max/gonotes
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: max:a750f646a92ede5035c4c5b63fee9cc1b7744b7b
Branches Tags
max:main
max:0.11.2
max:0.11.1
max:0.11.0
max:0.10.0
max:0.9.16
max:0.9.15
max:0.9.12
max:0.9.11
max:0.9.10
max:0.9.9
max:0.9.8
max:0.9.7
max:0.9.6
max:0.9.5
max:0.9.4
max:0.9.3
max:0.9.2
max:0.9.1
max:0.9.0
max:0.1.6
max:0.1.5
max:0.1.4
max:0.1.3
max:v0.1.3
max:v0.1.2
max:0.1.1
max:0.1
max:0.9.14
...
compare: max:a1c5827641f4c679b82d0541f729f86b657332d5
Branches Tags
max:main
max:0.11.2
max:0.11.1
max:0.11.0
max:0.10.0
max:0.9.16
max:0.9.15
max:0.9.12
max:0.9.11
max:0.9.10
max:0.9.9
max:0.9.8
max:0.9.7
max:0.9.6
max:0.9.5
max:0.9.4
max:0.9.3
max:0.9.2
max:0.9.1
max:0.9.0
max:0.1.6
max:0.1.5
max:0.1.4
max:0.1.3
max:v0.1.3
max:v0.1.2
max:0.1.1
max:0.1
max:0.9.14

3 commits
a750f646a9 ... a1c5827641

Author SHA1 Message Date
Maximilian Friedersdorff
a1c5827641 Refactor forgejo user interaction 2025-12-10 20:56:17 +00:00
Maximilian Friedersdorff
a01f6dec23 Comment some session functions 2025-12-10 20:45:33 +00:00
Maximilian Friedersdorff
d30327817e Refactor oauth login 2025-12-10 20:40:41 +00:00
4 changed files with 97 additions and 102 deletions
Show stats Expand all files Collapse all files

18
cmd/server/main.go
View file

@ -8,23 +8,30 @@ import (
"os" "os"
"time" "time"
"forgejo.gwairfelin.com/max/gonotes/internal/auth"
"forgejo.gwairfelin.com/max/gonotes/internal/conf" "forgejo.gwairfelin.com/max/gonotes/internal/conf"
"forgejo.gwairfelin.com/max/gonotes/internal/middleware" "forgejo.gwairfelin.com/max/gonotes/internal/middleware"
"forgejo.gwairfelin.com/max/gonotes/internal/notes" "forgejo.gwairfelin.com/max/gonotes/internal/notes"
"forgejo.gwairfelin.com/max/gonotes/internal/notes/views" "forgejo.gwairfelin.com/max/gonotes/internal/notes/views"
"golang.org/x/oauth2"
) )
func main() { func main() {
var confFile string var confFile string
sessions := middleware.NewSessionStore()
flag.StringVar(&confFile, "c", "/etc/gonotes/conf.toml", "Specify path to config file.") flag.StringVar(&confFile, "c", "/etc/gonotes/conf.toml", "Specify path to config file.")
flag.Parse() flag.Parse()
conf.LoadConfig(confFile) conf.LoadConfig(confFile)
oauth := &oauth2.Config{
ClientID: conf.Conf.OIDC.ClientID,
ClientSecret: conf.Conf.OIDC.ClientSecret,
Endpoint: oauth2.Endpoint{AuthURL: conf.Conf.OIDC.AuthURL, TokenURL: conf.Conf.OIDC.TokenURL},
RedirectURL: conf.Conf.OIDC.RedirectURL,
}
sessions := middleware.NewSessionStore(oauth, "/auth")
err := notes.Init() err := notes.Init()
if err != nil { if err != nil {
log.Fatal(err) log.Fatal(err)
@ -34,7 +41,7 @@ func main() {
router := http.NewServeMux() router := http.NewServeMux()
notesRouter := views.GetRoutes("/notes") notesRouter := views.GetRoutes("/notes")
authRouter := auth.GetRoutes("/auth", sessions.Login) sessionRouter := sessions.Routes.GetRouter()
cacheExpiration, err := time.ParseDuration("24h") cacheExpiration, err := time.ParseDuration("24h")
if err != nil { if err != nil {
@ -43,10 +50,9 @@ func main() {
etag := middleware.NewETag("static", cacheExpiration) etag := middleware.NewETag("static", cacheExpiration)
router.Handle("/logout/", sessions.AsMiddleware(middleware.LoggingMiddleware(http.HandlerFunc(sessions.Logout))))
router.Handle("/", middleware.LoggingMiddleware(http.RedirectHandler("/notes/", http.StatusFound))) router.Handle("/", middleware.LoggingMiddleware(http.RedirectHandler("/notes/", http.StatusFound)))
router.Handle("/notes/", sessions.AsMiddleware(middleware.LoggingMiddleware(http.StripPrefix("/notes", notesRouter)))) router.Handle("/notes/", sessions.AsMiddleware(middleware.LoggingMiddleware(http.StripPrefix("/notes", notesRouter))))
router.Handle("/auth/", sessions.AsMiddleware(middleware.LoggingMiddleware(http.StripPrefix("/auth", authRouter)))) router.Handle("/auth/", sessions.AsMiddleware(middleware.LoggingMiddleware(http.StripPrefix("/auth", sessionRouter))))
router.Handle( router.Handle(
"/static/", "/static/",
middleware.LoggingMiddleware( middleware.LoggingMiddleware(

