auth

2025-04-01 10:16:26 +02:00
parent 5ca9a10d14
commit 3d42ce6820
25 changed files with 185 additions and 369 deletions
--- a/controllers/oauth2.go
+++ b/controllers/oauth2.go
@@ -8,8 +8,10 @@ import (
 	"oc-auth/conf"
 	"oc-auth/infrastructure"
 	auth_connectors "oc-auth/infrastructure/auth_connector"
+	"oc-auth/infrastructure/claims"
 	"regexp"
 	"strings"
+	"time"

 	oclib "cloud.o-forge.io/core/oc-lib"
 	model "cloud.o-forge.io/core/oc-lib/models/peer"
@@ -40,11 +42,15 @@ func (o *OAuthController) LogOut() {
 	var res auth_connectors.Token
 	json.Unmarshal(o.Ctx.Input.CopyBody(10000000), &res)

-	token, err := infrastructure.GetAuthConnector().Logout(clientID, reqToken)
-	if err != nil || token == nil {
-		o.Data["json"] = err
+	if !conf.GetConfig().Local {
+		token, err := infrastructure.GetAuthConnector().Logout(clientID, reqToken)
+		if err != nil || token == nil {
+			o.Data["json"] = err
+		} else {
+			o.Data["json"] = token
+		}
 	} else {
-		o.Data["json"] = token
+		o.Data["json"] = reqToken
 	}
 	o.ServeJSON()
 }
@@ -57,14 +63,13 @@ func (o *OAuthController) LogOut() {
 // @router /login [post]
 func (o *OAuthController) Login() {
 	// authorize user
-	fmt.Println("Login", o.Ctx.Input.Query("client_id"), o.Ctx.Input.Param(":client_id"))
 	clientID := o.Ctx.Input.Query("client_id")
 	var res auth_connectors.Token
 	json.Unmarshal(o.Ctx.Input.CopyBody(10000000), &res)
+
 	if conf.GetConfig().SourceMode == "ldap" {
 		ldap := auth_connectors.New()
 		found, err := ldap.Authenticate(o.Ctx.Request.Context(), res.Username, res.Password)
-		fmt.Println("found", found, "err", err)
 		if err != nil || !found {
 			o.Data["json"] = err
 			o.Ctx.ResponseWriter.WriteHeader(401)
@@ -72,18 +77,44 @@ func (o *OAuthController) Login() {
 			return
 		}
 	}
-	token, err := infrastructure.GetAuthConnector().Login(
-		clientID, res.Username,
-		&http.Cookie{ // open a session
-			Name:  "csrf_token",
-			Value: o.XSRFToken(),
-		})
-	fmt.Println("token", token, "err", err)
-	if err != nil || token == nil {
-		o.Data["json"] = err
-		o.Ctx.ResponseWriter.WriteHeader(401)
+	if !conf.GetConfig().Local {
+		token, err := infrastructure.GetAuthConnector().Login(
+			clientID, res.Username,
+			&http.Cookie{ // open a session
+				Name:  "csrf_token",
+				Value: o.XSRFToken(),
+			})
+		if err != nil || token == nil {
+			o.Data["json"] = err
+			o.Ctx.ResponseWriter.WriteHeader(401)
+		} else {
+			o.Data["json"] = token
+		}
 	} else {
-		o.Data["json"] = token
+		t := oclib.NewRequest(oclib.LibDataEnum(oclib.PEER), "", "", []string{}, nil).Search(
+			nil, fmt.Sprintf("%v", model.SELF.EnumIndex()), false)
+		if t.Err == "" && len(t.Data) > 0 {
+			token := &auth_connectors.Token{
+				Username:    res.Username,
+				Password:    res.Password,
+				TokenType:   "Bearer",
+				Active:      true,
+				ExpiresIn:   3600,
+				AccessToken: "localtoken",
+			}
+			now := time.Now().UTC()
+			now = now.Add(time.Duration(token.ExpiresIn) * time.Second)
+			unix := now.Unix()
+			c := claims.GetClaims().AddClaimsToToken(clientID, res.Username, t.Data[0].(*model.Peer))
+			c.Session.AccessToken["exp"] = unix
+			b, _ := json.Marshal(c)
+			token.AccessToken = token.AccessToken + "." + base64.StdEncoding.EncodeToString(b)
+			o.Data["json"] = token
+
+		} else {
+			o.Data["json"] = t.Err
+			o.Ctx.ResponseWriter.WriteHeader(401)
+		}
 	}
 	o.ServeJSON()
 }
@@ -99,12 +130,16 @@ func (o *OAuthController) Refresh() {
 	var token auth_connectors.Token
 	json.Unmarshal(o.Ctx.Input.CopyBody(100000), &token)
 	// refresh token
-	newToken, err := infrastructure.GetAuthConnector().Refresh(clientID, &token)
-	if err != nil || newToken == nil {
-		o.Data["json"] = err
-		o.Ctx.ResponseWriter.WriteHeader(401)
+	if !conf.GetConfig().Local {
+		newToken, err := infrastructure.GetAuthConnector().Refresh(clientID, &token)
+		if err != nil || newToken == nil {
+			o.Data["json"] = err
+			o.Ctx.ResponseWriter.WriteHeader(401)
+		} else {
+			o.Data["json"] = newToken
+		}
 	} else {
-		o.Data["json"] = newToken
+		o.Data["json"] = token
 	}
 	o.ServeJSON()
 }
@@ -122,11 +157,12 @@ func (o *OAuthController) Introspect() {
 	} else {
 		reqToken = splitToken[1]
 	}
-
-	token, err := infrastructure.GetAuthConnector().Introspect(reqToken)
-	if err != nil || !token {
-		o.Data["json"] = err
-		o.Ctx.ResponseWriter.WriteHeader(401)
+	if !conf.GetConfig().Local {
+		token, err := infrastructure.GetAuthConnector().Introspect(reqToken)
+		if err != nil || !token {
+			o.Data["json"] = err
+			o.Ctx.ResponseWriter.WriteHeader(401)
+		}
 	}
 	o.ServeJSON()
 }
@@ -142,7 +178,7 @@ var whitelist = []string{
 // @Param	Authorization		header  string	false "auth token"
 // @Success 200 {string}
 // @router /forward [get]
-func (o *OAuthController) InternaisDraftlAuthForward() {
+func (o *OAuthController) InternalAuthForward() {
 	fmt.Println("InternalAuthForward")
 	reqToken := o.Ctx.Request.Header.Get("Authorization")
 	if reqToken == "" {
--- a/controllers/version.go
+++ b/controllers/version.go
@@ -14,7 +14,10 @@ type VersionController struct {
 // @Success 200
 // @router / [get]
 func (c *VersionController) GetAll() {
-	c.Data["json"] = map[string]string{"version": "1"}
+	c.Data["json"] = map[string]string{
+		"service": "oc-auth",
+		"version": "1",
+	}
 	c.ServeJSON()
 }

@@ -23,6 +26,9 @@ func (c *VersionController) GetAll() {
 // @Success 200
 // @router /discovery [get]
 func (c *VersionController) Get() {
-	c.Data["json"] = map[string]string{"version": "1"}
+	c.Data["json"] = map[string]string{
+		"service": "oc-auth",
+		"version": "1",
+	}
 	c.ServeJSON()
 }