feat: add login endpoint handler

FireBlinkLTD · Nov 8, 2023 · 9e4d419 · 9e4d419
1 parent 6f08c0d
commit 9e4d419
Show file tree

Hide file tree

Showing 9 changed files with 64 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -23,8 +23,9 @@ In addition upon every login, logout or token refresh action prxi-openid-connect
 - `HOST_URL` - Public facing Host URL
 - `PROXY_REQUEST_TIMEOUT` - [optional] timeout for the proxy requests (default value: `30000`, 30s)
 - `UPSTREAM_URL` - the upstream host URL (default value: none)
-- `HEALTH_PATH` - [optional] health check api PATH (default value: `/_prxi_/health`)
-- `LOGOUT_PATH` - [optional] end session/logout PATH (default value: `/_prxi_/logout`)
+- `HEALTH_PATH` - [optional] health check api path (default value: `/_prxi_/health`)
+- `LOGOIN_PATH` - [optional] end login endpoint path (default value: `/_prxi_/login`)
+- `LOGOUT_PATH` - [optional] end session/logout path (default value: `/_prxi_/logout`)
 - `LOG_LEVEL` - [optional] log level (default value: `info`)
 - `LOG_FILE` - [optional] log file path (default value: `/prxi/logs/prxi-openid-connect.log`)
 - `LOG_FILE_SIZE` - [optional] maximum log file size (default value: `10M`)

diff --git a/bin/0-init-keycloak.sh b/bin/0-init-keycloak.sh
@@ -6,7 +6,7 @@
 
 source ../.env
 
-KC_CONTAINER_NAME=keycloak
+KC_CONTAINER_NAME=prixi-openidc-keycloak
 KC_USERNAME=admin
 KC_PASSWORD=admin
 KC_SERVER_ADDRESS=http://localhost:8080

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -1,7 +1,7 @@
 version: '3'
 services:
   keycloak:
-    container_name: keycloak
+    container_name: prixi-openidc-keycloak
     image: quay.io/keycloak/keycloak:22.0.1
     environment:
       KEYCLOAK_ADMIN: admin

diff --git a/src/Server.ts b/src/Server.ts
@@ -14,6 +14,7 @@ import { errorHandler } from './handlers/ErrorHandler';
 import { OpenIDUtils } from './utils/OpenIDUtils';
 import { E404Handler } from './handlers/E404Handler';
 import { LogoutHandler } from './handlers/LogoutHandler';
+import { LoginHandler } from './handlers/LoginHandler';
 
 // Prepare logger
 
@@ -44,6 +45,7 @@ export const start = async (): Promise<Prxi> => {
         target: config.upstream,
         requestHandlers: [
           HealthHandler,
+          new LoginHandler(),
           new LogoutHandler(),
           CallbackHandler,
           new ProxyHandler(),

diff --git a/src/config/Config.ts b/src/config/Config.ts
@@ -9,6 +9,7 @@ export interface Config {
 
   healthPath: string;
   logoutPath: string;
+  loginPath: string;
 
   hostURL: string;
   openid: {

diff --git a/src/config/getConfig.ts b/src/config/getConfig.ts
@@ -19,6 +19,7 @@ export const getConfig = () => {
 
       healthPath: process.env.HEALTH_PATH || '/_prxi_/health',
       logoutPath: process.env.LOGOUT_PATH || '/_prxi_/logout',
+      loginPath: process.env.LOGIN_PATH || '/_prxi_/login',
 
       hostURL: process.env.HOST_URL,
       openid: {

diff --git a/src/handlers/CallbackHandler.ts b/src/handlers/CallbackHandler.ts
@@ -5,6 +5,7 @@ import { sendErrorResponse, sendRedirect, setAuthCookies } from "../utils/Respon
 import { OpenIDUtils } from "../utils/OpenIDUtils";
 import { parse } from "cookie";
 import getLogger from "../Logger";
+import { RequestUtils } from "../utils/RequestUtils";
 
 export const CallbackHandler: RequestHandlerConfig = {
   isMatching: (method: HttpMethod, path: string) => {
@@ -16,7 +17,7 @@ export const CallbackHandler: RequestHandlerConfig = {
     let tokens = await OpenIDUtils.exchangeCode(req);
     let metaToken: string;
 
-    const cookies = parse(req.headers.cookie);
+    const cookies = RequestUtils.getCookies(req);
     const originalPath = cookies[getConfig().cookies.names.originalPath] || '/';
 
     // login webhook handler (if any)

diff --git a/src/handlers/LoginHandler.ts b/src/handlers/LoginHandler.ts
@@ -0,0 +1,33 @@
+import { IncomingMessage, ServerResponse } from "http";
+import { HttpMethod, ProxyRequest, RequestHandlerConfig } from "prxi";
+import { getConfig } from "../config/getConfig";
+import { invalidateAuthCookies, sendRedirect } from "../utils/ResponseUtils";
+import { OpenIDUtils } from "../utils/OpenIDUtils";
+import { Logger } from "pino";
+import getLogger from "../Logger";
+import { JwtPayload, verify } from "jsonwebtoken";
+import { RequestUtils } from "../utils/RequestUtils";
+
+export class LoginHandler implements RequestHandlerConfig {
+  private logger: Logger;
+
+  constructor() {
+    this.logger = getLogger('LoginHandler')
+  }
+
+  /**
+   * @inheritdoc
+   */
+  public isMatching(method: HttpMethod, path: string): boolean {
+    return method === 'GET' && path === getConfig().loginPath;
+  }
+
+  /**
+   * @inheritdoc
+   */
+  public async handle(req: IncomingMessage, res: ServerResponse, proxyRequest: ProxyRequest): Promise<void> {
+    this.logger.info('Handle login request');
+
+    await sendRedirect(res, OpenIDUtils.getAuthorizationUrl());
+  }
+}
diff --git a/test/LoginHandler.suite.ts b/test/LoginHandler.suite.ts
@@ -0,0 +1,20 @@
+import { suite, test } from "@testdeck/mocha";
+import { BaseSuite } from "./Base.suite";
+import { getConfig } from "../src/config/getConfig";
+import { strictEqual } from "assert";
+
+@suite()
+export class LoginHandlerSuite extends BaseSuite {
+  @test()
+  async login() {
+    const uri = '/api/test?q=str';
+    await this.withNewPage(getConfig().hostURL + getConfig().loginPath, async (page) => {
+      await this.loginOnKeycloak(page);
+
+      // make sure we can access the resource
+      await this.navigate(page, getConfig().hostURL + uri);
+      const json = await this.getJsonFromPage(page);
+      strictEqual(json.http.originalUrl, uri);
+    });
+  }
+}