/
callback.go
140 lines (116 loc) · 4.13 KB
/
callback.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
/*
ZAU Single Sign-On
Copyright (C) 2021 Daniel A. Hawton <daniel@hawton.org>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published
by the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
package v1
import (
"bytes"
"encoding/json"
"fmt"
"io/ioutil"
"net/http"
"os"
"time"
"github.com/dhawton/log4g"
"github.com/gin-gonic/gin"
"github.com/lestrrat-go/jwx/jwa"
"github.com/lestrrat-go/jwx/jwk"
"github.com/lestrrat-go/jwx/jwt"
gonanoid "github.com/matoous/go-nanoid/v2"
"github.com/vzau/sso/database/models"
dbTypes "github.com/vzau/types/database"
)
type Result struct {
cid int
err error
}
type UserResponse struct {
CID int `json:"cid"`
}
func GetCallback(c *gin.Context) {
if _, cancel := c.GetQuery("cancel"); cancel {
handleError(c, "Authentication cancelled.")
return
}
token, exists := c.GetQuery("token")
if !exists || len(token) < 1 {
handleError(c, "Invalid response received from Authenticator or Authentication cancelled.")
return
}
cookie, err := c.Cookie("sso_token")
if err != nil {
log4g.Category("controllers/callback").Error("Could not parse sso_token cookie, expired? " + err.Error())
handleError(c, "Could not parse session cookie. Is it expired?")
return
}
login := dbTypes.OAuthLogin{}
if err = models.DB.Where("token = ? AND created_at < ?", cookie, time.Now().Add(time.Minute*5)).First(&login).Error; err != nil {
log4g.Category("controllers/callback").Error("Token used that isn't in db, duplicate request? " + cookie)
handleError(c, "Token is invalid.")
return
}
if login.UserAgent != c.Request.UserAgent() {
handleError(c, "Token is not valid.")
go models.DB.Delete(login)
return
}
result := make(chan Result)
go func() {
log4g.Category("controllers/callback").Info("Token: %s", token)
key, _ := jwk.ParseKey([]byte(os.Getenv("ULS_JWK")))
_, err := jwt.Parse([]byte(token), jwt.WithVerify(jwa.SignatureAlgorithm(key.Algorithm()), key), jwt.WithValidate(true), jwt.WithAcceptableSkew(time.Second*15))
if err != nil {
log4g.Category("controllers/callback").Error("Error getting token information from VATUSA: " + err.Error())
result <- Result{cid: 0, err: err}
return
}
userdata := UserResponse{}
req, err := http.NewRequest("GET", fmt.Sprintf("https://login.vatusa.net/uls/v2/info?token=%s", token), bytes.NewBuffer(nil))
req.Header.Add("Accept", "application/json")
client := &http.Client{}
client.CheckRedirect = func(req *http.Request, via []*http.Request) error {
for key, val := range via[0].Header {
req.Header[key] = val
}
return err
}
resp, err := client.Do(req)
if err != nil {
log4g.Category("controllers/callback").Error("Error getting user information from VATUSA: " + err.Error())
result <- Result{cid: 0, err: err}
return
}
defer resp.Body.Close()
data, _ := ioutil.ReadAll(resp.Body)
if err = json.Unmarshal(data, &userdata); err != nil {
log4g.Category("controllers/callback").Error("Error unmarshalling user data from VATUSA: " + string(data) + "--" + err.Error())
result <- Result{cid: 0, err: err}
return
}
result <- Result{cid: userdata.CID, err: err}
}()
userResult := <-result
if userResult.err != nil {
handleError(c, "Internal Error while getting user data from VATUSA Connect")
return
}
user := &dbTypes.User{}
if err = models.DB.First(&user, userResult.cid).Error; err != nil {
handleError(c, "You are not part of our roster, so you are unable to login.")
return
}
login.CID = user.CID
login.Code, _ = gonanoid.New(32)
models.DB.Save(&login)
c.Redirect(302, fmt.Sprintf("%s?code=%s&state=%s", login.RedirectURI, login.Code, login.State))
}