-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathop.go
92 lines (84 loc) · 3.58 KB
/
op.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
package oidc
import (
"context"
"fmt"
"github.com/go-jose/go-jose/v3"
"github.com/xslasd/x-oidc/ecode"
"github.com/xslasd/x-oidc/log"
"github.com/xslasd/x-oidc/model"
"github.com/xslasd/x-oidc/util"
"net/http"
"strings"
)
type OpenIDProvider struct {
cfg *Config
opt *OpenIDOption
}
type OpenIDWrapper interface {
SetLogger(logger log.Logger)
DiscoveryJWKs(jwksEndpoint string, handler func() (*jose.JSONWebKeySet, error))
DiscoveryConfig(discoveryEndpoint string, handler func(req *DiscoveryConfigReq) *model.DiscoveryConfiguration)
Authorize(authorizationEndpoint string, handler func(ctx context.Context, req *AuthRequestReq) (string, error))
EndSession(endSessionEndpoint string, handler func(ctx context.Context, req *EndSessionReq) (string, error))
Introspect(introspectionEndpoint string, handler func(ctx context.Context, req *IntrospectionReq, r *http.Request) (*model.IntrospectionModel, error))
RevokeToken(revocationEndpoint string, handler func(ctx context.Context, req *RevokeTokenReq, r *http.Request) error)
TokenExchange(tokenExchangeEndpoint string, handler func(ctx context.Context, req *TokenExchangeReq, r *http.Request) (interface{}, error))
Userinfo(userinfoEndpoint string, handler func(ctx context.Context, req *UserinfoReq, r *http.Request) (*model.UserInfo, error))
AuthorizeCallback(authorizeCallbackEndpoint string, handler func(ctx context.Context, req *AuthorizeCallbackReq) (callbackUrl string, err error))
}
func NewOpenIDProvider(cfg *Config, opts ...Option) (*OpenIDProvider, error) {
cfg.Issuer = strings.ToLower(cfg.Issuer)
err := util.ValidateIssuer(cfg.Issuer)
if err != nil {
return nil, err
}
if cfg.OpenIDWrapper == nil {
return nil, ecode.HandlerIsNull
}
if cfg.Storage == nil {
return nil, ecode.StorageIsNull
}
opt := defaultOption(cfg.Issuer)
srv := &OpenIDProvider{cfg: cfg, opt: opt}
for _, o := range opts {
o(opt)
}
if !opt.allowInsecure && !util.IsHttpsPrefix(cfg.Issuer) {
return nil, ecode.IssuerHTTPSInvalid
}
handler := srv.cfg.OpenIDWrapper
srv.printBanner()
cfg.Storage.SetLogger(opt.logger)
cfg.OpenIDWrapper.SetLogger(opt.logger)
handler.DiscoveryJWKs(opt.jwksPath, srv.discoveryJWKs)
opt.logger.Infof("JWKsEndpoint -> %s", opt.jwksEndpoint)
handler.DiscoveryConfig(opt.discoveryPath, srv.discoveryConfig)
opt.logger.Infof("DiscoveryEndpoint -> %s", opt.discoveryEndpoint)
handler.Authorize(opt.authorizationPath, srv.authorize)
opt.logger.Infof("AuthorizationEndpoint -> %s", opt.authorizationEndpoint)
handler.EndSession(opt.endSessionPath, srv.endSession)
opt.logger.Infof("EndSessionEndpoint -> %s", opt.endSessionEndpoint)
handler.Introspect(opt.introspectionPath, srv.introspect)
opt.logger.Infof("IntrospectionEndpoint -> %s", opt.introspectionEndpoint)
handler.RevokeToken(opt.revocationPath, srv.revokeToken)
opt.logger.Infof("RevocationEndpoint -> %s", opt.revocationEndpoint)
handler.TokenExchange(opt.tokenExchangePath, srv.tokenExchange)
opt.logger.Infof("TokenExchangeEndpoint -> %s", opt.tokenExchangeEndpoint)
handler.Userinfo(opt.userinfoPath, srv.userinfo)
opt.logger.Infof("UserinfoEndpoint -> %s", opt.userinfoEndpoint)
handler.AuthorizeCallback(opt.authorizeCallbackPath, srv.authorizeCallback)
opt.logger.Infof("AuthorizeCallbackEndpoint -> %s", opt.authorizeCallbackEndpoint)
return srv, nil
}
// printBanner init
func (o *OpenIDProvider) printBanner() {
const banner = `
_ _
__ __ ___ (_) __| | ___
\ \/ /____ / _ \| |/ _| |/ __|
> <_____| (_) | | (_| | (__
/_/\_\ \___/|_|\__,_|\___|
Welcome to x-oidc, starting service ...
`
fmt.Print(banner)
}