authorizer/server/handlers/app.go

package handlers

import (
	"encoding/base64"
	"encoding/json"
	"log"
	"net/http"

	"github.com/authorizerdev/authorizer/server/utils"
	"github.com/gin-gonic/gin"
)

type State struct {
	AuthorizerURL string `json:"authorizerURL"`
	RedirectURL   string `json:"redirectURL"`
}

func AppHandler() gin.HandlerFunc {
	return func(c *gin.Context) {
		host := "http://" + c.Request.Host
		state := c.Query("state")
		var stateObj State

		if state == "" {
			cookie, err := utils.GetAuthToken(c)
			log.Println(`cookie`, cookie)
			if err != nil {
				c.JSON(400, gin.H{"error": "invalid state"})
				return
			}

			stateObj.AuthorizerURL = host
			stateObj.RedirectURL = host + "/app"

		} else {
			decodedState, err := base64.StdEncoding.DecodeString(state)
			if err != nil {
				c.JSON(400, gin.H{"error": "[unable to decode state] invalid state"})
				return
			}

			err = json.Unmarshal(decodedState, &stateObj)
			if err != nil {
				c.JSON(400, gin.H{"error": "[unable to parse state] invalid state"})
				return
			}

			// validate redirect url with allowed origins
			if !utils.IsValidRedirectURL(stateObj.RedirectURL) {
				c.JSON(400, gin.H{"error": "invalid redirect url"})
				return
			}

			if stateObj.AuthorizerURL == "" {
				c.JSON(400, gin.H{"error": "invalid authorizer url"})
				return
			}

			// validate host and domain of authorizer url
			if utils.GetDomainName(stateObj.AuthorizerURL) != utils.GetDomainName(host) {
				c.JSON(400, gin.H{"error": "invalid host url"})
				return
			}
		}

		log.Println(gin.H{
			"data": map[string]string{
				"authorizerURL": "http://" + stateObj.AuthorizerURL,
				"redirectURL":   stateObj.RedirectURL,
			},
		})

		// debug the request state
		if pusher := c.Writer.Pusher(); pusher != nil {
			// use pusher.Push() to do server push
			if err := pusher.Push("/app/build/bundle.js", nil); err != nil {
				log.Printf("Failed to push: %v", err)
			}
		}
		c.HTML(http.StatusOK, "app.tmpl", gin.H{
			"data": map[string]string{
				"authorizerURL": stateObj.AuthorizerURL,
				"redirectURL":   stateObj.RedirectURL,
			},
		})
	}
}
feat: login wall (#42) * feat: add login-wall app * fix: rename vars * fix: rename vars * update docker file * add validations for app state * add host check for app * fix: docker file 2021-08-04 06:48:57 +00:00			`package handlers`

			`import (`
			`"encoding/base64"`
			`"encoding/json"`
			`"log"`
			`"net/http"`

			`"github.com/authorizerdev/authorizer/server/utils"`
			`"github.com/gin-gonic/gin"`
			`)`

			`type State struct {`
			AuthorizerURL string `json:"authorizerURL"`
			RedirectURL string `json:"redirectURL"`
			`}`

			`func AppHandler() gin.HandlerFunc {`
			`return func(c *gin.Context) {`
			`host := "http://" + c.Request.Host`
			`state := c.Query("state")`
			`var stateObj State`

			`if state == "" {`
			`cookie, err := utils.GetAuthToken(c)`
			log.Println(`cookie`, cookie)
			`if err != nil {`
			`c.JSON(400, gin.H{"error": "invalid state"})`
			`return`
			`}`

			`stateObj.AuthorizerURL = host`
			`stateObj.RedirectURL = host + "/app"`

			`} else {`
			`decodedState, err := base64.StdEncoding.DecodeString(state)`
			`if err != nil {`
			`c.JSON(400, gin.H{"error": "[unable to decode state] invalid state"})`
			`return`
			`}`

			`err = json.Unmarshal(decodedState, &stateObj)`
			`if err != nil {`
			`c.JSON(400, gin.H{"error": "[unable to parse state] invalid state"})`
			`return`
			`}`

			`// validate redirect url with allowed origins`
			`if !utils.IsValidRedirectURL(stateObj.RedirectURL) {`
			`c.JSON(400, gin.H{"error": "invalid redirect url"})`
			`return`
			`}`

			`if stateObj.AuthorizerURL == "" {`
			`c.JSON(400, gin.H{"error": "invalid authorizer url"})`
			`return`
			`}`

			`// validate host and domain of authorizer url`
			`if utils.GetDomainName(stateObj.AuthorizerURL) != utils.GetDomainName(host) {`
			`c.JSON(400, gin.H{"error": "invalid host url"})`
			`return`
			`}`
			`}`

			`log.Println(gin.H{`
			`"data": map[string]string{`
			`"authorizerURL": "http://" + stateObj.AuthorizerURL,`
			`"redirectURL": stateObj.RedirectURL,`
			`},`
			`})`

			`// debug the request state`
			`if pusher := c.Writer.Pusher(); pusher != nil {`
			`// use pusher.Push() to do server push`
			`if err := pusher.Push("/app/build/bundle.js", nil); err != nil {`
			`log.Printf("Failed to push: %v", err)`
			`}`
			`}`
			`c.HTML(http.StatusOK, "app.tmpl", gin.H{`
			`"data": map[string]string{`
			`"authorizerURL": stateObj.AuthorizerURL,`
			`"redirectURL": stateObj.RedirectURL,`
			`},`
			`})`
			`}`
			`}`