mirror of
https://github.com/KaySar12/NextZen-UserService.git
synced 2025-03-15 23:25:35 +07:00
update logout flow
This commit is contained in:
parent
3e775a86e0
commit
c1242916f9
Binary file not shown.
2
dist/metadata.json
vendored
2
dist/metadata.json
vendored
@ -1 +1 @@
|
||||
{"project_name":"casaos-user-service","tag":"v1.0.0","previous_tag":"","version":"1.0.1","commit":"bcaa226c29d41cc7812f45c932f0521d069d5d63","date":"2024-08-14T18:19:00.096002906+07:00","runtime":{"goos":"linux","goarch":"amd64"}}
|
||||
{"project_name":"casaos-user-service","tag":"v1.0.0","previous_tag":"","version":"1.0.1","commit":"3e775a86e0a9e363a4c4fd711404c199e7a89050","date":"2024-08-15T11:56:31.284037482+07:00","runtime":{"goos":"linux","goarch":"amd64"}}
|
@ -39,6 +39,7 @@ func InitRouter() *gin.Engine {
|
||||
r.GET("/v1/users/oidc/profile", v1.OIDCProfile)
|
||||
r.GET("/v1/users/oidc/userinfo", v1.OIDCUserInfo)
|
||||
r.POST("/v1/users/oidc/validateToken", v1.OIDCValidateToken)
|
||||
r.POST("/v1/users/oidc/logout", v1.OIDCLogout)
|
||||
v1Group := r.Group("/v1")
|
||||
|
||||
v1Group.Use(jwt.JWT(
|
||||
|
@ -7,11 +7,13 @@ import (
|
||||
"encoding/base64"
|
||||
"encoding/json"
|
||||
json2 "encoding/json"
|
||||
"fmt"
|
||||
"image"
|
||||
"image/png"
|
||||
"io"
|
||||
"log"
|
||||
"net/http"
|
||||
"net/url"
|
||||
url2 "net/url"
|
||||
"os"
|
||||
"path"
|
||||
@ -43,7 +45,7 @@ import (
|
||||
)
|
||||
|
||||
var (
|
||||
baseURL = "http://10.0.0.26:9000"
|
||||
authServer = "http://10.0.0.26:9000"
|
||||
clientID = "6KwKSxLCtaQ4r6HoAn3gdNMbNOAf75j3SejLIAx7"
|
||||
clientSecret = "PE05fcDP4qESUmyZ1TNYpZNBxRPq70VpFI81vehsoJ6WhGz5yPXMljrFrOdMRdRhrYmF03fHWTZHgO9ZdNENrLN13BzL8CAgtEkTsyjXfgx9GvISheIjYfpSfvo219fL"
|
||||
authURL = "http://10.0.0.26:9000/application/o/nextzenos-oidc/"
|
||||
@ -206,9 +208,9 @@ func OIDCLogin(c *gin.Context) {
|
||||
json := make(map[string]string)
|
||||
c.ShouldBind(&json)
|
||||
state := json["state"]
|
||||
w := c.Writer
|
||||
r := c.Request
|
||||
setCallbackCookie(w, r, "state", state)
|
||||
// w := c.Writer
|
||||
// r := c.Request
|
||||
// setCallbackCookie(w, r, "state", state)
|
||||
// c.Redirect(http.StatusFound, oauth2Config.AuthCodeURL(state))
|
||||
c.JSON(common_err.SUCCESS,
|
||||
model.Result{
|
||||
@ -222,12 +224,9 @@ func OIDCCallback(c *gin.Context) {
|
||||
r := c.Request
|
||||
|
||||
// Verify state cookie
|
||||
state, err := r.Cookie("state")
|
||||
if err != nil {
|
||||
http.Error(w, "state not found", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
if r.URL.Query().Get("state") != state.Value {
|
||||
state := c.Query("state")
|
||||
|
||||
if r.URL.Query().Get("state") != state {
|
||||
http.Error(w, "state did not match", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
@ -241,7 +240,7 @@ func OIDCCallback(c *gin.Context) {
|
||||
expiryDuration := time.Until(oauth2Token.Expiry)
|
||||
c.SetCookie("accessToken", oauth2Token.AccessToken, int(expiryDuration.Seconds()), "/", "", false, true)
|
||||
// c.SetCookie("refreshToken", oauth2Token.RefreshToken, int(expiryDuration.Seconds()), "/", "", false, true)
|
||||
c.Redirect(http.StatusFound, state.Value)
|
||||
c.Redirect(http.StatusFound, state)
|
||||
}
|
||||
func OIDCUserInfo(c *gin.Context) {
|
||||
json := make(map[string]string)
|
||||
@ -250,7 +249,7 @@ func OIDCUserInfo(c *gin.Context) {
|
||||
if err != nil {
|
||||
c.Redirect(http.StatusFound, "/#/oidc")
|
||||
}
|
||||
authentikUser, err := service.MyService.Authentik().GetUserInfo(accessToken, baseURL)
