feat: add client secret

2022-02-28 13:14:16 +05:30 · 2022-02-28 13:14:16 +05:30 · 4830a7e9ac
commit 4830a7e9ac
parent df1c56bb1c
8 changed files with 64 additions and 2 deletions
--- a/server/constants/env.go
+++ b/server/constants/env.go
@ -97,6 +97,8 @@ const (
 	// Not Exposed Keys
 	// EnvKeyClientID key for env variable CLIENT_ID
 	EnvKeyClientID = "CLIENT_ID"
 	// EnvKeyClientSecret key for env variable CLIENT_SECRET
 	EnvKeyClientSecret = "CLIENT_SECRET"
 	// EnvKeyEncryptionKey key for env variable ENCRYPTION_KEY
 	EnvKeyEncryptionKey = "ENCRYPTION_KEY"
 	// EnvKeyJWK key for env variable JWK
--- a/server/env/env.go
+++ b/server/env/env.go
@ -88,6 +88,13 @@ func InitAllEnv() error {
 		envData.StringEnv[constants.EnvKeyClientID] = clientID
 	}
 	clientSecret := envData.StringEnv[constants.EnvKeyClientSecret]
 	// unique client id for each instance
 	if clientID == "" {
 		clientSecret = uuid.New().String()
 		envData.StringEnv[constants.EnvKeyClientSecret] = clientSecret
 	}
 	if envData.StringEnv[constants.EnvKeyEnv] == "" {
 		envData.StringEnv[constants.EnvKeyEnv] = os.Getenv(constants.EnvKeyEnv)
 		if envData.StringEnv[constants.EnvKeyEnv] == "" {
--- a/server/env/persist_env.go
+++ b/server/env/persist_env.go
@ -110,7 +110,7 @@ func PersistEnv() error {
 		for key, value := range storeData.StringEnv {
 			// don't override unexposed envs
-			if key != constants.EnvKeyEncryptionKey && key != constants.EnvKeyClientID && key != constants.EnvKeyJWK {
+			if key != constants.EnvKeyEncryptionKey && key != constants.EnvKeyClientID && key != constants.EnvKeyClientSecret && key != constants.EnvKeyJWK {
 				// check only for derivative keys
 				// No need to check for ENCRYPTION_KEY which special key we use for encrypting config data
 				// as we have removed it from json
--- a/server/graph/generated/generated.go
+++ b/server/graph/generated/generated.go
@ -55,6 +55,7 @@ type ComplexityRoot struct {
 		AllowedOrigins             func(childComplexity int) int
 		AppURL                     func(childComplexity int) int
 		ClientID                   func(childComplexity int) int
 		ClientSecret               func(childComplexity int) int
 		CookieName                 func(childComplexity int) int
 		CustomAccessTokenScript    func(childComplexity int) int
 		DatabaseName               func(childComplexity int) int
@ -290,6 +291,13 @@ func (e *executableSchema) Complexity(typeName, field string, childComplexity in
 		return e.complexity.Env.ClientID(childComplexity), true
 	case "Env.CLIENT_SECRET":
 		if e.complexity.Env.ClientSecret == nil {
 			break
 		}
 		return e.complexity.Env.ClientSecret(childComplexity), true
 	case "Env.COOKIE_NAME":
 		if e.complexity.Env.CookieName == nil {
 			break
@ -1232,6 +1240,7 @@ type Env {
 	DATABASE_URL: String!
 	DATABASE_TYPE: String!
 	CLIENT_ID: String!
 	CLIENT_SECRET: String!
