethodFacebook)
			oauth.OAuthProviders.FacebookConfig.RedirectURL = hostname + "/oauth_callback/facebook"
			url := oauth.OAuthProviders.FacebookConfig.AuthCodeURL(oauthStateString)
			c.Redirect(http.StatusTemporaryRedirect, url)
		default:
			c.JSON(422, gin.H{
				"message": "Invalid oauth provider",
			})
		}

		if !isProviderConfigured {
			c.JSON(422, gin.H{
				"message": provider + " not configured",
			})
		}
	}
}
add google login - refactor resolvers - fix signup method typos Resolves #17 2021-07-17 16:29:50 +00:00			`package handlers`

			`import (`
			`"net/http"`
feat: use multi roles login (#60) * feat: use multi roles login - add support for protected roles - refactor oauth code * fix: adminUpdate role validation * fix: update app 2021-10-13 16:41:41 +00:00			`"strings"`
add google login - refactor resolvers - fix signup method typos Resolves #17 2021-07-17 16:29:50 +00:00
fix: add location middleware to get exact host 2021-08-04 10:25:13 +00:00			`"github.com/authorizerdev/authorizer/server/constants"`
Feat/dashboard (#105) 2022-01-17 06:02:13 +00:00			`"github.com/authorizerdev/authorizer/server/envstore"`
chore: rename project 2021-07-23 16:27:44 +00:00			`"github.com/authorizerdev/authorizer/server/oauth"`
Implement refresh token logic with fingerprint + rotation 2022-01-22 19:54:41 +00:00			`"github.com/authorizerdev/authorizer/server/sessionstore"`
feat/role based access (#50) * feat: add roles based access * feat: update roles env + todo * feat: add roles to update profile * feat: add role based oauth * feat: validate role for a given token 2021-09-20 05:06:26 +00:00			`"github.com/authorizerdev/authorizer/server/utils"`
add google login - refactor resolvers - fix signup method typos Resolves #17 2021-07-17 16:29:50 +00:00			`"github.com/gin-gonic/gin"`
			`"github.com/google/uuid"`
			`)`

Feat/dashboard (#105) 2022-01-17 06:02:13 +00:00			`// OAuthLoginHandler set host in the oauth state that is useful for redirecting to oauth_callback`
feat: login wall (#42) * feat: add login-wall app * fix: rename vars * fix: rename vars * update docker file * add validations for app state * add host check for app * fix: docker file 2021-08-04 06:48:57 +00:00			`func OAuthLoginHandler() gin.HandlerFunc {`
add google login - refactor resolvers - fix signup method typos Resolves #17 2021-07-17 16:29:50 +00:00			`return func(c *gin.Context) {`
fix: bug with authorizer url 2022-01-31 06:05:24 +00:00			`hostname := utils.GetHost(c)`
feat: login wall (#42) * feat: add login-wall app * fix: rename vars * fix: rename vars * update docker file * add validations for app state * add host check for app * fix: docker file 2021-08-04 06:48:57 +00:00			`redirectURL := c.Query("redirectURL")`
feat: use multi roles login (#60) * feat: use multi roles login - add support for protected roles - refactor oauth code * fix: adminUpdate role validation * fix: update app 2021-10-13 16:41:41 +00:00			`roles := c.Query("roles")`
feat: login wall (#42) * feat: add login-wall app * fix: rename vars * fix: rename vars * update docker file * add validations for app state * add host check for app * fix: docker file 2021-08-04 06:48:57 +00:00
			`if redirectURL == "" {`
			`c.JSON(400, gin.H{`
			`"error": "invalid redirect url",`
			`})`
			`return`
			`}`
feat/role based access (#50) * feat: add roles based access * feat: update roles env + todo * feat: add roles to update profile * feat: add role based oauth * feat: validate role for a given token 2021-09-20 05:06:26 +00:00
feat: use multi roles login (#60) * feat: use multi roles login - add support for protected roles - refactor oauth code * fix: adminUpdate role validation * fix: update app 2021-10-13 16:41:41 +00:00			`if roles != "" {`
feat/role based access (#50) * feat: add roles based access * feat: update roles env + todo * feat: add roles to update profile * feat: add role based oauth * feat: validate role for a given token 2021-09-20 05:06:26 +00:00			`// validate role`
feat: use multi roles login (#60) * feat: use multi roles login - add support for protected roles - refactor oauth code * fix: adminUpdate role validation * fix: update app 2021-10-13 16:41:41 +00:00			`rolesSplit := strings.Split(roles, ",")`

