wip

halkeye · Feb 19, 2020 · 383dd63 · 383dd63
1 parent 86ce8d2
commit 383dd63
Show file tree

Hide file tree

Showing 9 changed files with 93 additions and 108 deletions.
diff --git a/internal/auth/authconfig/authconfig.go b/internal/auth/authconfig/authconfig.go
@@ -1,6 +1,8 @@
 package authconfig
 
-import "github.com/place1/wireguard-access-server/internal/auth/authruntime"
+import (
+	"github.com/place1/wireguard-access-server/internal/auth/authruntime"
+)
 
 type AuthConfig struct {
 	OIDC   *OIDCConfig      `yaml:"oidc"`

diff --git a/internal/auth/authconfig/basic.go b/internal/auth/authconfig/basic.go
@@ -5,7 +5,6 @@ import (
 	"net/http"
 	"strings"
 
-	"github.com/gorilla/mux"
 	"github.com/place1/wireguard-access-server/internal/auth/authruntime"
 	"github.com/place1/wireguard-access-server/internal/auth/authsession"
 	"github.com/tg123/go-htpasswd"
@@ -21,16 +20,15 @@ type BasicAuthConfig struct {
 
 func (c *BasicAuthConfig) Provider() *authruntime.Provider {
 	return &authruntime.Provider{
-		RegisterRoutes: func(router *mux.Router, runtime *authruntime.ProviderRuntime) error {
-			router.HandleFunc("/login", basicAuthLogin(c, runtime))
-			return nil
+		Type: "Basic",
+		Invoke: func(w http.ResponseWriter, r *http.Request, runtime *authruntime.ProviderRuntime) {
+			basicAuthLogin(c, runtime)(w, r)
 		},
 	}
 }
 
 func basicAuthLogin(c *BasicAuthConfig, runtime *authruntime.ProviderRuntime) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-
 		u, p, ok := r.BasicAuth()
 		if !ok {
 			w.Header().Set("WWW-Authenticate", `Basic realm="site"`)

diff --git a/internal/auth/authconfig/gitlab.go b/internal/auth/authconfig/gitlab.go
@@ -19,5 +19,7 @@ func (c *GitlabConfig) Provider() *authruntime.Provider {
 		RedirectURL:  c.RedirectURL,
 		Scopes:       []string{"openid"},
 	}
-	return o.Provider()
+	p := o.Provider()
+	p.Type = "Gitlab"
+	return p
 }
diff --git a/internal/auth/authconfig/oidc.go b/internal/auth/authconfig/oidc.go
@@ -3,10 +3,12 @@ package authconfig
 import (
 	"context"
 	"net/http"
+	"net/url"
 	"time"
 
 	"github.com/coreos/go-oidc"
 	"github.com/gorilla/mux"
+	"github.com/pkg/errors"
 	"github.com/place1/wireguard-access-server/internal/auth/authruntime"
 	"github.com/place1/wireguard-access-server/internal/auth/authsession"
 	"github.com/place1/wireguard-access-server/internal/auth/authutil"
@@ -43,10 +45,18 @@ func (c *OIDCConfig) Provider() *authruntime.Provider {
 		Endpoint:     provider.Endpoint(),
 	}
 
+	redirectURL, err := url.Parse(c.RedirectURL)
+	if err != nil {
+		panic(errors.Wrapf(err, "redirect url is not valid: %s", c.RedirectURL))
+	}
+
 	return &authruntime.Provider{
+		Type: "OIDC",
+		Invoke: func(w http.ResponseWriter, r *http.Request, runtime *authruntime.ProviderRuntime) {
+			loginHandler(runtime, oauthConfig)(w, r)
+		},
 		RegisterRoutes: func(router *mux.Router, runtime *authruntime.ProviderRuntime) error {
-			router.HandleFunc("/login", loginHandler(runtime, oauthConfig))
-			router.HandleFunc("/callback", callbackHandler(runtime, oauthConfig, provider))
+			router.HandleFunc(redirectURL.Path, callbackHandler(runtime, oauthConfig, provider))
 			return nil
 		},
 	}

diff --git a/internal/auth/authruntime/runtime.go b/internal/auth/authruntime/runtime.go
@@ -9,6 +9,8 @@ import (
 )
 
 type Provider struct {
+	Type           string
+	Invoke         func(http.ResponseWriter, *http.Request, *ProviderRuntime)
 	RegisterRoutes func(*mux.Router, *ProviderRuntime) error
 }
 

diff --git a/internal/auth/authtemplates/login.go b/internal/auth/authtemplates/login.go
@@ -4,11 +4,11 @@ import (
 	"html/template"
 	"io"
 
