fix: allow separate auth server ui domain

reearth · Apr 8, 2022 · 0ce79ff · 0ce79ff
1 parent e96f78a
commit 0ce79ff
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 12 deletions.
diff --git a/internal/app/auth_server.go b/internal/app/auth_server.go
@@ -36,6 +36,8 @@ func authEndPoints(ctx context.Context, e *echo.Echo, r *echo.Group, cfg *Server
 	}
 	domain.Path = "/"
 
+	uidomain := cfg.Config.AuthServeUIDomainURL()
+
 	config := &op.Config{
 		Issuer:                domain.String(),
 		CryptoKey:             sha256.Sum256([]byte(cfg.Config.AuthSrv.Key)),
@@ -92,7 +94,7 @@ func authEndPoints(ctx context.Context, e *echo.Echo, r *echo.Group, cfg *Server
 	}
 
 	// Actual login endpoint
-	r.POST(loginEndpoint, login(ctx, domain, storage, userUsecase))
+	r.POST(loginEndpoint, login(ctx, domain, uidomain, storage, userUsecase))
 
 	r.GET(logoutEndpoint, logout())
 
@@ -188,31 +190,31 @@ type loginForm struct {
 	AuthRequestID string `json:"id" form:"id"`
 }
 
-func login(ctx context.Context, url *url.URL, storage op.Storage, userUsecase interfaces.User) func(ctx echo.Context) error {
+func login(ctx context.Context, url, uiurl *url.URL, storage op.Storage, userUsecase interfaces.User) func(ctx echo.Context) error {
 	return func(ec echo.Context) error {
 		request := new(loginForm)
 		err := ec.Bind(request)
 		if err != nil {
 			log.Errorln("auth: filed to parse login request")
 			return ec.Redirect(
 				http.StatusFound,
-				redirectURL(url, "/login", "", "Bad request!"),
+				redirectURL(uiurl, "/login", "", "Bad request!"),
 			)
 		}
 
 		if _, err := storage.AuthRequestByID(ctx, request.AuthRequestID); err != nil {
 			log.Errorf("auth: filed to parse login request: %s\n", err)
 			return ec.Redirect(
 				http.StatusFound,
-				redirectURL(url, "/login", "", "Bad request!"),
+				redirectURL(uiurl, "/login", "", "Bad request!"),
 			)
 		}
 
 		if len(request.Email) == 0 || len(request.Password) == 0 {
 			log.Errorln("auth: one of credentials are not provided")
 			return ec.Redirect(
 				http.StatusFound,
-				redirectURL(url, "/login", request.AuthRequestID, "Bad request!"),
+				redirectURL(uiurl, "/login", request.AuthRequestID, "Bad request!"),
 			)
 		}
 
@@ -232,7 +234,7 @@ func login(ctx context.Context, url *url.URL, storage op.Storage, userUsecase in
 			log.Errorf("auth: wrong credentials: %s\n", err)
 			return ec.Redirect(
 				http.StatusFound,
-				redirectURL(url, "/login", request.AuthRequestID, "Login failed; Invalid user ID or password."),
+				redirectURL(uiurl, "/login", request.AuthRequestID, "Login failed; Invalid user ID or password."),
 			)
 		}
 
@@ -242,7 +244,7 @@ func login(ctx context.Context, url *url.URL, storage op.Storage, userUsecase in
 			log.Errorf("auth: failed to complete the auth request: %s\n", err)
 			return ec.Redirect(
 				http.StatusFound,
-				redirectURL(url, "/login", request.AuthRequestID, "Bad request!"),
+				redirectURL(uiurl, "/login", request.AuthRequestID, "Bad request!"),
 			)
 		}
 
@@ -262,10 +264,9 @@ func logout() func(ec echo.Context) error {
 
 func redirectURL(u *url.URL, p string, requestID, err string) string {
 	v := cloneURL(u)
-	if p == "" {
-		p = "/login"
+	if p != "" {
+		v.Path = p
 	}
-	v.Path = p
 	queryValues := u.Query()
 	queryValues.Set("id", requestID)
 	if err != "" {

diff --git a/internal/app/config.go b/internal/app/config.go
@@ -60,6 +60,7 @@ type AuthSrvConfig struct {
 	Dev      bool
 	Disabled bool
 	Domain   string
+	UIDomain string
 	Key      string
 	DN       *AuthSrvDNConfig
 }
@@ -75,7 +76,7 @@ func (c AuthSrvConfig) AuthConfig(debug bool, host string) *AuthConfig {
 	}
 
 	var aud []string
-	if debug && host != "" && c.Domain != "" {
+	if debug && host != "" && c.Domain != "" && c.Domain != host {
 		aud = []string{host, c.Domain}
 	} else {
 		aud = []string{domain}
@@ -146,7 +147,7 @@ func ReadConfig(debug bool) (*Config, error) {
 		}
 	}
 
-	// defailt values
+	// default values
 	if debug {
 		c.Dev = true
 	}
@@ -164,6 +165,11 @@ func ReadConfig(debug bool) (*Config, error) {
 	if c.Host_Web == "" {
 		c.Host_Web = c.Host
 	}
+	if c.AuthSrv.UIDomain == "" {
+		c.AuthSrv.UIDomain = c.Host_Web
+	} else {
+		c.AuthSrv.UIDomain = addHTTPScheme(c.AuthSrv.UIDomain)
+	}
 
 	return &c, err
 }
@@ -278,6 +284,14 @@ func (c Config) AuthServeDomainURL() *url.URL {
 	return u
 }
 
+func (c Config) AuthServeUIDomainURL() *url.URL {
+	u, err := url.Parse(c.AuthSrv.UIDomain)
+	if err != nil {
+		u = nil
+	}
+	return u
+}
+
 func addHTTPScheme(host string) string {
 	if host == "" {
 		return ""