Compare commits
12 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
221009bf0a | ||
|
|
6085c2d535 | ||
|
|
8e0c5e4380 | ||
|
|
21b70e4b26 | ||
|
|
993693884d | ||
|
|
ed849fa6f6 | ||
|
|
aec1f5df53 | ||
|
|
195bd1bc6a | ||
|
|
45b4c41bca | ||
|
|
63d486821e | ||
|
|
4b56afdc98 | ||
|
|
6455ff956a |
@@ -4,6 +4,12 @@ import { AuthorizerProvider } from '@authorizerdev/authorizer-react';
|
||||
import Root from './Root';
|
||||
import { createRandomString } from './utils/common';
|
||||
|
||||
declare global {
|
||||
interface Window {
|
||||
__authorizer__: any;
|
||||
}
|
||||
}
|
||||
|
||||
export default function App() {
|
||||
const searchParams = new URLSearchParams(window.location.search);
|
||||
const state = searchParams.get('state') || createRandomString();
|
||||
@@ -24,7 +30,6 @@ export default function App() {
|
||||
urlProps.redirectURL = window.location.origin + '/app';
|
||||
}
|
||||
const globalState: Record<string, string> = {
|
||||
// @ts-ignore
|
||||
...window['__authorizer__'],
|
||||
...urlProps,
|
||||
};
|
||||
|
||||
@@ -32,7 +32,6 @@ const JSTConfigurations = ({
|
||||
const toast = useToast();
|
||||
|
||||
const copyJSON = async () => {
|
||||
console.log(variables);
|
||||
try {
|
||||
await copyTextToClipboard(
|
||||
JSON.stringify({
|
||||
|
||||
@@ -49,6 +49,10 @@ const (
|
||||
EnvKeySenderEmail = "SENDER_EMAIL"
|
||||
// EnvKeyIsEmailServiceEnabled key for env variable IS_EMAIL_SERVICE_ENABLED
|
||||
EnvKeyIsEmailServiceEnabled = "IS_EMAIL_SERVICE_ENABLED"
|
||||
// EnvKeyAppCookieSecure key for env variable APP_COOKIE_SECURE
|
||||
EnvKeyAppCookieSecure = "APP_COOKIE_SECURE"
|
||||
// EnvKeyAdminCookieSecure key for env variable ADMIN_COOKIE_SECURE
|
||||
EnvKeyAdminCookieSecure = "ADMIN_COOKIE_SECURE"
|
||||
// EnvKeyJwtType key for env variable JWT_TYPE
|
||||
EnvKeyJwtType = "JWT_TYPE"
|
||||
// EnvKeyJwtSecret key for env variable JWT_SECRET
|
||||
|
||||
@@ -9,7 +9,7 @@ const (
|
||||
// Ref: https://docs.github.com/en/developers/apps/building-github-apps/identifying-and-authorizing-users-for-github-apps#3-your-github-app-accesses-the-api-with-the-users-access-token
|
||||
GithubUserInfoURL = "https://api.github.com/user"
|
||||
// Get github user emails when user info email is empty Ref: https://stackoverflow.com/a/35387123
|
||||
GithubUserEmails = "https://api/github.com/user/emails"
|
||||
GithubUserEmails = "https://api.github.com/user/emails"
|
||||
|
||||
// Ref: https://docs.microsoft.com/en-us/linkedin/shared/integrations/people/profile-api
|
||||
LinkedInUserInfoURL = "https://api.linkedin.com/v2/me?projection=(id,localizedFirstName,localizedLastName,emailAddress,profilePicture(displayImage~:playableStreams))"
|
||||
|
||||
@@ -3,15 +3,24 @@ package cookie
|
||||
import (
|
||||
"net/url"
|
||||
|
||||
log "github.com/sirupsen/logrus"
|
||||
|
||||
"github.com/authorizerdev/authorizer/server/constants"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
"github.com/authorizerdev/authorizer/server/parsers"
|
||||
"github.com/gin-gonic/gin"
|
||||
)
|
||||
|
||||
// SetAdminCookie sets the admin cookie in the response
|
||||
func SetAdminCookie(gc *gin.Context, token string) {
|
||||
secure := true
|
||||
httpOnly := true
|
||||
adminCookieSecure, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyAdminCookieSecure)
