feat: add logs for http handlers
This commit is contained in:
Lakhan Samani
parent
2bc4c74930
commit
b35d86fd40
|
|
@ -4,13 +4,14 @@ import (
|
||||||
"bytes"
|
"bytes"
|
||||||
"crypto/tls"
|
"crypto/tls"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"log"
|
|
||||||
"strconv"
|
"strconv"
|
||||||
"text/template"
|
"text/template"
|
||||||
|
|
||||||
|
log "github.com/sirupsen/logrus"
|
||||||
|
gomail "gopkg.in/mail.v2"
|
||||||
|
|
||||||
"github.com/authorizerdev/authorizer/server/constants"
|
"github.com/authorizerdev/authorizer/server/constants"
|
||||||
"github.com/authorizerdev/authorizer/server/envstore"
|
"github.com/authorizerdev/authorizer/server/envstore"
|
||||||
gomail "gopkg.in/mail.v2"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
// addEmailTemplate is used to add html template in email body
|
// addEmailTemplate is used to add html template in email body
|
||||||
|
|
@ -46,7 +47,7 @@ func SendMail(to []string, Subject, bodyMessage string) error {
|
||||||
d.TLSConfig = &tls.Config{InsecureSkipVerify: true}
|
d.TLSConfig = &tls.Config{InsecureSkipVerify: true}
|
||||||
}
|
}
|
||||||
if err := d.DialAndSend(m); err != nil {
|
if err := d.DialAndSend(m); err != nil {
|
||||||
log.Printf("smtp error: %s", err)
|
log.Debug("SMTP Failed:", err)
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
|
|
|
||||||
2
server/env/env.go
vendored
2
server/env/env.go
vendored
|
|
@ -33,7 +33,7 @@ func InitRequiredEnv() error {
|
||||||
|
|
||||||
err := godotenv.Load(envPath)
|
err := godotenv.Load(envPath)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Printf("using OS env instead of %s file", envPath)
|
log.Info("using OS env instead of %s file", envPath)
|
||||||
}
|
}
|
||||||
|
|
||||||
dbURL := os.Getenv(constants.EnvKeyDatabaseURL)
|
dbURL := os.Getenv(constants.EnvKeyDatabaseURL)
|
||||||
|
|
|
||||||
2
server/env/persist_env.go
vendored
2
server/env/persist_env.go
vendored
|
|
@ -183,7 +183,7 @@ func PersistEnv() error {
|
||||||
env.EnvData = encryptedConfig
|
env.EnvData = encryptedConfig
|
||||||
_, err = db.Provider.UpdateEnv(env)
|
_, err = db.Provider.UpdateEnv(env)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Debug("error updating config in db:", err)
|
log.Debug("Failed to Update Config:", err)
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,14 +1,15 @@
|
||||||
package handlers
|
package handlers
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"log"
|
|
||||||
"net/http"
|
"net/http"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
|
"github.com/gin-gonic/gin"
|
||||||
|
log "github.com/sirupsen/logrus"
|
||||||
|
|
||||||
"github.com/authorizerdev/authorizer/server/constants"
|
"github.com/authorizerdev/authorizer/server/constants"
|
||||||
"github.com/authorizerdev/authorizer/server/envstore"
|
"github.com/authorizerdev/authorizer/server/envstore"
|
||||||
"github.com/authorizerdev/authorizer/server/utils"
|
"github.com/authorizerdev/authorizer/server/utils"
|
||||||
"github.com/gin-gonic/gin"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
// State is the struct that holds authorizer url and redirect url
|
// State is the struct that holds authorizer url and redirect url
|
||||||
|
|
@ -23,6 +24,7 @@ func AppHandler() gin.HandlerFunc {
|
||||||
return func(c *gin.Context) {
|
return func(c *gin.Context) {
|
||||||
hostname := utils.GetHost(c)
|
hostname := utils.GetHost(c)
|
||||||
if envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableLoginPage) {
|
if envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableLoginPage) {
|
||||||
|
log.Debug("Login page is disabled")
|
||||||
c.JSON(400, gin.H{"error": "login page is not enabled"})
|
c.JSON(400, gin.H{"error": "login page is not enabled"})
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
@ -43,6 +45,7 @@ func AppHandler() gin.HandlerFunc {
|
||||||
} else {
|
} else {
|
||||||
// validate redirect url with allowed origins
|
// validate redirect url with allowed origins
|
||||||
if !utils.IsValidOrigin(redirect_uri) {
|
if !utils.IsValidOrigin(redirect_uri) {
|
||||||
|
log.Debug("Invalid redirect_uri")
|
||||||
c.JSON(400, gin.H{"error": "invalid redirect url"})
|
c.JSON(400, gin.H{"error": "invalid redirect url"})
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
@ -52,7 +55,7 @@ func AppHandler() gin.HandlerFunc {
|
||||||
if pusher := c.Writer.Pusher(); pusher != nil {
|
if pusher := c.Writer.Pusher(); pusher != nil {
|
||||||
// use pusher.Push() to do server push
|
// use pusher.Push() to do server push
|
||||||
if err := pusher.Push("/app/build/bundle.js", nil); err != nil {
|
if err := pusher.Push("/app/build/bundle.js", nil); err != nil {
|
||||||
log.Printf("Failed to push: %v", err)
|
log.Debug("Failed to push file path", err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
c.HTML(http.StatusOK, "app.tmpl", gin.H{
|
c.HTML(http.StatusOK, "app.tmpl", gin.H{
|
||||||
|
|
|
||||||
|
|
@ -6,14 +6,16 @@ import (
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
"github.com/gin-gonic/gin"
|
||||||
|
"github.com/google/uuid"
|
||||||
|
log "github.com/sirupsen/logrus"
|
||||||
|
|
||||||
"github.com/authorizerdev/authorizer/server/constants"
|
"github.com/authorizerdev/authorizer/server/constants"
|
||||||
"github.com/authorizerdev/authorizer/server/cookie"
|
"github.com/authorizerdev/authorizer/server/cookie"
|
||||||
"github.com/authorizerdev/authorizer/server/db"
|
"github.com/authorizerdev/authorizer/server/db"
|
||||||
"github.com/authorizerdev/authorizer/server/envstore"
|
"github.com/authorizerdev/authorizer/server/envstore"
|
||||||
"github.com/authorizerdev/authorizer/server/sessionstore"
|
"github.com/authorizerdev/authorizer/server/sessionstore"
|
||||||
"github.com/authorizerdev/authorizer/server/token"
|
"github.com/authorizerdev/authorizer/server/token"
|
||||||
"github.com/gin-gonic/gin"
|
|
||||||
"github.com/google/uuid"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
// AuthorizeHandler is the handler for the /authorize route
|
// AuthorizeHandler is the handler for the /authorize route
|
||||||
|
|
@ -48,6 +50,7 @@ func AuthorizeHandler() gin.HandlerFunc {
|
||||||
}
|
}
|
||||||
|
|
||||||
if responseMode != "query" && responseMode != "web_message" {
