workin oc-auth
This commit is contained in:
@@ -19,7 +19,8 @@ type GroupController struct {
|
||||
func (o *GroupController) Post() {
|
||||
// store and return Id or post with UUID
|
||||
id := o.Ctx.Input.Param(":id")
|
||||
group, code, err := infrastructure.GetPermissionConnector().CreateGroup(id)
|
||||
clientID := ExtractClient(*o.Ctx.Request)
|
||||
group, code, err := infrastructure.GetPermissionConnector(clientID).CreateGroup(id)
|
||||
if err != nil {
|
||||
o.Data["json"] = map[string]interface{}{
|
||||
"data": nil,
|
||||
@@ -44,7 +45,8 @@ func (o *GroupController) Post() {
|
||||
// @router /user/:id [get]
|
||||
func (o *GroupController) GetByUser() {
|
||||
id := o.Ctx.Input.Param(":id")
|
||||
group, err := infrastructure.GetPermissionConnector().GetGroupByUser(id)
|
||||
clientID := ExtractClient(*o.Ctx.Request)
|
||||
group, err := infrastructure.GetPermissionConnector(clientID).GetGroupByUser(id)
|
||||
if err != nil {
|
||||
o.Data["json"] = map[string]interface{}{
|
||||
"data": nil,
|
||||
@@ -67,7 +69,8 @@ func (o *GroupController) GetByUser() {
|
||||
// @Success 200 {group} string
|
||||
// @router / [get]
|
||||
func (o *GroupController) GetAll() {
|
||||
group, err := infrastructure.GetPermissionConnector().GetGroup("")
|
||||
clientID := ExtractClient(*o.Ctx.Request)
|
||||
group, err := infrastructure.GetPermissionConnector(clientID).GetGroup("")
|
||||
if err != nil {
|
||||
o.Data["json"] = map[string]interface{}{
|
||||
"data": nil,
|
||||
@@ -92,7 +95,8 @@ func (o *GroupController) GetAll() {
|
||||
// @router /:id [get]
|
||||
func (o *GroupController) Get() {
|
||||
id := o.Ctx.Input.Param(":id")
|
||||
group, err := infrastructure.GetPermissionConnector().GetGroup(id)
|
||||
clientID := ExtractClient(*o.Ctx.Request)
|
||||
group, err := infrastructure.GetPermissionConnector(clientID).GetGroup(id)
|
||||
if err != nil {
|
||||
o.Data["json"] = map[string]interface{}{
|
||||
"data": nil,
|
||||
@@ -117,7 +121,8 @@ func (o *GroupController) Get() {
|
||||
// @router /:id [delete]
|
||||
func (o *GroupController) Delete() {
|
||||
id := o.Ctx.Input.Param(":id")
|
||||
group, code, err := infrastructure.GetPermissionConnector().DeleteGroup(id)
|
||||
clientID := ExtractClient(*o.Ctx.Request)
|
||||
group, code, err := infrastructure.GetPermissionConnector(clientID).DeleteGroup(id)
|
||||
if err != nil {
|
||||
o.Data["json"] = map[string]interface{}{
|
||||
"data": nil,
|
||||
@@ -140,7 +145,8 @@ func (o *GroupController) Delete() {
|
||||
// @Success 200 {string} delete success!
