mirror of
https://github.com/nais/wonderwall.git
synced 2026-05-07 00:46:56 +00:00
185 lines
4.4 KiB
Go
185 lines
4.4 KiB
Go
package handler
|
|
|
|
import (
|
|
"net/http"
|
|
"time"
|
|
|
|
"github.com/nais/wonderwall/pkg/config"
|
|
"github.com/nais/wonderwall/pkg/cookie"
|
|
"github.com/nais/wonderwall/pkg/crypto"
|
|
"github.com/nais/wonderwall/pkg/handler/autologin"
|
|
errorhandler "github.com/nais/wonderwall/pkg/handler/error"
|
|
"github.com/nais/wonderwall/pkg/ingress"
|
|
"github.com/nais/wonderwall/pkg/loginstatus"
|
|
"github.com/nais/wonderwall/pkg/middleware"
|
|
openidclient "github.com/nais/wonderwall/pkg/openid/client"
|
|
openidconfig "github.com/nais/wonderwall/pkg/openid/config"
|
|
"github.com/nais/wonderwall/pkg/router"
|
|
"github.com/nais/wonderwall/pkg/session"
|
|
)
|
|
|
|
var _ router.Source = &DefaultHandler{}
|
|
|
|
type DefaultHandler struct {
|
|
AutoLogin *autologin.AutoLogin
|
|
Client *openidclient.Client
|
|
Config *config.Config
|
|
CookieOptions cookie.Options
|
|
Crypter crypto.Crypter
|
|
Ingresses *ingress.Ingresses
|
|
Loginstatus *loginstatus.Loginstatus
|
|
OpenidConfig openidconfig.Config
|
|
Sessions *session.Handler
|
|
UpstreamProxy *ReverseProxy
|
|
}
|
|
|
|
func NewDefaultHandler(
|
|
cfg *config.Config,
|
|
cookieOpts cookie.Options,
|
|
jwksProvider openidclient.JwksProvider,
|
|
openidConfig openidconfig.Config,
|
|
crypter crypto.Crypter,
|
|
) (*DefaultHandler, error) {
|
|
autoLogin, err := autologin.New(cfg)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
httpClient := &http.Client{
|
|
Timeout: time.Second * 10,
|
|
}
|
|
|
|
loginstatusClient := loginstatus.NewClient(cfg.Loginstatus, httpClient)
|
|
|
|
openidClient := openidclient.NewClient(openidConfig, loginstatusClient, jwksProvider)
|
|
openidClient.SetHttpClient(httpClient)
|
|
|
|
sessionHandler, err := session.NewHandler(cfg, openidConfig, crypter, openidClient)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
ingresses, err := ingress.ParseIngresses(cfg)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return &DefaultHandler{
|
|
AutoLogin: autoLogin,
|
|
Client: openidClient,
|
|
Config: cfg,
|
|
CookieOptions: cookieOpts,
|
|
Crypter: crypter,
|
|
Ingresses: ingresses,
|
|
Loginstatus: loginstatusClient,
|
|
OpenidConfig: openidConfig,
|
|
Sessions: sessionHandler,
|
|
UpstreamProxy: NewReverseProxy(cfg.UpstreamHost),
|
|
}, nil
|
|
}
|
|
|
|
func (d *DefaultHandler) GetAutoLogin() *autologin.AutoLogin {
|
|
return d.AutoLogin
|
|
}
|
|
|
|
func (d *DefaultHandler) GetClient() *openidclient.Client {
|
|
return d.Client
|
|
}
|
|
|
|
func (d *DefaultHandler) GetCookieOptions() cookie.Options {
|
|
return d.CookieOptions
|
|
}
|
|
|
|
func (d *DefaultHandler) GetCookieOptsPathAware(r *http.Request) cookie.Options {
|
|
if d.Config.SSO.Enabled {
|
|
return d.GetCookieOptions()
|
|
}
|
|
|
|
path := d.GetPath(r)
|
|
return d.CookieOptions.WithPath(path)
|
|
}
|
|
|
|
func (d *DefaultHandler) GetCrypter() crypto.Crypter {
|
|
return d.Crypter
|
|
}
|
|
|
|
func (d *DefaultHandler) GetErrorHandler() errorhandler.Handler {
|
|
return errorhandler.New(d)
|
|
}
|
|
|
|
func (d *DefaultHandler) GetErrorPath() string {
|
|
return d.Config.ErrorPath
|
|
}
|
|
|
|
func (d *DefaultHandler) GetIngresses() *ingress.Ingresses {
|
|
return d.Ingresses
|
|
}
|
|
|
|
func (d *DefaultHandler) GetLoginstatus() *loginstatus.Loginstatus {
|
|
return d.Loginstatus
|
|
}
|
|
|
|
func (d *DefaultHandler) GetPath(r *http.Request) string {
|
|
path, ok := middleware.PathFrom(r.Context())
|
|
if !ok {
|
|
path = d.Ingresses.MatchingPath(r)
|
|
}
|
|
|
|
return path
|
|
}
|
|
|
|
func (d *DefaultHandler) GetSessions() *session.Handler {
|
|
return d.Sessions
|
|
}
|
|
|
|
func (d *DefaultHandler) GetSessionConfig() config.Session {
|
|
return d.Config.Session
|
|
}
|
|
|
|
func (d *DefaultHandler) Login(w http.ResponseWriter, r *http.Request) {
|
|
Login(d, w, r)
|
|
}
|
|
|
|
func (d *DefaultHandler) LoginCallback(w http.ResponseWriter, r *http.Request) {
|
|
LoginCallback(d, w, r)
|
|
}
|
|
|
|
func (d *DefaultHandler) Logout(w http.ResponseWriter, r *http.Request) {
|
|
opts := LogoutOptions{
|
|
GlobalLogout: true,
|
|
}
|
|
Logout(d, w, r, opts)
|
|
}
|
|
|
|
func (d *DefaultHandler) LogoutLocal(w http.ResponseWriter, r *http.Request) {
|
|
opts := LogoutOptions{
|
|
GlobalLogout: false,
|
|
}
|
|
Logout(d, w, r, opts)
|
|
}
|
|
|
|
func (d *DefaultHandler) LogoutCallback(w http.ResponseWriter, r *http.Request) {
|
|
LogoutCallback(d, w, r)
|
|
}
|
|
|
|
func (d *DefaultHandler) LogoutFrontChannel(w http.ResponseWriter, r *http.Request) {
|
|
LogoutFrontChannel(d, w, r)
|
|
}
|
|
|
|
func (d *DefaultHandler) Session(w http.ResponseWriter, r *http.Request) {
|
|
Session(d, w, r)
|
|
}
|
|
|
|
func (d *DefaultHandler) SessionRefresh(w http.ResponseWriter, r *http.Request) {
|
|
if !d.Config.Session.Refresh {
|
|
http.NotFound(w, r)
|
|
return
|
|
}
|
|
|
|
SessionRefresh(d, w, r)
|
|
}
|
|
|
|
func (d *DefaultHandler) ReverseProxy(w http.ResponseWriter, r *http.Request) {
|
|
d.UpstreamProxy.Handler(d, w, r)
|
|
}
|