feat: add session token

server/handlers/authorize.go

@@ -0,0 +1,72 @@
+package handlers
+
+import (
+	"fmt"
+	"net/http"
+	"strings"
+
+	"github.com/gin-gonic/gin"
+)
+
+// AuthorizeHandler is the handler for the /authorize route
+// required params
+// ?redirect_uri = redirect url
+// state[recommended] = to prevent CSRF attack (for authorizer its compulsory)
+// code_challenge = to prevent CSRF attack
+// code_challenge_method = to prevent CSRF attack [only sh256 is supported]
+func AuthorizeHandler() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		redirectURI := strings.TrimSpace(c.Query("redirect_uri"))
+		responseType := strings.TrimSpace(c.Query("response_type"))
+		state := strings.TrimSpace(c.Query("state"))
+		codeChallenge := strings.TrimSpace(c.Query("code_challenge"))
+		codeChallengeMethod := strings.TrimSpace(c.Query("code_challenge_method"))
+		fmt.Println(codeChallengeMethod)
+		template := "authorize.tmpl"
+
+		if redirectURI == "" {
+			c.HTML(http.StatusBadRequest, template, gin.H{
+				"targetOrigin":          nil,
+				"authorizationResponse": nil,
+				"error":                 "redirect_uri is required",
+			})
+			return
+		}
+
+		if state == "" {
+			c.HTML(http.StatusBadRequest, template, gin.H{
+				"targetOrigin":          nil,
+				"authorizationResponse": nil,
+				"error":                 "state is required",
+			})
+			return
+		}
+
+		if responseType == "" {
+			responseType = "code"
+		}
+
+		isCode := responseType == "code"
+		isToken := responseType == "token"
+
+		if !isCode && !isToken {
+			c.HTML(http.StatusBadRequest, template, gin.H{
+				"targetOrigin":          nil,
+				"authorizationResponse": nil,
+				"error":                 "response_type is invalid",
+			})
+			return
+		}
+
+		if isCode {
+			if codeChallenge == "" {
+				c.HTML(http.StatusBadRequest, template, gin.H{
+					"targetOrigin":          nil,
+					"authorizationResponse": nil,
+					"error":                 "code_challenge is required",
+				})
+				return
+			}
+		}
+	}
+}