mirror of
https://github.com/steveiliop56/tinyauth.git
synced 2025-10-28 12:45:47 +00:00
refactor: don't export non-needed fields
This commit is contained in:
Stavros
@@ -46,19 +46,19 @@ type ContextControllerConfig struct {
|
||||
}
|
||||
|
||||
type ContextController struct {
|
||||
Config ContextControllerConfig
|
||||
Router *gin.RouterGroup
|
||||
config ContextControllerConfig
|
||||
router *gin.RouterGroup
|
||||
}
|
||||
|
||||
func NewContextController(config ContextControllerConfig, router *gin.RouterGroup) *ContextController {
|
||||
return &ContextController{
|
||||
Config: config,
|
||||
Router: router,
|
||||
config: config,
|
||||
router: router,
|
||||
}
|
||||
}
|
||||
|
||||
func (controller *ContextController) SetupRoutes() {
|
||||
contextGroup := controller.Router.Group("/context")
|
||||
contextGroup := controller.router.Group("/context")
|
||||
contextGroup.GET("/user", controller.userContextHandler)
|
||||
contextGroup.GET("/app", controller.appContextHandler)
|
||||
}
|
||||
@@ -91,18 +91,18 @@ func (controller *ContextController) userContextHandler(c *gin.Context) {
|
||||
}
|
||||
|
||||
func (controller *ContextController) appContextHandler(c *gin.Context) {
|
||||
appUrl, _ := url.Parse(controller.Config.AppURL) // no need to check error, validated on startup
|
||||
appUrl, _ := url.Parse(controller.config.AppURL) // no need to check error, validated on startup
|
||||
|
||||
c.JSON(200, AppContextResponse{
|
||||
Status: 200,
|
||||
Message: "Success",
|
||||
ConfiguredProviders: controller.Config.ConfiguredProviders,
|
||||
Title: controller.Config.Title,
|
||||
GenericName: controller.Config.GenericName,
|
||||
ConfiguredProviders: controller.config.ConfiguredProviders,
|
||||
Title: controller.config.Title,
|
||||
GenericName: controller.config.GenericName,
|
||||
AppURL: fmt.Sprintf("%s://%s", appUrl.Scheme, appUrl.Host),
|
||||
RootDomain: controller.Config.RootDomain,
|
||||
ForgotPasswordMessage: controller.Config.ForgotPasswordMessage,
|
||||
BackgroundImage: controller.Config.BackgroundImage,
|
||||
OAuthAutoRedirect: controller.Config.OAuthAutoRedirect,
|
||||
RootDomain: controller.config.RootDomain,
|
||||
ForgotPasswordMessage: controller.config.ForgotPasswordMessage,
|
||||
BackgroundImage: controller.config.BackgroundImage,
|
||||
OAuthAutoRedirect: controller.config.OAuthAutoRedirect,
|
||||
})
|
||||
}
|
||||
|
||||
@@ -3,18 +3,18 @@ package controller
|
||||
import "github.com/gin-gonic/gin"
|
||||
|
||||
type HealthController struct {
|
||||
Router *gin.RouterGroup
|
||||
router *gin.RouterGroup
|
||||
}
|
||||
|
||||
func NewHealthController(router *gin.RouterGroup) *HealthController {
|
||||
return &HealthController{
|
||||
Router: router,
|
||||
router: router,
|
||||
}
|
||||
}
|
||||
|
||||
func (controller *HealthController) SetupRoutes() {
|
||||
controller.Router.GET("/health", controller.healthHandler)
|
||||
controller.Router.HEAD("/health", controller.healthHandler)
|
||||
controller.router.GET("/health", controller.healthHandler)
|
||||
controller.router.HEAD("/health", controller.healthHandler)
|
||||
}
|
||||
|
||||
func (controller *HealthController) healthHandler(c *gin.Context) {
|
||||
|
||||
@@ -27,23 +27,23 @@ type OAuthControllerConfig struct {
|
||||
}
|
||||
|
||||
type OAuthController struct {
|
||||
Config OAuthControllerConfig
|
||||
Router *gin.RouterGroup
|
||||
Auth *service.AuthService
|
||||
Broker *service.OAuthBrokerService
|
||||
config OAuthControllerConfig
|
||||
router *gin.RouterGroup
|
||||
auth *service.AuthService
|
||||
broker *service.OAuthBrokerService
|
||||
}
|
||||
|
||||
func NewOAuthController(config OAuthControllerConfig, router *gin.RouterGroup, auth *service.AuthService, broker *service.OAuthBrokerService) *OAuthController {