|
if responseMode != "query" && responseMode != "web_message" {
|
||||||
|
log.Debug("Invalid response_mode")
|
||||||
gc.JSON(400, gin.H{"error": "invalid response mode"})
|
gc.JSON(400, gin.H{"error": "invalid response mode"})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -63,6 +66,7 @@ func AuthorizeHandler() gin.HandlerFunc {
|
||||||
if isQuery {
|
if isQuery {
|
||||||
gc.Redirect(http.StatusFound, loginURL)
|
gc.Redirect(http.StatusFound, loginURL)
|
||||||
} else {
|
} else {
|
||||||
|
log.Debug("Failed to get client_id")
|
||||||
gc.HTML(http.StatusOK, template, gin.H{
|
gc.HTML(http.StatusOK, template, gin.H{
|
||||||
"target_origin": redirectURI,
|
"target_origin": redirectURI,
|
||||||
"authorization_response": map[string]interface{}{
|
"authorization_response": map[string]interface{}{
|
||||||
|
|
@ -80,6 +84,7 @@ func AuthorizeHandler() gin.HandlerFunc {
|
||||||
if isQuery {
|
if isQuery {
|
||||||
gc.Redirect(http.StatusFound, loginURL)
|
gc.Redirect(http.StatusFound, loginURL)
|
||||||
} else {
|
} else {
|
||||||
|
log.Debug("Invalid client_id")
|
||||||
gc.HTML(http.StatusOK, template, gin.H{
|
gc.HTML(http.StatusOK, template, gin.H{
|
||||||
"target_origin": redirectURI,
|
"target_origin": redirectURI,
|
||||||
"authorization_response": map[string]interface{}{
|
"authorization_response": map[string]interface{}{
|
||||||
|
|
@ -97,6 +102,7 @@ func AuthorizeHandler() gin.HandlerFunc {
|
||||||
if isQuery {
|
if isQuery {
|
||||||
gc.Redirect(http.StatusFound, loginURL)
|
gc.Redirect(http.StatusFound, loginURL)
|
||||||
} else {
|
} else {
|
||||||
|
log.Debug("Failed to get state")
|
||||||
gc.HTML(http.StatusOK, template, gin.H{
|
gc.HTML(http.StatusOK, template, gin.H{
|
||||||
"target_origin": redirectURI,
|
"target_origin": redirectURI,
|
||||||
"authorization_response": map[string]interface{}{
|
"authorization_response": map[string]interface{}{
|
||||||
|
|
@ -121,6 +127,7 @@ func AuthorizeHandler() gin.HandlerFunc {
|
||||||
if isQuery {
|
if isQuery {
|
||||||
gc.Redirect(http.StatusFound, loginURL)
|
gc.Redirect(http.StatusFound, loginURL)
|
||||||
} else {
|
} else {
|
||||||
|
log.Debug("Invalid response_type")
|
||||||
gc.HTML(http.StatusOK, template, gin.H{
|
gc.HTML(http.StatusOK, template, gin.H{
|
||||||
"target_origin": redirectURI,
|
"target_origin": redirectURI,
|
||||||
"authorization_response": map[string]interface{}{
|
"authorization_response": map[string]interface{}{
|
||||||
|
|
@ -139,6 +146,7 @@ func AuthorizeHandler() gin.HandlerFunc {
|
||||||
if isQuery {
|
if isQuery {
|
||||||
gc.Redirect(http.StatusFound, loginURL)
|
gc.Redirect(http.StatusFound, loginURL)
|
||||||
} else {
|
} else {
|
||||||
|
log.Debug("Failed to get code_challenge")
|
||||||
gc.HTML(http.StatusBadRequest, template, gin.H{
|
gc.HTML(http.StatusBadRequest, template, gin.H{
|
||||||
"target_origin": redirectURI,
|
"target_origin": redirectURI,
|
||||||
"authorization_response": map[string]interface{}{
|
"authorization_response": map[string]interface{}{
|
||||||
|
|
|
||||||
|
|
@ -3,9 +3,11 @@ package handlers
|
||||||
import (
|
import (
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
|
|
||||||
|
"github.com/gin-gonic/gin"
|
||||||
|
log "github.com/sirupsen/logrus"
|
||||||
|
|
||||||
"github.com/authorizerdev/authorizer/server/constants"
|
"github.com/authorizerdev/authorizer/server/constants"
|
||||||
"github.com/authorizerdev/authorizer/server/envstore"
|
"github.com/authorizerdev/authorizer/server/envstore"
|
||||||
"github.com/gin-gonic/gin"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
func JWKsHandler() gin.HandlerFunc {
|
func JWKsHandler() gin.HandlerFunc {
|
||||||
|
|
@ -14,6 +16,7 @@ func JWKsHandler() gin.HandlerFunc {
|
||||||
jwk := envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJWK)
|
jwk := envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJWK)
|
||||||
err := json.Unmarshal([]byte(jwk), &data)
|
err := json.Unmarshal([]byte(jwk), &data)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
log.Debug("Failed to parse JWK", err)
|
||||||
c.JSON(500, gin.H{
|
c.JSON(500, gin.H{
|
||||||
"error": err.Error(),
|
"error": err.Error(),
|
||||||
})
|
})
|
||||||
|
|
|
||||||
|
|
@ -4,10 +4,12 @@ import (
|
||||||
"net/http"
|
"net/http"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
|
"github.com/gin-gonic/gin"
|
||||||
|
log "github.com/sirupsen/logrus"
|
||||||
|
|
||||||
"github.com/authorizerdev/authorizer/server/cookie"
|
"github.com/authorizerdev/authorizer/server/cookie"
|
||||||
"github.com/authorizerdev/authorizer/server/crypto"
|
"github.com/authorizerdev/authorizer/server/crypto"
|
||||||
"github.com/authorizerdev/authorizer/server/sessionstore"
|
"github.com/authorizerdev/authorizer/server/sessionstore"
|
||||||
"github.com/gin-gonic/gin"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
// Handler to logout user
|
// Handler to logout user
|
||||||
|
|
@ -17,6 +19,7 @@ func LogoutHandler() gin.HandlerFunc {
|
||||||
// get fingerprint hash
|
// get fingerprint hash
|
||||||
fingerprintHash, err := cookie.GetSession(gc)
|
fingerprintHash, err := cookie.GetSession(gc)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
log.Debug("Failed to get session", err)
|
||||||
gc.JSON(http.StatusUnauthorized, gin.H{
|
gc.JSON(http.StatusUnauthorized, gin.H{
|
||||||
"error": err.Error(),
|
"error": err.Error(),
|
||||||
})
|
})
|
||||||
|
|
@ -25,6 +28,7 @@ func LogoutHandler() gin.HandlerFunc {
|
||||||
|
|
||||||
decryptedFingerPrint, err := crypto.DecryptAES(fingerprintHash)
|
decryptedFingerPrint, err := crypto.DecryptAES(fingerprintHash)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
log.Debug("Failed to decrypt fingerprint", err)
|
||||||
gc.JSON(http.StatusUnauthorized, gin.H{
|
gc.JSON(http.StatusUnauthorized, gin.H{
|
||||||
"error": err.Error(),
|
"error": err.Error(),
|
||||||
})
|
})
|
||||||
|
|
|
||||||
|
|
@ -5,12 +5,16 @@ import (
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"fmt"
|
"fmt"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"log"
|
|
||||||
"net/http"
|
"net/http"
|
||||||
"strconv"
|
"strconv"
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
"github.com/coreos/go-oidc/v3/oidc"
|
