2021-08-04 06:48:57 +00:00
|
|
|
package handlers
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"encoding/json"
|
|
|
|
|
"log"
|
|
|
|
|
"net/http"
|
2021-08-04 10:25:13 +00:00
|
|
|
"strings"
|
2021-08-04 06:48:57 +00:00
|
|
|
|
2021-08-04 10:25:13 +00:00
|
|
|
"github.com/authorizerdev/authorizer/server/constants"
|
2022-01-17 06:02:13 +00:00
|
|
|
"github.com/authorizerdev/authorizer/server/envstore"
|
2021-08-04 06:48:57 +00:00
|
|
|
"github.com/authorizerdev/authorizer/server/utils"
|
|
|
|
|
"github.com/gin-gonic/gin"
|
|
|
|
|
)
|
|
|
|
|
|
2022-01-17 06:02:13 +00:00
|
|
|
// State is the struct that holds authorizer url and redirect url
|
|
|
|
|
// They are provided via query string in the request
|
2021-08-04 06:48:57 +00:00
|
|
|
type State struct {
|
|
|
|
|
AuthorizerURL string `json:"authorizerURL"`
|
|
|
|
|
RedirectURL string `json:"redirectURL"`
|
|
|
|
|
}
|
|
|
|
|
|
2022-01-17 06:02:13 +00:00
|
|
|
// AppHandler is the handler for the /app route
|
2021-08-04 06:48:57 +00:00
|
|
|
func AppHandler() gin.HandlerFunc {
|
|
|
|
|
return func(c *gin.Context) {
|
2022-01-31 06:05:24 +00:00
|
|
|
hostname := utils.GetHost(c)
|
2022-01-25 07:36:52 +00:00
|
|
|
if envstore.EnvInMemoryStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableLoginPage) {
|
|
|
|
|
c.JSON(400, gin.H{"error": "login page is not enabled"})
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2021-08-04 06:48:57 +00:00
|
|
|
state := c.Query("state")
|
2021-08-04 10:25:13 +00:00
|
|
|
|
2021-08-04 06:48:57 +00:00
|
|
|
var stateObj State
|
|
|
|
|
|
|
|
|
|
if state == "" {
|
2022-01-31 06:05:24 +00:00
|
|
|
stateObj.AuthorizerURL = hostname
|
2022-01-31 09:00:13 +00:00
|
|
|
stateObj.RedirectURL = hostname + "/app"
|
2021-08-04 06:48:57 +00:00
|
|
|
} else {
|
2021-12-31 08:22:10 +00:00
|
|
|
decodedState, err := utils.DecryptB64(state)
|
2021-08-04 06:48:57 +00:00
|
|
|
if err != nil {
|
|
|
|
|
c.JSON(400, gin.H{"error": "[unable to decode state] invalid state"})
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2021-12-31 08:22:10 +00:00
|
|
|
err = json.Unmarshal([]byte(decodedState), &stateObj)
|
2021-08-04 06:48:57 +00:00
|
|
|
if err != nil {
|
|
|
|
|
c.JSON(400, gin.H{"error": "[unable to parse state] invalid state"})
|
|
|
|
|
return
|
|
|
|
|
}
|
2021-08-04 10:25:13 +00:00
|
|
|
stateObj.AuthorizerURL = strings.TrimSuffix(stateObj.AuthorizerURL, "/")
|
|
|
|
|
stateObj.RedirectURL = strings.TrimSuffix(stateObj.RedirectURL, "/")
|
2021-08-04 06:48:57 +00:00
|
|
|
|
|
|
|
|
// validate redirect url with allowed origins
|
2021-12-21 13:16:54 +00:00
|
|
|
if !utils.IsValidOrigin(stateObj.RedirectURL) {
|
2021-08-04 06:48:57 +00:00
|
|
|
c.JSON(400, gin.H{"error": "invalid redirect url"})
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if stateObj.AuthorizerURL == "" {
|
|
|
|
|
c.JSON(400, gin.H{"error": "invalid authorizer url"})
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// validate host and domain of authorizer url
|
2022-01-31 06:05:24 +00:00
|
|
|
if strings.TrimSuffix(stateObj.AuthorizerURL, "/") != hostname {
|
2021-08-04 06:48:57 +00:00
|
|
|
c.JSON(400, gin.H{"error": "invalid host url"})
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// debug the request state
|
|
|
|
|
if pusher := c.Writer.Pusher(); pusher != nil {
|
|
|
|
|
// use pusher.Push() to do server push
|
|
|
|
|
if err := pusher.Push("/app/build/bundle.js", nil); err != nil {
|
|
|
|
|
log.Printf("Failed to push: %v", err)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
c.HTML(http.StatusOK, "app.tmpl", gin.H{
|
|
|
|
|
"data": map[string]string{
|
2021-10-03 21:47:50 +00:00
|
|
|
"authorizerURL": stateObj.AuthorizerURL,
|
|
|
|
|
"redirectURL": stateObj.RedirectURL,
|
2022-01-20 11:22:37 +00:00
|
|
|
"organizationName": envstore.EnvInMemoryStoreObj.GetStringStoreEnvVariable(constants.EnvKeyOrganizationName),
|
|
|
|
|
"organizationLogo": envstore.EnvInMemoryStoreObj.GetStringStoreEnvVariable(constants.EnvKeyOrganizationLogo),
|
2021-08-04 06:48:57 +00:00
|
|
|
},
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
}
|
