fix: update store method till handlers
This commit is contained in:
Lakhan Samani
@@ -8,7 +8,7 @@ import (
|
||||
log "github.com/sirupsen/logrus"
|
||||
|
||||
"github.com/authorizerdev/authorizer/server/constants"
|
||||
"github.com/authorizerdev/authorizer/server/envstore"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
"github.com/authorizerdev/authorizer/server/utils"
|
||||
)
|
||||
|
||||
@@ -23,7 +23,7 @@ type State struct {
|
||||
func AppHandler() gin.HandlerFunc {
|
||||
return func(c *gin.Context) {
|
||||
hostname := utils.GetHost(c)
|
||||
if envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableLoginPage) {
|
||||
if isLoginPageDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableLoginPage); err != nil || isLoginPageDisabled {
|
||||
log.Debug("Login page is disabled")
|
||||
c.JSON(400, gin.H{"error": "login page is not enabled"})
|
||||
return
|
||||
@@ -58,14 +58,27 @@ func AppHandler() gin.HandlerFunc {
|
||||
log.Debug("Failed to push file path: ", err)
|
||||
}
|
||||
}
|
||||
|
||||
orgName, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyOrganizationName)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get organization name")
|
||||
c.JSON(400, gin.H{"error": "failed to get organization name"})
|
||||
return
|
||||
}
|
||||
orgLogo, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyOrganizationLogo)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get organization logo")
|
||||
c.JSON(400, gin.H{"error": "failed to get organization logo"})
|
||||
return
|
||||
}
|
||||
c.HTML(http.StatusOK, "app.tmpl", gin.H{
|
||||
"data": map[string]interface{}{
|
||||
"authorizerURL": hostname,
|
||||
"redirectURL": redirect_uri,
|
||||
"scope": scope,
|
||||
"state": state,
|
||||
"organizationName": envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyOrganizationName),
|
||||
"organizationLogo": envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyOrganizationLogo),
|
||||
"organizationName": orgName,
|
||||
"organizationLogo": orgLogo,
|
||||
},
|
||||
})
|
||||
}
|
||||
|
||||
@@ -13,7 +13,6 @@ import (
|
||||
"github.com/authorizerdev/authorizer/server/constants"
|
||||
"github.com/authorizerdev/authorizer/server/cookie"
|
||||
"github.com/authorizerdev/authorizer/server/db"
|
||||
"github.com/authorizerdev/authorizer/server/envstore"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
"github.com/authorizerdev/authorizer/server/token"
|
||||
)
|
||||
@@ -80,7 +79,7 @@ func AuthorizeHandler() gin.HandlerFunc {
|
||||
return
|
||||
}
|
||||
|
||||
if clientID != envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyClientID) {
|
||||
if client, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyClientID); client != clientID || err != nil {
|
||||
if isQuery {
|
||||
gc.Redirect(http.StatusFound, loginURL)
|
||||
} else {
|
||||
|
||||
@@ -4,7 +4,7 @@ import (
|
||||
"net/http"
|
||||
|
||||
"github.com/authorizerdev/authorizer/server/constants"
|
||||
"github.com/authorizerdev/authorizer/server/envstore"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
"github.com/gin-gonic/gin"
|
||||
)
|
||||
|
||||
@@ -12,8 +12,8 @@ import (
|
||||
func DashboardHandler() gin.HandlerFunc {
|
||||
return func(c *gin.Context) {
|
||||
isOnboardingCompleted := false
|
||||
|
||||
if envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret) != "" {
|
||||
adminSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret)
|
||||
if err != nil || adminSecret != "" {
|
||||
isOnboardingCompleted = true
|
||||
}
|
||||
|
||||
|
||||
@@ -7,14 +7,21 @@ import (
|
||||
log "github.com/sirupsen/logrus"
|
||||
|
||||
"github.com/authorizerdev/authorizer/server/constants"
|
||||
"github.com/authorizerdev/authorizer/server/envstore"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
)
|
||||
|
||||
func JWKsHandler() gin.HandlerFunc {
|
||||
return func(c *gin.Context) {
|
||||
var data map[string]string
|
||||
jwk := envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJWK)
|
||||
err := json.Unmarshal([]byte(jwk), &data)
|
||||