||||||
|
"github.com/gin-gonic/gin"
|
||||||
|
log "github.com/sirupsen/logrus"
|
||||||
|
"golang.org/x/oauth2"
|
||||||
|
|
||||||
"github.com/authorizerdev/authorizer/server/constants"
|
"github.com/authorizerdev/authorizer/server/constants"
|
||||||
"github.com/authorizerdev/authorizer/server/cookie"
|
"github.com/authorizerdev/authorizer/server/cookie"
|
||||||
"github.com/authorizerdev/authorizer/server/db"
|
"github.com/authorizerdev/authorizer/server/db"
|
||||||
|
|
@ -20,9 +24,6 @@ import (
|
||||||
"github.com/authorizerdev/authorizer/server/sessionstore"
|
"github.com/authorizerdev/authorizer/server/sessionstore"
|
||||||
"github.com/authorizerdev/authorizer/server/token"
|
"github.com/authorizerdev/authorizer/server/token"
|
||||||
"github.com/authorizerdev/authorizer/server/utils"
|
"github.com/authorizerdev/authorizer/server/utils"
|
||||||
"github.com/coreos/go-oidc/v3/oidc"
|
|
||||||
"github.com/gin-gonic/gin"
|
|
||||||
"golang.org/x/oauth2"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
// OAuthCallbackHandler handles the OAuth callback for various oauth providers
|
// OAuthCallbackHandler handles the OAuth callback for various oauth providers
|
||||||
|
|
@ -33,6 +34,7 @@ func OAuthCallbackHandler() gin.HandlerFunc {
|
||||||
|
|
||||||
sessionState := sessionstore.GetState(state)
|
sessionState := sessionstore.GetState(state)
|
||||||
if sessionState == "" {
|
if sessionState == "" {
|
||||||
|
log.Debug("Invalid oauth state")
|
||||||
c.JSON(400, gin.H{"error": "invalid oauth state"})
|
c.JSON(400, gin.H{"error": "invalid oauth state"})
|
||||||
}
|
}
|
||||||
sessionstore.GetState(state)
|
sessionstore.GetState(state)
|
||||||
|
|
@ -40,6 +42,7 @@ func OAuthCallbackHandler() gin.HandlerFunc {
|
||||||
sessionSplit := strings.Split(state, "___")
|
sessionSplit := strings.Split(state, "___")
|
||||||
|
|
||||||
if len(sessionSplit) < 3 {
|
if len(sessionSplit) < 3 {
|
||||||
|
log.Debug("Invalid redirect url")
|
||||||
c.JSON(400, gin.H{"error": "invalid redirect url"})
|
c.JSON(400, gin.H{"error": "invalid redirect url"})
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
@ -60,18 +63,22 @@ func OAuthCallbackHandler() gin.HandlerFunc {
|
||||||
case constants.SignupMethodFacebook:
|
case constants.SignupMethodFacebook:
|
||||||
user, err = processFacebookUserInfo(code)
|
user, err = processFacebookUserInfo(code)
|
||||||
default:
|
default:
|
||||||
|
log.Info("Invalid oauth provider")
|
||||||
err = fmt.Errorf(`invalid oauth provider`)
|
err = fmt.Errorf(`invalid oauth provider`)
|
||||||
}
|
}
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
log.Debug("Failed to process user info: ", err)
|
||||||
c.JSON(400, gin.H{"error": err.Error()})
|
c.JSON(400, gin.H{"error": err.Error()})
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
existingUser, err := db.Provider.GetUserByEmail(user.Email)
|
existingUser, err := db.Provider.GetUserByEmail(user.Email)
|
||||||
|
log := log.WithField("user", user.Email)
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableSignUp) {
|
if envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableSignUp) {
|
||||||
|
log.Debug("Failed to signup as disabled")
|
||||||
c.JSON(400, gin.H{"error": "signup is disabled for this instance"})
|
c.JSON(400, gin.H{"error": "signup is disabled for this instance"})
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
@ -86,6 +93,7 @@ func OAuthCallbackHandler() gin.HandlerFunc {
|
||||||
}
|
}
|
||||||
|
|
||||||
if hasProtectedRole {
|
if hasProtectedRole {
|
||||||
|
log.Debug("Invalid role")
|
||||||
c.JSON(400, gin.H{"error": "invalid role"})
|
c.JSON(400, gin.H{"error": "invalid role"})
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
@ -96,6 +104,7 @@ func OAuthCallbackHandler() gin.HandlerFunc {
|
||||||
user, _ = db.Provider.AddUser(user)
|
user, _ = db.Provider.AddUser(user)
|
||||||
} else {
|
} else {
|
||||||
if user.RevokedTimestamp != nil {
|
if user.RevokedTimestamp != nil {
|
||||||
|
log.Debug("User access revoked")
|
||||||
c.JSON(400, gin.H{"error": "user access has been revoked"})
|
c.JSON(400, gin.H{"error": "user access has been revoked"})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -137,6 +146,7 @@ func OAuthCallbackHandler() gin.HandlerFunc {
|
||||||
}
|
}
|
||||||
|
|
||||||
if hasProtectedRole {
|
if hasProtectedRole {
|
||||||
|
log.Debug("Invalid role. User is using protected unassigned role")
|
||||||
c.JSON(400, gin.H{"error": "invalid role"})
|
c.JSON(400, gin.H{"error": "invalid role"})
|
||||||
return
|
return
|
||||||
} else {
|
} else {
|
||||||
|
|
@ -148,6 +158,7 @@ func OAuthCallbackHandler() gin.HandlerFunc {
|
||||||
|
|
||||||
user, err = db.Provider.UpdateUser(user)
|
user, err = db.Provider.UpdateUser(user)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
log.Debug("Failed to update user: ", err)
|
||||||
c.JSON(500, gin.H{"error": err.Error()})
|
c.JSON(500, gin.H{"error": err.Error()})
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
@ -155,6 +166,7 @@ func OAuthCallbackHandler() gin.HandlerFunc {
|
||||||
|
|
||||||
authToken, err := token.CreateAuthToken(c, user, inputRoles, scopes)
|
authToken, err := token.CreateAuthToken(c, user, inputRoles, scopes)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
log.Debug("Failed to create auth token: ", err)
|
||||||
c.JSON(500, gin.H{"error": err.Error()})
|
c.JSON(500, gin.H{"error": err.Error()})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -194,6 +206,7 @@ func processGoogleUserInfo(code string) (models.User, error) {
|
||||||
ctx := context.Background()
|
ctx := context.Background()
|
||||||
oauth2Token, err := oauth.OAuthProviders.GoogleConfig.Exchange(ctx, code)
|
oauth2Token, err := oauth.OAuthProviders.GoogleConfig.Exchange(ctx, code)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
log.Debug("Failed to exchange code for token: ", err)
|
||||||
return user, fmt.Errorf("invalid google exchange code: %s", err.Error())
|
return user, fmt.Errorf("invalid google exchange code: %s", err.Error())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -202,16 +215,19 @@ func processGoogleUserInfo(code string) (models.User, error) {
|
||||||
// Extract the ID Token from OAuth2 token.
