mirror of
https://github.com/gmemstr/sliproad.git
synced 2024-09-20 00:21:15 +01:00
c559f28ebb
Implemented a rudementary authentication method using Keycloak as the IdP - still very barebones, but login does function. Next steps will include a Docker Compose file (most likely) for managing this integration. The application will work fine without setting up the integration however, and will just throw a warning message. Setup should be relatively self explanatory, but some documentation is TBD, along with some automation when spinning up for the first time. Still not super happy with the implementation.
54 lines
1.3 KiB
Go
54 lines
1.3 KiB
Go
package router
|
|
|
|
import (
|
|
"fmt"
|
|
"github.com/gmemstr/nas/authentication"
|
|
"io/ioutil"
|
|
"net/http"
|
|
)
|
|
|
|
var AuthEnabled bool = true
|
|
|
|
func requiresAuth() Handler {
|
|
return func(context *Context, w http.ResponseWriter, r *http.Request) *HTTPError {
|
|
if !AuthEnabled {
|
|
return nil
|
|
}
|
|
cookie, err := r.Cookie("NAS-SESSION")
|
|
if err != nil || !authentication.HasAuth(cookie.Value) {
|
|
if err != nil {
|
|
fmt.Println("Error", err.Error())
|
|
}
|
|
http.Redirect(w, r, authentication.GetLoginLink(), 307)
|
|
return &HTTPError{
|
|
Message: "Unauthorized! Redirecting to /login",
|
|
StatusCode: http.StatusTemporaryRedirect,
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
}
|
|
|
|
func callbackAuth() Handler {
|
|
return func(context *Context, w http.ResponseWriter, r *http.Request) *HTTPError {
|
|
// Translate callback GET to POST to set cookie, then redirect.
|
|
if r.Method == "GET" {
|
|
javascript := `
|
|
<script>fetch("/api/auth/callback", {method:"POST", body: window.location.hash.split("&")[1].split("=")[1]}).then((r) => window.location.href = "/")</script>`
|
|
w.Write([]byte(javascript))
|
|
return nil
|
|
}
|
|
token, _ := ioutil.ReadAll(r.Body)
|
|
|
|
// Set as HttpOnly cookie to mitigate XSS risk.
|
|
jwtCookie := http.Cookie{Name: "NAS-SESSION",
|
|
Value: string(token),
|
|
HttpOnly: true,
|
|
Path: "/",
|
|
}
|
|
|
|
http.SetCookie(w, &jwtCookie)
|
|
|
|
return nil
|
|
}
|
|
} |