|
||||
// @router /clear [delete]
|
||||
func (o *GroupController) Clear() {
|
||||
group, code, err := infrastructure.GetPermissionConnector().DeleteGroup("")
|
||||
clientID := ExtractClient(*o.Ctx.Request)
|
||||
group, code, err := infrastructure.GetPermissionConnector(clientID).DeleteGroup("")
|
||||
if err != nil {
|
||||
o.Data["json"] = map[string]interface{}{
|
||||
"data": nil,
|
||||
@@ -167,7 +173,8 @@ func (o *GroupController) Clear() {
|
||||
func (o *GroupController) Bind() {
|
||||
user_id := o.Ctx.Input.Param(":user_id")
|
||||
group_id := o.Ctx.Input.Param(":group_id")
|
||||
group, code, err := infrastructure.GetPermissionConnector().BindGroup(user_id, group_id)
|
||||
clientID := ExtractClient(*o.Ctx.Request)
|
||||
group, code, err := infrastructure.GetPermissionConnector(clientID).BindGroup(user_id, group_id)
|
||||
if err != nil {
|
||||
o.Data["json"] = map[string]interface{}{
|
||||
"data": nil,
|
||||
@@ -187,14 +194,15 @@ func (o *GroupController) Bind() {
|
||||
|
||||
// @Title UnBind
|
||||
// @Description unbind the group to user
|
||||
// @Param group_id path string true "The group_id you want to unbind"
|
||||
// @Param user_id path string true "The group_id you want to unbind"
|
||||
// @Param group_id path string true "The user_id you want to unbind"
|
||||
// @Success 200 {string} bind success!
|
||||
// @router /:user_id/:group_id [delete]
|
||||
func (o *GroupController) UnBind() {
|
||||
user_id := o.Ctx.Input.Param(":user_id")
|
||||
group_id := o.Ctx.Input.Param(":group_id")
|
||||
group, code, err := infrastructure.GetPermissionConnector().UnBindGroup(user_id, group_id)
|
||||
clientID := ExtractClient(*o.Ctx.Request)
|
||||
group, code, err := infrastructure.GetPermissionConnector(clientID).UnBindGroup(user_id, group_id)
|
||||
if err != nil {
|
||||
o.Data["json"] = map[string]interface{}{
|
||||
"data": nil,
|
||||
|
||||
@@ -1,9 +1,11 @@
|
||||
package controllers
|
||||
|
||||
import (
|
||||
"encoding/base64"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"oc-auth/conf"
|
||||
"oc-auth/infrastructure"
|
||||
auth_connectors "oc-auth/infrastructure/auth_connector"
|
||||
"regexp"
|
||||
@@ -22,10 +24,12 @@ type OAuthController struct {
|
||||
// @Title Logout
|
||||
// @Description unauthenticate user
|
||||
// @Param Authorization header string false "auth token"
|
||||
// @Param client_id query string true "the client_id you want to get"
|
||||
// @Success 200 {string}
|
||||
// @router /ldap/logout [delete]
|
||||
func (o *OAuthController) LogOutLDAP() {
|
||||
// @router /logout [delete]
|
||||
func (o *OAuthController) LogOut() {
|
||||
// authorize user
|
||||
clientID := o.Ctx.Input.Query("client_id")
|
||||
reqToken := o.Ctx.Request.Header.Get("Authorization")
|
||||
splitToken := strings.Split(reqToken, "Bearer ")
|
||||
if len(splitToken) < 2 {
|
||||
@@ -36,7 +40,7 @@ func (o *OAuthController) LogOutLDAP() {
|
||||
var res auth_connectors.Token
|
||||
json.Unmarshal(o.Ctx.Input.CopyBody(10000000), &res)
|
||||
|
||||
token, err := infrastructure.GetAuthConnector().Logout(reqToken)
|
||||
token, err := infrastructure.GetAuthConnector().Logout(clientID, reqToken)
|
||||
if err != nil || token == nil {
|
||||
o.Data["json"] = err
|
||||
} else {
|
||||
@@ -48,25 +52,33 @@ func (o *OAuthController) LogOutLDAP() {
|
||||
// @Title Login
|
||||
// @Description authenticate user
|
||||
// @Param body body models.workflow true "The workflow content"
|
||||
// @Param client_id query string true "the client_id you want to get"
|
||||
// @Success 200 {string}
|
||||
// @router /ldap/login [post]