|
// Extract the ID Token from OAuth2 token.
|
||||||
rawIDToken, ok := oauth2Token.Extra("id_token").(string)
|
rawIDToken, ok := oauth2Token.Extra("id_token").(string)
|
||||||
if !ok {
|
if !ok {
|
||||||
|
log.Debug("Failed to extract ID Token from OAuth2 token.")
|
||||||
return user, fmt.Errorf("unable to extract id_token")
|
return user, fmt.Errorf("unable to extract id_token")
|
||||||
}
|
}
|
||||||
|
|
||||||
// Parse and verify ID Token payload.
|
// Parse and verify ID Token payload.
|
||||||
idToken, err := verifier.Verify(ctx, rawIDToken)
|
idToken, err := verifier.Verify(ctx, rawIDToken)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
log.Debug("Failed to verify ID Token: ", err)
|
||||||
return user, fmt.Errorf("unable to verify id_token: %s", err.Error())
|
return user, fmt.Errorf("unable to verify id_token: %s", err.Error())
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := idToken.Claims(&user); err != nil {
|
if err := idToken.Claims(&user); err != nil {
|
||||||
|
log.Debug("Failed to parse ID Token claims: ", err)
|
||||||
return user, fmt.Errorf("unable to extract claims")
|
return user, fmt.Errorf("unable to extract claims")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -222,11 +238,13 @@ func processGithubUserInfo(code string) (models.User, error) {
|
||||||
user := models.User{}
|
user := models.User{}
|
||||||
token, err := oauth.OAuthProviders.GithubConfig.Exchange(oauth2.NoContext, code)
|
token, err := oauth.OAuthProviders.GithubConfig.Exchange(oauth2.NoContext, code)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
log.Debug("Failed to exchange code for token:", err)
|
||||||
return user, fmt.Errorf("invalid github exchange code: %s", err.Error())
|
return user, fmt.Errorf("invalid github exchange code: %s", err.Error())
|
||||||
}
|
}
|
||||||
client := http.Client{}
|
client := http.Client{}
|
||||||
req, err := http.NewRequest("GET", constants.GithubUserInfoURL, nil)
|
req, err := http.NewRequest("GET", constants.GithubUserInfoURL, nil)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
log.Debug("Failed to create github user info request:", err)
|
||||||
return user, fmt.Errorf("error creating github user info request: %s", err.Error())
|
return user, fmt.Errorf("error creating github user info request: %s", err.Error())
|
||||||
}
|
}
|
||||||
req.Header = http.Header{
|
req.Header = http.Header{
|
||||||
|
|
@ -235,12 +253,14 @@ func processGithubUserInfo(code string) (models.User, error) {
|
||||||
|
|
||||||
response, err := client.Do(req)
|
response, err := client.Do(req)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
log.Debug("Failed to request github user info:", err)
|
||||||
return user, err
|
return user, err
|
||||||
}
|
}
|
||||||
|
|
||||||
defer response.Body.Close()
|
defer response.Body.Close()
|
||||||
body, err := ioutil.ReadAll(response.Body)
|
body, err := ioutil.ReadAll(response.Body)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
log.Debug("Failed to read github user info response body:", err)
|
||||||
return user, fmt.Errorf("failed to read github response body: %s", err.Error())
|
return user, fmt.Errorf("failed to read github response body: %s", err.Error())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -273,23 +293,26 @@ func processFacebookUserInfo(code string) (models.User, error) {
|
||||||
user := models.User{}
|
user := models.User{}
|
||||||
token, err := oauth.OAuthProviders.FacebookConfig.Exchange(oauth2.NoContext, code)
|
token, err := oauth.OAuthProviders.FacebookConfig.Exchange(oauth2.NoContext, code)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
log.Debug("Invalid facebook exchange code:", err)
|
||||||
return user, fmt.Errorf("invalid facebook exchange code: %s", err.Error())
|
return user, fmt.Errorf("invalid facebook exchange code: %s", err.Error())
|
||||||
}
|
}
|
||||||
client := http.Client{}
|
client := http.Client{}
|
||||||
req, err := http.NewRequest("GET", constants.FacebookUserInfoURL+token.AccessToken, nil)
|
req, err := http.NewRequest("GET", constants.FacebookUserInfoURL+token.AccessToken, nil)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
log.Debug("Error creating facebook user info request:", err)
|
||||||
return user, fmt.Errorf("error creating facebook user info request: %s", err.Error())
|
return user, fmt.Errorf("error creating facebook user info request: %s", err.Error())
|
||||||
}
|
}
|
||||||
|
|
||||||
response, err := client.Do(req)
|
response, err := client.Do(req)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Println("error processing facebook user info:", err)
|
log.Debug("Failed to process facebook user:", err)
|
||||||
return user, err
|
return user, err
|
||||||
}
|
}
|
||||||
|
|
||||||
defer response.Body.Close()
|
defer response.Body.Close()
|
||||||
body, err := ioutil.ReadAll(response.Body)
|
body, err := ioutil.ReadAll(response.Body)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
log.Debug("Failed to read facebook response:", err)
|
||||||
return user, fmt.Errorf("failed to read facebook response body: %s", err.Error())
|
return user, fmt.Errorf("failed to read facebook response body: %s", err.Error())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -4,12 +4,14 @@ import (
|
||||||
"net/http"
|
"net/http"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
|
"github.com/gin-gonic/gin"
|
||||||
|
log "github.com/sirupsen/logrus"
|
||||||
|
|
||||||
"github.com/authorizerdev/authorizer/server/constants"
|
"github.com/authorizerdev/authorizer/server/constants"
|
||||||
"github.com/authorizerdev/authorizer/server/envstore"
|
