From a3ec07230c521446b60821c4579d8e790b21d7e8 Mon Sep 17 00:00:00 2001 From: Stavros Date: Wed, 29 Apr 2026 20:00:36 +0300 Subject: [PATCH] fix: fix oauth and oidc controller imports and context --- internal/controller/controller.go | 12 ++++++++++++ internal/controller/oauth_controller.go | 9 +++++---- internal/controller/oidc_controller.go | 9 +++++---- internal/controller/proxy_controller.go | 11 ----------- 4 files changed, 22 insertions(+), 19 deletions(-) create mode 100644 internal/controller/controller.go diff --git a/internal/controller/controller.go b/internal/controller/controller.go new file mode 100644 index 0000000..a1ca59b --- /dev/null +++ b/internal/controller/controller.go @@ -0,0 +1,12 @@ +package controller + +type UnauthorizedQuery struct { + Username string `url:"username"` + Resource string `url:"resource"` + GroupErr bool `url:"groupErr"` + IP string `url:"ip"` +} + +type RedirectQuery struct { + RedirectURI string `url:"redirect_uri"` +} diff --git a/internal/controller/oauth_controller.go b/internal/controller/oauth_controller.go index 4133b84..439c57d 100644 --- a/internal/controller/oauth_controller.go +++ b/internal/controller/oauth_controller.go @@ -6,7 +6,6 @@ import ( "strings" "time" - "github.com/tinyauthapp/tinyauth/internal/config" "github.com/tinyauthapp/tinyauth/internal/repository" "github.com/tinyauthapp/tinyauth/internal/service" "github.com/tinyauthapp/tinyauth/internal/utils" @@ -176,7 +175,7 @@ func (controller *OAuthController) oauthCallbackHandler(c *gin.Context) { tlog.App.Warn().Str("email", user.Email).Msg("Email not whitelisted") tlog.AuditLoginFailure(c, user.Email, req.Provider, "email not whitelisted") - queries, err := query.Values(config.UnauthorizedQuery{ + queries, err := query.Values(UnauthorizedQuery{ Username: user.Email, }) @@ -236,7 +235,7 @@ func (controller *OAuthController) oauthCallbackHandler(c *gin.Context) { tlog.App.Trace().Interface("session_cookie", sessionCookie).Msg("Creating session cookie") - err = controller.auth.CreateSessionCookie(c, &sessionCookie) + cookie, err := controller.auth.CreateSession(c, sessionCookie) if err != nil { tlog.App.Error().Err(err).Msg("Failed to create session cookie") @@ -244,6 +243,8 @@ func (controller *OAuthController) oauthCallbackHandler(c *gin.Context) { return } + http.SetCookie(c.Writer, cookie) + tlog.AuditLoginSuccess(c, sessionCookie.Username, sessionCookie.Provider) if controller.isOidcRequest(oauthPendingSession.CallbackParams) { @@ -259,7 +260,7 @@ func (controller *OAuthController) oauthCallbackHandler(c *gin.Context) { } if oauthPendingSession.CallbackParams.RedirectURI != "" { - queries, err := query.Values(config.RedirectQuery{ + queries, err := query.Values(RedirectQuery{ RedirectURI: oauthPendingSession.CallbackParams.RedirectURI, }) diff --git a/internal/controller/oidc_controller.go b/internal/controller/oidc_controller.go index 8a08fd6..5e3f75f 100644 --- a/internal/controller/oidc_controller.go +++ b/internal/controller/oidc_controller.go @@ -10,6 +10,7 @@ import ( "github.com/gin-gonic/gin" "github.com/google/go-querystring/query" + "github.com/tinyauthapp/tinyauth/internal/model" "github.com/tinyauthapp/tinyauth/internal/service" "github.com/tinyauthapp/tinyauth/internal/utils" "github.com/tinyauthapp/tinyauth/internal/utils/tlog" @@ -111,14 +112,14 @@ func (controller *OIDCController) Authorize(c *gin.Context) { return } - userContext, err := utils.GetContext(c) + userContext, err := new(model.UserContext).NewFromGin(c) if err != nil { controller.authorizeError(c, err, "Failed to get user context", "User is not logged in or the session is invalid", "", "", "") return } - if !userContext.IsLoggedIn { + if !userContext.Authenticated { controller.authorizeError(c, errors.New("err user not logged in"), "User not logged in", "The user is not logged in", "", "", "") return } @@ -151,7 +152,7 @@ func (controller *OIDCController) Authorize(c *gin.Context) { } // WARNING: Since Tinyauth is stateless, we cannot have a sub that never changes. We will just create a uuid out of the username and client name which remains stable, but if username or client name changes then sub changes too. - sub := utils.GenerateUUID(fmt.Sprintf("%s:%s", userContext.Username, client.ID)) + sub := utils.GenerateUUID(fmt.Sprintf("%s:%s", userContext.GetUsername(), client.ID)) code := utils.GenerateString(32) // Before storing the code, delete old session @@ -170,7 +171,7 @@ func (controller *OIDCController) Authorize(c *gin.Context) { // We also need a snapshot of the user that authorized this (skip if no openid scope) if slices.Contains(strings.Fields(req.Scope), "openid") { - err = controller.oidc.StoreUserinfo(c, sub, userContext, req) + err = controller.oidc.StoreUserinfo(c, sub, *userContext, req) if err != nil { tlog.App.Error().Err(err).Msg("Failed to insert user info into database") diff --git a/internal/controller/proxy_controller.go b/internal/controller/proxy_controller.go index 5f42e55..3c8a490 100644 --- a/internal/controller/proxy_controller.go +++ b/internal/controller/proxy_controller.go @@ -17,17 +17,6 @@ import ( "github.com/google/go-querystring/query" ) -type UnauthorizedQuery struct { - Username string `url:"username"` - Resource string `url:"resource"` - GroupErr bool `url:"groupErr"` - IP string `url:"ip"` -} - -type RedirectQuery struct { - RedirectURI string `url:"redirect_uri"` -} - type AuthModuleType int const (