feat: login wall (#42)
* feat: add login-wall app * fix: rename vars * fix: rename vars * update docker file * add validations for app state * add host check for app * fix: docker file
This commit is contained in:
Lakhan Samani
87
server/handlers/app.go
Normal file
87
server/handlers/app.go
Normal file
@@ -0,0 +1,87 @@
|
||||
package handlers
|
||||
|
||||
import (
|
||||
"encoding/base64"
|
||||
"encoding/json"
|
||||
"log"
|
||||
"net/http"
|
||||
|
||||
"github.com/authorizerdev/authorizer/server/utils"
|
||||
"github.com/gin-gonic/gin"
|
||||
)
|
||||
|
||||
type State struct {
|
||||
AuthorizerURL string `json:"authorizerURL"`
|
||||
RedirectURL string `json:"redirectURL"`
|
||||
}
|
||||
|
||||
func AppHandler() gin.HandlerFunc {
|
||||
return func(c *gin.Context) {
|
||||
host := "http://" + c.Request.Host
|
||||
state := c.Query("state")
|
||||
var stateObj State
|
||||
|
||||
if state == "" {
|
||||
cookie, err := utils.GetAuthToken(c)
|
||||
log.Println(`cookie`, cookie)
|
||||
if err != nil {
|
||||
c.JSON(400, gin.H{"error": "invalid state"})
|
||||
return
|
||||
}
|
||||
|
||||
stateObj.AuthorizerURL = host
|
||||
stateObj.RedirectURL = host + "/app"
|
||||
|
||||
} else {
|
||||
decodedState, err := base64.StdEncoding.DecodeString(state)
|
||||
if err != nil {
|
||||
c.JSON(400, gin.H{"error": "[unable to decode state] invalid state"})
|
||||
return
|
||||
}
|
||||
|
||||
err = json.Unmarshal(decodedState, &stateObj)
|
||||
if err != nil {
|
||||
c.JSON(400, gin.H{"error": "[unable to parse state] invalid state"})
|
||||
return
|
||||
}
|
||||
|
||||
// validate redirect url with allowed origins
|
||||
if !utils.IsValidRedirectURL(stateObj.RedirectURL) {
|
||||
c.JSON(400, gin.H{"error": "invalid redirect url"})
|
||||
return
|
||||
}
|
||||
|
||||
if stateObj.AuthorizerURL == "" {
|
||||
c.JSON(400, gin.H{"error": "invalid authorizer url"})
|
||||
return
|
||||
}
|
||||
|
||||
// validate host and domain of authorizer url
|
||||
if utils.GetDomainName(stateObj.AuthorizerURL) != utils.GetDomainName(host) {
|
||||
c.JSON(400, gin.H{"error": "invalid host url"})
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
log.Println(gin.H{
|
||||
"data": map[string]string{
|
||||
"authorizerURL": "http://" + stateObj.AuthorizerURL,
|
||||
"redirectURL": stateObj.RedirectURL,
|
||||
},
|
||||
})
|
||||
|
||||
// debug the request state
|
||||
if pusher := c.Writer.Pusher(); pusher != nil {
|
||||
// use pusher.Push() to do server push
|
||||
if err := pusher.Push("/app/build/bundle.js", nil); err != nil {
|
||||
log.Printf("Failed to push: %v", err)
|
||||
}
|
||||
}
|
||||
c.HTML(http.StatusOK, "app.tmpl", gin.H{
|
||||
"data": map[string]string{
|
||||
"authorizerURL": stateObj.AuthorizerURL,
|
||||
"redirectURL": stateObj.RedirectURL,
|
||||
},
|
||||
})
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user