From 4ab7a60c858d1dcb98de0623c92d701d3ad11d2d Mon Sep 17 00:00:00 2001 From: azuki774s Date: Sat, 26 Oct 2024 21:34:04 +0900 Subject: [PATCH 1/2] use and show redirect basepath --- cmd/go-authenticator/serve.go | 2 +- deployment/default.toml | 1 + docs/memo.md | 4 +++- internal/server/server.go | 12 +++++++++--- 4 files changed, 14 insertions(+), 5 deletions(-) diff --git a/cmd/go-authenticator/serve.go b/cmd/go-authenticator/serve.go index 5f71ab4..a254fb2 100644 --- a/cmd/go-authenticator/serve.go +++ b/cmd/go-authenticator/serve.go @@ -105,7 +105,7 @@ to quickly create a Cobra application.`, Port: serveConfig.Port, Authenticator: &authenticator, CookieLife: serveConfig.TokenLifeTime, - ServerBaseURL: os.Getenv("SERVER_BASEURL"), + BasePath: "/", } if err := server.Serve(); err != nil { diff --git a/deployment/default.toml b/deployment/default.toml index 3eba609..df94640 100644 --- a/deployment/default.toml +++ b/deployment/default.toml @@ -1,3 +1,4 @@ +# OVERRIDE this file before running container. conf-version = 1 # For CI Sample diff --git a/docs/memo.md b/docs/memo.md index 5c6b50c..418f985 100644 --- a/docs/memo.md +++ b/docs/memo.md @@ -8,7 +8,9 @@ - Basic認証を受け付け、認証があっていればJWTトークンをCookieで返す。 ## GET /login_page -- ログイン方法を選択 +- github oauth2認証は繊維 + - Header: `X-Callback-URL` に値を入れると、GitHub oauth2 認証時に `redirect_uri` として値を連携する。 + - 連携成功後、このURLにコールバックされる。 ## GET /callback/github?code={code} - githubログイン後の oauth2 callback 先 diff --git a/internal/server/server.go b/internal/server/server.go index 26e3407..5f4c916 100644 --- a/internal/server/server.go +++ b/internal/server/server.go @@ -4,6 +4,7 @@ import ( "context" "fmt" "net/http" + "net/url" "os" "os/signal" "syscall" @@ -17,7 +18,7 @@ type Server struct { Port int Authenticator Authenticator CookieLife int // token_life, cookie: max-age - ServerBaseURL string // 認証のリダイレクト後、戻って来るURLを指定 ex. http://localhost:8888/ + BasePath string // BasePath for redirect_url } type Authenticator interface { @@ -28,6 +29,11 @@ type Authenticator interface { HandlingGitHubOAuth(ctx context.Context, code string) (ok bool, err error) } +// https://hoge.example.com/callback/github -> https://hoge.example.com/ +func (s Server) getServerBaseURL(r *url.URL) string { + return r.Scheme + "://" + r.Host + s.BasePath +} + func (s Server) addHandler(r *chi.Mux) { r.Get("/", func(w http.ResponseWriter, r *http.Request) { w.Write([]byte("OK")) @@ -106,8 +112,8 @@ func (s Server) addHandler(r *chi.Mux) { zap.L().Info("set Cookie") // エラーでなければ親ページに返してあげる - zap.L().Info(fmt.Sprintf("move to %s", s.ServerBaseURL)) - http.Redirect(w, r, s.ServerBaseURL, http.StatusFound) + zap.L().Info(fmt.Sprintf("move to %s", s.getServerBaseURL(r.URL))) + http.Redirect(w, r, s.getServerBaseURL(r.URL), http.StatusFound) zap.L().Info("callback process done") }) From ab264487847b5ef24a466b2ab7b2e7d88b9d5016 Mon Sep 17 00:00:00 2001 From: azuki774s Date: Sat, 26 Oct 2024 22:12:00 +0900 Subject: [PATCH 2/2] ser redirect_url to github oauth2 --- internal/server/server.go | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/internal/server/server.go b/internal/server/server.go index 5f4c916..435770a 100644 --- a/internal/server/server.go +++ b/internal/server/server.go @@ -4,7 +4,6 @@ import ( "context" "fmt" "net/http" - "net/url" "os" "os/signal" "syscall" @@ -14,6 +13,9 @@ import ( "go.uber.org/zap" ) +const XCallBackHeader = "X-Callback-URL" +const githubOAuthauthorizeURL = "https://github.com/login/oauth/authorize" + type Server struct { Port int Authenticator Authenticator @@ -29,11 +31,6 @@ type Authenticator interface { HandlingGitHubOAuth(ctx context.Context, code string) (ok bool, err error) } -// https://hoge.example.com/callback/github -> https://hoge.example.com/ -func (s Server) getServerBaseURL(r *url.URL) string { - return r.Scheme + "://" + r.Host + s.BasePath -} - func (s Server) addHandler(r *chi.Mux) { r.Get("/", func(w http.ResponseWriter, r *http.Request) { w.Write([]byte("OK")) @@ -73,9 +70,18 @@ func (s Server) addHandler(r *chi.Mux) { }) r.Get("/login_page", func(w http.ResponseWriter, r *http.Request) { - clientId := os.Getenv("GITHUB_CLIENT_ID") // TODO - url := fmt.Sprintf("https://github.com/login/oauth/authorize?client_id=%s&scope=user:read", clientId) + clientId := os.Getenv("GITHUB_CLIENT_ID") // TODO + redirectURL := r.Header.Get(XCallBackHeader) // 指定するコールバック先のURL + var url string + if redirectURL != "" { + // コールバック先明示 + url = fmt.Sprintf("%s?client_id=%s&redirect_uri=%s&scope=user:read", githubOAuthauthorizeURL, clientId, redirectURL) + } else { + url = fmt.Sprintf("%s?client_id=%s&scope=user:read", githubOAuthauthorizeURL, clientId) + } + zap.L().Info(fmt.Sprintf("move to %s", url)) + zap.L().Info(fmt.Sprintf("redirect_uri is %s", redirectURL)) http.Redirect(w, r, url, http.StatusFound) }) @@ -112,8 +118,8 @@ func (s Server) addHandler(r *chi.Mux) { zap.L().Info("set Cookie") // エラーでなければ親ページに返してあげる - zap.L().Info(fmt.Sprintf("move to %s", s.getServerBaseURL(r.URL))) - http.Redirect(w, r, s.getServerBaseURL(r.URL), http.StatusFound) + zap.L().Info(fmt.Sprintf("move to %s", s.BasePath)) + http.Redirect(w, r, s.BasePath, http.StatusFound) zap.L().Info("callback process done") })