diff --git a/.gitignore b/.gitignore index 242793e..0b386f3 100644 --- a/.gitignore +++ b/.gitignore @@ -42,3 +42,5 @@ dist/casaos-user-service-amd64_linux_amd64_v1/build/sysroot/usr/bin/casaos-user- dist/casaos-user-service-amd64_linux_amd64_v1/build/sysroot/usr/bin/casaos-user-service dist/casaos-user-service-amd64_linux_amd64_v1/build/sysroot/usr/bin/casaos-user-service +.vscode/launch.json +dist/metadata.json diff --git a/.vscode/launch.json b/.vscode/launch.json index 0b05e32..9666a53 100644 --- a/.vscode/launch.json +++ b/.vscode/launch.json @@ -6,7 +6,7 @@ "type": "go", "debugAdapter": "dlv-dap", "request": "launch", - "port": 38133, + "port": 45307, "host": "127.0.0.1", "mode": "exec", "program": "${workspaceFolder}/dist/casaos-user-service-amd64_linux_amd64_v1/build/sysroot/usr/bin/casaos-user-service" diff --git a/dist/metadata.json b/dist/metadata.json index 92e0a48..9842cf8 100644 --- a/dist/metadata.json +++ b/dist/metadata.json @@ -1 +1 @@ -{"project_name":"casaos-user-service","tag":"v1.0.0","previous_tag":"","version":"1.0.1","commit":"f89d096bc2bb2452772dc54d309c629068dee56b","date":"2024-10-01T11:08:09.593194619+07:00","runtime":{"goos":"linux","goarch":"amd64"}} \ No newline at end of file +{"project_name":"casaos-user-service","tag":"v1.0.0","previous_tag":"","version":"1.0.1","commit":"22d16769ff5dfcfc7725d0ac0e3e7a670cd80bee","date":"2024-10-02T10:44:57.53465879+07:00","runtime":{"goos":"linux","goarch":"amd64"}} \ No newline at end of file diff --git a/model/sys_common.go b/model/sys_common.go index eff1a97..beb617c 100644 --- a/model/sys_common.go +++ b/model/sys_common.go @@ -18,5 +18,5 @@ type APPModel struct { type Result struct { Success int `json:"success" example:"200"` Message string `json:"message" example:"ok"` - Data interface{} `json:"data" example:"θΏ”ε›žη»“ζžœ"` + Data interface{} `json:"data" example:"Return result"` } diff --git a/route/v1/user.go b/route/v1/user.go index e046d11..dbffe7c 100644 --- a/route/v1/user.go +++ b/route/v1/user.go @@ -283,7 +283,7 @@ func OIDC() error { ClientSecret: clientSecret, RedirectURL: callbackURL, Endpoint: provider.Endpoint(), - Scopes: []string{oidc.ScopeOpenID, "profile", "email", "goauthentik.io/api"}, + Scopes: []string{oidc.ScopeOpenID, "profile", "email", "offline_access", "goauthentik.io/api"}, //add offline access for refresh token } return nil @@ -311,10 +311,7 @@ func OIDCLogin(c *gin.Context) { c.ShouldBind(&json) state := json["state"] callBackUrl := fmt.Sprintf("%s/%s", json["baseUrl"], "v1/users/oidc/callback") - // w := c.Writer - // r := c.Request - // setCallbackCookie(w, r, "state", state) - // c.Redirect(http.StatusFound, oauth2Config.AuthCodeURL(state)) + oauth2Config.RedirectURL = callBackUrl c.JSON(common_err.SUCCESS, model.Result{ @@ -366,14 +363,15 @@ func OIDCCallback(c *gin.Context) { return } expiryDuration := time.Until(oauth2Token.Expiry) - c.SetCookie("accessToken", oauth2Token.AccessToken, int(expiryDuration.Seconds()), "/", "", false, true) - // c.SetCookie("refreshToken", oauth2Token.RefreshToken, int(expiryDuration.Seconds()), "/", "", false, true) + c.SetCookie("authentik_accessToken", oauth2Token.AccessToken, int(expiryDuration.Seconds()), "/", "", false, true) + // c.SetCookie("authentik_refreshToken", oauth2Token.RefreshToken, int(expiryDuration.Seconds()), "/", "", false, true) c.Redirect(http.StatusFound, state) } func OIDCUserInfo(c *gin.Context) { json := make(map[string]string) c.ShouldBind(&json) - accessToken, err := c.Cookie("accessToken") + accessToken, err := c.Cookie("authentik_accessToken") + if err != nil { c.Redirect(http.StatusFound, "/#/oidc") } @@ -406,9 +404,12 @@ func OIDCValidateToken(c *gin.Context) { json := make(map[string]string) c.ShouldBind(&json) - accessToken := json["authentikToken"] + accessToken, err := c.Cookie("authentik_accessToken") + if err != nil { + c.Redirect(http.StatusFound, "/#/oidc") + } var validateToken model2.AuthentikToken - validateToken, err := service.MyService.Authentik().ValidateToken(clientID, clientSecret, accessToken, authServer) + validateToken, err = service.MyService.Authentik().ValidateToken(clientID, clientSecret, accessToken, authServer) if err != nil { c.JSON(http.StatusUnauthorized, model.Result{Success: common_err.ERROR_AUTH_TOKEN, Message: common_err.GetMsg(common_err.ERROR_AUTH_TOKEN)}) return @@ -420,11 +421,8 @@ func OIDCValidateToken(c *gin.Context) { c.JSON(http.StatusOK, model.Result{Success: common_err.ERROR_AUTH_TOKEN, Message: common_err.GetMsg(common_err.ERROR_AUTH_TOKEN)}) } func OIDCLogout(c *gin.Context) { - json := make(map[string]string) c.ShouldBind(&json) - accessToken := json["authentikToken"] - fmt.Println(accessToken) flow := "/if/flow/default-authentication-flow/" next := "/application/o/authorize/" @@ -439,11 +437,11 @@ func OIDCLogout(c *gin.Context) { } func OIDCProfile(c *gin.Context) { if !oidcInit { - + c.Redirect(http.StatusFound, "/#/authentik-offline") } json := make(map[string]string) c.ShouldBind(&json) - accessToken, err := c.Cookie("accessToken") + accessToken, err := c.Cookie("authentik_accessToken") if err != nil { c.Redirect(http.StatusFound, "/#/oidc") } @@ -469,6 +467,7 @@ func OIDCProfile(c *gin.Context) { user = model2.UserDBModel{ Username: authentikUser.User.Username, Password: hashPassword(), + Email: authentikUser.User.Email, Role: determineUserRole(authentikUser.User.IsSuperuser), Avatar: authentikUser.User.Avatar, } diff --git a/service/authentik.go b/service/authentik.go index 8912b45..368f915 100644 --- a/service/authentik.go +++ b/service/authentik.go @@ -66,6 +66,8 @@ func (a *authentikService) GetSettings() (model2.AuthentikCredentialsDBModel, er } return m, nil } + +// TODO SHOULD BE Migrate to NEXTZENOS func (a *authentikService) HealthCheck(baseURL string) (string, error) { // Check health/live first pathLive := baseURL + "/-/health/live/" diff --git a/service/model/o_authentik_credetials.go b/service/model/o_authentik_credetials.go index 247ca50..5cc1500 100644 --- a/service/model/o_authentik_credetials.go +++ b/service/model/o_authentik_credetials.go @@ -2,7 +2,7 @@ package model import "time" -// Soon to be removed +// TODO Refreshtoken type AuthentikCredentialsDBModel struct { Id int `gorm:"column:id;primary_key" json:"id"` ClientID string `json:"clientId"`