|
|
|
@@ -107,7 +107,10 @@ func (api *API) SetupRoutes() {
|
|
|
|
log.Debug().Msg("Authenticated")
|
|
|
|
log.Debug().Msg("Authenticated")
|
|
|
|
|
|
|
|
|
|
|
|
appAllowed, appAllowedErr := api.Auth.ResourceAllowed(userContext, host)
|
|
|
|
appAllowed, appAllowedErr := api.Auth.ResourceAllowed(userContext, host)
|
|
|
|
if handleApiError(c, "Failed to check if resource is allowed", appAllowedErr) {
|
|
|
|
|
|
|
|
|
|
|
|
log.Debug().Bool("appAllowed", appAllowed).Msg("Checking if user is allowed")
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if api.handleError(c, "Failed to check if resource is allowed", appAllowedErr) {
|
|
|
|
return
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
@@ -117,7 +120,7 @@ func (api *API) SetupRoutes() {
|
|
|
|
Username: userContext.Username,
|
|
|
|
Username: userContext.Username,
|
|
|
|
Resource: strings.Split(host, ".")[0],
|
|
|
|
Resource: strings.Split(host, ".")[0],
|
|
|
|
})
|
|
|
|
})
|
|
|
|
if handleApiError(c, "Failed to build query", queryErr) {
|
|
|
|
if api.handleError(c, "Failed to build query", queryErr) {
|
|
|
|
return
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/unauthorized?%s", api.Config.AppURL, queries.Encode()))
|
|
|
|
c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/unauthorized?%s", api.Config.AppURL, queries.Encode()))
|
|
|
|
@@ -299,7 +302,7 @@ func (api *API) SetupRoutes() {
|
|
|
|
tailscaleQuery, tailscaleQueryErr := query.Values(types.TailscaleQuery{
|
|
|
|
tailscaleQuery, tailscaleQueryErr := query.Values(types.TailscaleQuery{
|
|
|
|
Code: (1000 + rand.IntN(9000)), // doesn't need to be secure, just there to avoid caching
|
|
|
|
Code: (1000 + rand.IntN(9000)), // doesn't need to be secure, just there to avoid caching
|
|
|
|
})
|
|
|
|
})
|
|
|
|
if handleApiError(c, "Failed to build query", tailscaleQueryErr) {
|
|
|
|
if api.handleError(c, "Failed to build query", tailscaleQueryErr) {
|
|
|
|
return
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
c.JSON(200, gin.H{
|
|
|
|
c.JSON(200, gin.H{
|
|
|
|
@@ -322,7 +325,7 @@ func (api *API) SetupRoutes() {
|
|
|
|
|
|
|
|
|
|
|
|
bindErr := c.BindUri(&providerName)
|
|
|
|
bindErr := c.BindUri(&providerName)
|
|
|
|
|
|
|
|
|
|
|
|
if handleApiError(c, "Failed to bind URI", bindErr) {
|
|
|
|
if api.handleError(c, "Failed to bind URI", bindErr) {
|
|
|
|
return
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
@@ -351,7 +354,7 @@ func (api *API) SetupRoutes() {
|
|
|
|
|
|
|
|
|
|
|
|
log.Debug().Msg("Got token")
|
|
|
|
log.Debug().Msg("Got token")
|
|
|
|
|
|
|
|
|
|
|
|
if handleApiError(c, "Failed to exchange token", tokenErr) {
|
|
|
|
if api.handleError(c, "Failed to exchange token", tokenErr) {
|
|
|
|
return
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
@@ -359,7 +362,7 @@ func (api *API) SetupRoutes() {
|
|
|
|
|
|
|
|
|
|
|
|
log.Debug().Str("email", email).Msg("Got email")
|
|
|
|
log.Debug().Str("email", email).Msg("Got email")
|
|
|
|
|
|
|
|
|
|
|
|
if handleApiError(c, "Failed to get user", emailErr) {
|
|
|
|
if api.handleError(c, "Failed to get user", emailErr) {
|
|
|
|
return
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
@@ -368,7 +371,7 @@ func (api *API) SetupRoutes() {
|
|
|
|
unauthorizedQuery, unauthorizedQueryErr := query.Values(types.UnauthorizedQuery{
|
|
|
|
unauthorizedQuery, unauthorizedQueryErr := query.Values(types.UnauthorizedQuery{
|
|
|
|
Username: email,
|
|
|
|
Username: email,
|
|
|
|
})
|
|
|
|
})
|
|
|
|
if handleApiError(c, "Failed to build query", unauthorizedQueryErr) {
|
|
|
|
if api.handleError(c, "Failed to build query", unauthorizedQueryErr) {
|
|
|
|
return
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
c.Redirect(http.StatusPermanentRedirect, fmt.Sprintf("%s/unauthorized?%s", api.Config.AppURL, unauthorizedQuery.Encode()))
|
|
|
|
c.Redirect(http.StatusPermanentRedirect, fmt.Sprintf("%s/unauthorized?%s", api.Config.AppURL, unauthorizedQuery.Encode()))
|
|
|
|
@@ -400,7 +403,7 @@ func (api *API) SetupRoutes() {
|
|
|
|
|
|
|
|
|
|
|
|
log.Debug().Msg("Got redirect query")
|
|
|
|
log.Debug().Msg("Got redirect query")
|
|
|
|
|
|
|
|
|
|
|
|
if handleApiError(c, "Failed to build query", redirectQueryErr) {
|
|
|
|
if api.handleError(c, "Failed to build query", redirectQueryErr) {
|
|
|
|
return
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
@@ -413,6 +416,15 @@ func (api *API) Run() {
|
|
|
|
api.Router.Run(fmt.Sprintf("%s:%d", api.Config.Address, api.Config.Port))
|
|
|
|
api.Router.Run(fmt.Sprintf("%s:%d", api.Config.Address, api.Config.Port))
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
func (api *API) handleError(c *gin.Context, msg string, err error) bool {
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
|
|
log.Error().Err(err).Msg(msg)
|
|
|
|
|
|
|
|
c.Redirect(http.StatusPermanentRedirect, fmt.Sprintf("%s/error", api.Config.AppURL))
|
|
|
|
|
|
|
|
return true
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
return false
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
func zerolog() gin.HandlerFunc {
|
|
|
|
func zerolog() gin.HandlerFunc {
|
|
|
|
return func(c *gin.Context) {
|
|
|
|
return func(c *gin.Context) {
|
|
|
|
tStart := time.Now()
|
|
|
|
tStart := time.Now()
|
|
|
|
@@ -436,12 +448,3 @@ func zerolog() gin.HandlerFunc {
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
func handleApiError(c *gin.Context, msg string, err error) bool {
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
|
|
log.Error().Err(err).Msg(msg)
|
|
|
|
|
|
|
|
c.Redirect(http.StatusPermanentRedirect, "/error")
|
|
|
|
|
|
|
|
return true
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
return false
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