|
||||
func (o *OAuthController) LoginLDAP() {
|
||||
// @router /login [post]
|
||||
func (o *OAuthController) Login() {
|
||||
// authorize user
|
||||
fmt.Println("Login", o.Ctx.Input.Query("client_id"), o.Ctx.Input.Param(":client_id"))
|
||||
clientID := o.Ctx.Input.Query("client_id")
|
||||
var res auth_connectors.Token
|
||||
json.Unmarshal(o.Ctx.Input.CopyBody(10000000), &res)
|
||||
ldap := auth_connectors.New()
|
||||
found, err := ldap.Authenticate(o.Ctx.Request.Context(), res.Username, res.Password)
|
||||
if err != nil || !found {
|
||||
o.Data["json"] = err
|
||||
o.Ctx.ResponseWriter.WriteHeader(401)
|
||||
o.ServeJSON()
|
||||
return
|
||||
if conf.GetConfig().SourceMode == "ldap" {
|
||||
ldap := auth_connectors.New()
|
||||
found, err := ldap.Authenticate(o.Ctx.Request.Context(), res.Username, res.Password)
|
||||
fmt.Println("found", found, "err", err)
|
||||
if err != nil || !found {
|
||||
o.Data["json"] = err
|
||||
o.Ctx.ResponseWriter.WriteHeader(401)
|
||||
o.ServeJSON()
|
||||
return
|
||||
}
|
||||
}
|
||||
token, err := infrastructure.GetAuthConnector().Login(res.Username,
|
||||
token, err := infrastructure.GetAuthConnector().Login(
|
||||
clientID, res.Username,
|
||||
&http.Cookie{ // open a session
|
||||
Name: "csrf_token",
|
||||
Value: o.XSRFToken(),
|
||||
})
|
||||
fmt.Println("token", token, "err", err)
|
||||
if err != nil || token == nil {
|
||||
o.Data["json"] = err
|
||||
o.Ctx.ResponseWriter.WriteHeader(401)
|
||||
@@ -79,13 +91,15 @@ func (o *OAuthController) LoginLDAP() {
|
||||
// @Title Introspection
|
||||
// @Description introspect token
|
||||
// @Param body body models.Token true "The token info"
|
||||
// @Param client_id query string true "the client_id you want to get"
|
||||
// @Success 200 {string}
|
||||
// @router /refresh [post]
|
||||
func (o *OAuthController) Refresh() {
|
||||
clientID := o.Ctx.Input.Query("client_id")
|
||||
var token auth_connectors.Token
|
||||
json.Unmarshal(o.Ctx.Input.CopyBody(100000), &token)
|
||||
// refresh token
|
||||
newToken, err := infrastructure.GetAuthConnector().Refresh(&token)
|
||||
newToken, err := infrastructure.GetAuthConnector().Refresh(clientID, &token)
|
||||
if err != nil || newToken == nil {
|
||||
o.Data["json"] = err
|
||||
o.Ctx.ResponseWriter.WriteHeader(401)
|
||||
@@ -128,7 +142,7 @@ var whitelist = []string{
|
||||
// @Param Authorization header string false "auth token"
|
||||
// @Success 200 {string}
|
||||
// @router /forward [get]
|
||||
func (o *OAuthController) InternalAuthForward() {
|
||||
func (o *OAuthController) InternaisDraftlAuthForward() {
|
||||
fmt.Println("InternalAuthForward")
|
||||
reqToken := o.Ctx.Request.Header.Get("Authorization")
|
||||
if reqToken == "" {
|
||||
@@ -149,7 +163,7 @@ func (o *OAuthController) InternalAuthForward() {
|
||||
} else {
|
||||
reqToken = splitToken[1]
|
||||
}
|
||||
origin, publicKey, external := o.extractOrigin()
|
||||
origin, publicKey, external := o.extractOrigin(o.Ctx.Request)
|
||||
if !infrastructure.GetAuthConnector().CheckAuthForward( //reqToken != "" &&
|
||||
reqToken, publicKey, origin,
|
||||
o.Ctx.Request.Header.Get("X-Forwarded-Method"),
|
||||
@@ -161,7 +175,8 @@ func (o *OAuthController) InternalAuthForward() {
|
||||
o.ServeJSON()
|
||||
}
|
||||
|
||||
func (o *OAuthController) extractOrigin() (string, string, bool) {
|
||||
func (o *OAuthController) extractOrigin(request *http.Request) (string, string, bool) {
|
||||
user, peerID, groups := oclib.ExtractTokenInfo(*request)
|
||||
external := true
|
||||
publicKey := ""
|
||||
origin := o.Ctx.Request.Header.Get("X-Forwarded-Host")
