-
-
Notifications
You must be signed in to change notification settings - Fork 17
/
httpApi.go
119 lines (107 loc) · 3.74 KB
/
httpApi.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
package service
import (
"context"
"crypto/ecdsa"
"crypto/rsa"
"crypto/x509"
"fmt"
"net/http"
"time"
"github.com/google/uuid"
router "github.com/gorilla/mux"
"github.com/lestrrat-go/jwx/v2/jwa"
"github.com/lestrrat-go/jwx/v2/jwk"
"github.com/plgd-dev/go-coap/v3/pkg/cache"
"github.com/plgd-dev/go-coap/v3/pkg/runner/periodic"
"github.com/plgd-dev/hub/v2/pkg/log"
kitHttp "github.com/plgd-dev/hub/v2/pkg/net/http"
"github.com/plgd-dev/hub/v2/test/oauth-server/uri"
)
// RequestHandler for handling incoming request
type RequestHandler struct {
config *Config
authSession *cache.Cache[string, authorizedSession]
authRestriction *cache.Cache[string, struct{}]
idTokenKey *rsa.PrivateKey
idTokenJwkKey jwk.Key
accessTokenKey interface{}
accessTokenJwkKey jwk.Key
refreshRestriction *cache.Cache[string, struct{}]
}
func createJwkKey(privateKey interface{}) (jwk.Key, error) {
var alg string
var publicKey interface{}
var publicKeyPtr any
switch v := privateKey.(type) {
case *rsa.PrivateKey:
alg = jwa.RS256.String()
publicKey = v.PublicKey
publicKeyPtr = &v.PublicKey
case *ecdsa.PrivateKey:
alg = jwa.ES256.String()
publicKey = v.PublicKey
publicKeyPtr = &v.PublicKey
}
jwkKey, err := jwk.FromRaw(publicKey)
if err != nil {
return nil, fmt.Errorf("failed to create jwk: %w", err)
}
data, err := x509.MarshalPKIXPublicKey(publicKeyPtr)
if err != nil {
return nil, fmt.Errorf("cannot marshal public key: %w", err)
}
if err = jwkKey.Set(jwk.KeyIDKey, uuid.NewSHA1(uuid.NameSpaceX500, data).String()); err != nil {
return nil, setKeyError(jwk.KeyIDKey, err)
}
if err = jwkKey.Set(jwk.AlgorithmKey, alg); err != nil {
return nil, setKeyError(jwk.AlgorithmKey, err)
}
return jwkKey, nil
}
// NewRequestHandler factory for new RequestHandler
func NewRequestHandler(ctx context.Context, config *Config, idTokenKey *rsa.PrivateKey, accessTokenKey interface{}) (*RequestHandler, error) {
idTokenJwkKey, err := createJwkKey(idTokenKey)
if err != nil {
return nil, fmt.Errorf("cannot create jwk for idToken: %w", err)
}
accessTokenJwkKey, err := createJwkKey(accessTokenKey)
if err != nil {
return nil, fmt.Errorf("cannot create jwk for idToken: %w", err)
}
authSession := cache.NewCache[string, authorizedSession]()
authRestriction := cache.NewCache[string, struct{}]()
refreshRestriction := cache.NewCache[string, struct{}]()
add := periodic.New(ctx.Done(), time.Second*5)
add(func(now time.Time) bool {
authSession.CheckExpirations(now)
authRestriction.CheckExpirations(now)
refreshRestriction.CheckExpirations(now)
return true
})
return &RequestHandler{
config: config,
authSession: authSession,
authRestriction: authRestriction,
idTokenKey: idTokenKey,
idTokenJwkKey: idTokenJwkKey,
accessTokenJwkKey: accessTokenJwkKey,
accessTokenKey: accessTokenKey,
refreshRestriction: refreshRestriction,
}, nil
}
// NewHTTP returns HTTP handler
func NewHTTP(requestHandler *RequestHandler, logger log.Logger) http.Handler {
r := router.NewRouter()
r.Use(kitHttp.CreateLoggingMiddleware(kitHttp.WithLogger(logger)))
r.StrictSlash(true)
// get JWKs
r.HandleFunc(uri.JWKs, requestHandler.getJWKs).Methods(http.MethodGet)
r.HandleFunc(uri.OpenIDConfiguration, requestHandler.getOpenIDConfiguration).Methods(http.MethodGet)
r.HandleFunc(uri.Authorize, requestHandler.authorize)
r.HandleFunc(uri.Token, requestHandler.tokenOptions).Methods(http.MethodOptions)
r.HandleFunc(uri.Token, requestHandler.postToken).Methods(http.MethodPost)
r.HandleFunc(uri.Token, requestHandler.getToken).Methods(http.MethodGet)
r.HandleFunc(uri.UserInfo, requestHandler.getUserInfo).Methods(http.MethodGet)
r.HandleFunc(uri.LogOut, requestHandler.logOut)
return r
}