ginoidc/gin.go

package ginoidc

import (
	"fmt"
	"net/http"

	"git.icod.de/dalu/ginoidc/ginerror"
	"git.icod.de/dalu/oidc"
	"git.icod.de/dalu/oidc/options"
	"github.com/gin-gonic/gin"
)

// New returns an OpenID Connect (OIDC) discovery handler (middleware)
// to be used with `gin`.
func New(setters ...options.Option) gin.HandlerFunc {
	oidcHandler, err := oidc.NewHandler(setters...)
	if err != nil {
		panic(fmt.Sprintf("oidc discovery: %v", err))
	}
	return toGinHandler(oidcHandler.ParseToken, setters...)
}

func onError(c *gin.Context, errorHandler options.ErrorHandler, statusCode int, description options.ErrorDescription, err error) {
	c.AbortWithStatusJSON(statusCode, gin.H{"error": err.Error()})
}

// toGinHandler creates a gin.HandlerFunc so the stdlib handler can be used as a gin middleware.
func toGinHandler(parseToken oidc.ParseTokenFunc, setters ...options.Option) gin.HandlerFunc {
	opts := options.New(setters...)

	return func(c *gin.Context) {
		ctx := c.Request.Context()

		tokenString, err := oidc.GetTokenString(c.Request.Header.Get, opts.TokenString)
		if err != nil {
			if !opts.Permissive {
				onError(c, opts.ErrorHandler, http.StatusBadRequest, options.GetTokenErrorDescription, err)
				return
			} else {
				c.Set(string(opts.ErrorsContextKeyName), ginerror.Error{
					Description: string(options.GetTokenErrorDescription),
					Error:       err,
				})

				c.Next()
				return
			}
		}

		token, err := parseToken(ctx, tokenString)
		if err != nil {
			onError(c, opts.ErrorHandler, http.StatusUnauthorized, options.ParseTokenErrorDescription, err)
			return
		}

		tokenClaims, err := token.AsMap(ctx)
		if err != nil {
			onError(c, opts.ErrorHandler, http.StatusUnauthorized, options.ConvertTokenErrorDescription, err)
			return
		}

		c.Set(string(opts.ClaimsContextKeyName), tokenClaims)

		c.Next()
	}
}
update package name 2021-11-16 15:47:43 +01:00			`package ginoidc`
initial 2021-11-14 16:37:58 +01:00
			`import (`
			`"fmt"`
			`"net/http"`

			`"git.icod.de/dalu/ginoidc/ginerror"`
			`"git.icod.de/dalu/oidc"`
			`"git.icod.de/dalu/oidc/options"`
			`"github.com/gin-gonic/gin"`
			`)`

			`// New returns an OpenID Connect (OIDC) discovery handler (middleware)`
			// to be used with `gin`.
			`func New(setters ...options.Option) gin.HandlerFunc {`
			`oidcHandler, err := oidc.NewHandler(setters...)`
			`if err != nil {`
			`panic(fmt.Sprintf("oidc discovery: %v", err))`
			`}`
			`return toGinHandler(oidcHandler.ParseToken, setters...)`
			`}`

			`func onError(c *gin.Context, errorHandler options.ErrorHandler, statusCode int, description options.ErrorDescription, err error) {`
			`c.AbortWithStatusJSON(statusCode, gin.H{"error": err.Error()})`
			`}`

cleaned up logic 2021-11-16 15:55:07 +01:00			`// toGinHandler creates a gin.HandlerFunc so the stdlib handler can be used as a gin middleware.`
initial 2021-11-14 16:37:58 +01:00			`func toGinHandler(parseToken oidc.ParseTokenFunc, setters ...options.Option) gin.HandlerFunc {`
			`opts := options.New(setters...)`

			`return func(c *gin.Context) {`
			`ctx := c.Request.Context()`

			`tokenString, err := oidc.GetTokenString(c.Request.Header.Get, opts.TokenString)`
			`if err != nil {`
			`if !opts.Permissive {`
			`onError(c, opts.ErrorHandler, http.StatusBadRequest, options.GetTokenErrorDescription, err)`
			`return`
			`} else {`
cleaned up logic 2021-11-16 15:55:07 +01:00			`c.Set(string(opts.ErrorsContextKeyName), ginerror.Error{`
bad copy/paste, changed ginerror.Error field 2021-11-15 14:58:15 +01:00			`Description: string(options.GetTokenErrorDescription),`
initial 2021-11-14 16:37:58 +01:00			`Error: err,`
			`})`
cleaned up logic 2021-11-16 15:55:07 +01:00
			`c.Next()`
			`return`
initial 2021-11-14 16:37:58 +01:00			`}`
			`}`

			`token, err := parseToken(ctx, tokenString)`
			`if err != nil {`
cleaned up logic 2021-11-16 15:55:07 +01:00			`onError(c, opts.ErrorHandler, http.StatusUnauthorized, options.ParseTokenErrorDescription, err)`
			`return`
initial 2021-11-14 16:37:58 +01:00			`}`

			`tokenClaims, err := token.AsMap(ctx)`
			`if err != nil {`
cleaned up logic 2021-11-16 15:55:07 +01:00			`onError(c, opts.ErrorHandler, http.StatusUnauthorized, options.ConvertTokenErrorDescription, err)`
			`return`
initial 2021-11-14 16:37:58 +01:00			`}`

			`c.Set(string(opts.ClaimsContextKeyName), tokenClaims)`
bad copy/paste, changed ginerror.Error field 2021-11-15 14:58:15 +01:00
initial 2021-11-14 16:37:58 +01:00			`c.Next()`
			`}`
			`}`