1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
|
package controllers
import (
"cafe/models"
"cafe/repositories"
"cafe/services/openid"
"cafe/session"
"cafe/utils/auth"
"cafe/utils/shortcuts"
"context"
"errors"
"log"
"github.com/gofiber/fiber/v2"
)
func Login(ctx *fiber.Ctx) error {
if auth.IsAuthenticated(ctx) {
return shortcuts.Redirect(ctx, "mainHall")
}
state, err := openid.GenerateState()
if err != nil {
log.Printf("Failed to generate state: %v", err)
return InternalServerError(ctx, errors.New("We couldn't start the login process. Please try again."))
}
sess, err := session.Store.Get(ctx)
if err != nil {
log.Printf("Failed to get session: %v", err)
return InternalServerError(ctx, errors.New("There was a problem with your session. Please try logging in again."))
}
sess.Set("oauth_state", state)
if err := sess.Save(); err != nil {
log.Printf("Failed to save session: %v", err)
return InternalServerError(ctx, errors.New("There was a problem with your session. Please try logging in again."))
}
authURL := openid.GetAuthURL(state)
return ctx.Redirect(authURL)
}
func Callback(ctx *fiber.Ctx) error {
state := ctx.Query("state")
code := ctx.Query("code")
if state == "" || code == "" {
return BadRequest(ctx, errors.New("The login response was incomplete. Please try logging in again."))
}
sess, err := session.Store.Get(ctx)
if err != nil {
log.Printf("Failed to get session: %v", err)
return InternalServerError(ctx, errors.New("There was a problem with your session. Please try logging in again."))
}
savedState := sess.Get("oauth_state")
if savedState == nil || savedState.(string) != state {
return Unauthorized(ctx, errors.New("Your login request could not be verified. Please try again."))
}
sess.Delete("oauth_state")
c := context.Background()
oauth2Token, err := openid.ExchangeCode(c, code)
if err != nil {
log.Printf("Failed to exchange code: %v", err)
return Unauthorized(ctx, errors.New("We couldn't verify your login with Cloudron. Please try again."))
}
rawIDToken, ok := oauth2Token.Extra("id_token").(string)
if !ok {
log.Printf("No id_token in response")
return Unauthorized(ctx, errors.New("Your login was incomplete. Please try again."))
}
idToken, err := openid.VerifyIDToken(c, rawIDToken)
if err != nil {
log.Printf("Failed to verify ID token: %v", err)
return Unauthorized(ctx, errors.New("We couldn't verify your identity. Please try logging in again."))
}
userInfo, err := openid.GetUserInfo(c, oauth2Token, idToken)
if err != nil {
log.Printf("Failed to extract user info: %v", err)
return InternalServerError(ctx, errors.New("We couldn't retrieve your account information. Please try again."))
}
user, err := repositories.GetUserByOpenID(userInfo.Sub)
isAdminUser := openid.IsAdmin(userInfo)
if err != nil {
user = &models.User{
OpenID: userInfo.Sub,
Username: userInfo.PreferredUsername,
Email: userInfo.Email,
DisplayName: userInfo.Name,
IsAdmin: isAdminUser,
}
if err := repositories.CreateUser(user); err != nil {
log.Printf("Failed to create user: %v", err)
return InternalServerError(ctx, errors.New("We couldn't create your account. Please contact an administrator."))
}
} else {
user.Email = userInfo.Email
user.DisplayName = userInfo.Name
user.IsAdmin = isAdminUser
if err := repositories.UpdateUser(user); err != nil {
log.Printf("Failed to update user: %v", err)
}
}
sess.Set("username", user.Username)
if err := sess.Save(); err != nil {
log.Printf("Failed to save session: %v", err)
return InternalServerError(ctx, errors.New("We couldn't complete your login. Please try again."))
}
return shortcuts.Redirect(ctx, "mainHall")
}
func Logout(ctx *fiber.Ctx) error {
sess, err := session.Store.Get(ctx)
if err != nil {
log.Printf("Failed to get session: %v", err)
return shortcuts.Redirect(ctx, "mainHall")
}
if err := sess.Destroy(); err != nil {
log.Printf("Failed to destroy session: %v", err)
}
return shortcuts.Render(ctx, "auth/logout", nil)
}
|
