diff --git a/dist/casaos-user-service-amd64_linux_amd64_v1/build/sysroot/usr/bin/casaos-user-service b/dist/casaos-user-service-amd64_linux_amd64_v1/build/sysroot/usr/bin/casaos-user-service index 420de30..408343e 100755 Binary files a/dist/casaos-user-service-amd64_linux_amd64_v1/build/sysroot/usr/bin/casaos-user-service and b/dist/casaos-user-service-amd64_linux_amd64_v1/build/sysroot/usr/bin/casaos-user-service differ diff --git a/dist/metadata.json b/dist/metadata.json index e39ceed..c8da57f 100644 --- a/dist/metadata.json +++ b/dist/metadata.json @@ -1 +1 @@ -{"project_name":"casaos-user-service","tag":"v1.0.0","previous_tag":"","version":"1.0.1","commit":"bcaa226c29d41cc7812f45c932f0521d069d5d63","date":"2024-08-14T18:19:00.096002906+07:00","runtime":{"goos":"linux","goarch":"amd64"}} \ No newline at end of file +{"project_name":"casaos-user-service","tag":"v1.0.0","previous_tag":"","version":"1.0.1","commit":"3e775a86e0a9e363a4c4fd711404c199e7a89050","date":"2024-08-15T11:56:31.284037482+07:00","runtime":{"goos":"linux","goarch":"amd64"}} \ No newline at end of file diff --git a/route/v1.go b/route/v1.go index c6143d5..c11dc86 100644 --- a/route/v1.go +++ b/route/v1.go @@ -39,6 +39,7 @@ func InitRouter() *gin.Engine { r.GET("/v1/users/oidc/profile", v1.OIDCProfile) r.GET("/v1/users/oidc/userinfo", v1.OIDCUserInfo) r.POST("/v1/users/oidc/validateToken", v1.OIDCValidateToken) + r.POST("/v1/users/oidc/logout", v1.OIDCLogout) v1Group := r.Group("/v1") v1Group.Use(jwt.JWT( diff --git a/route/v1/user.go b/route/v1/user.go index dbf1c16..9b62496 100644 --- a/route/v1/user.go +++ b/route/v1/user.go @@ -7,11 +7,13 @@ import ( "encoding/base64" "encoding/json" json2 "encoding/json" + "fmt" "image" "image/png" "io" "log" "net/http" + "net/url" url2 "net/url" "os" "path" @@ -43,7 +45,7 @@ import ( ) var ( - baseURL = "http://10.0.0.26:9000" + authServer = "http://10.0.0.26:9000" clientID = "6KwKSxLCtaQ4r6HoAn3gdNMbNOAf75j3SejLIAx7" clientSecret = "PE05fcDP4qESUmyZ1TNYpZNBxRPq70VpFI81vehsoJ6WhGz5yPXMljrFrOdMRdRhrYmF03fHWTZHgO9ZdNENrLN13BzL8CAgtEkTsyjXfgx9GvISheIjYfpSfvo219fL" authURL = "http://10.0.0.26:9000/application/o/nextzenos-oidc/" @@ -206,9 +208,9 @@ func OIDCLogin(c *gin.Context) { json := make(map[string]string) c.ShouldBind(&json) state := json["state"] - w := c.Writer - r := c.Request - setCallbackCookie(w, r, "state", state) + // w := c.Writer + // r := c.Request + // setCallbackCookie(w, r, "state", state) // c.Redirect(http.StatusFound, oauth2Config.AuthCodeURL(state)) c.JSON(common_err.SUCCESS, model.Result{ @@ -222,12 +224,9 @@ func OIDCCallback(c *gin.Context) { r := c.Request // Verify state cookie - state, err := r.Cookie("state") - if err != nil { - http.Error(w, "state not found", http.StatusBadRequest) - return - } - if r.URL.Query().Get("state") != state.Value { + state := c.Query("state") + + if r.URL.Query().Get("state") != state { http.Error(w, "state did not match", http.StatusBadRequest) return } @@ -241,7 +240,7 @@ func OIDCCallback(c *gin.Context) { expiryDuration := time.Until(oauth2Token.Expiry) c.SetCookie("accessToken", oauth2Token.AccessToken, int(expiryDuration.Seconds()), "/", "", false, true) // c.SetCookie("refreshToken", oauth2Token.RefreshToken, int(expiryDuration.Seconds()), "/", "", false, true) - c.Redirect(http.StatusFound, state.Value) + c.Redirect(http.StatusFound, state) } func