generated from fluffy-bunny/fluffycore-grpc-starterkit
-
Notifications
You must be signed in to change notification settings - Fork 0
/
auth.go
96 lines (87 loc) · 3.58 KB
/
auth.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
package oidcserver
import (
"fmt"
"net/http"
di "github.com/fluffy-bunny/fluffy-dozm-di"
wellknown_echo "github.com/fluffy-bunny/fluffycore-rage-identity/pkg/wellknown/echo"
fluffycore_contracts_common "github.com/fluffy-bunny/fluffycore/contracts/common"
fluffycore_echo_wellknown "github.com/fluffy-bunny/fluffycore/echo/wellknown"
echo "github.com/labstack/echo/v4"
)
type (
AuthPath struct {
Path string `json:"path"`
}
)
var requiresNoAuthPaths map[string]bool
// everything requries auth unless otherwise documented here.
// -- this is a list of paths that do not require auth
func RequiresNoAuth() map[string]bool {
// needs to be a func as some of these are configured in.
if requiresNoAuthPaths == nil {
requiresNoAuthPaths = map[string]bool{
wellknown_echo.StaticPath: true,
wellknown_echo.AboutPath: true,
wellknown_echo.AccountCallbackPath: true,
wellknown_echo.ErrorPath: true,
wellknown_echo.ExternalIDPPath: true,
wellknown_echo.ForgotPasswordPath: true,
wellknown_echo.HealthzPath: true,
wellknown_echo.HomePath: true,
wellknown_echo.LoginPath: true,
wellknown_echo.LogoutPath: true,
wellknown_echo.OAuth2CallbackPath: true,
wellknown_echo.OAuth2TokenEndpointPath: true,
wellknown_echo.OIDCAuthorizationEndpointPath: true,
wellknown_echo.OIDCLoginPath: true,
wellknown_echo.OIDCLoginPasskeyPath: true,
wellknown_echo.OIDCLoginPasswordPath: true,
wellknown_echo.OIDCLoginTOTPPath: true,
wellknown_echo.PasswordResetPath: true,
wellknown_echo.ReadyPath: true,
wellknown_echo.SignupPath: true,
wellknown_echo.SwaggerPath: true,
wellknown_echo.UserInfoPath: true,
wellknown_echo.VerifyCodePath: true,
wellknown_echo.WellKnownJWKS: true,
wellknown_echo.WellKnownOpenIDCOnfiguationPath: true,
// WebAuthN Registrationhandlers: Must be authenticated
//----------------------------------------------------
// wellknown_echo.WebAuthN_Register_Begin: true,
// wellknown_echo.WebAuthN_Register_Finish: true,
// WebAuthN Loginhandlers: Must NOT be authenticated
//----------------------------------------------------
wellknown_echo.WebAuthN_Login_Begin: true,
wellknown_echo.WebAuthN_Login_Finish: true,
}
}
return requiresNoAuthPaths
}
// EnsureAuth ...
func EnsureAuth(_ di.Container) echo.MiddlewareFunc {
return func(next echo.HandlerFunc) echo.HandlerFunc {
return func(c echo.Context) error {
// get path
path := c.Path()
//ctx := c.Request().Context()
subContainer, ok := c.Get(fluffycore_echo_wellknown.SCOPED_CONTAINER_KEY).(di.Container)
if !ok {
return next(c)
}
if _, ok := RequiresNoAuth()[path]; ok {
return next(c)
}
claimsPrincipal := di.Get[fluffycore_contracts_common.IClaimsPrincipal](subContainer)
isAuthenticated := claimsPrincipal.HasClaim(fluffycore_contracts_common.Claim{
Type: fluffycore_echo_wellknown.ClaimTypeAuthenticated,
Value: "true",
})
if isAuthenticated {
return next(c)
}
// redirect to root
redirectUrl := fmt.Sprintf("%s?returnUrl=%s", wellknown_echo.LoginPath, path)
return c.Redirect(http.StatusFound, redirectUrl)
}
}
}