feat: move oauth logic into auth service and handle multiple sessions

2026-03-24 07:27:52 +00:00 · 2026-03-21 16:37:04 +02:00
parent 2491d453cf
commit 7bead41ae9
8 changed files with 169 additions and 160 deletions
--- a/internal/bootstrap/app_bootstrap.go
+++ b/internal/bootstrap/app_bootstrap.go
@@ -22,16 +22,17 @@ import (
 type BootstrapApp struct {
 	config  config.Config
 	context struct {
-		appUrl              string
-		uuid                string
-		cookieDomain        string
-		sessionCookieName   string
-		csrfCookieName      string
-		redirectCookieName  string
-		users               []config.User
-		oauthProviders      map[string]config.OAuthServiceConfig
-		configuredProviders []controller.Provider
-		oidcClients         []config.OIDCClientConfig
+		appUrl                 string
+		uuid                   string
+		cookieDomain           string
+		sessionCookieName      string
+		csrfCookieName         string
+		redirectCookieName     string
+		oauthSessionCookieName string
+		users                  []config.User
+		oauthProviders         map[string]config.OAuthServiceConfig
+		configuredProviders    []controller.Provider
+		oidcClients            []config.OIDCClientConfig
 	}
 	services Services
 }
@@ -113,6 +114,7 @@ func (app *BootstrapApp) Setup() error {
 	app.context.sessionCookieName = fmt.Sprintf("%s-%s", config.SessionCookieName, cookieId)
 	app.context.csrfCookieName = fmt.Sprintf("%s-%s", config.CSRFCookieName, cookieId)
 	app.context.redirectCookieName = fmt.Sprintf("%s-%s", config.RedirectCookieName, cookieId)
+	app.context.oauthSessionCookieName = fmt.Sprintf("%s-%s", config.OAuthSessionCookieName, cookieId)

 	// Dumps
 	tlog.App.Trace().Interface("config", app.config).Msg("Config dump")
@@ -190,12 +192,12 @@ func (app *BootstrapApp) Setup() error {

 	// Start db cleanup routine
 	tlog.App.Debug().Msg("Starting database cleanup routine")
-	go app.dbCleanup(queries)
+	go app.dbCleanupRoutine(queries)

 	// If analytics are not disabled, start heartbeat
 	if app.config.Analytics.Enabled {
 		tlog.App.Debug().Msg("Starting heartbeat routine")
-		go app.heartbeat()
+		go app.heartbeatRoutine()
 	}

 	// If we have an socket path, bind to it
@@ -226,7 +228,7 @@ func (app *BootstrapApp) Setup() error {
 	return nil
 }

-func (app *BootstrapApp) heartbeat() {
+func (app *BootstrapApp) heartbeatRoutine() {
 	ticker := time.NewTicker(time.Duration(12) * time.Hour)
 	defer ticker.Stop()

@@ -280,7 +282,7 @@ func (app *BootstrapApp) heartbeat() {
 	}
 }

-func (app *BootstrapApp) dbCleanup(queries *repository.Queries) {
+func (app *BootstrapApp) dbCleanupRoutine(queries *repository.Queries) {
 	ticker := time.NewTicker(time.Duration(30) * time.Minute)
 	defer ticker.Stop()
 	ctx := context.Background()
--- a/internal/bootstrap/router_bootstrap.go
+++ b/internal/bootstrap/router_bootstrap.go
@@ -77,12 +77,13 @@ func (app *BootstrapApp) setupRouter() (*gin.Engine, error) {
 	contextController.SetupRoutes()

 	oauthController := controller.NewOAuthController(controller.OAuthControllerConfig{
-		AppURL:             app.config.AppURL,
-		SecureCookie:       app.config.Auth.SecureCookie,
-		CSRFCookieName:     app.context.csrfCookieName,
-		RedirectCookieName: app.context.redirectCookieName,
-		CookieDomain:       app.context.cookieDomain,
-	}, apiRouter, app.services.authService, app.services.oauthBrokerService)
+		AppURL:                 app.config.AppURL,
+		SecureCookie:           app.config.Auth.SecureCookie,
+		CSRFCookieName:         app.context.csrfCookieName,
+		RedirectCookieName:     app.context.redirectCookieName,
+		CookieDomain:           app.context.cookieDomain,
+		OAuthSessionCookieName: app.context.oauthSessionCookieName,
+	}, apiRouter, app.services.authService)

 	oauthController.SetupRoutes()

--- a/internal/bootstrap/service_bootstrap.go
+++ b/internal/bootstrap/service_bootstrap.go
@@ -58,6 +58,16 @@ func (app *BootstrapApp) initServices(queries *repository.Queries) (Services, er

 	services.accessControlService = accessControlsService

+	oauthBrokerService := service.NewOAuthBrokerService(app.context.oauthProviders)
+
+	err = oauthBrokerService.Init()
+
+	if err != nil {
+		return Services{}, err
+	}
+
+	services.oauthBrokerService = oauthBrokerService
+
 	authService := service.NewAuthService(service.AuthServiceConfig{
 		Users:              app.context.users,
 		OauthWhitelist:     app.config.OAuth.Whitelist,
@@ -70,7 +80,7 @@ func (app *BootstrapApp) initServices(queries *repository.Queries) (Services, er
 		SessionCookieName:  app.context.sessionCookieName,
 		IP:                 app.config.Auth.IP,
 		LDAPGroupsCacheTTL: app.config.Ldap.GroupCacheTTL,
-	}, dockerService, services.ldapService, queries)
+	}, dockerService, services.ldapService, queries, services.oauthBrokerService)

 	err = authService.Init()

@@ -80,16 +90,6 @@ func (app *BootstrapApp) initServices(queries *repository.Queries) (Services, er

 	services.authService = authService

-	oauthBrokerService := service.NewOAuthBrokerService(app.context.oauthProviders)
-
-	err = oauthBrokerService.Init()
-
-	if err != nil {
-		return Services{}, err
-	}
-
-	services.oauthBrokerService = oauthBrokerService
-
 	oidcService := service.NewOIDCService(service.OIDCServiceConfig{
 		Clients:        app.config.OIDC.Clients,
 		PrivateKeyPath: app.config.OIDC.PrivateKeyPath,