"github.com/authorizerdev/authorizer/server/envstore"
|
||||||
"github.com/authorizerdev/authorizer/server/oauth"
|
"github.com/authorizerdev/authorizer/server/oauth"
|
||||||
"github.com/authorizerdev/authorizer/server/sessionstore"
|
"github.com/authorizerdev/authorizer/server/sessionstore"
|
||||||
"github.com/authorizerdev/authorizer/server/utils"
|
"github.com/authorizerdev/authorizer/server/utils"
|
||||||
"github.com/gin-gonic/gin"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
// OAuthLoginHandler set host in the oauth state that is useful for redirecting to oauth_callback
|
// OAuthLoginHandler set host in the oauth state that is useful for redirecting to oauth_callback
|
||||||
|
|
@ -26,6 +28,7 @@ func OAuthLoginHandler() gin.HandlerFunc {
|
||||||
scopeString := strings.TrimSpace(c.Query("scope"))
|
scopeString := strings.TrimSpace(c.Query("scope"))
|
||||||
|
|
||||||
if redirectURI == "" {
|
if redirectURI == "" {
|
||||||
|
log.Debug("redirect_uri is empty")
|
||||||
c.JSON(400, gin.H{
|
c.JSON(400, gin.H{
|
||||||
"error": "invalid redirect uri",
|
"error": "invalid redirect uri",
|
||||||
})
|
})
|
||||||
|
|
@ -33,6 +36,7 @@ func OAuthLoginHandler() gin.HandlerFunc {
|
||||||
}
|
}
|
||||||
|
|
||||||
if state == "" {
|
if state == "" {
|
||||||
|
log.Debug("state is empty")
|
||||||
c.JSON(400, gin.H{
|
c.JSON(400, gin.H{
|
||||||
"error": "invalid state",
|
"error": "invalid state",
|
||||||
})
|
})
|
||||||
|
|
@ -53,6 +57,7 @@ func OAuthLoginHandler() gin.HandlerFunc {
|
||||||
// use protected roles verification for admin login only.
|
// use protected roles verification for admin login only.
|
||||||
// though if not associated with user, it will be rejected from oauth_callback
|
// though if not associated with user, it will be rejected from oauth_callback
|
||||||
if !utils.IsValidRoles(append([]string{}, append(envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyRoles), envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyProtectedRoles)...)...), rolesSplit) {
|
if !utils.IsValidRoles(append([]string{}, append(envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyRoles), envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyProtectedRoles)...)...), rolesSplit) {
|
||||||
|
log.Debug("Invalid roles: ", roles)
|
||||||
c.JSON(400, gin.H{
|
c.JSON(400, gin.H{
|
||||||
"error": "invalid role",
|
"error": "invalid role",
|
||||||
})
|
})
|
||||||
|
|
@ -69,6 +74,7 @@ func OAuthLoginHandler() gin.HandlerFunc {
|
||||||
switch provider {
|
switch provider {
|
||||||
case constants.SignupMethodGoogle:
|
case constants.SignupMethodGoogle:
|
||||||
if oauth.OAuthProviders.GoogleConfig == nil {
|
if oauth.OAuthProviders.GoogleConfig == nil {
|
||||||
|
log.Debug("Google OAuth provider is not configured")
|
||||||
isProviderConfigured = false
|
isProviderConfigured = false
|
||||||
break
|
break
|
||||||
}
|
}
|
||||||
|
|
@ -79,6 +85,7 @@ func OAuthLoginHandler() gin.HandlerFunc {
|
||||||
c.Redirect(http.StatusTemporaryRedirect, url)
|
c.Redirect(http.StatusTemporaryRedirect, url)
|
||||||
case constants.SignupMethodGithub:
|
case constants.SignupMethodGithub:
|
||||||
if oauth.OAuthProviders.GithubConfig == nil {
|
if oauth.OAuthProviders.GithubConfig == nil {
|
||||||
|
log.Debug("Github OAuth provider is not configured")
|
||||||
isProviderConfigured = false
|
isProviderConfigured = false
|
||||||
break
|
break
|
||||||
}
|
}
|
||||||
|
|
@ -88,6 +95,7 @@ func OAuthLoginHandler() gin.HandlerFunc {
|
||||||
c.Redirect(http.StatusTemporaryRedirect, url)
|
c.Redirect(http.StatusTemporaryRedirect, url)
|
||||||
case constants.SignupMethodFacebook:
|
case constants.SignupMethodFacebook:
|
||||||
if oauth.OAuthProviders.FacebookConfig == nil {
|
if oauth.OAuthProviders.FacebookConfig == nil {
|
||||||
|
log.Debug("Facebook OAuth provider is not configured")
|
||||||
isProviderConfigured = false
|
isProviderConfigured = false
|
||||||
break
|
break
|
||||||
}
|
}
|
||||||
|
|
@ -96,6 +104,7 @@ func OAuthLoginHandler() gin.HandlerFunc {
|
||||||
url := oauth.OAuthProviders.FacebookConfig.AuthCodeURL(oauthStateString)
|
url := oauth.OAuthProviders.FacebookConfig.AuthCodeURL(oauthStateString)
|
||||||
c.Redirect(http.StatusTemporaryRedirect, url)
|
c.Redirect(http.StatusTemporaryRedirect, url)
|
||||||
default:
|
default:
|
||||||
|
log.Debug("Invalid oauth provider: ", provider)
|
||||||
c.JSON(422, gin.H{
|
c.JSON(422, gin.H{
|
||||||
"message": "Invalid oauth provider",
|
"message": "Invalid oauth provider",
|
||||||
})
|
})
|
||||||
|
|
|
||||||
|
|
@ -4,10 +4,12 @@ import (
|
||||||
"net/http"
|
"net/http"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
|
"github.com/gin-gonic/gin"
|
||||||
|
log "github.com/sirupsen/logrus"
|
||||||
|
|
||||||
"github.com/authorizerdev/authorizer/server/constants"
|
"github.com/authorizerdev/authorizer/server/constants"
|
||||||
"github.com/authorizerdev/authorizer/server/envstore"
|
"github.com/authorizerdev/authorizer/server/envstore"
|
||||||
"github.com/authorizerdev/authorizer/server/sessionstore"
|
"github.com/authorizerdev/authorizer/server/sessionstore"
|
||||||
"github.com/gin-gonic/gin"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
// Revoke handler to revoke refresh token
|
// Revoke handler to revoke refresh token
|
||||||
|
|
@ -15,6 +17,7 @@ func RevokeHandler() gin.HandlerFunc {
|
||||||
return func(gc *gin.Context) {
|
return func(gc *gin.Context) {
|
||||||
var reqBody map[string]string
|
var reqBody map[string]string
|
||||||
if err := gc.BindJSON(&reqBody); err != nil {
|
if err := gc.BindJSON(&reqBody); err != nil {
|
||||||