|
||||
authentikUser, err := service.MyService.Authentik().GetUserInfo(accessToken, authServer)
|
||||
if err != nil {
|
||||
c.JSON(http.StatusInternalServerError, model.Result{Success: common_err.ERROR_AUTH_TOKEN, Message: common_err.GetMsg(common_err.ERROR_AUTH_TOKEN)})
|
||||
return
|
||||
@ -267,7 +266,7 @@ func OIDCValidateToken(c *gin.Context) {
|
||||
c.ShouldBind(&json)
|
||||
accessToken := json["authentikToken"]
|
||||
var validateToken model2.AuthentikToken
|
||||
validateToken, err := service.MyService.Authentik().ValidateToken(clientID, clientSecret, accessToken, baseURL)
|
||||
validateToken, err := service.MyService.Authentik().ValidateToken(clientID, clientSecret, accessToken, authServer)
|
||||
if err != nil {
|
||||
c.JSON(http.StatusUnauthorized, model.Result{Success: common_err.ERROR_AUTH_TOKEN, Message: common_err.GetMsg(common_err.ERROR_AUTH_TOKEN)})
|
||||
return
|
||||
@ -278,6 +277,23 @@ func OIDCValidateToken(c *gin.Context) {
|
||||
}
|
||||
c.JSON(http.StatusOK, model.Result{Success: common_err.ERROR_AUTH_TOKEN, Message: common_err.GetMsg(common_err.ERROR_AUTH_TOKEN)})
|
||||
}
|
||||
func OIDCLogout(c *gin.Context) {
|
||||
json := make(map[string]string)
|
||||
c.ShouldBind(&json)
|
||||
accessToken := json["authentikToken"]
|
||||
fmt.Println(accessToken)
|
||||
flow := "/if/flow/default-authentication-flow/"
|
||||
next := "next=/application/o/authorize/"
|
||||
params := url.Values{}
|
||||
params.Add("?client_id", clientID)
|
||||
params.Add("redirect_uri", callbackURL)
|
||||
params.Add("response_type", "code")
|
||||
params.Add("scope", "openid+profile+email+goauthentik.io/api")
|
||||
params.Add("state", "/#/profile")
|
||||
fullURL := authServer + flow + "?" + url.QueryEscape(next+params.Encode())
|
||||
|
||||
c.JSON(http.StatusOK, model.Result{Success: common_err.ERROR_AUTH_TOKEN, Message: common_err.GetMsg(common_err.ERROR_AUTH_TOKEN), Data: fullURL})
|
||||
}
|
||||
func OIDCProfile(c *gin.Context) {
|
||||
json := make(map[string]string)
|
||||
c.ShouldBind(&json)
|
||||
@ -287,7 +303,7 @@ func OIDCProfile(c *gin.Context) {
|
||||
}
|
||||
// r := c.Request
|
||||
// Get Authentik user info
|
||||
authentikUser, err := service.MyService.Authentik().GetUserInfo(accessToken, baseURL)
|
||||
authentikUser, err := service.MyService.Authentik().GetUserInfo(accessToken, authServer)
|
||||
if err != nil {
|
||||
c.JSON(http.StatusInternalServerError, model.Result{Success: common_err.ERROR_AUTH_TOKEN, Message: common_err.GetMsg(common_err.ERROR_AUTH_TOKEN)})
|
||||
return
|
||||
@ -370,16 +386,16 @@ func generateTokens(user model2.UserDBModel) (system_model.VerifyInformation, er
|
||||
}, nil
|
||||
}
|
||||
|
||||
func setCallbackCookie(w http.ResponseWriter, r *http.Request, name, value string) {
|
||||
c := &http.Cookie{
|
||||
Name: name,
|
||||
Value: value,
|
||||
MaxAge: int(time.Hour.Seconds()),
|
||||
Secure: r.TLS != nil,
|
||||
HttpOnly: true,
|
||||
}
|
||||
http.SetCookie(w, c)
|
||||
}
|
||||
// func setCallbackCookie(w http.ResponseWriter, r *http.Request, name, value string) {
|
||||
// c := &http.Cookie{
|
||||
// Name: name,
|
||||
// Value: value,
|
||||
// MaxAge: int(time.Hour.Seconds()),
|
||||
// Secure: r.TLS != nil,
|
||||
// HttpOnly: true,
|
||||
// }
|
||||
// http.SetCookie(w, c)
|
||||
// }
|
||||
|
||||
// @Summary login user to openmediavault
|
||||
// @Produce application/json
|
||||
|
Loading…
Reference in New Issue
Block a user