|
||||
return &OAuthController{
|
||||
Config: config,
|
||||
Router: router,
|
||||
Auth: auth,
|
||||
Broker: broker,
|
||||
config: config,
|
||||
router: router,
|
||||
auth: auth,
|
||||
broker: broker,
|
||||
}
|
||||
}
|
||||
|
||||
func (controller *OAuthController) SetupRoutes() {
|
||||
oauthGroup := controller.Router.Group("/oauth")
|
||||
oauthGroup := controller.router.Group("/oauth")
|
||||
oauthGroup.GET("/url/:provider", controller.oauthURLHandler)
|
||||
oauthGroup.GET("/callback/:provider", controller.oauthCallbackHandler)
|
||||
}
|
||||
@@ -61,7 +61,7 @@ func (controller *OAuthController) oauthURLHandler(c *gin.Context) {
|
||||
return
|
||||
}
|
||||
|
||||
service, exists := controller.Broker.GetService(req.Provider)
|
||||
service, exists := controller.broker.GetService(req.Provider)
|
||||
|
||||
if !exists {
|
||||
log.Warn().Msgf("OAuth provider not found: %s", req.Provider)
|
||||
@@ -74,13 +74,13 @@ func (controller *OAuthController) oauthURLHandler(c *gin.Context) {
|
||||
|
||||
state := service.GenerateState()
|
||||
authURL := service.GetAuthURL(state)
|
||||
c.SetCookie(controller.Config.CSRFCookieName, state, int(time.Hour.Seconds()), "/", fmt.Sprintf(".%s", controller.Config.RootDomain), controller.Config.SecureCookie, true)
|
||||
c.SetCookie(controller.config.CSRFCookieName, state, int(time.Hour.Seconds()), "/", fmt.Sprintf(".%s", controller.config.RootDomain), controller.config.SecureCookie, true)
|
||||
|
||||
redirectURI := c.Query("redirect_uri")
|
||||
|
||||
if redirectURI != "" && utils.IsRedirectSafe(redirectURI, controller.Config.RootDomain) {
|
||||
if redirectURI != "" && utils.IsRedirectSafe(redirectURI, controller.config.RootDomain) {
|
||||
log.Debug().Msg("Setting redirect URI cookie")
|
||||
c.SetCookie(controller.Config.RedirectCookieName, redirectURI, int(time.Hour.Seconds()), "/", fmt.Sprintf(".%s", controller.Config.RootDomain), controller.Config.SecureCookie, true)
|
||||
c.SetCookie(controller.config.RedirectCookieName, redirectURI, int(time.Hour.Seconds()), "/", fmt.Sprintf(".%s", controller.config.RootDomain), controller.config.SecureCookie, true)
|
||||
}
|
||||
|
||||
c.JSON(200, gin.H{
|
||||
@@ -104,58 +104,58 @@ func (controller *OAuthController) oauthCallbackHandler(c *gin.Context) {
|
||||
}
|
||||
|
||||
state := c.Query("state")
|
||||
csrfCookie, err := c.Cookie(controller.Config.CSRFCookieName)
|
||||
csrfCookie, err := c.Cookie(controller.config.CSRFCookieName)
|
||||
|
||||
if err != nil || state != csrfCookie {
|
||||
log.Warn().Err(err).Msg("CSRF token mismatch or cookie missing")
|
||||
c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.Config.AppURL))
|
||||
c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.config.AppURL))
|
||||
return
|
||||
}
|
||||
|
||||
c.SetCookie(controller.Config.CSRFCookieName, "", -1, "/", fmt.Sprintf(".%s", controller.Config.RootDomain), controller.Config.SecureCookie, true)
|
||||
c.SetCookie(controller.config.CSRFCookieName, "", -1, "/", fmt.Sprintf(".%s", controller.config.RootDomain), controller.config.SecureCookie, true)
|
||||
|
||||
code := c.Query("code")
|
||||
service, exists := controller.Broker.GetService(req.Provider)
|
||||
service, exists := controller.broker.GetService(req.Provider)
|
||||
|
||||
if !exists {
|
||||
log.Warn().Msgf("OAuth provider not found: %s", req.Provider)
|
||||
c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.Config.AppURL))
|
||||
c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.config.AppURL))
|
||||
return
|
||||
}
|
||||
|
||||
err = service.VerifyCode(code)
|
||||
if err != nil {
|
||||