jwk, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyJWK)
|
||||
if err != nil {
|
||||
log.Debug("Error getting JWK from memorystore: ", err)
|
||||
c.JSON(500, gin.H{
|
||||
"error": err.Error(),
|
||||
})
|
||||
return
|
||||
}
|
||||
err = json.Unmarshal([]byte(jwk), &data)
|
||||
if err != nil {
|
||||
log.Debug("Failed to parse JWK: ", err)
|
||||
c.JSON(500, gin.H{
|
||||
|
||||
@@ -19,7 +19,6 @@ import (
|
||||
"github.com/authorizerdev/authorizer/server/cookie"
|
||||
"github.com/authorizerdev/authorizer/server/db"
|
||||
"github.com/authorizerdev/authorizer/server/db/models"
|
||||
"github.com/authorizerdev/authorizer/server/envstore"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
"github.com/authorizerdev/authorizer/server/oauth"
|
||||
"github.com/authorizerdev/authorizer/server/token"
|
||||
@@ -32,8 +31,8 @@ func OAuthCallbackHandler() gin.HandlerFunc {
|
||||
provider := c.Param("oauth_provider")
|
||||
state := c.Request.FormValue("state")
|
||||
|
||||
sessionState := memorystore.Provider.GetState(state)
|
||||
if sessionState == "" {
|
||||
sessionState, err := memorystore.Provider.GetState(state)
|
||||
if sessionState == "" || err != nil {
|
||||
log.Debug("Invalid oauth state: ", state)
|
||||
c.JSON(400, gin.H{"error": "invalid oauth state"})
|
||||
}
|
||||
@@ -52,7 +51,6 @@ func OAuthCallbackHandler() gin.HandlerFunc {
|
||||
inputRoles := strings.Split(sessionSplit[2], ",")
|
||||
scopes := strings.Split(sessionSplit[3], ",")
|
||||
|
||||
var err error
|
||||
user := models.User{}
|
||||
code := c.Request.FormValue("code")
|
||||
switch provider {
|
||||
@@ -77,7 +75,13 @@ func OAuthCallbackHandler() gin.HandlerFunc {
|
||||
log := log.WithField("user", user.Email)
|
||||
|
||||
if err != nil {
|
||||
if envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableSignUp) {
|
||||
isSignupDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableSignUp)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get signup disabled env variable: ", err)
|
||||
c.JSON(400, gin.H{"error": err.Error()})
|
||||
return
|
||||
}
|
||||
if isSignupDisabled {
|
||||
log.Debug("Failed to signup as disabled")
|
||||
c.JSON(400, gin.H{"error": "signup is disabled for this instance"})
|
||||
return
|
||||
@@ -87,7 +91,12 @@ func OAuthCallbackHandler() gin.HandlerFunc {
|
||||
// make sure inputRoles don't include protected roles
|
||||
hasProtectedRole := false
|
||||
for _, ir := range inputRoles {
|
||||
if utils.StringSliceContains(envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyProtectedRoles), ir) {
|
||||
protectedRoles, err := memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyProtectedRoles)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get protected roles: ", err)
|
||||
protectedRoles = []string{}
|
||||
}
|
||||
if utils.StringSliceContains(protectedRoles, ir) {
|
||||
hasProtectedRole = true
|
||||
}
|
||||
}
|
||||
@@ -140,7 +149,12 @@ func OAuthCallbackHandler() gin.HandlerFunc {
|
||||
// check if it contains protected unassigned role
|
||||
hasProtectedRole := false
|
||||
for _, ur := range unasignedRoles {
|
||||
if utils.StringSliceContains(envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyProtectedRoles), ur) {
|
||||
protectedRoles, err := memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyProtectedRoles)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get protected roles: ", err)
|
||||
protectedRoles = []string{}
|
||||
}
|
||||
if utils.StringSliceContains(protectedRoles, ur) {
|
||||
hasProtectedRole = true
|
||||
}
|
||||
}
|
||||
|
||||
@@ -8,7 +8,6 @@ import (
|
||||
log "github.com/sirupsen/logrus"
|
||||
|
||||
"github.com/authorizerdev/authorizer/server/constants"
|
||||
"github.com/authorizerdev/authorizer/server/envstore"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
"github.com/authorizerdev/authorizer/server/oauth"
|
||||
"github.com/authorizerdev/authorizer/server/utils"
|
||||
@@ -56,7 +55,16 @@ func OAuthLoginHandler() gin.HandlerFunc {
|
||||
|
||||
// use protected roles verification for admin login only.
