-
Notifications
You must be signed in to change notification settings - Fork 11
/
handler.go
120 lines (103 loc) · 3.22 KB
/
handler.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
package gocloakecho
import (
"errors"
"net/http"
"github.com/Nerzal/gocloak/v4"
)
// AuthenticationHandler is used to authenticate with the api
type AuthenticationHandler interface {
AuthenticateClient(Authenticate) (*JWT, error)
AuthenticateUser(Authenticate) (*JWT, error)
RefreshToken(Refresh) (*JWT, error)
}
type authenticationHandler struct {
gocloak gocloak.GoCloak
realm *string
}
// NewAuthenticationHandler instantiates a new AuthenticationHandler
// Setting realm is optional
//noinspection GoUnusedExportedFunction
func NewAuthenticationHandler(gocloak gocloak.GoCloak, realm *string) AuthenticationHandler {
return &authenticationHandler{
gocloak: gocloak,
realm: realm,
}
}
func (handler *authenticationHandler) AuthenticateClient(requestData Authenticate) (*JWT, error) {
realm := requestData.Realm
if realm == "" {
realm = *handler.realm
}
response, err := handler.gocloak.LoginClient(requestData.ClientID, requestData.ClientSecret, realm)
if err != nil {
return nil, gocloak.APIError{
Code: 403,
Message: err.Error(),
}
}
if response.AccessToken == "" {
return nil, errors.New("authentication failed")
}
return &JWT{
AccessToken: response.AccessToken,
ExpiresIn: response.ExpiresIn,
NotBeforePolicy: response.NotBeforePolicy,
RefreshExpiresIn: response.RefreshExpiresIn,
RefreshToken: response.RefreshToken,
Scope: response.Scope,
SessionState: response.SessionState,
TokenType: response.TokenType,
}, nil
}
func (handler *authenticationHandler) AuthenticateUser(requestData Authenticate) (*JWT, error) {
realm := requestData.Realm
if realm == "" {
realm = *handler.realm
}
response, err := handler.gocloak.Login(requestData.ClientID, requestData.ClientSecret, realm, *requestData.UserName, *requestData.Password)
if err != nil {
return nil, gocloak.APIError{
Code: http.StatusForbidden,
Message: err.Error(),
}
}
if response.AccessToken == "" {
return nil, errors.New("authentication failed")
}
return &JWT{
AccessToken: response.AccessToken,
ExpiresIn: response.ExpiresIn,
NotBeforePolicy: response.NotBeforePolicy,
RefreshExpiresIn: response.RefreshExpiresIn,
RefreshToken: response.RefreshToken,
Scope: response.Scope,
SessionState: response.SessionState,
TokenType: response.TokenType,
}, nil
}
func (handler *authenticationHandler) RefreshToken(requestData Refresh) (*JWT, error) {
realm := requestData.Realm
if realm == "" {
realm = *handler.realm
}
response, err := handler.gocloak.RefreshToken(requestData.RefreshToken, requestData.ClientID, requestData.ClientSecret, requestData.Realm)
if err != nil {
return nil, gocloak.APIError{
Code: http.StatusForbidden,
Message: "Failed to refresh token",
}
}
if response.AccessToken == "" {
return nil, errors.New("authentication failed")
}
return &JWT{
AccessToken: response.AccessToken,
ExpiresIn: response.ExpiresIn,
NotBeforePolicy: response.NotBeforePolicy,
RefreshExpiresIn: response.RefreshExpiresIn,
RefreshToken: response.RefreshToken,
Scope: response.Scope,
SessionState: response.SessionState,
TokenType: response.TokenType,
}, nil
}