log.Error().Err(err).Msg("Failed to verify OAuth code")
|
||||
c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.Config.AppURL))
|
||||
c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.config.AppURL))
|
||||
return
|
||||
}
|
||||
|
||||
user, err := controller.Broker.GetUser(req.Provider)
|
||||
user, err := controller.broker.GetUser(req.Provider)
|
||||
|
||||
if err != nil {
|
||||
log.Error().Err(err).Msg("Failed to get user from OAuth provider")
|
||||
c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.Config.AppURL))
|
||||
c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.config.AppURL))
|
||||
return
|
||||
}
|
||||
|
||||
if user.Email == "" {
|
||||
log.Error().Msg("OAuth provider did not return an email")
|
||||
c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.Config.AppURL))
|
||||
c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.config.AppURL))
|
||||
return
|
||||
}
|
||||
|
||||
if !controller.Auth.IsEmailWhitelisted(user.Email) {
|
||||
if !controller.auth.IsEmailWhitelisted(user.Email) {
|
||||
queries, err := query.Values(config.UnauthorizedQuery{
|
||||
Username: user.Email,
|
||||
})
|
||||
|
||||
if err != nil {
|
||||
log.Error().Err(err).Msg("Failed to encode unauthorized query")
|
||||
c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.Config.AppURL))
|
||||
c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.config.AppURL))
|
||||
return
|
||||
}
|
||||
|
||||
c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/unauthorized?%s", controller.Config.AppURL, queries.Encode()))
|
||||
c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/unauthorized?%s", controller.config.AppURL, queries.Encode()))
|
||||
return
|
||||
}
|
||||
|
||||
@@ -179,7 +179,7 @@ func (controller *OAuthController) oauthCallbackHandler(c *gin.Context) {
|
||||
usename = strings.Replace(user.Email, "@", "_", -1)
|
||||
}
|
||||
|
||||
controller.Auth.CreateSessionCookie(c, &config.SessionCookie{
|
||||
controller.auth.CreateSessionCookie(c, &config.SessionCookie{
|
||||
Username: usename,
|
||||
Name: name,
|
||||
Email: user.Email,
|
||||
@@ -187,11 +187,11 @@ func (controller *OAuthController) oauthCallbackHandler(c *gin.Context) {
|
||||
OAuthGroups: utils.CoalesceToString(user.Groups),
|
||||
})
|
||||
|
||||
redirectURI, err := c.Cookie(controller.Config.RedirectCookieName)
|
||||
redirectURI, err := c.Cookie(controller.config.RedirectCookieName)
|
||||
|
||||
if err != nil || !utils.IsRedirectSafe(redirectURI, controller.Config.RootDomain) {
|
||||
if err != nil || !utils.IsRedirectSafe(redirectURI, controller.config.RootDomain) {
|
||||
log.Debug().Msg("No redirect URI cookie found, redirecting to app root")
|
||||
c.Redirect(http.StatusTemporaryRedirect, controller.Config.AppURL)
|
||||
c.Redirect(http.StatusTemporaryRedirect, controller.config.AppURL)
|
||||
return
|
||||
}
|
||||
|
||||
@@ -201,10 +201,10 @@ func (controller *OAuthController) oauthCallbackHandler(c *gin.Context) {
|
||||
|
||||
if err != nil {
|
||||
log.Error().Err(err).Msg("Failed to encode redirect URI query")
|
||||
c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.Config.AppURL))
|
||||
c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.config.AppURL))
|
||||
return
|
||||
}
|
||||
|
||||
c.SetCookie(controller.Config.RedirectCookieName, "", -1, "/", fmt.Sprintf(".%s", controller.Config.RootDomain), controller.Config.SecureCookie, true)
|
||||
c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/continue?%s", controller.Config.AppURL, queries.Encode()))
|
||||
c.SetCookie(controller.config.RedirectCookieName, "", -1, "/", fmt.Sprintf(".%s", controller.config.RootDomain), controller.config.SecureCookie, true)
|
||||