|
log.Debug("Error binding JSON: ", err)
|
||||||
gc.JSON(http.StatusBadRequest, gin.H{
|
gc.JSON(http.StatusBadRequest, gin.H{
|
||||||
"error": "error_binding_json",
|
"error": "error_binding_json",
|
||||||
"error_description": err.Error(),
|
"error_description": err.Error(),
|
||||||
|
|
@ -26,6 +29,7 @@ func RevokeHandler() gin.HandlerFunc {
|
||||||
clientID := strings.TrimSpace(reqBody["client_id"])
|
clientID := strings.TrimSpace(reqBody["client_id"])
|
||||||
|
|
||||||
if clientID == "" {
|
if clientID == "" {
|
||||||
|
log.Debug("Client ID is empty")
|
||||||
gc.JSON(http.StatusBadRequest, gin.H{
|
gc.JSON(http.StatusBadRequest, gin.H{
|
||||||
"error": "client_id_required",
|
"error": "client_id_required",
|
||||||
"error_description": "The client id is required",
|
"error_description": "The client id is required",
|
||||||
|
|
@ -34,6 +38,7 @@ func RevokeHandler() gin.HandlerFunc {
|
||||||
}
|
}
|
||||||
|
|
||||||
if clientID != envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyClientID) {
|
if clientID != envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyClientID) {
|
||||||
|
log.Debug("Client ID is invalid")
|
||||||
gc.JSON(http.StatusBadRequest, gin.H{
|
gc.JSON(http.StatusBadRequest, gin.H{
|
||||||
"error": "invalid_client_id",
|
"error": "invalid_client_id",
|
||||||
"error_description": "The client id is invalid",
|
"error_description": "The client id is invalid",
|
||||||
|
|
|
||||||
|
|
@ -7,13 +7,15 @@ import (
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
"github.com/gin-gonic/gin"
|
||||||
|
log "github.com/sirupsen/logrus"
|
||||||
|
|
||||||
"github.com/authorizerdev/authorizer/server/constants"
|
"github.com/authorizerdev/authorizer/server/constants"
|
||||||
"github.com/authorizerdev/authorizer/server/cookie"
|
"github.com/authorizerdev/authorizer/server/cookie"
|
||||||
"github.com/authorizerdev/authorizer/server/db"
|
"github.com/authorizerdev/authorizer/server/db"
|
||||||
"github.com/authorizerdev/authorizer/server/envstore"
|
"github.com/authorizerdev/authorizer/server/envstore"
|
||||||
"github.com/authorizerdev/authorizer/server/sessionstore"
|
"github.com/authorizerdev/authorizer/server/sessionstore"
|
||||||
"github.com/authorizerdev/authorizer/server/token"
|
"github.com/authorizerdev/authorizer/server/token"
|
||||||
"github.com/gin-gonic/gin"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
// TokenHandler to handle /oauth/token requests
|
// TokenHandler to handle /oauth/token requests
|
||||||
|
|
@ -22,6 +24,7 @@ func TokenHandler() gin.HandlerFunc {
|
||||||
return func(gc *gin.Context) {
|
return func(gc *gin.Context) {
|
||||||
var reqBody map[string]string
|
var reqBody map[string]string
|
||||||
if err := gc.BindJSON(&reqBody); err != nil {
|
if err := gc.BindJSON(&reqBody); err != nil {
|
||||||
|
log.Debug("Error binding JSON: ", err)
|
||||||
gc.JSON(http.StatusBadRequest, gin.H{
|
gc.JSON(http.StatusBadRequest, gin.H{
|
||||||
"error": "error_binding_json",
|
"error": "error_binding_json",
|
||||||
"error_description": err.Error(),
|
"error_description": err.Error(),
|
||||||
|
|
@ -43,6 +46,7 @@ func TokenHandler() gin.HandlerFunc {
|
||||||
isAuthorizationCodeGrant := grantType == "authorization_code"
|
isAuthorizationCodeGrant := grantType == "authorization_code"
|
||||||
|
|
||||||
if !isRefreshTokenGrant && !isAuthorizationCodeGrant {
|
if !isRefreshTokenGrant && !isAuthorizationCodeGrant {
|
||||||
|
log.Debug("Invalid grant type")
|
||||||
gc.JSON(http.StatusBadRequest, gin.H{
|
gc.JSON(http.StatusBadRequest, gin.H{
|
||||||
"error": "invalid_grant_type",
|
"error": "invalid_grant_type",
|
||||||
"error_description": "grant_type is invalid",
|
"error_description": "grant_type is invalid",
|
||||||
|
|
@ -50,6 +54,7 @@ func TokenHandler() gin.HandlerFunc {
|
||||||
}
|
}
|
||||||
|
|
||||||
if clientID == "" {
|
if clientID == "" {
|
||||||
|
log.Debug("Client ID is empty")
|
||||||
gc.JSON(http.StatusBadRequest, gin.H{
|
gc.JSON(http.StatusBadRequest, gin.H{
|
||||||
"error": "client_id_required",
|
"error": "client_id_required",
|
||||||
"error_description": "The client id is required",
|
"error_description": "The client id is required",
|
||||||
|
|
@ -58,6 +63,7 @@ func TokenHandler() gin.HandlerFunc {
|
||||||
}
|
}
|
||||||
|
|
||||||
if clientID != envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyClientID) {
|
if clientID != envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyClientID) {
|
||||||
|
log.Debug("Client ID is invalid")
|
||||||
gc.JSON(http.StatusBadRequest, gin.H{
|
gc.JSON(http.StatusBadRequest, gin.H{
|
||||||
"error": "invalid_client_id",
|
"error": "invalid_client_id",
|
||||||
"error_description": "The client id is invalid",
|
"error_description": "The client id is invalid",
|
||||||
|
|
@ -70,6 +76,7 @@ func TokenHandler() gin.HandlerFunc {
|
||||||
if isAuthorizationCodeGrant {
|
if isAuthorizationCodeGrant {
|
||||||
|
|
||||||
if codeVerifier == "" {
|
if codeVerifier == "" {
|
||||||
|
log.Debug("Code verifier is empty")
|
||||||
gc.JSON(http.StatusBadRequest, gin.H{
|
gc.JSON(http.StatusBadRequest, gin.H{
|
||||||
"error": "invalid_code_verifier",
|
"error": "invalid_code_verifier",
|
||||||
"error_description": "The code verifier is required",
|
"error_description": "The code verifier is required",
|
||||||
|
|
@ -78,6 +85,7 @@ func TokenHandler() gin.HandlerFunc {
|
||||||
}
|
}
|
||||||
|
|
||||||
if code == "" {
|
if code == "" {
|
||||||
|
log.Debug("Code is empty")
|
||||||
gc.JSON(http.StatusBadRequest, gin.H{
|
gc.JSON(http.StatusBadRequest, gin.H{
|
||||||
"error": "invalid_code",
