MaysWind
123 lines
4.3 KiB
Go
123 lines
4.3 KiB
Go
package oauth2
|
|
|
|
import (
|
|
"net/http"
|
|
|
|
"golang.org/x/oauth2"
|
|
|
|
"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/data"
|
|
"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/provider"
|
|
"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/provider/gitea"
|
|
"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/provider/github"
|
|
"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/provider/nextcloud"
|
|
"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/provider/oidc"
|
|
"github.com/mayswind/ezbookkeeping/pkg/core"
|
|
"github.com/mayswind/ezbookkeeping/pkg/errs"
|
|
"github.com/mayswind/ezbookkeeping/pkg/settings"
|
|
"github.com/mayswind/ezbookkeeping/pkg/utils"
|
|
)
|
|
|
|
// OAuth2Container contains the current OAuth 2.0 authentication provider
|
|
type OAuth2Container struct {
|
|
current provider.OAuth2Provider
|
|
usePKCE bool
|
|
oauth2HttpClient *http.Client
|
|
externalUserAuthType core.UserExternalAuthType
|
|
}
|
|
|
|
// Initialize a OAuth 2.0 container singleton instance
|
|
var (
|
|
Container = &OAuth2Container{}
|
|
)
|
|
|
|
// InitializeOAuth2Provider initializes the current OAuth 2.0 provider according to the config
|
|
func InitializeOAuth2Provider(config *settings.Config) error {
|
|
if !config.EnableOAuth2Login {
|
|
return nil
|
|
}
|
|
|
|
if config.OAuth2ClientID == "" || config.OAuth2ClientSecret == "" || config.OAuth2UserIdentifier == "" || config.OAuth2Provider == "" {
|
|
return errs.ErrInvalidOAuth2Config
|
|
}
|
|
|
|
var err error
|
|
var oauth2Provider provider.OAuth2Provider
|
|
var externalUserAuthType core.UserExternalAuthType
|
|
redirectUrl := config.RootUrl + "oauth2/callback"
|
|
|
|
if config.OAuth2Provider == settings.OAuth2ProviderOIDC {
|
|
oauth2Provider, err = oidc.NewOIDCProvider(config, redirectUrl)
|
|
externalUserAuthType = core.USER_EXTERNAL_AUTH_TYPE_OAUTH2_OIDC
|
|
} else if config.OAuth2Provider == settings.OAuth2ProviderNextcloud {
|
|
oauth2Provider, err = nextcloud.NewNextcloudOAuth2Provider(config, redirectUrl)
|
|
externalUserAuthType = core.USER_EXTERNAL_AUTH_TYPE_OAUTH2_NEXTCLOUD
|
|
} else if config.OAuth2Provider == settings.OAuth2ProviderGitea {
|
|
oauth2Provider, err = gitea.NewGiteaOAuth2Provider(config, redirectUrl)
|
|
externalUserAuthType = core.USER_EXTERNAL_AUTH_TYPE_OAUTH2_GITEA
|
|
} else if config.OAuth2Provider == settings.OAuth2ProviderGithub {
|
|
oauth2Provider, err = github.NewGithubOAuth2Provider(config, redirectUrl)
|
|
externalUserAuthType = core.USER_EXTERNAL_AUTH_TYPE_OAUTH2_GITHUB
|
|
} else {
|
|
return errs.ErrInvalidOAuth2Provider
|
|
}
|
|
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
Container.current = oauth2Provider
|
|
Container.usePKCE = config.OAuth2UsePKCE
|
|
Container.oauth2HttpClient = utils.NewHttpClient(config.OAuth2RequestTimeout, config.OAuth2Proxy, config.OAuth2SkipTLSVerify, settings.GetUserAgent())
|
|
Container.externalUserAuthType = externalUserAuthType
|
|
|
|
return nil
|
|
}
|
|
|
|
// GetOAuth2AuthUrl returns the OAuth 2.0 authentication url
|
|
func GetOAuth2AuthUrl(c core.Context, state string, verifier string) (string, error) {
|
|
if Container.current == nil {
|
|
return "", errs.ErrOAuth2NotEnabled
|
|
}
|
|
|
|
var opts []oauth2.AuthCodeOption
|
|
|
|
if Container.usePKCE {
|
|
opts = append(opts, oauth2.S256ChallengeOption(verifier))
|
|
}
|
|
|
|
return Container.current.GetOAuth2AuthUrl(wrapOAuth2Context(c, Container.oauth2HttpClient), state, opts...)
|
|
}
|
|
|
|
// GetOAuth2Token exchanges the authorization code for an OAuth 2.0 token
|
|
func GetOAuth2Token(c core.Context, code string, verifier string) (*oauth2.Token, error) {
|
|
if Container.current == nil || Container.oauth2HttpClient == nil {
|
|
return nil, errs.ErrOAuth2NotEnabled
|
|
}
|
|
|
|
var opts []oauth2.AuthCodeOption
|
|
|
|
if Container.usePKCE {
|
|
opts = append(opts, oauth2.VerifierOption(verifier))
|
|
}
|
|
|
|
return Container.current.GetOAuth2Token(wrapOAuth2Context(c, Container.oauth2HttpClient), code, opts...)
|
|
}
|
|
|
|
// GetOAuth2UserInfo retrieves the OAuth 2.0 user info using the provided OAuth 2.0 token
|
|
func GetOAuth2UserInfo(c core.Context, token *oauth2.Token) (*data.OAuth2UserInfo, error) {
|
|
if Container.current == nil || Container.oauth2HttpClient == nil {
|
|
return nil, errs.ErrOAuth2NotEnabled
|
|
}
|
|
|
|
if token == nil {
|
|
return nil, errs.ErrInvalidOAuth2Token
|
|
}
|
|
|
|
return Container.current.GetUserInfo(wrapOAuth2Context(c, Container.oauth2HttpClient), token)
|
|
}
|
|
|
|
// GetExternalUserAuthType returns the external user auth type of the current OAuth 2.0 provider
|
|
func GetExternalUserAuthType() core.UserExternalAuthType {
|
|
return Container.externalUserAuthType
|
|
}
|