c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/continue?%s", controller.config.AppURL, queries.Encode()))
|
||||
}
|
||||
|
||||
@@ -22,23 +22,23 @@ type ProxyControllerConfig struct {
|
||||
}
|
||||
|
||||
type ProxyController struct {
|
||||
Config ProxyControllerConfig
|
||||
Router *gin.RouterGroup
|
||||
Docker *service.DockerService
|
||||
Auth *service.AuthService
|
||||
config ProxyControllerConfig
|
||||
router *gin.RouterGroup
|
||||
docker *service.DockerService
|
||||
auth *service.AuthService
|
||||
}
|
||||
|
||||
func NewProxyController(config ProxyControllerConfig, router *gin.RouterGroup, docker *service.DockerService, auth *service.AuthService) *ProxyController {
|
||||
return &ProxyController{
|
||||
Config: config,
|
||||
Router: router,
|
||||
Docker: docker,
|
||||
Auth: auth,
|
||||
config: config,
|
||||
router: router,
|
||||
docker: docker,
|
||||
auth: auth,
|
||||
}
|
||||
}
|
||||
|
||||
func (controller *ProxyController) SetupRoutes() {
|
||||
proxyGroup := controller.Router.Group("/auth")
|
||||
proxyGroup := controller.router.Group("/auth")
|
||||
proxyGroup.GET("/:proxy", controller.proxyHandler)
|
||||
}
|
||||
|
||||
@@ -70,7 +70,7 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) {
|
||||
hostWithoutPort := strings.Split(host, ":")[0]
|
||||
id := strings.Split(hostWithoutPort, ".")[0]
|
||||
|
||||
labels, err := controller.Docker.GetLabels(id, hostWithoutPort)
|
||||
labels, err := controller.docker.GetLabels(id, hostWithoutPort)
|
||||
|
||||
if err != nil {
|
||||
log.Error().Err(err).Msg("Failed to get labels from Docker")
|
||||
@@ -83,13 +83,13 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) {
|
||||
return
|
||||
}
|
||||
|
||||
c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.Config.AppURL))
|
||||
c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.config.AppURL))
|
||||
return
|
||||
}
|
||||
|
||||
clientIP := c.ClientIP()
|
||||
|
||||
if controller.Auth.IsBypassedIP(labels.IP, clientIP) {
|
||||
if controller.auth.IsBypassedIP(labels.IP, clientIP) {
|
||||
c.Header("Authorization", c.Request.Header.Get("Authorization"))
|
||||
|
||||
headers := utils.ParseHeaders(labels.Response.Headers)
|
||||
@@ -112,7 +112,7 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) {
|
||||
return
|
||||
}
|
||||
|
||||
authEnabled, err := controller.Auth.IsAuthEnabled(uri, labels.Path)
|
||||
authEnabled, err := controller.auth.IsAuthEnabled(uri, labels.Path)
|
||||
|
||||
if err != nil {
|
||||
log.Error().Err(err).Msg("Failed to check if auth is enabled for resource")
|
||||
@@ -125,7 +125,7 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) {
|
||||
return
|
||||
}
|
||||
|
||||
c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.Config.AppURL))
|
||||
c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.config.AppURL))
|
||||
return
|
||||
}
|
||||
|
||||
@@ -154,7 +154,7 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) {
|
||||
return
|
||||
}
|
||||
|
||||
if !controller.Auth.CheckIP(labels.IP, clientIP) {
|
||||
if !controller.auth.CheckIP(labels.IP, clientIP) {
|
||||
if req.Proxy == "nginx" || !isBrowser {
|
||||
c.JSON(401, gin.H{
|
||||
"status": 401,
|
||||
@@ -170,11 +170,11 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) {
|
||||
|
||||
if err != nil {
|
||||
log.Error().Err(err).Msg("Failed to encode unauthorized query")
|
||||
c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.Config.AppURL))
|
||||
c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.config.AppURL))
|
||||
return
|
||||
}
|
||||
|
||||
c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/unauthorized?%s", controller.Config.AppURL, queries.Encode()))
|
||||