			`// use protected roles verification for admin login only.`
			`// though if not associated with user, it will be rejected from oauth_callback`
fix: tests 2022-02-28 02:25:01 +00:00			`if !utils.IsValidRoles(append([]string{}, append(envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyRoles), envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyProtectedRoles)...)...), rolesSplit) {`
feat/role based access (#50) * feat: add roles based access * feat: update roles env + todo * feat: add roles to update profile * feat: add role based oauth * feat: validate role for a given token 2021-09-20 05:06:26 +00:00			`c.JSON(400, gin.H{`
			`"error": "invalid role",`
			`})`
			`return`
			`}`
			`} else {`
fix: tests 2022-02-28 02:25:01 +00:00			`roles = strings.Join(envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyDefaultRoles), ",")`
feat/role based access (#50) * feat: add roles based access * feat: update roles env + todo * feat: add roles to update profile * feat: add role based oauth * feat: validate role for a given token 2021-09-20 05:06:26 +00:00			`}`

feat: login wall (#42) * feat: add login-wall app * fix: rename vars * fix: rename vars * update docker file * add validations for app state * add host check for app * fix: docker file 2021-08-04 06:48:57 +00:00			`uuid := uuid.New()`
feat: use multi roles login (#60) * feat: use multi roles login - add support for protected roles - refactor oauth code * fix: adminUpdate role validation * fix: update app 2021-10-13 16:41:41 +00:00			`oauthStateString := uuid.String() + "___" + redirectURL + "___" + roles`
feat: login wall (#42) * feat: add login-wall app * fix: rename vars * fix: rename vars * update docker file * add validations for app state * add host check for app * fix: docker file 2021-08-04 06:48:57 +00:00
fix: rename server_url -> authorizer_domain 2021-07-28 11:08:55 +00:00			`provider := c.Param("oauth_provider")`
feat: add oidc for google login 2021-12-03 17:25:27 +00:00			`isProviderConfigured := true`
fix: rename server_url -> authorizer_domain 2021-07-28 11:08:55 +00:00			`switch provider {`
Feat/dashboard (#105) 2022-01-17 06:02:13 +00:00			`case constants.SignupMethodGoogle:`
feat: add oidc for google login 2021-12-03 17:25:27 +00:00			`if oauth.OAuthProviders.GoogleConfig == nil {`
			`isProviderConfigured = false`
			`break`
			`}`
feat: add session token 2022-02-28 15:56:49 +00:00			`sessionstore.SetState(oauthStateString, constants.SignupMethodGoogle)`
fix: add location middleware to get exact host 2021-08-04 10:25:13 +00:00			`// during the init of OAuthProvider authorizer url might be empty`
fix: bug with authorizer url 2022-01-31 06:05:24 +00:00			`oauth.OAuthProviders.GoogleConfig.RedirectURL = hostname + "/oauth_callback/google"`
feat: add oidc for google login 2021-12-03 17:25:27 +00:00			`url := oauth.OAuthProviders.GoogleConfig.AuthCodeURL(oauthStateString)`
add google login - refactor resolvers - fix signup method typos Resolves #17 2021-07-17 16:29:50 +00:00			`c.Redirect(http.StatusTemporaryRedirect, url)`
Feat/dashboard (#105) 2022-01-17 06:02:13 +00:00			`case constants.SignupMethodGithub:`
feat: add oidc for google login 2021-12-03 17:25:27 +00:00			`if oauth.OAuthProviders.GithubConfig == nil {`
			`isProviderConfigured = false`
			`break`
			`}`
feat: add session token 2022-02-28 15:56:49 +00:00			`sessionstore.SetState(oauthStateString, constants.SignupMethodGithub)`
fix: bug with authorizer url 2022-01-31 06:05:24 +00:00			`oauth.OAuthProviders.GithubConfig.RedirectURL = hostname + "/oauth_callback/github"`
feat: add oidc for google login 2021-12-03 17:25:27 +00:00			`url := oauth.OAuthProviders.GithubConfig.AuthCodeURL(oauthStateString)`
Add github login Resolves #18 2021-07-17 23:18:42 +00:00			`c.Redirect(http.StatusTemporaryRedirect, url)`
Feat/dashboard (#105) 2022-01-17 06:02:13 +00:00			`case constants.SignupMethodFacebook:`
feat: add oidc for google login 2021-12-03 17:25:27 +00:00			`if oauth.OAuthProviders.FacebookConfig == nil {`
			`isProviderConfigured = false`
			`break`
			`}`
feat: add session token 2022-02-28 15:56:49 +00:00			`sessionstore.SetState(oauthStateString, constants.SignupMethodFacebook)`
fix: bug with authorizer url 2022-01-31 06:05:24 +00:00			`oauth.OAuthProviders.FacebookConfig.RedirectURL = hostname + "/oauth_callback/facebook"`
feat: add oidc for google login 2021-12-03 17:25:27 +00:00			`url := oauth.OAuthProviders.FacebookConfig.AuthCodeURL(oauthStateString)`
feat: add facebook login Resolves #36 2021-09-04 22:27:29 +00:00			`c.Redirect(http.StatusTemporaryRedirect, url)`
fix: rename server_url -> authorizer_domain 2021-07-28 11:08:55 +00:00			`default:`
			`c.JSON(422, gin.H{`
			`"message": "Invalid oauth provider",`
			`})`
Add github login Resolves #18 2021-07-17 23:18:42 +00:00			`}`
feat: add oidc for google login 2021-12-03 17:25:27 +00:00
			`if !isProviderConfigured {`
			`c.JSON(422, gin.H{`
			`"message": provider + " not configured",`
			`})`
			`}`
add google login - refactor resolvers - fix signup method typos Resolves #17 2021-07-17 16:29:50 +00:00			`}`
			`}`