- commit
- dfb0b0a
- parent
- 026756c
- author
- Antonio Mika
- date
- 2024-11-18 22:31:01 +0000 UTC
Change auth endpoints to check plus and space
1 files changed,
+35,
-13
+35,
-13
1@@ -70,26 +70,45 @@ type oauth2Server struct {
2 ResponseTypesSupported []string `json:"response_types_supported"`
3 }
4
5-func generateURL(cfg *AuthCfg, path string) string {
6- return fmt.Sprintf("%s/%s", cfg.Domain, path)
7+func generateURL(cfg *AuthCfg, path string, space string) string {
8+ query := ""
9+
10+ if space != "" {
11+ query = fmt.Sprintf("?space=%s", space)
12+ }
13+
14+ return fmt.Sprintf("%s/%s%s", cfg.Domain, path, query)
15+}
16+
17+func hasPlusOrSpace(client *Client, user *db.User, space string) bool {
18+ return client.Dbpool.HasFeatureForUser(user.ID, "plus") || client.Dbpool.HasFeatureForUser(user.ID, space)
19 }
20
21 func wellKnownHandler(w http.ResponseWriter, r *http.Request) {
22 client := getClient(r)
23
24+ space, err := url.PathUnescape(getField(r, 0))
25+ if err != nil {
26+ client.Logger.Error(err.Error())
27+ }
28+
29+ if space == "" {
30+ space = r.URL.Query().Get("space")
31+ }
32+
33 p := oauth2Server{
34 Issuer: client.Cfg.Issuer,
35- IntrospectionEndpoint: generateURL(client.Cfg, "introspect"),
36+ IntrospectionEndpoint: generateURL(client.Cfg, "introspect", space),
37 IntrospectionEndpointAuthMethodsSupported: []string{
38 "none",
39 },
40- AuthorizationEndpoint: generateURL(client.Cfg, "authorize"),
41- TokenEndpoint: generateURL(client.Cfg, "token"),
42+ AuthorizationEndpoint: generateURL(client.Cfg, "authorize", ""),
43+ TokenEndpoint: generateURL(client.Cfg, "token", ""),
44 ResponseTypesSupported: []string{"code"},
45 }
46 w.Header().Set("Content-Type", "application/json")
47 w.WriteHeader(http.StatusOK)
48- err := json.NewEncoder(w).Encode(p)
49+ err = json.NewEncoder(w).Encode(p)
50 if err != nil {
51 client.Logger.Error(err.Error())
52 http.Error(w, err.Error(), http.StatusInternalServerError)
53@@ -117,6 +136,14 @@ func introspectHandler(w http.ResponseWriter, r *http.Request) {
54 Active: true,
55 Username: user.Name,
56 }
57+
58+ space := r.URL.Query().Get("space")
59+ if space != "" {
60+ if !hasPlusOrSpace(client, user, space) {
61+ p.Active = false
62+ }
63+ }
64+
65 w.Header().Set("Content-Type", "application/json")
66 w.WriteHeader(http.StatusOK)
67 err = json.NewEncoder(w).Encode(p)
68@@ -278,12 +305,7 @@ func keyHandler(w http.ResponseWriter, r *http.Request) {
69 return
70 }
71
72- if space == "tuns" {
73- if !client.Dbpool.HasFeatureForUser(user.ID, "plus") {
74- w.WriteHeader(http.StatusUnauthorized)
75- return
76- }
77- } else if !client.Dbpool.HasFeatureForUser(user.ID, space) {
78+ if !hasPlusOrSpace(client, user, space) {
79 w.WriteHeader(http.StatusUnauthorized)
80 return
81 }
82@@ -595,7 +617,7 @@ func createMainRoutes() []shared.Route {
83
84 routes := []shared.Route{
85 shared.NewRoute("GET", "/checkout/(.+)", checkoutHandler),
86- shared.NewRoute("GET", "/.well-known/oauth-authorization-server", wellKnownHandler),
87+ shared.NewRoute("GET", "/.well-known/oauth-authorization-server/?(.+)?", wellKnownHandler),
88 shared.NewRoute("POST", "/introspect", introspectHandler),
89 shared.NewRoute("GET", "/authorize", authorizeHandler),
90 shared.NewRoute("POST", "/token", tokenHandler),