127 lines
4.7 KiB
Go
127 lines
4.7 KiB
Go
package http
|
|
|
|
import (
|
|
"github.com/fasthttp/router"
|
|
"github.com/goccy/go-json"
|
|
http "github.com/valyala/fasthttp"
|
|
|
|
"source.toby3d.me/toby3d/middleware"
|
|
"source.toby3d.me/toby3d/auth/internal/common"
|
|
"source.toby3d.me/toby3d/auth/internal/domain"
|
|
)
|
|
|
|
type (
|
|
//nolint: tagliatelle // https://indieauth.net/source/#indieauth-server-metadata
|
|
MetadataResponse struct {
|
|
// The server's issuer identifier.
|
|
Issuer string `json:"issuer"`
|
|
|
|
// The Authorization Endpoint.
|
|
AuthorizationEndpoint string `json:"authorization_endpoint"`
|
|
|
|
// The Token Endpoint.
|
|
TokenEndpoint string `json:"token_endpoint"`
|
|
|
|
// The Introspection Endpoint.
|
|
IntrospectionEndpoint string `json:"introspection_endpoint"`
|
|
|
|
// JSON array containing a list of client authentication methods
|
|
// supported by this introspection endpoint.
|
|
IntrospectionEndpointAuthMethodsSupported []string `json:"introspection_endpoint_auth_methods_supported,omitempty"` //nolint: lll
|
|
|
|
// The Revocation Endpoint.
|
|
RevocationEndpoint string `json:"revocation_endpoint,omitempty"`
|
|
|
|
// JSON array containing the value "none".
|
|
RevocationEndpointAuthMethodsSupported []string `json:"revocation_endpoint_auth_methods_supported,omitempty"` //nolint: lll
|
|
|
|
// JSON array containing scope values supported by the
|
|
// IndieAuth server.
|
|
ScopesSupported []string `json:"scopes_supported,omitempty"`
|
|
|
|
// JSON array containing the response_type values supported.
|
|
ResponseTypesSupported []string `json:"response_types_supported,omitempty"`
|
|
|
|
// JSON array containing grant type values supported.
|
|
GrantTypesSupported []string `json:"grant_types_supported,omitempty"`
|
|
|
|
// URL of a page containing human-readable information that
|
|
// developers might need to know when using the server.
|
|
ServiceDocumentation string `json:"service_documentation,omitempty"`
|
|
|
|
// JSON array containing the methods supported for PKCE.
|
|
CodeChallengeMethodsSupported []string `json:"code_challenge_methods_supported"`
|
|
|
|
// Boolean parameter indicating whether the authorization server
|
|
// provides the iss parameter.
|
|
AuthorizationResponseIssParameterSupported bool `json:"authorization_response_iss_parameter_supported,omitempty"` //nolint: lll
|
|
|
|
// The User Info Endpoint.
|
|
UserinfoEndpoint string `json:"userinfo_endpoint,omitempty"`
|
|
}
|
|
|
|
RequestHandler struct {
|
|
metadata *domain.Metadata
|
|
}
|
|
)
|
|
|
|
func NewRequestHandler(metadata *domain.Metadata) *RequestHandler {
|
|
return &RequestHandler{
|
|
metadata: metadata,
|
|
}
|
|
}
|
|
|
|
func (h *RequestHandler) Register(r *router.Router) {
|
|
chain := middleware.Chain{
|
|
middleware.LogFmt(),
|
|
}
|
|
|
|
r.GET("/.well-known/oauth-authorization-server", chain.RequestHandler(h.read))
|
|
}
|
|
|
|
func (h *RequestHandler) read(ctx *http.RequestCtx) {
|
|
ctx.SetStatusCode(http.StatusOK)
|
|
ctx.SetContentType(common.MIMEApplicationJSONCharsetUTF8)
|
|
|
|
scopes, responseTypes, grantTypes, codeChallengeMethods := make([]string, 0), make([]string, 0),
|
|
make([]string, 0), make([]string, 0)
|
|
|
|
for i := range h.metadata.ScopesSupported {
|
|
scopes = append(scopes, h.metadata.ScopesSupported[i].String())
|
|
}
|
|
|
|
for i := range h.metadata.ResponseTypesSupported {
|
|
responseTypes = append(responseTypes, h.metadata.ResponseTypesSupported[i].String())
|
|
}
|
|
|
|
for i := range h.metadata.GrantTypesSupported {
|
|
grantTypes = append(grantTypes, h.metadata.GrantTypesSupported[i].String())
|
|
}
|
|
|
|
for i := range h.metadata.CodeChallengeMethodsSupported {
|
|
codeChallengeMethods = append(codeChallengeMethods,
|
|
h.metadata.CodeChallengeMethodsSupported[i].String())
|
|
}
|
|
|
|
_ = json.NewEncoder(ctx).Encode(&MetadataResponse{
|
|
AuthorizationEndpoint: h.metadata.AuthorizationEndpoint.String(),
|
|
IntrospectionEndpoint: h.metadata.IntrospectionEndpoint.String(),
|
|
Issuer: h.metadata.Issuer.String(),
|
|
RevocationEndpoint: h.metadata.RevocationEndpoint.String(),
|
|
ServiceDocumentation: h.metadata.ServiceDocumentation.String(),
|
|
TokenEndpoint: h.metadata.TokenEndpoint.String(),
|
|
UserinfoEndpoint: h.metadata.UserinfoEndpoint.String(),
|
|
AuthorizationResponseIssParameterSupported: h.metadata.AuthorizationResponseIssParameterSupported,
|
|
CodeChallengeMethodsSupported: codeChallengeMethods,
|
|
GrantTypesSupported: grantTypes,
|
|
IntrospectionEndpointAuthMethodsSupported: h.metadata.IntrospectionEndpointAuthMethodsSupported,
|
|
ResponseTypesSupported: responseTypes,
|
|
ScopesSupported: scopes,
|
|
// NOTE(toby3d): If a revocation endpoint is provided, this
|
|
// property should also be provided with the value ["none"],
|
|
// since the omission of this value defaults to
|
|
// client_secret_basic according to RFC8414.
|
|
RevocationEndpointAuthMethodsSupported: h.metadata.RevocationEndpointAuthMethodsSupported,
|
|
})
|
|
}
|