108
internal/auth/oauth.go
View file

@ -6,124 +6,43 @@ import (
"encoding/base64" "encoding/base64"
"encoding/json" "encoding/json"
"fmt" "fmt"
"log"
"net/http" "net/http"
urls "forgejo.gwairfelin.com/max/gispatcho"
"forgejo.gwairfelin.com/max/gonotes/internal/conf" "forgejo.gwairfelin.com/max/gonotes/internal/conf"
"golang.org/x/oauth2" "golang.org/x/oauth2"
) )
var myurls urls.URLs func GenerateStateOAUTHCookie(w http.ResponseWriter, prefix string) string {
var oauthConfig *oauth2.Config
var loginFunction func(user string, w http.ResponseWriter) string
type userInfo struct {
preferred_username string
}
func GetRoutes(prefix string, _loginFunction func(user string, w http.ResponseWriter) string) *http.ServeMux {
loginFunction = _loginFunction
oauthConfig = &oauth2.Config{
ClientID: conf.Conf.OIDC.ClientID,
ClientSecret: conf.Conf.OIDC.ClientSecret,
Endpoint: oauth2.Endpoint{AuthURL: conf.Conf.OIDC.AuthURL, TokenURL: conf.Conf.OIDC.TokenURL},
RedirectURL: conf.Conf.OIDC.RedirectURL,
}
myurls = urls.URLs{
Prefix: prefix,
URLs: map[string]urls.URL{
"login": {Path: "/oauth/login/", Protocol: "GET", Handler: oauthLogin},
"callback": {Path: "/oauth/callback/", Protocol: "GET", Handler: oauthCallback},
},
}
return myurls.GetRouter()
}
func oauthLogin(w http.ResponseWriter, r *http.Request) {
log.Printf("%+v", *oauthConfig)
oauthState := generateStateOAUTHCookie(w)
url := oauthConfig.AuthCodeURL(oauthState)
log.Printf("Redirecting to %s", url)
http.Redirect(w, r, url, http.StatusTemporaryRedirect)
}
func generateStateOAUTHCookie(w http.ResponseWriter) string {
b := make([]byte, 16) b := make([]byte, 16)
rand.Read(b) rand.Read(b)
state := base64.URLEncoding.EncodeToString(b) state := base64.URLEncoding.EncodeToString(b)
cookie := http.Cookie{ cookie := http.Cookie{
Name: "oauthstate", Value: state, Name: "oauthstate", Value: state,
MaxAge: 30, Secure: true, HttpOnly: true, Path: "/auth/oauth/", MaxAge: 30, Secure: true, HttpOnly: true, Path: prefix,
} }
http.SetCookie(w, &cookie) http.SetCookie(w, &cookie)
return state return state
} }
func oauthCallback(w http.ResponseWriter, r *http.Request) { func GetUserFromForgejo(code string, oauth *oauth2.Config) (string, error) {
// Read oauthState from Cookie
oauthState, err := r.Cookie("oauthstate")
if err != nil {
log.Printf("An error occured during login: %s", err)
http.Redirect(w, r, "/", http.StatusTemporaryRedirect)
return
}
log.Printf("%v", oauthState)
if r.FormValue("state") != oauthState.Value {
log.Println("invalid oauth state")
http.Redirect(w, r, "/", http.StatusTemporaryRedirect)
return
}
data, err := getUserData(r.FormValue("code"))
if err != nil {
log.Println(err.Error())
http.Redirect(w, r, "/", http.StatusTemporaryRedirect)
return
}
username, ok := data["preferred_username"]
if !ok {