|
"error": "invalid_code",
|
||||||
"error_description": "The code is required",
|
"error_description": "The code is required",
|
||||||
|
|
@ -92,6 +100,7 @@ func TokenHandler() gin.HandlerFunc {
|
||||||
encryptedCode = strings.ReplaceAll(encryptedCode, "=", "")
|
encryptedCode = strings.ReplaceAll(encryptedCode, "=", "")
|
||||||
sessionData := sessionstore.GetState(encryptedCode)
|
sessionData := sessionstore.GetState(encryptedCode)
|
||||||
if sessionData == "" {
|
if sessionData == "" {
|
||||||
|
log.Debug("Invalid code verifier")
|
||||||
gc.JSON(http.StatusBadRequest, gin.H{
|
gc.JSON(http.StatusBadRequest, gin.H{
|
||||||
"error": "invalid_code_verifier",
|
"error": "invalid_code_verifier",
|
||||||
"error_description": "The code verifier is invalid",
|
"error_description": "The code verifier is invalid",
|
||||||
|
|
@ -104,6 +113,7 @@ func TokenHandler() gin.HandlerFunc {
|
||||||
sessionDataSplit := strings.Split(sessionData, "@")
|
sessionDataSplit := strings.Split(sessionData, "@")
|
||||||
|
|
||||||
if sessionDataSplit[0] != code {
|
if sessionDataSplit[0] != code {
|
||||||
|
log.Debug("Invalid code verifier.Unable to split session data")
|
||||||
gc.JSON(http.StatusBadRequest, gin.H{
|
gc.JSON(http.StatusBadRequest, gin.H{
|
||||||
"error": "invalid_code_verifier",
|
"error": "invalid_code_verifier",
|
||||||
"error_description": "The code verifier is invalid",
|
"error_description": "The code verifier is invalid",
|
||||||
|
|
@ -114,6 +124,7 @@ func TokenHandler() gin.HandlerFunc {
|
||||||
// validate session
|
// validate session
|
||||||
claims, err := token.ValidateBrowserSession(gc, sessionDataSplit[1])
|
claims, err := token.ValidateBrowserSession(gc, sessionDataSplit[1])
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
log.Debug("Error validating session: ", err)
|
||||||
gc.JSON(http.StatusUnauthorized, gin.H{
|
gc.JSON(http.StatusUnauthorized, gin.H{
|
||||||
"error": "unauthorized",
|
"error": "unauthorized",
|
||||||
"error_description": "Invalid session data",
|
"error_description": "Invalid session data",
|
||||||
|
|
@ -128,6 +139,7 @@ func TokenHandler() gin.HandlerFunc {
|
||||||
} else {
|
} else {
|
||||||
// validate refresh token
|
// validate refresh token
|
||||||
if refreshToken == "" {
|
if refreshToken == "" {
|
||||||
|
log.Debug("Refresh token is empty")
|
||||||
gc.JSON(http.StatusBadRequest, gin.H{
|
gc.JSON(http.StatusBadRequest, gin.H{
|
||||||
"error": "invalid_refresh_token",
|
"error": "invalid_refresh_token",
|
||||||
"error_description": "The refresh token is invalid",
|
"error_description": "The refresh token is invalid",
|
||||||
|
|
@ -136,6 +148,7 @@ func TokenHandler() gin.HandlerFunc {
|
||||||
|
|
||||||
claims, err := token.ValidateRefreshToken(gc, refreshToken)
|
claims, err := token.ValidateRefreshToken(gc, refreshToken)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
log.Debug("Error validating refresh token: ", err)
|
||||||
gc.JSON(http.StatusUnauthorized, gin.H{
|
gc.JSON(http.StatusUnauthorized, gin.H{
|
||||||
"error": "unauthorized",
|
"error": "unauthorized",
|
||||||
"error_description": err.Error(),
|
"error_description": err.Error(),
|
||||||
|
|
@ -156,6 +169,7 @@ func TokenHandler() gin.HandlerFunc {
|
||||||
|
|
||||||
user, err := db.Provider.GetUserByID(userID)
|
user, err := db.Provider.GetUserByID(userID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
log.Debug("Error getting user: ", err)
|
||||||
gc.JSON(http.StatusUnauthorized, gin.H{
|
gc.JSON(http.StatusUnauthorized, gin.H{
|
||||||
"error": "unauthorized",
|
"error": "unauthorized",
|
||||||
"error_description": "User not found",
|
"error_description": "User not found",
|
||||||
|
|
@ -165,6 +179,7 @@ func TokenHandler() gin.HandlerFunc {
|
||||||
|
|
||||||
authToken, err := token.CreateAuthToken(gc, user, roles, scope)
|
authToken, err := token.CreateAuthToken(gc, user, roles, scope)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
log.Debug("Error creating auth token: ", err)
|
||||||
gc.JSON(http.StatusUnauthorized, gin.H{
|
gc.JSON(http.StatusUnauthorized, gin.H{
|
||||||
"error": "unauthorized",
|
"error": "unauthorized",
|
||||||
"error_description": "User not found",
|
"error_description": "User not found",
|
||||||
|
|
|
||||||
|
|
@ -3,15 +3,18 @@ package handlers
|
||||||
import (
|
import (
|
||||||
"net/http"
|
"net/http"
|
||||||
|
|
||||||
|
"github.com/gin-gonic/gin"
|
||||||
|
log "github.com/sirupsen/logrus"
|
||||||
|
|
||||||
"github.com/authorizerdev/authorizer/server/db"
|
"github.com/authorizerdev/authorizer/server/db"
|
||||||
"github.com/authorizerdev/authorizer/server/token"
|
"github.com/authorizerdev/authorizer/server/token"
|
||||||
"github.com/gin-gonic/gin"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
func UserInfoHandler() gin.HandlerFunc {
|
func UserInfoHandler() gin.HandlerFunc {
|
||||||
return func(gc *gin.Context) {
|
return func(gc *gin.Context) {
|
||||||
accessToken, err := token.GetAccessToken(gc)
|
accessToken, err := token.GetAccessToken(gc)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
log.Debug("Error getting access token: ", err)
|
||||||
gc.JSON(http.StatusUnauthorized, gin.H{
|
gc.JSON(http.StatusUnauthorized, gin.H{
|
||||||
"error": err.Error(),
|
"error": err.Error(),
|
||||||
})
|
})
|
||||||
|
|
@ -20,6 +23,7 @@ func UserInfoHandler() gin.HandlerFunc {
|
||||||
|
|
||||||
claims, err := token.ValidateAccessToken(gc, accessToken)
|
claims, err := token.ValidateAccessToken(gc, accessToken)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
log.Debug("Error validating access token: ", err)
