wip: authorize page

2026-01-25 16:52:29 +00:00 · 2026-01-21 20:12:32 +02:00
parent 7dc3525a8d
commit 6ae7c1cbda
7 changed files with 191 additions and 0 deletions
--- a/frontend/src/main.tsx
+++ b/frontend/src/main.tsx
@@ -17,6 +17,7 @@ import { AppContextProvider } from "./context/app-context.tsx";
 import { UserContextProvider } from "./context/user-context.tsx";
 import { Toaster } from "@/components/ui/sonner";
 import { ThemeProvider } from "./components/providers/theme-provider.tsx";
 import { AuthorizePage } from "./pages/authorize-page.tsx";
 const queryClient = new QueryClient();
@@ -31,6 +32,7 @@ createRoot(document.getElementById("root")!).render(
                <Route element={<Layout />} errorElement={<ErrorPage />}>
                  <Route path="/" element={<App />} />
                  <Route path="/login" element={<LoginPage />} />
                  <Route path="/authorize" element={<AuthorizePage />} />
                  <Route path="/logout" element={<LogoutPage />} />
                  <Route path="/continue" element={<ContinuePage />} />
                  <Route path="/totp" element={<TotpPage />} />
--- a/frontend/src/pages/authorize-page.tsx
+++ b/frontend/src/pages/authorize-page.tsx
@@ -0,0 +1,99 @@
 import { useUserContext } from "@/context/user-context";
 import { useQuery } from "@tanstack/react-query";
 import { Navigate } from "react-router";
 import { useLocation } from "react-router";
 import {
  Card,
  CardHeader,
  CardTitle,
  CardDescription,
  CardFooter,
 } from "@/components/ui/card";
 import { getOidcClientInfoScehma } from "@/schemas/oidc-schemas";
 import { Button } from "@/components/ui/button";
 type AuthorizePageProps = {
  scope: string;
  responseType: string;
  clientId: string;
  redirectUri: string;
  state: string;
 };
 const optionalAuthorizeProps = ["state"];
 export const AuthorizePage = () => {
  const { isLoggedIn } = useUserContext();
  const { search } = useLocation();
  const searchParams = new URLSearchParams(search);
  // If there is a better way to do this, please do let me know
  const props: AuthorizePageProps = {
    scope: searchParams.get("scope") || "",
    responseType: searchParams.get("response_type") || "",
    clientId: searchParams.get("client_id") || "",
    redirectUri: searchParams.get("redirect_uri") || "",
    state: searchParams.get("state") || "",
  };
  const getClientInfo = useQuery({
    queryKey: ["client", props.clientId],
    queryFn: async () => {
      const res = await fetch(`/api/oidc/clients/${props.clientId}`);
      const data = await getOidcClientInfoScehma.parseAsync(await res.json());
      return data;
    },
  });
  if (!isLoggedIn) {
    // TODO: Pass the params to the login page, so user can login -> authorize
    return <Navigate to="/login" replace />;
  }
  for (const key in Object.keys(props)) {
    if (
      !props[key as keyof AuthorizePageProps] &&
      !optionalAuthorizeProps.includes(key)
    ) {
      // TODO: Add reason for error
      return <Navigate to="/error" replace />;
    }
  }
  if (getClientInfo.isLoading) {
    return (
      <Card className="min-w-xs sm:min-w-sm">
        <CardHeader>
          <CardTitle className="text-3xl">Loading...</CardTitle>
          <CardDescription>
            Please wait while we load the client information.
          </CardDescription>
        </CardHeader>
      </Card>
    );
  }
  if (getClientInfo.isError) {
    // TODO: Add reason for error
    return <Navigate to="/error" replace />;
  }
  return (
    <Card className="min-w-xs sm:min-w-sm">
      <CardHeader>
        <CardTitle className="text-3xl">
          Continue to {getClientInfo.data?.name || "Unknown"}?
        </CardTitle>
        <CardDescription>
          Would you like to continue to this app? Please keep in mind that this
          app will have access to your email and other information.