|
||||
if err != nil {
|
||||
log.Debug("Error while getting admin cookie secure from env variable: %v", err)
|
||||
adminCookieSecure = true
|
||||
}
|
||||
|
||||
secure := adminCookieSecure
|
||||
httpOnly := adminCookieSecure
|
||||
hostname := parsers.GetHost(gc)
|
||||
host, _ := parsers.GetHostParts(hostname)
|
||||
gc.SetCookie(constants.AdminCookieName, token, 3600, "/", host, secure, httpOnly)
|
||||
@@ -35,8 +44,14 @@ func GetAdminCookie(gc *gin.Context) (string, error) {
|
||||
|
||||
// DeleteAdminCookie sets the response cookie to empty
|
||||
func DeleteAdminCookie(gc *gin.Context) {
|
||||
secure := true
|
||||
httpOnly := true
|
||||
adminCookieSecure, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyAdminCookieSecure)
|
||||
if err != nil {
|
||||
log.Debug("Error while getting admin cookie secure from env variable: %v", err)
|
||||
adminCookieSecure = true
|
||||
}
|
||||
|
||||
secure := adminCookieSecure
|
||||
httpOnly := adminCookieSecure
|
||||
hostname := parsers.GetHost(gc)
|
||||
host, _ := parsers.GetHostParts(hostname)
|
||||
gc.SetCookie(constants.AdminCookieName, "", -1, "/", host, secure, httpOnly)
|
||||
|
||||
@@ -4,15 +4,24 @@ import (
|
||||
"net/http"
|
||||
"net/url"
|
||||
|
||||
log "github.com/sirupsen/logrus"
|
||||
|
||||
"github.com/authorizerdev/authorizer/server/constants"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
"github.com/authorizerdev/authorizer/server/parsers"
|
||||
"github.com/gin-gonic/gin"
|
||||
)
|
||||
|
||||
// SetSession sets the session cookie in the response
|
||||
func SetSession(gc *gin.Context, sessionID string) {
|
||||
secure := true
|
||||
httpOnly := true
|
||||
appCookieSecure, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyAppCookieSecure)
|
||||
if err != nil {
|
||||
log.Debug("Error while getting app cookie secure from env variable: %v", err)
|
||||
appCookieSecure = true
|
||||
}
|
||||
|
||||
secure := appCookieSecure
|
||||
httpOnly := appCookieSecure
|
||||
hostname := parsers.GetHost(gc)
|
||||
host, _ := parsers.GetHostParts(hostname)
|
||||
domain := parsers.GetDomainName(hostname)
|
||||
@@ -30,8 +39,14 @@ func SetSession(gc *gin.Context, sessionID string) {
|
||||
|
||||
// DeleteSession sets session cookies to expire
|
||||
func DeleteSession(gc *gin.Context) {
|
||||
secure := true
|
||||
httpOnly := true
|
||||
appCookieSecure, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyAppCookieSecure)
|
||||
if err != nil {
|
||||
log.Debug("Error while getting app cookie secure from env variable: %v", err)
|
||||
appCookieSecure = true
|
||||
}
|
||||
|
||||
secure := appCookieSecure
|
||||
httpOnly := appCookieSecure
|
||||
hostname := parsers.GetHost(gc)
|
||||
host, _ := parsers.GetHostParts(hostname)
|
||||
domain := parsers.GetDomainName(hostname)
|
||||
|
||||
36
server/env/env.go
vendored
36
server/env/env.go
vendored
@@ -79,6 +79,8 @@ func InitAllEnv() error {
|
||||
osOrganizationLogo := os.Getenv(constants.EnvKeyOrganizationLogo)
|
||||
|
||||
// os bool vars
|
||||
osAppCookieSecure := os.Getenv(constants.EnvKeyAppCookieSecure)
|
||||
osAdminCookieSecure := os.Getenv(constants.EnvKeyAdminCookieSecure)
|
||||
osDisableBasicAuthentication := os.Getenv(constants.EnvKeyDisableBasicAuthentication)
|
||||