|
||||
// though if not associated with user, it will be rejected from oauth_callback
|
||||
if !utils.IsValidRoles(rolesSplit, append([]string{}, append(envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyRoles), envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyProtectedRoles)...)...)) {
|
||||
roles, err := memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyRoles)
|
||||
if err != nil {
|
||||
log.Debug("Error getting roles: ", err)
|
||||
}
|
||||
protectedRoles, err := memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyProtectedRoles)
|
||||
if err != nil {
|
||||
log.Debug("Error getting protected roles: ", err)
|
||||
}
|
||||
|
||||
if !utils.IsValidRoles(rolesSplit, append([]string{}, append(roles, protectedRoles...)...)) {
|
||||
log.Debug("Invalid roles: ", roles)
|
||||
c.JSON(400, gin.H{
|
||||
"error": "invalid role",
|
||||
@@ -64,7 +72,16 @@ func OAuthLoginHandler() gin.HandlerFunc {
|
||||
return
|
||||
}
|
||||
} else {
|
||||
roles = strings.Join(envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyDefaultRoles), ",")
|
||||
defaultRoles, err := memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyDefaultRoles)
|
||||
if err != nil {
|
||||
log.Debug("Error getting default roles: ", err)
|
||||
c.JSON(400, gin.H{
|
||||
"error": "invalid role",
|
||||
})
|
||||
return
|
||||
}
|
||||
roles = strings.Join(defaultRoles, ",")
|
||||
|
||||
}
|
||||
|
||||
oauthStateString := state + "___" + redirectURI + "___" + roles + "___" + strings.Join(scope, ",")
|
||||
@@ -78,7 +95,14 @@ func OAuthLoginHandler() gin.HandlerFunc {
|
||||
isProviderConfigured = false
|
||||
break
|
||||
}
|
||||
memorystore.Provider.SetState(oauthStateString, constants.SignupMethodGoogle)
|
||||
err := memorystore.Provider.SetState(oauthStateString, constants.SignupMethodGoogle)
|
||||
if err != nil {
|
||||
log.Debug("Error setting state: ", err)
|
||||
c.JSON(500, gin.H{
|
||||
"error": "internal server error",
|
||||
})
|
||||
return
|
||||
}
|
||||
// during the init of OAuthProvider authorizer url might be empty
|
||||
oauth.OAuthProviders.GoogleConfig.RedirectURL = hostname + "/oauth_callback/google"
|
||||
url := oauth.OAuthProviders.GoogleConfig.AuthCodeURL(oauthStateString)
|
||||
@@ -89,7 +113,14 @@ func OAuthLoginHandler() gin.HandlerFunc {
|
||||
isProviderConfigured = false
|
||||
break
|
||||
}
|
||||
memorystore.Provider.SetState(oauthStateString, constants.SignupMethodGithub)
|
||||
err := memorystore.Provider.SetState(oauthStateString, constants.SignupMethodGithub)
|
||||
if err != nil {
|
||||
log.Debug("Error setting state: ", err)
|
||||
c.JSON(500, gin.H{
|
||||
"error": "internal server error",
|
||||
})
|
||||
return
|
||||
}
|
||||
oauth.OAuthProviders.GithubConfig.RedirectURL = hostname + "/oauth_callback/github"
|
||||
url := oauth.OAuthProviders.GithubConfig.AuthCodeURL(oauthStateString)
|
||||
c.Redirect(http.StatusTemporaryRedirect, url)
|
||||
@@ -99,7 +130,14 @@ func OAuthLoginHandler() gin.HandlerFunc {
|
||||
isProviderConfigured = false
|
||||
break
|
||||
}
|
||||
memorystore.Provider.SetState(oauthStateString, constants.SignupMethodFacebook)
|
||||
err := memorystore.Provider.SetState(oauthStateString, constants.SignupMethodFacebook)
|
||||
if err != nil {
|
||||