|
||||
@@ -174,7 +189,7 @@ func (o *OAuthController) extractOrigin() (string, string, bool) {
|
||||
if t != "" {
|
||||
searchStr = strings.Replace(searchStr, t, "", -1)
|
||||
}
|
||||
peer := oclib.Search(nil, searchStr, oclib.LibDataEnum(oclib.PEER))
|
||||
peer := oclib.NewRequest(oclib.LibDataEnum(oclib.PEER), user, peerID, groups, nil).Search(nil, searchStr, false)
|
||||
if peer.Code != 200 || len(peer.Data) == 0 { // TODO: add state of partnership
|
||||
return "", "", external
|
||||
}
|
||||
@@ -190,3 +205,29 @@ func (o *OAuthController) extractOrigin() (string, string, bool) {
|
||||
}
|
||||
return origin, publicKey, external
|
||||
}
|
||||
|
||||
func ExtractClient(request http.Request) string {
|
||||
reqToken := request.Header.Get("Authorization")
|
||||
splitToken := strings.Split(reqToken, "Bearer ")
|
||||
if len(splitToken) < 2 {
|
||||
reqToken = ""
|
||||
} else {
|
||||
reqToken = splitToken[1]
|
||||
}
|
||||
if reqToken != "" {
|
||||
token := strings.Split(reqToken, ".")
|
||||
if len(token) > 2 {
|
||||
bytes, err := base64.StdEncoding.DecodeString(token[2])
|
||||
if err != nil {
|
||||
return ""
|
||||
}
|
||||
m := map[string]interface{}{}
|
||||
err = json.Unmarshal(bytes, &m)
|
||||
if err != nil {
|
||||
return ""
|
||||
}
|
||||
return m["session"].(map[string]interface{})["id_token"].(map[string]interface{})["client_id"].(string)
|
||||
}
|
||||
}
|
||||
return ""
|
||||
}
|
||||
|
||||
@@ -16,7 +16,8 @@ type PermissionController struct {
|
||||
// @Success 200 {permission} string
|
||||
// @router / [get]
|
||||
func (o *PermissionController) GetAll() {
|
||||
role, err := infrastructure.GetPermissionConnector().GetPermission("", "")
|
||||
clientID := ExtractClient(*o.Ctx.Request)
|
||||
role, err := infrastructure.GetPermissionConnector(clientID).GetPermission("", "")
|
||||
if err != nil {
|
||||
o.Data["json"] = map[string]interface{}{
|
||||
"data": nil,
|
||||
@@ -41,7 +42,8 @@ func (o *PermissionController) GetAll() {
|
||||
// @router /role/:id [get]
|
||||
func (o *PermissionController) GetByRole() {
|
||||
id := o.Ctx.Input.Param(":id")
|
||||
role, err := infrastructure.GetPermissionConnector().GetPermissionByRole(id)
|
||||
clientID := ExtractClient(*o.Ctx.Request)
|
||||
role, err := infrastructure.GetPermissionConnector(clientID).GetPermissionByRole(id)
|
||||
if err != nil {
|
||||
o.Data["json"] = map[string]interface{}{
|
||||
"data": nil,
|
||||
@@ -66,7 +68,8 @@ func (o *PermissionController) GetByRole() {
|
||||
// @router /user/:id [get]
|
||||
func (o *PermissionController) GetByUser() {
|
||||
id := o.Ctx.Input.Param(":id")
|
||||
role, err := infrastructure.GetPermissionConnector().GetPermissionByUser(id, true)
|
||||
clientID := ExtractClient(*o.Ctx.Request)
|
||||
role, err := infrastructure.GetPermissionConnector(clientID).GetPermissionByUser(id, true)
|
||||
if err != nil {
|
||||
o.Data["json"] = map[string]interface{}{
|
||||
"data": nil,
|
||||
@@ -92,7 +95,8 @@ func (o *PermissionController) GetByUser() {
|
||||
func (o *PermissionController) Get() {
|
||||
id := o.Ctx.Input.Param(":id")
|
||||
rel := o.Ctx.Input.Param(":relation")
|
||||
role, err := infrastructure.GetPermissionConnector().GetPermission(id, rel)
|
||||
clientID := ExtractClient(*o.Ctx.Request)
|
||||
role, err := infrastructure.GetPermissionConnector(clientID).GetPermission(id, rel)
|
||||
if err != nil {
|
||||
o.Data["json"] = map[string]interface{}{
|
||||
"data": nil,
|
||||
@@ -115,7 +119,8 @@ func (o *PermissionController) Get() {
|
||||
// @Success 200 {string} delete success!
