feat: add frontend

feat: add backend for oidc consent
chore: init db migrations
2026-06-11 22:10:23 +00:00 · 2026-06-11 18:40:56 +03:00 · 2026-06-11 18:18:47 +03:00 · 2026-06-11 18:18:39 +03:00 · 2026-06-11 18:18:21 +03:00
8 changed files with 71 additions and 35 deletions
@@ -6,6 +6,7 @@ type ScreenParams = {
  oidc_ticket?: string;
  oidc_scope?: string;
  oidc_name?: string;
+  oidc_show_consent?: boolean;
 };

 const zodScreenParams = z.object({
@@ -14,6 +15,7 @@ const zodScreenParams = z.object({
  oidc_ticket: z.string().optional(),
  oidc_scope: z.string().optional(),
  oidc_name: z.string().optional(),
+  oidc_show_consent: z.stringbool().optional(),
 });

 export function useScreenParams(params: URLSearchParams): ScreenParams {
@@ -25,6 +25,7 @@ import {
  recompileScreenParams,
  useScreenParams,
 } from "@/lib/hooks/screen-params";
+import { useEffect } from "react";

 type Scope = {
  id: string;
@@ -90,25 +91,48 @@ export const AuthorizePage = () => {
  const isOidc = screenParams.login_for === "oidc";
  const compiledParams = recompileScreenParams(screenParams);

-  const authorizeMutation = useMutation({
-    mutationFn: () => {
-      return axios.post("/api/oidc/authorize-complete", {
-        ticket: screenParams.oidc_ticket,
-      });
-    },
-    mutationKey: ["authorize", screenParams.oidc_ticket],
-    onSuccess: (data) => {
-      toast.info(t("authorizeSuccessTitle"), {
-        description: t("authorizeSuccessSubtitle"),
-      });
-      window.location.replace(data.data.redirect_uri);
-    },
-    onError: (error) => {
-      window.location.replace(
-        `/error?error=${encodeURIComponent(error.message)}`,
-      );
-    },
-  });
+  const { mutate: authorizeMutate, isPending: authorizeIsPending } =
+    useMutation({
+      mutationFn: () => {
+        return axios.post("/api/oidc/authorize-complete", {
+          ticket: screenParams.oidc_ticket,
+        });
+      },
+      mutationKey: ["authorize", screenParams.oidc_ticket],
+      onSuccess: (data) => {
+        toast.info(t("authorizeSuccessTitle"), {
+          description: t("authorizeSuccessSubtitle"),
+        });
+        window.location.replace(data.data.redirect_uri);
+      },
+      onError: (error) => {
+        window.location.replace(
+          `/error?error=${encodeURIComponent(error.message)}`,
+        );
+      },
+    });
+
+  useEffect(() => {
+    if (
+      !isOidc ||
+      screenParams.oidc_ticket === undefined ||
+      screenParams.oidc_scope === undefined ||
+      !auth.authenticated
+    ) {
+      return;
+    }
+
+    if (screenParams.oidc_show_consent === false) {
+      authorizeMutate();
+    }
+  }, [
+    isOidc,
+    screenParams.oidc_ticket,
+    screenParams.oidc_scope,
+    screenParams.oidc_show_consent,
+    auth.authenticated,
+    authorizeMutate,
+  ]);

  if (
    !isOidc ||
@@ -130,6 +154,19 @@ export const AuthorizePage = () => {
  const scopes =
    screenParams.oidc_scope.split(" ").filter((s) => s.trim() !== "") || [];

+  if (screenParams.oidc_show_consent === false) {
+    return (
+      <Card>
+        <CardHeader className="gap-1.5">
+          <CardTitle className="text-xl">Authorizing</CardTitle>
+          <CardDescription>
+            You will soon be redirected to your application...
+          </CardDescription>
+        </CardHeader>
+      </Card>
+    );
+  }
+
  return (
    <Card>
      <CardHeader className="mb-2">
@@ -171,15 +208,12 @@ export const AuthorizePage = () => {
        </CardContent>
      )}
      <CardFooter className="flex flex-col items-stretch gap-3">
-        <Button
-          onClick={() => authorizeMutation.mutate()}
-          loading={authorizeMutation.isPending}
-        >
+        <Button onClick={() => authorizeMutate()} loading={authorizeIsPending}>
          {t("authorizeTitle")}
        </Button>
        <Button
          onClick={() => navigate(`/logout${compiledParams}`)}
-          disabled={authorizeMutation.isPending}
+          disabled={authorizeIsPending}
          variant="outline"
        >
          {t("cancelTitle")}
@@ -58,8 +58,8 @@ func (app *BootstrapApp) setupRouter() error {
 	apiRouter := engine.Group("/api")