c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/unauthorized?%s", controller.config.AppURL, queries.Encode()))
|
||||
return
|
||||
}
|
||||
|
||||
@@ -197,7 +197,7 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) {
|
||||
}
|
||||
|
||||
if userContext.IsLoggedIn {
|
||||
appAllowed := controller.Auth.IsResourceAllowed(c, userContext, labels)
|
||||
appAllowed := controller.auth.IsResourceAllowed(c, userContext, labels)
|
||||
|
||||
if !appAllowed {
|
||||
log.Warn().Str("user", userContext.Username).Str("resource", strings.Split(host, ".")[0]).Msg("User not allowed to access resource")
|
||||
@@ -222,16 +222,16 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) {
|
||||
|
||||
if err != nil {
|
||||
log.Error().Err(err).Msg("Failed to encode unauthorized query")
|
||||
c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.Config.AppURL))
|
||||
c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.config.AppURL))
|
||||
return
|
||||
}
|
||||
|
||||
c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/unauthorized?%s", controller.Config.AppURL, queries.Encode()))
|
||||
c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/unauthorized?%s", controller.config.AppURL, queries.Encode()))
|
||||
return
|
||||
}
|
||||
|
||||
if userContext.OAuth {
|
||||
groupOK := controller.Auth.IsInOAuthGroup(c, userContext, labels.OAuth.Groups)
|
||||
groupOK := controller.auth.IsInOAuthGroup(c, userContext, labels.OAuth.Groups)
|
||||
|
||||
if !groupOK {
|
||||
log.Warn().Str("user", userContext.Username).Str("resource", strings.Split(host, ".")[0]).Msg("User OAuth groups do not match resource requirements")
|
||||
@@ -257,11 +257,11 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) {
|
||||
|
||||
if err != nil {
|
||||
log.Error().Err(err).Msg("Failed to encode unauthorized query")
|
||||
c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.Config.AppURL))
|
||||
c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.config.AppURL))
|
||||
return
|
||||
}
|
||||
|
||||
c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/unauthorized?%s", controller.Config.AppURL, queries.Encode()))
|
||||
c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/unauthorized?%s", controller.config.AppURL, queries.Encode()))
|
||||
return
|
||||
}
|
||||
}
|
||||
@@ -306,9 +306,9 @@ func (controller *ProxyController) proxyHandler(c *gin.Context) {
|
||||
|
||||
if err != nil {
|
||||
log.Error().Err(err).Msg("Failed to encode redirect URI query")
|
||||
c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.Config.AppURL))
|
||||
c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/error", controller.config.AppURL))
|
||||
return
|
||||
}
|
||||
|
||||
c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/login?%s", controller.Config.AppURL, queries.Encode()))
|
||||
c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/login?%s", controller.config.AppURL, queries.Encode()))
|
||||
}
|
||||
|
||||
@@ -11,32 +11,32 @@ type ResourcesControllerConfig struct {
|
||||
}
|
||||
|
||||
type ResourcesController struct {
|
||||
Config ResourcesControllerConfig
|
||||
Router *gin.RouterGroup
|
||||
FileServer http.Handler
|
||||
config ResourcesControllerConfig
|
||||
router *gin.RouterGroup
|
||||
fileServer http.Handler
|
||||
}
|
||||
|
||||
func NewResourcesController(config ResourcesControllerConfig, router *gin.RouterGroup) *ResourcesController {
|
||||
fileServer := http.StripPrefix("/resources", http.FileServer(http.Dir(config.ResourcesDir)))
|
||||
|
||||
return &ResourcesController{
|
||||
Config: config,
|
||||
Router: router,
|
||||
FileServer: fileServer,
|
||||
config: config,
|
||||
router: router,
|
||||
fileServer: fileServer,
|
||||
}
|
||||
}
|
||||
|
||||