|
||||
// @router /clear [delete]
|
||||
func (o *PermissionController) Clear() {
|
||||
role, code, err := infrastructure.GetPermissionConnector().DeletePermission("", "", true)
|
||||
clientID := ExtractClient(*o.Ctx.Request)
|
||||
role, code, err := infrastructure.GetPermissionConnector(clientID).DeletePermission("", "", true)
|
||||
if err != nil {
|
||||
o.Data["json"] = map[string]interface{}{
|
||||
"data": nil,
|
||||
@@ -144,7 +149,8 @@ func (o *PermissionController) Bind() {
|
||||
permission_id := o.Ctx.Input.Param(":permission_id")
|
||||
role_id := o.Ctx.Input.Param(":role_id")
|
||||
rel := o.Ctx.Input.Param(":relation")
|
||||
role, code, err := infrastructure.GetPermissionConnector().BindPermission(role_id, permission_id, rel)
|
||||
clientID := ExtractClient(*o.Ctx.Request)
|
||||
role, code, err := infrastructure.GetPermissionConnector(clientID).BindPermission(role_id, permission_id, rel)
|
||||
if err != nil {
|
||||
o.Data["json"] = map[string]interface{}{
|
||||
"data": nil,
|
||||
@@ -173,7 +179,8 @@ func (o *PermissionController) UnBind() {
|
||||
permission_id := o.Ctx.Input.Param(":permission_id")
|
||||
role_id := o.Ctx.Input.Param(":role_id")
|
||||
rel := o.Ctx.Input.Param(":relation")
|
||||
role, code, err := infrastructure.GetPermissionConnector().UnBindPermission(role_id, permission_id, rel)
|
||||
clientID := ExtractClient(*o.Ctx.Request)
|
||||
role, code, err := infrastructure.GetPermissionConnector(clientID).UnBindPermission(role_id, permission_id, rel)
|
||||
if err != nil {
|
||||
o.Data["json"] = map[string]interface{}{
|
||||
"data": nil,
|
||||
|
||||
@@ -19,7 +19,8 @@ type RoleController struct {
|
||||
func (o *RoleController) Post() {
|
||||
// store and return Id or post with UUID
|
||||
id := o.Ctx.Input.Param(":id")
|
||||
role, code, err := infrastructure.GetPermissionConnector().CreateRole(id)
|
||||
clientID := ExtractClient(*o.Ctx.Request)
|
||||
role, code, err := infrastructure.GetPermissionConnector(clientID).CreateRole(id)
|
||||
if err != nil {
|
||||
o.Data["json"] = map[string]interface{}{
|
||||
"data": nil,
|
||||
@@ -44,7 +45,8 @@ func (o *RoleController) Post() {
|
||||
// @router /user/:id [get]
|
||||
func (o *RoleController) GetByUser() {
|
||||
id := o.Ctx.Input.Param(":id")
|
||||
role, err := infrastructure.GetPermissionConnector().GetRoleByUser(id)
|
||||
clientID := ExtractClient(*o.Ctx.Request)
|
||||
role, err := infrastructure.GetPermissionConnector(clientID).GetRoleByUser(id)
|
||||
if err != nil {
|
||||
o.Data["json"] = map[string]interface{}{
|
||||
"data": nil,
|
||||
@@ -67,7 +69,8 @@ func (o *RoleController) GetByUser() {
|
||||
// @Success 200 {role} string
|
||||
// @router / [get]
|
||||
func (o *RoleController) GetAll() {
|
||||
role, err := infrastructure.GetPermissionConnector().GetRole("")
