mirror of
https://github.com/steveiliop56/tinyauth.git
synced 2025-12-31 20:42:31 +00:00
020fcb9878
This commit adds OpenID Connect (OIDC) provider functionality to tinyauth, allowing it to act as an OIDC identity provider for other applications. Features: - OIDC discovery endpoint at /.well-known/openid-configuration - Authorization endpoint for OAuth 2.0 authorization code flow - Token endpoint for exchanging authorization codes for tokens - ID token generation with JWT signing - JWKS endpoint for public key distribution - Support for PKCE (code challenge/verifier) - Nonce validation for ID tokens - Configurable OIDC clients with redirect URIs, scopes, and grant types Validation: - Docker Compose setup for local testing - OIDC test client (oidc-whoami) with session management - Nginx reverse proxy configuration - DNS server (dnsmasq) for custom domain resolution - Chrome launch script for easy testing Configuration: - OIDC configuration in config.yaml - Example configuration in config.example.yaml - Database migrations for OIDC client storage
117 lines
3.5 KiB
Go
117 lines
3.5 KiB
Go
package bootstrap
|
|
|
|
import (
|
|
"fmt"
|
|
"strings"
|
|
|
|
"github.com/steveiliop56/tinyauth/internal/controller"
|
|
"github.com/steveiliop56/tinyauth/internal/middleware"
|
|
|
|
"github.com/gin-gonic/gin"
|
|
)
|
|
|
|
func (app *BootstrapApp) setupRouter() (*gin.Engine, error) {
|
|
engine := gin.New()
|
|
engine.Use(gin.Recovery())
|
|
|
|
if len(app.config.Server.TrustedProxies) > 0 {
|
|
err := engine.SetTrustedProxies(strings.Split(app.config.Server.TrustedProxies, ","))
|
|
|
|
if err != nil {
|
|
return nil, fmt.Errorf("failed to set trusted proxies: %w", err)
|
|
}
|
|
}
|
|
|
|
contextMiddleware := middleware.NewContextMiddleware(middleware.ContextMiddlewareConfig{
|
|
CookieDomain: app.context.cookieDomain,
|
|
}, app.services.authService, app.services.oauthBrokerService)
|
|
|
|
err := contextMiddleware.Init()
|
|
|
|
if err != nil {
|
|
return nil, fmt.Errorf("failed to initialize context middleware: %w", err)
|
|
}
|
|
|
|
engine.Use(contextMiddleware.Middleware())
|
|
|
|
uiMiddleware := middleware.NewUIMiddleware()
|
|
|
|
err = uiMiddleware.Init()
|
|
|
|
if err != nil {
|
|
return nil, fmt.Errorf("failed to initialize UI middleware: %w", err)
|
|
}
|
|
|
|
engine.Use(uiMiddleware.Middleware())
|
|
|
|
zerologMiddleware := middleware.NewZerologMiddleware()
|
|
|
|
err = zerologMiddleware.Init()
|
|
|
|
if err != nil {
|
|
return nil, fmt.Errorf("failed to initialize zerolog middleware: %w", err)
|
|
}
|
|
|
|
engine.Use(zerologMiddleware.Middleware())
|
|
|
|
apiRouter := engine.Group("/api")
|
|
|
|
contextController := controller.NewContextController(controller.ContextControllerConfig{
|
|
Providers: app.context.configuredProviders,
|
|
Title: app.config.UI.Title,
|
|
AppURL: app.config.AppURL,
|
|
CookieDomain: app.context.cookieDomain,
|
|
ForgotPasswordMessage: app.config.UI.ForgotPasswordMessage,
|
|
BackgroundImage: app.config.UI.BackgroundImage,
|
|
OAuthAutoRedirect: app.config.OAuth.AutoRedirect,
|
|
DisableUIWarnings: app.config.DisableUIWarnings,
|
|
}, apiRouter)
|
|
|
|
contextController.SetupRoutes()
|
|
|
|
oauthController := controller.NewOAuthController(controller.OAuthControllerConfig{
|
|
AppURL: app.config.AppURL,
|
|
SecureCookie: app.config.Auth.SecureCookie,
|
|
CSRFCookieName: app.context.csrfCookieName,
|
|
RedirectCookieName: app.context.redirectCookieName,
|
|
CookieDomain: app.context.cookieDomain,
|
|
}, apiRouter, app.services.authService, app.services.oauthBrokerService)
|
|
|
|
oauthController.SetupRoutes()
|
|
|
|
proxyController := controller.NewProxyController(controller.ProxyControllerConfig{
|
|
AppURL: app.config.AppURL,
|
|
}, apiRouter, app.services.accessControlService, app.services.authService)
|
|
|
|
proxyController.SetupRoutes()
|
|
|
|
userController := controller.NewUserController(controller.UserControllerConfig{
|
|
CookieDomain: app.context.cookieDomain,
|
|
}, apiRouter, app.services.authService)
|
|
|
|
userController.SetupRoutes()
|
|
|
|
resourcesController := controller.NewResourcesController(controller.ResourcesControllerConfig{
|
|
ResourcesDir: app.config.ResourcesDir,
|
|
ResourcesDisabled: app.config.DisableResources,
|
|
}, &engine.RouterGroup)
|
|
|
|
resourcesController.SetupRoutes()
|
|
|
|
healthController := controller.NewHealthController(apiRouter)
|
|
|
|
healthController.SetupRoutes()
|
|
|
|
// Setup OIDC controller if OIDC is enabled
|
|
if app.config.OIDC.Enabled && app.services.oidcService != nil {
|
|
oidcController := controller.NewOIDCController(controller.OIDCControllerConfig{
|
|
AppURL: app.config.AppURL,
|
|
CookieDomain: app.context.cookieDomain,
|
|
}, apiRouter, app.services.oidcService, app.services.authService)
|
|
|
|
oidcController.SetupRoutes()
|
|
}
|
|
|
|
return engine, nil
|
|
}
|