log.Println("No username in auth response")
http.Redirect(w, r, "/", http.StatusTemporaryRedirect)
return
}
userStr, ok := username.(string)
if !ok {
log.Println("Username not interpretable as string")
http.Redirect(w, r, "/", http.StatusTemporaryRedirect)
return
}
loginFunction(userStr, w)
http.Redirect(w, r, "/", http.StatusTemporaryRedirect)
}
func getUserData(code string) (map[string]any, error) {
// Use code to get token and get user info from Google. // Use code to get token and get user info from Google.
token, err := oauthConfig.Exchange(context.Background(), code) token, err := oauth.Exchange(context.Background(), code)
if err != nil { if err != nil {
return nil, fmt.Errorf("code exchange wrong: %s", err.Error()) return "", fmt.Errorf("code exchange wrong: %s", err.Error())
} }
request, err := http.NewRequest("GET", conf.Conf.OIDC.UserinfoURL, nil) request, err := http.NewRequest("GET", conf.Conf.OIDC.UserinfoURL, nil)
if err != nil { if err != nil {
return nil, fmt.Errorf("failed to init http client for userinfo: %s", err.Error()) return "", fmt.Errorf("failed to init http client for userinfo: %s", err.Error())
} }
request.Header.Set("Authorization", fmt.Sprintf("token %s", token.AccessToken)) request.Header.Set("Authorization", fmt.Sprintf("token %s", token.AccessToken))
response, err := http.DefaultClient.Do(request) response, err := http.DefaultClient.Do(request)
if err != nil { if err != nil {
return nil, fmt.Errorf("failed getting user info: %s", err.Error()) return "", fmt.Errorf("failed getting user info: %s", err.Error())
} }
defer response.Body.Close() defer response.Body.Close()
@ -131,10 +50,17 @@ func getUserData(code string) (map[string]any, error) {
err = json.NewDecoder(response.Body).Decode(&uInf) err = json.NewDecoder(response.Body).Decode(&uInf)
if err != nil { if err != nil {
return nil, fmt.Errorf("failed to parse response as json: %s", err.Error()) return "", fmt.Errorf("failed to parse response as json: %s", err.Error())
} }
log.Printf("Contents of user data response %s", uInf) username, ok := uInf["preferred_username"]
if !ok {
return "", fmt.Errorf("no username in response: %s", err.Error())
}
userStr, ok := username.(string)
if !ok {
return "", fmt.Errorf("username not a string: %s", err.Error())
}
return uInf, nil return userStr, nil
} }

4
internal/conf/templates/base.tmpl.html
View file

@ -64,11 +64,11 @@
{{template "navLinks" .}} {{template "navLinks" .}}
{{if eq .user "anon"}} {{if eq .user "anon"}}
<li> <li>
<a class="nav-link" href="/auth/oauth/login/">Login</a> <a class="nav-link" href="/auth/login/">Login</a>
</li> </li>
{{else}} {{else}}
<li> <li>
<a class="nav-link" href="/logout/">Logout {{.user}}</a> <a class="nav-link" href="/auth/logout/">Logout {{.user}}</a>
</li> </li>
{{end}} {{end}}
</ul> </ul>