OIDCUserInfo(c *gin.Context) { json := make(map[string]string) @@ -250,7 +249,7 @@ func OIDCUserInfo(c *gin.Context) { if err != nil { c.Redirect(http.StatusFound, "/#/oidc") } - authentikUser, err := service.MyService.Authentik().GetUserInfo(accessToken, baseURL) + authentikUser, err := service.MyService.Authentik().GetUserInfo(accessToken, authServer) if err != nil { c.JSON(http.StatusInternalServerError, model.Result{Success: common_err.ERROR_AUTH_TOKEN, Message: common_err.GetMsg(common_err.ERROR_AUTH_TOKEN)}) return @@ -267,7 +266,7 @@ func OIDCValidateToken(c *gin.Context) { c.ShouldBind(&json) accessToken := json["authentikToken"] var validateToken model2.AuthentikToken - validateToken, err := service.MyService.Authentik().ValidateToken(clientID, clientSecret, accessToken, baseURL) + validateToken, err := service.MyService.Authentik().ValidateToken(clientID, clientSecret, accessToken, authServer) if err != nil { c.JSON(http.StatusUnauthorized, model.Result{Success: common_err.ERROR_AUTH_TOKEN, Message: common_err.GetMsg(common_err.ERROR_AUTH_TOKEN)}) return @@ -278,6 +277,23 @@ func OIDCValidateToken(c *gin.Context) { } c.JSON(http.StatusOK, model.Result{Success: common_err.ERROR_AUTH_TOKEN, Message: common_err.GetMsg(common_err.ERROR_AUTH_TOKEN)}) } +func OIDCLogout(c *gin.Context) { + json := make(map[string]string) + c.ShouldBind(&json) + accessToken := json["authentikToken"] + fmt.Println(accessToken) + flow := "/if/flow/default-authentication-flow/" + next := "next=/application/o/authorize/" + params := url.Values{} + params.Add("?client_id", clientID) + params.Add("redirect_uri", callbackURL) + params.Add("response_type", "code") + params.Add("scope", "openid+profile+email+goauthentik.io/api") + params.Add("state", "/#/profile") + fullURL := authServer + flow + "?" + url.QueryEscape(next+params.Encode()) + + c.JSON(http.StatusOK, model.Result{Success: common_err.ERROR_AUTH_TOKEN, Message: common_err.GetMsg(common_err.ERROR_AUTH_TOKEN), Data: fullURL}) +} func OIDCProfile(c *gin.Context) { json := make(map[string]string) c.ShouldBind(&json) @@ -287,7 +303,7 @@ func OIDCProfile(c *gin.Context) { } // r := c.Request // Get Authentik user info - authentikUser, err := service.MyService.Authentik().GetUserInfo(accessToken, baseURL) + authentikUser, err := service.MyService.Authentik().GetUserInfo(accessToken, authServer) if err != nil { c.JSON(http.StatusInternalServerError, model.Result{Success: common_err.ERROR_AUTH_TOKEN, Message: common_err.GetMsg(common_err.ERROR_AUTH_TOKEN)}) return @@ -370,16 +386,16 @@ func generateTokens(user model2.UserDBModel) (system_model.VerifyInformation, er }, nil } -func setCallbackCookie(w http.ResponseWriter, r *http.Request, name, value string) { - c := &http.Cookie{ - Name: name, - Value: value, - MaxAge: int(time.Hour.Seconds()), - Secure: r.TLS != nil, - HttpOnly: true, - } - http.SetCookie(w, c) -} +// func setCallbackCookie(w http.ResponseWriter, r *http.Request, name, value string) { +// c := &http.Cookie{ +// Name: name, +// Value: value, +// MaxAge: int(time.Hour.Seconds()), +// Secure: r.TLS != nil, +// HttpOnly: true, +// } +// http.SetCookie(w, c) +// } // @Summary login user to openmediavault // @Produce application/json