Fully Working OAuth2Flow

controllers/oauth2.go

@@ -14,6 +14,7 @@ import (
 	"time"
 
 	oclib "cloud.o-forge.io/core/oc-lib"
+	"cloud.o-forge.io/core/oc-lib/dbs"
 	"cloud.o-forge.io/core/oc-lib/models/peer"
 	model "cloud.o-forge.io/core/oc-lib/models/peer"
 	beego "github.com/beego/beego/v2/server/web"
@@ -27,6 +28,8 @@ type OAuthController struct {
 // @Title GetLogin
 // @Description Hydra redirects here with a login_challenge. Returns challenge info or auto-accepts if session exists.
 // @Param   login_challenge   query    string  true  "The login challenge from Hydra"
+// @Param   redirect   query    string  true  "explicit redirect by passed"
+
 // @Success 200 {object} auth_connectors.LoginChallenge
 // @Failure 400 missing login_challenge
 // @Failure 500 internal error
@@ -73,8 +76,9 @@ func (o *OAuthController) GetLogin() {
 		o.Data["json"] = redirect
 		o.ServeJSON()
 		return
-	}
 
+		return
+	}
 	// Return challenge info so frontend can render login form
 	o.Data["json"] = loginChallenge
 	o.ServeJSON()
@@ -82,13 +86,17 @@ func (o *OAuthController) GetLogin() {
 
 // @Title PostLogin
 // @Description Authenticate user via LDAP and accept Hydra login challenge
+// @Param   redirect   query    string  true  "explicit redirect by passed"
 // @Param   body  body  auth_connectors.LoginRequest  true  "Login credentials and challenge"
+
 // @Success 200 {object} auth_connectors.Redirect
 // @Failure 401 invalid credentials
 // @Failure 500 internal error
 // @router /login [post]
 func (o *OAuthController) Login() {
 	logger := oclib.GetLogger()
+	red := o.Ctx.Input.Query("redirect")
+
 	var req auth_connectors.LoginRequest
 	if err := json.Unmarshal(o.Ctx.Input.CopyBody(10000000), &req); err != nil {
 		o.Ctx.ResponseWriter.WriteHeader(400)
@@ -159,13 +167,18 @@ func (o *OAuthController) Login() {
 	}
 
 	// Return redirect_to so the frontend follows the OAuth2 flow
-	o.Data["json"] = redirect
-	o.ServeJSON()
+	if red == "false" {
+		o.Data["json"] = redirect
+		o.ServeJSON()
+		return
+	}
+	o.Redirect(redirect.RedirectTo, 303)
 }
 
 // @Title Consent
 // @Description Hydra redirects here with a consent_challenge. Auto-accepts consent with user permissions.
 // @Param   consent_challenge   query    string  true  "The consent challenge from Hydra"
+// @Param   redirect   query    string  true  "explicit redirect by passed"
 // @Success 200 {object} auth_connectors.Redirect
 // @Failure 400 missing consent_challenge
 // @Failure 500 internal error
@@ -191,8 +204,13 @@ func (o *OAuthController) Consent() {
 	}
 
 	// Get self peer for signing
-	pp := oclib.NewRequest(oclib.LibDataEnum(oclib.PEER), "", "", []string{}, nil).Search(
-		nil, strconv.Itoa(peer.SELF.EnumIndex()), false)
+	pp := oclib.NewRequestAdmin(oclib.LibDataEnum(oclib.PEER), nil).Search(
+		&dbs.Filters{
+			Or: map[string][]dbs.Filter{ // search by name if no filters are provided
+				"relation": {{Operator: dbs.EQUAL.String(), Value: peer.SELF}},
+			},
+		}, strconv.Itoa(peer.SELF.EnumIndex()), false)
+	fmt.Println(pp.Err, pp.Data)
 	if len(pp.Data) == 0 || pp.Code >= 300 || pp.Err != "" {
 		logger.Error().Msg("Self peer not found")
 		o.Ctx.ResponseWriter.WriteHeader(500)
@@ -231,12 +249,16 @@ func (o *OAuthController) Consent() {
 // @Title GetLogout
 // @Description Hydra redirects here with a logout_challenge. Accepts the challenge and returns a redirect URL.
 // @Param   logout_challenge   query    string  true  "The logout challenge from Hydra"
+// @Param   redirect   query    string  true  "explicit redirect by passed"
+
 // @Success 200 {object} auth_connectors.Redirect
 // @Failure 400 missing logout_challenge
 // @Failure 500 internal error
 // @router /logout [get]
 func (o *OAuthController) GetLogout() {
 	logger := oclib.GetLogger()
+	red := o.Ctx.Input.Query("redirect")
+
 	challenge := o.Ctx.Input.Query("logout_challenge")
 	if challenge == "" {
 		o.Ctx.ResponseWriter.WriteHeader(400)
@@ -268,15 +290,19 @@ func (o *OAuthController) GetLogout() {
 		o.ServeJSON()
 		return
 	}
-
-	o.Data["json"] = redirect
-	o.ServeJSON()
+	if red == "false" {
+		o.Data["json"] = redirect
+		o.ServeJSON()
+		return
+	}
+	o.Redirect(redirect.RedirectTo, 303)
 }
 
 // @Title Logout
 // @Description Revoke an OAuth2 token
 // @Param   Authorization  header  string  false  "Bearer token"
 // @Param   client_id      query   string  true   "The client_id"
+
 // @Success 200 {object} auth_connectors.Token
 // @router /logout [delete]
 func (o *OAuthController) LogOut() {