func (controller *ResourcesController) SetupRoutes() {
|
||||
controller.Router.GET("/resources/*resource", controller.resourcesHandler)
|
||||
controller.router.GET("/resources/*resource", controller.resourcesHandler)
|
||||
}
|
||||
|
||||
func (controller *ResourcesController) resourcesHandler(c *gin.Context) {
|
||||
if controller.Config.ResourcesDir == "" {
|
||||
if controller.config.ResourcesDir == "" {
|
||||
c.JSON(404, gin.H{
|
||||
"status": 404,
|
||||
"message": "Resources not found",
|
||||
})
|
||||
return
|
||||
}
|
||||
controller.FileServer.ServeHTTP(c.Writer, c.Request)
|
||||
controller.fileServer.ServeHTTP(c.Writer, c.Request)
|
||||
}
|
||||
|
||||
@@ -26,21 +26,21 @@ type UserControllerConfig struct {
|
||||
}
|
||||
|
||||
type UserController struct {
|
||||
Config UserControllerConfig
|
||||
Router *gin.RouterGroup
|
||||
Auth *service.AuthService
|
||||
config UserControllerConfig
|
||||
router *gin.RouterGroup
|
||||
auth *service.AuthService
|
||||
}
|
||||
|
||||
func NewUserController(config UserControllerConfig, router *gin.RouterGroup, auth *service.AuthService) *UserController {
|
||||
return &UserController{
|
||||
Config: config,
|
||||
Router: router,
|
||||
Auth: auth,
|
||||
config: config,
|
||||
router: router,
|
||||
auth: auth,
|
||||
}
|
||||
}
|
||||
|
||||
func (controller *UserController) SetupRoutes() {
|
||||
userGroup := controller.Router.Group("/user")
|
||||
userGroup := controller.router.Group("/user")
|
||||
userGroup.POST("/login", controller.loginHandler)
|
||||
userGroup.POST("/logout", controller.logoutHandler)
|
||||
userGroup.POST("/totp", controller.totpHandler)
|
||||
@@ -69,7 +69,7 @@ func (controller *UserController) loginHandler(c *gin.Context) {
|
||||
|
||||
log.Debug().Str("username", req.Username).Str("ip", clientIP).Msg("Login attempt")
|
||||
|
||||
isLocked, remainingTime := controller.Auth.IsAccountLocked(rateIdentifier)
|
||||
isLocked, remainingTime := controller.auth.IsAccountLocked(rateIdentifier)
|
||||
|
||||
if isLocked {
|
||||
log.Warn().Str("username", req.Username).Str("ip", clientIP).Msg("Account is locked due to too many failed login attempts")
|
||||
@@ -80,11 +80,11 @@ func (controller *UserController) loginHandler(c *gin.Context) {
|
||||
return
|
||||
}
|
||||
|
||||
userSearch := controller.Auth.SearchUser(req.Username)
|
||||
userSearch := controller.auth.SearchUser(req.Username)
|
||||
|
||||
if userSearch.Type == "" {
|
||||
log.Warn().Str("username", req.Username).Str("ip", clientIP).Msg("User not found")
|
||||
controller.Auth.RecordLoginAttempt(rateIdentifier, false)
|
||||
controller.auth.RecordLoginAttempt(rateIdentifier, false)
|
||||
c.JSON(401, gin.H{
|
||||
"status": 401,
|
||||
"message": "Unauthorized",
|
||||
@@ -92,9 +92,9 @@ func (controller *UserController) loginHandler(c *gin.Context) {
|
||||
return
|
||||
}
|
||||
|
||||
if !controller.Auth.VerifyUser(userSearch, req.Password) {
|
||||
if !controller.auth.VerifyUser(userSearch, req.Password) {
|
||||
log.Warn().Str("username", req.Username).Str("ip", clientIP).Msg("Invalid password")
|
||||
controller.Auth.RecordLoginAttempt(rateIdentifier, false)
|
||||
controller.auth.RecordLoginAttempt(rateIdentifier, false)
|
||||
c.JSON(401, gin.H{
|
||||
"status": 401,
|
||||
"message": "Unauthorized",
|
||||
@@ -104,18 +104,18 @@ func (controller *UserController) loginHandler(c *gin.Context) {
|
||||
|
||||
log.Info().Str("username", req.Username).Str("ip", clientIP).Msg("Login successful")
|
||||
|
||||
controller.Auth.RecordLoginAttempt(rateIdentifier, true)
|
||||
controller.auth.RecordLoginAttempt(rateIdentifier, true)
|
||||
|
||||
if userSearch.Type == "local" {
|
||||
user := controller.Auth.GetLocalUser(userSearch.Username)