 	CUSTOM_ACCESS_TOKEN_SCRIPT: String
 	SMTP_HOST: String
 	SMTP_PORT: String
@ -2055,6 +2064,41 @@ func (ec *executionContext) _Env_CLIENT_ID(ctx context.Context, field graphql.Co
 	return ec.marshalNString2string(ctx, field.Selections, res)
 }
 func (ec *executionContext) _Env_CLIENT_SECRET(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) {
 	defer func() {
 		if r := recover(); r != nil {
 			ec.Error(ctx, ec.Recover(ctx, r))
 			ret = graphql.Null
 		}
 	}()
 	fc := &graphql.FieldContext{
 		Object:     "Env",
 		Field:      field,
 		Args:       nil,
 		IsMethod:   false,
 		IsResolver: false,
 	}
 	ctx = graphql.WithFieldContext(ctx, fc)
 	resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (interface{}, error) {
 		ctx = rctx // use context from middleware stack in children
 		return obj.ClientSecret, nil
 	})
 	if err != nil {
 		ec.Error(ctx, err)
 		return graphql.Null
 	}
 	if resTmp == nil {
 		if !graphql.HasFieldError(ctx, fc) {
 			ec.Errorf(ctx, "must not be null")
 		}
 		return graphql.Null
 	}
 	res := resTmp.(string)
 	fc.Result = res
 	return ec.marshalNString2string(ctx, field.Selections, res)
 }
 func (ec *executionContext) _Env_CUSTOM_ACCESS_TOKEN_SCRIPT(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) {
 	defer func() {
 		if r := recover(); r != nil {
@ -7734,6 +7778,11 @@ func (ec *executionContext) _Env(ctx context.Context, sel ast.SelectionSet, obj
 			if out.Values[i] == graphql.Null {
 				invalids++
 			}
 		case "CLIENT_SECRET":
 			out.Values[i] = ec._Env_CLIENT_SECRET(ctx, field, obj)
 			if out.Values[i] == graphql.Null {
 				invalids++
 			}
 		case "CUSTOM_ACCESS_TOKEN_SCRIPT":
 			out.Values[i] = ec._Env_CUSTOM_ACCESS_TOKEN_SCRIPT(ctx, field, obj)
 		case "SMTP_HOST":
--- a/server/graph/model/models_gen.go
+++ b/server/graph/model/models_gen.go
@ -27,6 +27,7 @@ type Env struct {
 	DatabaseURL                string   `json:"DATABASE_URL"`
 	DatabaseType               string   `json:"DATABASE_TYPE"`
 	ClientID                   string   `json:"CLIENT_ID"`
 	ClientSecret               string   `json:"CLIENT_SECRET"`
 	CustomAccessTokenScript    *string  `json:"CUSTOM_ACCESS_TOKEN_SCRIPT"`
 	SMTPHost                   *string  `json:"SMTP_HOST"`
 	SMTPPort                   *string  `json:"SMTP_PORT"`
--- a/server/graph/schema.graphqls
+++ b/server/graph/schema.graphqls
@ -91,6 +91,7 @@ type Env {
 	DATABASE_URL: String!
 	DATABASE_TYPE: String!
 	CLIENT_ID: String!
 	CLIENT_SECRET: String!
 	CUSTOM_ACCESS_TOKEN_SCRIPT: String
 	SMTP_HOST: String
 	SMTP_PORT: String
--- a/server/handlers/openid_config.go
+++ b/server/handlers/openid_config.go
@ -17,7 +17,7 @@ func OpenIDConfigurationHandler() gin.HandlerFunc {
 		c.JSON(200, gin.H{
 			"issuer":                                issuer,
 			"authorization_endpoint":                issuer + "/authorize",
-			"token_endpoint":                        issuer + "/oauth/token",
+			"token_endpoint":                        issuer + "/token",
 			"userinfo_endpoint":                     issuer + "/userinfo",
 			"jwks_uri":                              issuer + "/.well-known/jwks.json",
 			"response_types_supported":              []string{"code", "token", "id_token", "code token", "code id_token", "token id_token", "code token id_token"},
--- a/server/resolvers/env.go
+++ b/server/resolvers/env.go
@ -29,6 +29,7 @@ func EnvResolver(ctx context.Context) (*model.Env, error) {
 	store := envstore.EnvStoreObj.GetEnvStoreClone()
 	adminSecret := store.StringEnv[constants.EnvKeyAdminSecret]
 	clientID := store.StringEnv[constants.EnvKeyClientID]
 	clientSecret := store.StringEnv[constants.EnvKeyClientSecret]
 	databaseURL := store.StringEnv[constants.EnvKeyDatabaseURL]
 	databaseName := store.StringEnv[constants.EnvKeyDatabaseName]
 	databaseType := store.StringEnv[constants.EnvKeyDatabaseType]
@ -70,6 +71,7 @@ func EnvResolver(ctx context.Context) (*model.Env, error) {
 		DatabaseURL:                databaseURL,
 		DatabaseType:               databaseType,
 		ClientID:                   clientID,
 		ClientSecret:               clientSecret,
 		CustomAccessTokenScript:    &customAccessTokenScript,
 		SMTPHost:                   &smtpHost,
 		SMTPPort:                   &smtpPort,