69
internal/middleware/session.go
View file

@ -4,7 +4,12 @@ package middleware
import ( import (
"context" "context"
"crypto/rand" "crypto/rand"
"log"
"net/http" "net/http"
urls "forgejo.gwairfelin.com/max/gispatcho"
"forgejo.gwairfelin.com/max/gonotes/internal/auth"
"golang.org/x/oauth2"
) )
type Session struct { type Session struct {
@ -13,14 +18,29 @@ type Session struct {
type SessionStore struct { type SessionStore struct {
sessions map[string]Session sessions map[string]Session
oauth *oauth2.Config
Routes urls.URLs
} }
type ContextKey string type ContextKey string
func NewSessionStore() SessionStore { func NewSessionStore(oauth *oauth2.Config, prefix string) SessionStore {
return SessionStore{sessions: make(map[string]Session, 10)} store := SessionStore{
sessions: make(map[string]Session, 10),
oauth: oauth,
}
store.Routes = urls.URLs{
Prefix: prefix,
URLs: map[string]urls.URL{
"login": {Path: "/login/", Protocol: "GET", Handler: store.LoginViewOAUTH},
"callback": {Path: "/callback/", Protocol: "GET", Handler: store.CallbackViewOAUTH},
"logout": {Path: "/logout/", Protocol: "GET", Handler: store.LogoutView},
},
}
return store
} }
// Log a user in
func (s *SessionStore) Login(user string, w http.ResponseWriter) string { func (s *SessionStore) Login(user string, w http.ResponseWriter) string {
sessionID := rand.Text() sessionID := rand.Text()
s.sessions[sessionID] = Session{User: user} s.sessions[sessionID] = Session{User: user}
@ -34,7 +54,8 @@ func (s *SessionStore) Login(user string, w http.ResponseWriter) string {
return sessionID return sessionID
} }
func (s *SessionStore) Logout(w http.ResponseWriter, r *http.Request) { // View to logout a user
func (s *SessionStore) LogoutView(w http.ResponseWriter, r *http.Request) {
session := r.Context().Value(ContextKey("session")).(string) session := r.Context().Value(ContextKey("session")).(string)
delete(s.sessions, session) delete(s.sessions, session)
@ -47,6 +68,48 @@ func (s *SessionStore) Logout(w http.ResponseWriter, r *http.Request) {
http.Redirect(w, r, "/", http.StatusTemporaryRedirect) http.Redirect(w, r, "/", http.StatusTemporaryRedirect)
} }
// View to log in a user via oauth
func (s *SessionStore) LoginViewOAUTH(w http.ResponseWriter, r *http.Request) {
log.Printf("%+v", *s.oauth)
oauthState := auth.GenerateStateOAUTHCookie(w, s.Routes.Prefix)
url := s.oauth.AuthCodeURL(oauthState)
log.Printf("Redirecting to %s", url)
http.Redirect(w, r, url, http.StatusTemporaryRedirect)
}
// Oauth callback view
func (s *SessionStore) CallbackViewOAUTH(w http.ResponseWriter, r *http.Request) {
// Read oauthState from Cookie
oauthState, err := r.Cookie("oauthstate")
if err != nil {
log.Printf("An error occured during login: %s", err)
http.Redirect(w, r, "/", http.StatusTemporaryRedirect)
return
}
log.Printf("%v", oauthState)
if r.FormValue("state") != oauthState.Value {
log.Println("invalid oauth state")
http.Redirect(w, r, "/", http.StatusTemporaryRedirect)
return
}
username, err := auth.GetUserFromForgejo(r.FormValue("code"), s.oauth)
if err != nil {
log.Println(err.Error())
http.Redirect(w, r, "/", http.StatusTemporaryRedirect)
return
}
s.Login(username, w)
http.Redirect(w, r, "/", http.StatusTemporaryRedirect)
}
// Turn the session store into a middleware.
// Sets the user on the context based on the available session cookie
func (s *SessionStore) AsMiddleware(next http.Handler) http.Handler { func (s *SessionStore) AsMiddleware(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
sessionCookie, err := r.Cookie("id") sessionCookie, err := r.Cookie("id")