        </CardDescription>
      </CardHeader>
      <CardFooter className="flex flex-col items-stretch gap-2">
        <Button>Authorize</Button>
        <Button variant="outline">Cancel</Button>
      </CardFooter>
    </Card>
  );
 };
--- a/frontend/src/schemas/oidc-schemas.ts
+++ b/frontend/src/schemas/oidc-schemas.ts
@@ -0,0 +1,5 @@
 import { z } from "zod";
 export const getOidcClientInfoScehma = z.object({
  name: z.string(),
 });
--- a/internal/bootstrap/app_bootstrap.go
+++ b/internal/bootstrap/app_bootstrap.go
@@ -30,6 +30,7 @@ type BootstrapApp struct {
 		users               []config.User
 		oauthProviders      map[string]config.OAuthServiceConfig
 		configuredProviders []controller.Provider
 		oidcClients         []config.OIDCClientConfig
 	}
 	services Services
 }
@@ -84,6 +85,12 @@ func (app *BootstrapApp) Setup() error {
 		app.context.oauthProviders[id] = provider
 	}
 	// Setup OIDC clients
 	for id, client := range app.config.OIDC.Clients {
 		client.ID = id
 		app.context.oidcClients = append(app.context.oidcClients, client)
 	}
 	// Get cookie domain
 	cookieDomain, err := utils.GetCookieDomain(app.config.AppURL)
--- a/internal/bootstrap/router_bootstrap.go
+++ b/internal/bootstrap/router_bootstrap.go
@@ -86,6 +86,12 @@ func (app *BootstrapApp) setupRouter() (*gin.Engine, error) {
 	oauthController.SetupRoutes()
 	oidcController := controller.NewOIDCController(controller.OIDCControllerConfig{
 		Clients: app.context.oidcClients,
 	}, apiRouter)
 	oidcController.SetupRoutes()
 	proxyController := controller.NewProxyController(controller.ProxyControllerConfig{
 		AppURL: app.config.AppURL,
 	}, apiRouter, app.services.accessControlService, app.services.authService)
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -132,6 +132,7 @@ type OAuthServiceConfig struct {
 }
 type OIDCClientConfig struct {
 	ID                  string   `description:"OIDC client ID." yaml:"-"`
 	ClientID            string   `description:"OIDC client ID." yaml:"clientId"`
 	ClientSecret        string   `description:"OIDC client secret." yaml:"clientSecret"`
 	ClientSecretFile    string   `description:"Path to the file containing the OIDC client secret." yaml:"clientSecretFile"`
--- a/internal/controller/oidc_controller.go
+++ b/internal/controller/oidc_controller.go
@@ -0,0 +1,71 @@
 package controller
 import (
 	"github.com/gin-gonic/gin"
 	"github.com/steveiliop56/tinyauth/internal/config"
 	"github.com/steveiliop56/tinyauth/internal/utils/tlog"
 )
 type OIDCControllerConfig struct {
 	Clients []config.OIDCClientConfig
 }
 type OIDCController struct {
 	clients []config.OIDCClientConfig
 	router  *gin.RouterGroup
 }
 func NewOIDCController(config OIDCControllerConfig, router *gin.RouterGroup) *OIDCController {
 	return &OIDCController{
 		clients: config.Clients,
 		router:  router,
 	}
 }
 func (controller *OIDCController) SetupRoutes() {
 	oidcGroup := controller.router.Group("/oidc")
 	oidcGroup.GET("/clients/:id", controller.GetClientInfo)
 }
 type ClientRequest struct {
 	ClientID string `uri:"id" binding:"required"`
 }
 func (controller *OIDCController) GetClientInfo(c *gin.Context) {
 	var req ClientRequest
 	err := c.BindUri(&req)
 	if err != nil {
 		tlog.App.Error().Err(err).Msg("Failed to bind URI")
 		c.JSON(400, gin.H{
 			"status":  400,
 			"message": "Bad Request",
 		})
 		return
 	}
 	var client *config.OIDCClientConfig
 	// Inefficient yeah, but it will be good until we have thousands of clients
 	for _, clientCfg := range controller.clients {
 		if clientCfg.ClientID == req.ClientID {
 			client = &clientCfg
 			break
 		}
 	}
 	if client == nil {
 		tlog.App.Warn().Str("client_id", req.ClientID).Msg("Client not found")
 		c.JSON(404, gin.H{
 			"status":  404,
 			"message": "Client not found",
 		})
 		return
 	}
 	c.JSON(200, gin.H{
 		"status": 200,
 		"client": &client.ClientID,
 		"name":   &client.Name,
 	})
 }