|
||||||
gc.JSON(http.StatusUnauthorized, gin.H{
|
gc.JSON(http.StatusUnauthorized, gin.H{
|
||||||
"error": err.Error(),
|
"error": err.Error(),
|
||||||
})
|
})
|
||||||
|
|
@ -29,6 +33,7 @@ func UserInfoHandler() gin.HandlerFunc {
|
||||||
userID := claims["sub"].(string)
|
userID := claims["sub"].(string)
|
||||||
user, err := db.Provider.GetUserByID(userID)
|
user, err := db.Provider.GetUserByID(userID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
log.Debug("Error getting user: ", err)
|
||||||
gc.JSON(http.StatusUnauthorized, gin.H{
|
gc.JSON(http.StatusUnauthorized, gin.H{
|
||||||
"error": err.Error(),
|
"error": err.Error(),
|
||||||
})
|
})
|
||||||
|
|
|
||||||
|
|
@ -6,13 +6,15 @@ import (
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
"github.com/gin-gonic/gin"
|
||||||
|
log "github.com/sirupsen/logrus"
|
||||||
|
|
||||||
"github.com/authorizerdev/authorizer/server/cookie"
|
"github.com/authorizerdev/authorizer/server/cookie"
|
||||||
"github.com/authorizerdev/authorizer/server/db"
|
"github.com/authorizerdev/authorizer/server/db"
|
||||||
"github.com/authorizerdev/authorizer/server/db/models"
|
"github.com/authorizerdev/authorizer/server/db/models"
|
||||||
"github.com/authorizerdev/authorizer/server/sessionstore"
|
"github.com/authorizerdev/authorizer/server/sessionstore"
|
||||||
"github.com/authorizerdev/authorizer/server/token"
|
"github.com/authorizerdev/authorizer/server/token"
|
||||||
"github.com/authorizerdev/authorizer/server/utils"
|
"github.com/authorizerdev/authorizer/server/utils"
|
||||||
"github.com/gin-gonic/gin"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
// VerifyEmailHandler handles the verify email route.
|
// VerifyEmailHandler handles the verify email route.
|
||||||
|
|
@ -24,12 +26,14 @@ func VerifyEmailHandler() gin.HandlerFunc {
|
||||||
}
|
}
|
||||||
tokenInQuery := c.Query("token")
|
tokenInQuery := c.Query("token")
|
||||||
if tokenInQuery == "" {
|
if tokenInQuery == "" {
|
||||||
|
log.Debug("Token is empty")
|
||||||
c.JSON(400, errorRes)
|
c.JSON(400, errorRes)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
verificationRequest, err := db.Provider.GetVerificationRequestByToken(tokenInQuery)
|
verificationRequest, err := db.Provider.GetVerificationRequestByToken(tokenInQuery)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
log.Debug("Error getting verification request: ", err)
|
||||||
errorRes["error_description"] = err.Error()
|
errorRes["error_description"] = err.Error()
|
||||||
c.JSON(400, errorRes)
|
c.JSON(400, errorRes)
|
||||||
return
|
return
|
||||||
|
|
@ -39,6 +43,7 @@ func VerifyEmailHandler() gin.HandlerFunc {
|
||||||
hostname := utils.GetHost(c)
|
hostname := utils.GetHost(c)
|
||||||
claim, err := token.ParseJWTToken(tokenInQuery, hostname, verificationRequest.Nonce, verificationRequest.Email)
|
claim, err := token.ParseJWTToken(tokenInQuery, hostname, verificationRequest.Nonce, verificationRequest.Email)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
log.Debug("Error parsing token: ", err)
|
||||||
errorRes["error_description"] = err.Error()
|
errorRes["error_description"] = err.Error()
|
||||||
c.JSON(400, errorRes)
|
c.JSON(400, errorRes)
|
||||||
return
|
return
|
||||||
|
|
@ -46,6 +51,7 @@ func VerifyEmailHandler() gin.HandlerFunc {
|
||||||
|
|
||||||
user, err := db.Provider.GetUserByEmail(claim["sub"].(string))
|
user, err := db.Provider.GetUserByEmail(claim["sub"].(string))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
log.Debug("Error getting user: ", err)
|
||||||
errorRes["error_description"] = err.Error()
|
errorRes["error_description"] = err.Error()
|
||||||
c.JSON(400, errorRes)
|
c.JSON(400, errorRes)
|
||||||
return
|
return
|
||||||
|
|
@ -79,6 +85,7 @@ func VerifyEmailHandler() gin.HandlerFunc {
|
||||||
}
|
}
|
||||||
authToken, err := token.CreateAuthToken(c, user, roles, scope)
|
authToken, err := token.CreateAuthToken(c, user, roles, scope)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
log.Debug("Error creating auth token: ", err)
|
||||||
errorRes["error_description"] = err.Error()
|
errorRes["error_description"] = err.Error()
|
||||||
c.JSON(500, errorRes)
|
c.JSON(500, errorRes)
|
||||||
return
|
return
|
||||||
|
|
|
||||||
|
|
@ -23,7 +23,7 @@ func (fn GinLogWriteFunc) Write(data []byte) (int, error) {
|
||||||
// NewGinLogrusWrite logrus writer for gin
|
// NewGinLogrusWrite logrus writer for gin
|
||||||
func NewGinLogrusWrite() io.Writer {
|
func NewGinLogrusWrite() io.Writer {
|
||||||
return GinLogWriteFunc(func(data []byte) (int, error) {
|
return GinLogWriteFunc(func(data []byte) (int, error) {
|
||||||
log.Debugf("%s", data)
|
log.Info("%s", data)
|
||||||
return 0, nil
|
return 0, nil
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -3,7 +3,8 @@ package resolvers
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"fmt"
|
"fmt"
|
||||||
"log"
|
|
||||||
|
log "github.com/sirupsen/logrus"
|
||||||
|
|
||||||
"github.com/authorizerdev/authorizer/server/db"
|
"github.com/authorizerdev/authorizer/server/db"
|
||||||
"github.com/authorizerdev/authorizer/server/graph/model"
|
"github.com/authorizerdev/authorizer/server/graph/model"
|
||||||
|
|
@ -33,7 +34,7 @@ func DeleteUserResolver(ctx context.Context, params model.DeleteUserInput) (*mod
|
||||||
|
|
||||||
err = db.Provider.DeleteUser(user)
|
err = db.Provider.DeleteUser(user)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Println("error deleting user:", err)
|
log.Debug("Failed Deleting User:", err)
|
||||||
return res, err
|
return res, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user