 	controller.NewContextController(app.log, app.config, app.runtime, apiRouter)
-	controller.NewOAuthController(app.log, app.config, app.runtime, app.helpers, apiRouter, app.services.authService)
-	controller.NewOIDCController(app.log, app.services.oidcService, app.runtime, app.helpers, app.config, apiRouter, &engine.RouterGroup)
+	controller.NewOAuthController(app.log, app.config, app.runtime, &app.helpers, apiRouter, app.services.authService)
+	controller.NewOIDCController(app.log, app.services.oidcService, app.runtime, &app.helpers, app.config, apiRouter, &engine.RouterGroup)
 	controller.NewProxyController(app.log, app.runtime, apiRouter, app.services.accessControlService, app.services.authService, app.services.policyEngine)
 	controller.NewUserController(app.log, app.runtime, apiRouter, app.services.authService)
 	controller.NewResourcesController(app.config, &engine.RouterGroup)
@@ -42,7 +42,7 @@ func (app *BootstrapApp) setupServices() error {
 	oauthBrokerService := service.NewOAuthBrokerService(app.log, app.runtime.OAuthProviders, app.ctx)
 	app.services.oauthBrokerService = oauthBrokerService

-	authService := service.NewAuthService(app.log, app.config, app.runtime, app.helpers, app.ctx, app.ding, app.services.ldapService, app.queries, app.services.oauthBrokerService, app.services.tailscaleService, app.services.policyEngine)
+	authService := service.NewAuthService(app.log, app.config, app.runtime, &app.helpers, app.ctx, app.ding, app.services.ldapService, app.queries, app.services.oauthBrokerService, app.services.tailscaleService, app.services.policyEngine)
 	app.services.authService = authService

 	oidcService, err := service.NewOIDCService(app.log, app.config, app.runtime, app.queries, app.ding)
@@ -24,7 +24,7 @@ type OAuthController struct {
 	log     *logger.Logger
 	config  model.Config
 	runtime model.RuntimeConfig
-	helpers model.RuntimeHelpers
+	helpers *model.RuntimeHelpers
 	auth    *service.AuthService
 }

@@ -32,7 +32,7 @@ func NewOAuthController(
 	log *logger.Logger,
 	config model.Config,
 	runtimeConfig model.RuntimeConfig,
-	helpers model.RuntimeHelpers,
+	helpers *model.RuntimeHelpers,
 	router *gin.RouterGroup,
 	auth *service.AuthService,
 ) *OAuthController {
@@ -33,7 +33,7 @@ type OIDCController struct {
 	log     *logger.Logger
 	oidc    *service.OIDCService
 	runtime model.RuntimeConfig
-	helpers model.RuntimeHelpers
+	helpers *model.RuntimeHelpers
 	config  model.Config
 }

@@ -87,7 +87,7 @@ func NewOIDCController(
 	log *logger.Logger,
 	oidcService *service.OIDCService,
 	runtimeConfig model.RuntimeConfig,
-	helpers model.RuntimeHelpers,
+	helpers *model.RuntimeHelpers,
 	config model.Config,
 	router *gin.RouterGroup,
 	mainRouter *gin.RouterGroup) *OIDCController {
@@ -59,7 +59,7 @@ type AuthService struct {
 	log     *logger.Logger
 	config  model.Config
 	runtime model.RuntimeConfig
-	helpers model.RuntimeHelpers
+	helpers *model.RuntimeHelpers
 	ctx     context.Context

 	ldap         *LdapService
@@ -87,7 +87,7 @@ func NewAuthService(
 	log *logger.Logger,
 	config model.Config,
 	runtime model.RuntimeConfig,
-	helpers model.RuntimeHelpers,
+	helpers *model.RuntimeHelpers,
 	ctx context.Context,
 	dg *ding.Ding,
 	ldap *LdapService,
@@ -135,8 +135,8 @@ func CreateTestConfigs(t *testing.T) (model.Config, model.RuntimeConfig) {
 	return config, runtime
 }

-func CreateTestHelpers() model.RuntimeHelpers {
-	return model.RuntimeHelpers{
+func CreateTestHelpers() *model.RuntimeHelpers {
+	return &model.RuntimeHelpers{
 		GetCookieDomain: func(ctx context.Context, ip string) (string, error) {
 			return "example.com", nil
 		},
Author	SHA1	Message	Date
Stavros	cd51263428	feat: add frontend	2026-06-11 18:40:56 +03:00
Stavros	24f166551e	feat: add backend for oidc consent	2026-06-11 18:18:47 +03:00
Stavros	e4c5f14d8c	chore: init db migrations	2026-06-11 18:18:39 +03:00
Stavros	ed97021c19	chore: merge oidc-authorize branch	2026-06-11 18:18:21 +03:00