|
||||
user := controller.auth.GetLocalUser(userSearch.Username)
|
||||
|
||||
if user.TotpSecret != "" {
|
||||
log.Debug().Str("username", req.Username).Msg("User has TOTP enabled, requiring TOTP verification")
|
||||
|
||||
err := controller.Auth.CreateSessionCookie(c, &config.SessionCookie{
|
||||
err := controller.auth.CreateSessionCookie(c, &config.SessionCookie{
|
||||
Username: user.Username,
|
||||
Name: utils.Capitalize(req.Username),
|
||||
Email: fmt.Sprintf("%s@%s", strings.ToLower(req.Username), controller.Config.RootDomain),
|
||||
Email: fmt.Sprintf("%s@%s", strings.ToLower(req.Username), controller.config.RootDomain),
|
||||
Provider: "username",
|
||||
TotpPending: true,
|
||||
})
|
||||
@@ -138,10 +138,10 @@ func (controller *UserController) loginHandler(c *gin.Context) {
|
||||
}
|
||||
}
|
||||
|
||||
err = controller.Auth.CreateSessionCookie(c, &config.SessionCookie{
|
||||
err = controller.auth.CreateSessionCookie(c, &config.SessionCookie{
|
||||
Username: req.Username,
|
||||
Name: utils.Capitalize(req.Username),
|
||||
Email: fmt.Sprintf("%s@%s", strings.ToLower(req.Username), controller.Config.RootDomain),
|
||||
Email: fmt.Sprintf("%s@%s", strings.ToLower(req.Username), controller.config.RootDomain),
|
||||
Provider: "username",
|
||||
})
|
||||
|
||||
@@ -163,7 +163,7 @@ func (controller *UserController) loginHandler(c *gin.Context) {
|
||||
func (controller *UserController) logoutHandler(c *gin.Context) {
|
||||
log.Debug().Msg("Logout request received")
|
||||
|
||||
controller.Auth.DeleteSessionCookie(c)
|
||||
controller.auth.DeleteSessionCookie(c)
|
||||
|
||||
c.JSON(200, gin.H{
|
||||
"status": 200,
|
||||
@@ -214,7 +214,7 @@ func (controller *UserController) totpHandler(c *gin.Context) {
|
||||
|
||||
log.Debug().Str("username", context.Username).Str("ip", clientIP).Msg("TOTP verification attempt")
|
||||
|
||||
isLocked, remainingTime := controller.Auth.IsAccountLocked(rateIdentifier)
|
||||
isLocked, remainingTime := controller.auth.IsAccountLocked(rateIdentifier)
|
||||
|
||||
if isLocked {
|
||||
log.Warn().Str("username", context.Username).Str("ip", clientIP).Msg("Account is locked due to too many failed TOTP attempts")
|
||||
@@ -225,13 +225,13 @@ func (controller *UserController) totpHandler(c *gin.Context) {
|
||||
return
|
||||
}
|
||||
|
||||
user := controller.Auth.GetLocalUser(context.Username)
|
||||
user := controller.auth.GetLocalUser(context.Username)
|
||||
|
||||
ok := totp.Validate(req.Code, user.TotpSecret)
|
||||
|
||||
if !ok {
|
||||
log.Warn().Str("username", context.Username).Str("ip", clientIP).Msg("Invalid TOTP code")
|
||||
controller.Auth.RecordLoginAttempt(rateIdentifier, false)
|
||||
controller.auth.RecordLoginAttempt(rateIdentifier, false)
|
||||
c.JSON(401, gin.H{
|
||||
"status": 401,
|
||||
"message": "Unauthorized",
|
||||
@@ -241,12 +241,12 @@ func (controller *UserController) totpHandler(c *gin.Context) {
|
||||
|
||||
log.Info().Str("username", context.Username).Str("ip", clientIP).Msg("TOTP verification successful")
|
||||
|
||||
controller.Auth.RecordLoginAttempt(rateIdentifier, true)
|
||||
controller.auth.RecordLoginAttempt(rateIdentifier, true)
|
||||
|
||||
err = controller.Auth.CreateSessionCookie(c, &config.SessionCookie{
|
||||
err = controller.auth.CreateSessionCookie(c, &config.SessionCookie{
|
||||
Username: user.Username,
|
||||
Name: utils.Capitalize(user.Username),
|
||||
Email: fmt.Sprintf("%s@%s", strings.ToLower(user.Username), controller.Config.RootDomain),
|
||||
Email: fmt.Sprintf("%s@%s", strings.ToLower(user.Username), controller.config.RootDomain),
|
||||
Provider: "username",
|
||||
})
|
||||
|
||||
|
||||
Reference in New Issue
Block a user