-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathazure.go
168 lines (147 loc) · 4.43 KB
/
azure.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
package main
import (
"fmt"
"github.com/dgrijalva/jwt-go"
"github.com/gorilla/sessions"
"github.com/labstack/echo-contrib/session"
"github.com/labstack/echo/v4"
"time"
)
var (
sessionName = IsSettingEmpty("SESSION_NAME")
jwtName = IsSettingEmpty("JWT_NAME")
jwtKey = IsSettingEmpty("JWT_TOKEN")
expiryHours = ConvertStringToNumber(IsSettingEmpty("EXPIRY_DATE"))
sessionExpiryDate = 60 * 60 * expiryHours
)
type jwtClaims struct {
Name string `json:"name"`
Email string `json:"email"`
jwt.StandardClaims
}
type Users struct {
Name string
GivenName string
FamilyName string
Email string
}
// The url to authenticate with Azure.
func azureAuthUrl() string {
return fmt.Sprintf("https://login.microsoftonline.com/%s/oauth2/authorize?response_type=token"+
"&client_id=%s&redirect_uri=%s&domain_hint=%s&resource=%s",
IsSettingEmpty("AZURE_TENANT_ID"), IsSettingEmpty("AZURE_CLIENT_ID"),
fmt.Sprintf("%s%s", IsSettingEmpty("WEB_URL"), IsSettingEmpty("AZURE_REDIRECT_URL")),
IsSettingEmpty("AZURE_DOMAIN"), IsSettingEmpty("AZURE_RESOURCE"))
}
// Extract the token and validate the user
func extractAzureToken(c echo.Context) error {
Debugf("Extracting token from the URL")
err := deleteSession(c)
if err != nil {
return fmt.Errorf("failed in deleting the saved session: %v", err)
}
accessToken := c.FormValue("access_token")
if !DoesValueExists(accessToken) {
return fmt.Errorf("unable to access any token from azure")
}
return parseToken(accessToken, c)
}
// parse the token & Extract the user Information
func parseToken(t string, c echo.Context) error {
Debugf("Parsing the azure token")
token, _, err := new(jwt.Parser).ParseUnverified(t, jwt.MapClaims{})
if err != nil {
return fmt.Errorf("failed in parsing the token: %v", err)
}
if claims, ok := token.Claims.(jwt.MapClaims); ok {
return extractUser(claims, c)
}
return fmt.Errorf("failed in claim the jwt token: %v", err)
}
// Extract the user information & store in the database
func extractUser(j jwt.MapClaims, c echo.Context) error {
Debugf("Extracting the user information from the token")
u := &Users{
Email: j["unique_name"].(string),
Name: j["name"].(string),
GivenName: j["given_name"].(string),
FamilyName: j["family_name"].(string),
}
// Record the entry of the user in the database if needed
// the "u" has all authenticated user details
// JWT Token
err := createJWTToken(u, c)
if err != nil {
return fmt.Errorf("failed to create JWT Token: %v", err)
}
return nil
}
// Create our own JWT Token and Store it on session no need to save this
// on database
func createJWTToken(u *Users, c echo.Context) error {
Debugf("Creating the JWT Token")
// New JWT token
claims := &jwtClaims{
u.Name,
u.Email,
jwt.StandardClaims{
ExpiresAt: jwtExpiry(),
},
}
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
t, err := token.SignedString([]byte(jwtKey))
if err != nil {
return fmt.Errorf("failed to sign jwt token: %v", err)
}
// Save session
err = createSession(c, t)
if err != nil {
return fmt.Errorf("failed to create jwt token: %v", err)
}
return nil
}
// Create session information and store it has a cookie
func createSession(c echo.Context, t string) error {
sess, _ := getSession(c)
sess.Values[jwtName] = t
sess.Options.MaxAge = sessionExpiryDate
err := saveSession(sess, c)
if err != nil {
return fmt.Errorf("failed to create session, err: %v", err)
}
return err
}
// Generate expiry date for JWT Token
func jwtExpiry() int64 {
return time.Now().Add(time.Hour * time.Duration(expiryHours)).Unix()
}
// Get Session
func getSession(c echo.Context) (*sessions.Session, error) {
Debugf("Getting the session information")
sess, err := session.Get(sessionName, c)
if err != nil {
return sess, PrintErrorAndReturn("failed in getting the session information: %v", err)
}
return sess, nil
}
// Save Session
func saveSession(sess *sessions.Session, c echo.Context) error {
Debugf("Saving session cookie")
err := sess.Save(c.Request(), c.Response())
if err != nil {
return fmt.Errorf("failed in saving the session: %v", err)
}
return nil
}
// Delete session
// https://github.com/gorilla/sessions/blob/03b6f63cc43ef9c7240a635a5e22b13180e822b8/store.go#L116
func deleteSession(c echo.Context) error {
Debugf("Deleting session cookie")
sess, _ := getSession(c)
sess.Options.MaxAge = -1
err := saveSession(sess, c)
if err != nil {
return fmt.Errorf("failed to delete session, err: %v", err)
}
return nil
}