-	"github.com/place1/wireguard-access-server/internal/auth/authconfig"
+	"github.com/place1/wireguard-access-server/internal/auth/authruntime"
 )
 
 type LoginPage struct {
-	Config *authconfig.AuthConfig
+	Providers []*authruntime.Provider
 }
 
 func RenderLoginPage(w io.Writer, data LoginPage) error {
@@ -34,11 +34,11 @@ const loginPage string = `
 
 	.form {
 		position: absolute;
-		top: 40%;
+		top: 50%;
 		left: 50%;
+		transform: translate(-50%, -50%);
 		background-color: #fff;
 		width: 285px;
-		margin: -140px 0 0 -182px;
 		padding: 40px;
 		box-shadow: 0 0 3px rgba(0, 0, 0, 0.3);
 	}
@@ -59,7 +59,6 @@ const loginPage string = `
 		border: 1px solid #ccc;
 		color: #ccc;
 		box-sizing: border-box;
-		transition: 0.2s linear;
 	}
 
 	.form * {
@@ -105,34 +104,25 @@ const loginPage string = `
 		background-color: #4d4d4d;
 		border-radius: 50%;
 	}
-
-	.error, .valid{display:none;}
 </style>
 
-
-
-<section class="form animated flipInX">
+<section class="form">
   <h2>Login To Your Account</h2>
-  <p class="valid">Valid. Please wait a moment.</p>
-  <p class="error">Error. Please enter correct Username &amp; password.</p>
-	<form class="loginbox" autocomplete="off">
-
-		{{if .Config.Basic}}
-			<input placeholder="Username" type="text" id="username"></input>
-			<input placeholder="Password" type="password" id="password"></input>
-			<button id="submit">Login</button>
-		{{end}}
-
-		<hr />
-
-		{{if .Config.OIDC}}
-			<button>{{.Config.OIDC.Name}}</button>
-		{{end}}
-
-		{{if .Config.Gitlab}}
-			<button>{{.Config.Gitlab.Name}}</button>
-		{{end}}
 
+	{{range $i, $p := .Providers}}
+		<a href="/signin/{{$i}}">
+			<button>{{$p.Type}}</button>
+		</a>
+	{{end}}
+
+	<!--
+	<form autocomplete="off">
+		<input placeholder="Username" type="text" id="username"></input>
+		<input placeholder="Password" type="password" id="password"></input>
+		<button id="submit">Login</button>
 	</form>
+	<hr />
+	-->
+
 </section>
 `
diff --git a/internal/auth/router.go b/internal/auth/router.go
@@ -3,6 +3,7 @@ package auth
 import (
 	"fmt"
 	"net/http"
+	"strconv"
 
 	"github.com/place1/wireguard-access-server/internal/auth/authconfig"
 	"github.com/place1/wireguard-access-server/internal/auth/authruntime"
@@ -27,16 +28,31 @@ func (m *AuthMiddleware) Wrap(next http.Handler) http.Handler {
 	runtime := authruntime.NewProviderRuntime(sessions.NewCookieStore([]byte(authutil.RandomString(32))))
 	router := mux.NewRouter()
 
-	for _, p := range m.config.Providers() {
-		p.RegisterRoutes(router, runtime)
+	providers := m.config.Providers()
+
+	for _, p := range providers {
+		if p.RegisterRoutes != nil {
+			p.RegisterRoutes(router, runtime)
+		}
 	}
 
-	router.PathPrefix("/signin").Handler(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+	router.HandleFunc("/signin", func(w http.ResponseWriter, r *http.Request) {
 		w.WriteHeader(http.StatusOK)
 		fmt.Fprint(w, authtemplates.RenderLoginPage(w, authtemplates.LoginPage{
-			Config: m.config,
+			Providers: providers,
 		}))
-	}))
+	})
+
+	router.HandleFunc("/signin/{index}", func(w http.ResponseWriter, r *http.Request) {
+		index, err := strconv.Atoi(mux.Vars(r)["index"])
+		if err != nil || (index < 0 || index >= len(providers)) {
+			fmt.Fprintf(w, "unknown provider")
+			w.WriteHeader(http.StatusBadRequest)
+			return
+		}
+		provider := providers[index]
+		provider.Invoke(w, r, runtime)
+	})
 
 	router.PathPrefix("/").Handler(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		if s, err := runtime.GetSession(r); err == nil {