/
link_helpers.go
99 lines (82 loc) · 2.28 KB
/
link_helpers.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
package utils
import (
"encoding/json"
"io/ioutil"
"log"
"net/http"
"net/url"
"time"
"github.com/aws/aws-sdk-go/service/sts"
"github.com/YashdalfTheGray/federator/constants"
)
// GetSessionString returns a JSON.stringified representation of
// the session object
func GetSessionString(creds *sts.AssumeRoleOutput) string {
session := struct {
SessionID string `json:"sessionId"`
SessionKey string `json:"sessionKey"`
SessionToken string `json:"sessionToken"`
}{
SessionID: *creds.Credentials.AccessKeyId,
SessionKey: *creds.Credentials.SecretAccessKey,
SessionToken: *creds.Credentials.SessionToken,
}
sessionStr, err := json.Marshal(session)
if err != nil {
log.Fatalln(err.Error())
}
return string(sessionStr)
}
// GetSigninTokenURL builds a url.URL object using the particulars from the
// session string and the federation URL
func GetSigninTokenURL(creds *sts.AssumeRoleOutput) url.URL {
u, err := url.Parse(constants.FederationEndpoint)
if err != nil {
log.Fatalln(err.Error())
}
q := u.Query()
q.Set("Action", "getSigninToken")
q.Set("SessionDuration", "3600")
q.Set("Session", GetSessionString(creds))
u.RawQuery = q.Encode()
return *u
}
// GetSigninToken uses the signin URL and calls it to get the user a signin
// token
func GetSigninToken(signinURL url.URL) (string, error) {
var signinResponse struct {
SigninToken string `json:"SigninToken"`
}
client := &http.Client{
Timeout: time.Second * 10,
}
resp, signinReqErr := client.Get(signinURL.String())
if signinReqErr != nil {
return "", signinReqErr
}
defer resp.Body.Close()
body, readBodyErr := ioutil.ReadAll(resp.Body)
if readBodyErr != nil {
return "", readBodyErr
}
unmarshalErr := json.Unmarshal(body, &signinResponse)
if unmarshalErr != nil {
return "", unmarshalErr
}
return signinResponse.SigninToken, nil
}
// GetLoginURL builds the console login URL after all of the federation is
// done and returns the URL object
func GetLoginURL(signinToken, issuerURL, destinationURL string) url.URL {
u, err := url.Parse(constants.FederationEndpoint)
if err != nil {
log.Fatalln(err.Error())
}
q := u.Query()
q.Set("Action", "login")
q.Set("Issuer", issuerURL)
q.Set("Destination", destinationURL)
q.Set("SigninToken", signinToken)
u.RawQuery = q.Encode()
return *u
}