log.Debug("Error setting state: ", err)
|
||||
c.JSON(500, gin.H{
|
||||
"error": "internal server error",
|
||||
})
|
||||
return
|
||||
}
|
||||
oauth.OAuthProviders.FacebookConfig.RedirectURL = hostname + "/oauth_callback/facebook"
|
||||
url := oauth.OAuthProviders.FacebookConfig.AuthCodeURL(oauthStateString)
|
||||
c.Redirect(http.StatusTemporaryRedirect, url)
|
||||
|
||||
@@ -4,7 +4,7 @@ import (
|
||||
"github.com/gin-gonic/gin"
|
||||
|
||||
"github.com/authorizerdev/authorizer/server/constants"
|
||||
"github.com/authorizerdev/authorizer/server/envstore"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
"github.com/authorizerdev/authorizer/server/utils"
|
||||
)
|
||||
|
||||
@@ -12,7 +12,7 @@ import (
|
||||
func OpenIDConfigurationHandler() gin.HandlerFunc {
|
||||
return func(c *gin.Context) {
|
||||
issuer := utils.GetHost(c)
|
||||
jwtType := envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJwtType)
|
||||
jwtType, _ := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyJwtType)
|
||||
|
||||
c.JSON(200, gin.H{
|
||||
"issuer": issuer,
|
||||
|
||||
@@ -8,7 +8,6 @@ import (
|
||||
log "github.com/sirupsen/logrus"
|
||||
|
||||
"github.com/authorizerdev/authorizer/server/constants"
|
||||
"github.com/authorizerdev/authorizer/server/envstore"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
)
|
||||
|
||||
@@ -37,7 +36,7 @@ func RevokeHandler() gin.HandlerFunc {
|
||||
return
|
||||
}
|
||||
|
||||
if clientID != envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyClientID) {
|
||||
if client, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyClientID); client != clientID || err != nil {
|
||||
log.Debug("Client ID is invalid: ", clientID)
|
||||
gc.JSON(http.StatusBadRequest, gin.H{
|
||||
"error": "invalid_client_id",
|
||||
|
||||
@@ -13,7 +13,6 @@ import (
|
||||
"github.com/authorizerdev/authorizer/server/constants"
|
||||
"github.com/authorizerdev/authorizer/server/cookie"
|
||||
"github.com/authorizerdev/authorizer/server/db"
|
||||
"github.com/authorizerdev/authorizer/server/envstore"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
"github.com/authorizerdev/authorizer/server/token"
|
||||
)
|
||||
@@ -62,7 +61,7 @@ func TokenHandler() gin.HandlerFunc {
|
||||
return
|
||||
}
|
||||
|
||||
if clientID != envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyClientID) {
|
||||
if client, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyClientID); clientID != client || err != nil {
|
||||
log.Debug("Client ID is invalid: ", clientID)
|
||||
gc.JSON(http.StatusBadRequest, gin.H{
|
||||
"error": "invalid_client_id",
|
||||
@@ -98,8 +97,8 @@ func TokenHandler() gin.HandlerFunc {
|
||||
encryptedCode := strings.ReplaceAll(base64.URLEncoding.EncodeToString(hash.Sum(nil)), "+", "-")
|
||||
encryptedCode = strings.ReplaceAll(encryptedCode, "/", "_")
|
||||
encryptedCode = strings.ReplaceAll(encryptedCode, "=", "")
|
||||
sessionData := memorystore.Provider.GetState(encryptedCode)
|
||||
if sessionData == "" {
|
||||
sessionData, err := memorystore.Provider.GetState(encryptedCode)
|
||||
if sessionData == "" || err != nil {
|
||||
log.Debug("Session data is empty")
|
||||
gc.JSON(http.StatusBadRequest, gin.H{
|
||||
"error": "invalid_code_verifier",
|
||||
|
||||
Reference in New Issue
Block a user