osDisableEmailVerification := os.Getenv(constants.EnvKeyDisableEmailVerification)
|
||||
osDisableMagicLinkLogin := os.Getenv(constants.EnvKeyDisableMagicLinkLogin)
|
||||
@@ -417,6 +419,40 @@ func InitAllEnv() error {
|
||||
envData[constants.EnvKeyOrganizationLogo] = osOrganizationLogo
|
||||
}
|
||||
|
||||
if _, ok := envData[constants.EnvKeyAppCookieSecure]; !ok {
|
||||
if osAppCookieSecure == "" {
|
||||
envData[constants.EnvKeyAppCookieSecure] = true
|
||||
} else {
|
||||
envData[constants.EnvKeyAppCookieSecure] = osAppCookieSecure == "true"
|
||||
}
|
||||
}
|
||||
if osAppCookieSecure != "" {
|
||||
boolValue, err := strconv.ParseBool(osAppCookieSecure)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if boolValue != envData[constants.EnvKeyAppCookieSecure].(bool) {
|
||||
envData[constants.EnvKeyAppCookieSecure] = boolValue
|
||||
}
|
||||
}
|
||||
|
||||
if _, ok := envData[constants.EnvKeyAdminCookieSecure]; !ok {
|
||||
if osAdminCookieSecure == "" {
|
||||
envData[constants.EnvKeyAdminCookieSecure] = true
|
||||
} else {
|
||||
envData[constants.EnvKeyAdminCookieSecure] = osAdminCookieSecure == "true"
|
||||
}
|
||||
}
|
||||
if osAdminCookieSecure != "" {
|
||||
boolValue, err := strconv.ParseBool(osAdminCookieSecure)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if boolValue != envData[constants.EnvKeyAdminCookieSecure].(bool) {
|
||||
envData[constants.EnvKeyAdminCookieSecure] = boolValue
|
||||
}
|
||||
}
|
||||
|
||||
if _, ok := envData[constants.EnvKeyDisableBasicAuthentication]; !ok {
|
||||
envData[constants.EnvKeyDisableBasicAuthentication] = osDisableBasicAuthentication == "true"
|
||||
}
|
||||
|
||||
@@ -287,9 +287,9 @@ func processGithubUserInfo(code string) (models.User, error) {
|
||||
log.Debug("Failed to create github user info request: ", err)
|
||||
return user, fmt.Errorf("error creating github user info request: %s", err.Error())
|
||||
}
|
||||
req.Header = http.Header{
|
||||
"Authorization": []string{fmt.Sprintf("token %s", oauth2Token.AccessToken)},
|
||||
}
|
||||
req.Header.Set(
|
||||
"Authorization", fmt.Sprintf("token %s", oauth2Token.AccessToken),
|
||||
)
|
||||
|
||||
response, err := client.Do(req)
|
||||
if err != nil {
|
||||
@@ -331,14 +331,14 @@ func processGithubUserInfo(code string) (models.User, error) {
|
||||
}
|
||||
|
||||
// fetch using /users/email endpoint
|
||||
req, err := http.NewRequest("GET", constants.GithubUserEmails, nil)
|
||||
req, err := http.NewRequest(http.MethodGet, constants.GithubUserEmails, nil)
|
||||
if err != nil {
|
||||
log.Debug("Failed to create github emails request: ", err)
|
||||
return user, fmt.Errorf("error creating github user info request: %s", err.Error())
|
||||
}
|
||||
req.Header = http.Header{
|
||||
"Authorization": []string{fmt.Sprintf("token %s", oauth2Token.AccessToken)},
|
||||
}
|
||||
req.Header.Set(
|
||||
"Authorization", fmt.Sprintf("token %s", oauth2Token.AccessToken),
|
||||
)
|
||||
|
||||
response, err := client.Do(req)
|
||||
if err != nil {
|
||||
|
||||
@@ -75,6 +75,7 @@ func InitOAuth() error {
|
||||
ClientSecret: githubClientSecret,
|
||||
RedirectURL: "/oauth_callback/github",
|
||||
Endpoint: githubOAuth2.Endpoint,
|
||||
Scopes: []string{"read:user", "user:email"},
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user