|
||||
clientID := ExtractClient(*o.Ctx.Request)
|
||||
role, err := infrastructure.GetPermissionConnector(clientID).GetRole("")
|
||||
if err != nil {
|
||||
o.Data["json"] = map[string]interface{}{
|
||||
"data": nil,
|
||||
@@ -92,7 +95,8 @@ func (o *RoleController) GetAll() {
|
||||
// @router /:id [get]
|
||||
func (o *RoleController) Get() {
|
||||
id := o.Ctx.Input.Param(":id")
|
||||
role, err := infrastructure.GetPermissionConnector().GetRole(id)
|
||||
clientID := ExtractClient(*o.Ctx.Request)
|
||||
role, err := infrastructure.GetPermissionConnector(clientID).GetRole(id)
|
||||
if err != nil {
|
||||
o.Data["json"] = map[string]interface{}{
|
||||
"data": nil,
|
||||
@@ -117,7 +121,8 @@ func (o *RoleController) Get() {
|
||||
// @router /:id [delete]
|
||||
func (o *RoleController) Delete() {
|
||||
id := o.Ctx.Input.Param(":id")
|
||||
role, code, err := infrastructure.GetPermissionConnector().DeleteRole(id)
|
||||
clientID := ExtractClient(*o.Ctx.Request)
|
||||
role, code, err := infrastructure.GetPermissionConnector(clientID).DeleteRole(id)
|
||||
if err != nil {
|
||||
o.Data["json"] = map[string]interface{}{
|
||||
"data": nil,
|
||||
@@ -140,7 +145,8 @@ func (o *RoleController) Delete() {
|
||||
// @Success 200 {string} delete success!
|
||||
// @router /clear [delete]
|
||||
func (o *RoleController) Clear() {
|
||||
role, code, err := infrastructure.GetPermissionConnector().DeleteRole("")
|
||||
clientID := ExtractClient(*o.Ctx.Request)
|
||||
role, code, err := infrastructure.GetPermissionConnector(clientID).DeleteRole("")
|
||||
if err != nil {
|
||||
o.Data["json"] = map[string]interface{}{
|
||||
"data": nil,
|
||||
@@ -167,7 +173,8 @@ func (o *RoleController) Clear() {
|
||||
func (o *RoleController) Bind() {
|
||||
user_id := o.Ctx.Input.Param(":user_id")
|
||||
role_id := o.Ctx.Input.Param(":role_id")
|
||||
role, code, err := infrastructure.GetPermissionConnector().BindRole(user_id, role_id)
|
||||
clientID := ExtractClient(*o.Ctx.Request)
|
||||
role, code, err := infrastructure.GetPermissionConnector(clientID).BindRole(user_id, role_id)
|
||||
if err != nil {
|
||||
o.Data["json"] = map[string]interface{}{
|
||||
"data": nil,
|
||||
@@ -194,7 +201,8 @@ func (o *RoleController) Bind() {
|
||||
func (o *RoleController) UnBind() {
|
||||
user_id := o.Ctx.Input.Param(":user_id")
|
||||
role_id := o.Ctx.Input.Param(":role_id")
|
||||
role, code, err := infrastructure.GetPermissionConnector().UnBindRole(user_id, role_id)
|
||||
clientID := ExtractClient(*o.Ctx.Request)
|
||||
role, code, err := infrastructure.GetPermissionConnector(clientID).UnBindRole(user_id, role_id)
|
||||
if err != nil {
|
||||
o.Data["json"] = map[string]interface{}{
|
||||
"data": nil,
|
||||
|
||||
Reference in New Issue
Block a user