Add registration handler and update routing for OIDC integration
This commit is contained in:
27
CLAUDE.md
Normal file
27
CLAUDE.md
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
# CLAUDE.md - Member Console Guidelines
|
||||||
|
|
||||||
|
## Build & Run Commands
|
||||||
|
- Build: `go build -o member-console`
|
||||||
|
- Run: `go run main.go start`
|
||||||
|
- Run with config: `go run main.go start --config path/to/config.yaml`
|
||||||
|
- Test: `go test ./...`
|
||||||
|
- Test specific: `go test ./internal/auth`
|
||||||
|
- Lint: `golangci-lint run`
|
||||||
|
|
||||||
|
## Code Style Guidelines
|
||||||
|
- **Formatting**: Standard Go formatting with `gofmt`
|
||||||
|
- **Imports**: Group by standard lib, then external, then internal
|
||||||
|
- **Naming**:
|
||||||
|
- Packages: lowercase, single word
|
||||||
|
- Exported functions: PascalCase
|
||||||
|
- Internal functions: camelCase
|
||||||
|
- Variables: camelCase
|
||||||
|
- **Error Handling**: Check errors with `if err != nil`, use descriptive messages
|
||||||
|
- **Security**: Implement secure headers, CSRF protection, proper session management
|
||||||
|
- **Documentation**: Comment all exported functions and types
|
||||||
|
- **Configuration**: Use Viper with env vars (WCMC prefix)
|
||||||
|
|
||||||
|
## Architecture
|
||||||
|
- Clean separation of concerns (middleware, auth, handlers)
|
||||||
|
- Follow Go project layout standards
|
||||||
|
- Protected routes should implement CSRF protection
|
||||||
@ -72,6 +72,7 @@ func (c *Config) RegisterHandlers(mux *http.ServeMux) {
|
|||||||
mux.HandleFunc("/callback", c.CallbackHandler)
|
mux.HandleFunc("/callback", c.CallbackHandler)
|
||||||
mux.HandleFunc("/logout", c.LogoutHandler)
|
mux.HandleFunc("/logout", c.LogoutHandler)
|
||||||
mux.HandleFunc("/logout-callback", c.LogoutCallbackHandler)
|
mux.HandleFunc("/logout-callback", c.LogoutCallbackHandler)
|
||||||
|
mux.HandleFunc("/register", c.RegistrationHandler)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Middleware returns an auth middleware function
|
// Middleware returns an auth middleware function
|
||||||
@ -80,7 +81,8 @@ func (c *Config) Middleware() func(http.Handler) http.Handler {
|
|||||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||||
// Skip authentication for public routes
|
// Skip authentication for public routes
|
||||||
if r.URL.Path == "/login" || r.URL.Path == "/callback" ||
|
if r.URL.Path == "/login" || r.URL.Path == "/callback" ||
|
||||||
r.URL.Path == "/logout" || r.URL.Path == "/logout-callback" {
|
r.URL.Path == "/logout" || r.URL.Path == "/logout-callback" ||
|
||||||
|
r.URL.Path == "/register" {
|
||||||
next.ServeHTTP(w, r)
|
next.ServeHTTP(w, r)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
@ -306,6 +308,55 @@ func (c *Config) LogoutCallbackHandler(w http.ResponseWriter, r *http.Request) {
|
|||||||
http.Redirect(w, r, "/login", http.StatusFound)
|
http.Redirect(w, r, "/login", http.StatusFound)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// RegistrationHandler redirects to the OIDC registration page
|
||||||
|
func (c *Config) RegistrationHandler(w http.ResponseWriter, r *http.Request) {
|
||||||
|
// Generate random state, nonce, and code verifier for security
|
||||||
|
state := generateRandomString(32)
|
||||||
|
nonce := generateRandomString(32)
|
||||||
|
codeVerifier := generateRandomString(32)
|
||||||
|
hash := sha256.Sum256([]byte(codeVerifier))
|
||||||
|
codeChallenge := base64.RawURLEncoding.EncodeToString(hash[:])
|
||||||
|
|
||||||
|
// Store state, nonce, and code verifier in session for verification
|
||||||
|
session, _ := c.Store.Get(r, c.SessionName)
|
||||||
|
session.Values["state"] = state
|
||||||
|
session.Values["nonce"] = nonce
|
||||||
|
session.Values["code_verifier"] = codeVerifier
|
||||||
|
if err := session.Save(r, w); err != nil {
|
||||||
|
log.Printf("Error saving session: %v", err)
|
||||||
|
http.Error(w, "Server error", http.StatusInternalServerError)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// Build the registration URL using the specified registrations endpoint
|
||||||
|
baseURL := viper.GetString("issuer-url")
|
||||||
|
registrationURL, err := url.Parse(baseURL + "/protocol/openid-connect/registrations")
|
||||||
|
if err != nil {
|
||||||
|
log.Printf("Error parsing registration URL: %v", err)
|
||||||
|
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// Add query parameters
|
||||||
|
q := registrationURL.Query()
|
||||||
|
q.Set("client_id", viper.GetString("client-id"))
|
||||||
|
q.Set("response_type", "code")
|
||||||
|
q.Set("scope", "openid email profile")
|
||||||
|
q.Set("redirect_uri", viper.GetString("hostname")+"/callback")
|
||||||
|
q.Set("state", state)
|
||||||
|
q.Set("nonce", nonce)
|
||||||
|
q.Set("code_challenge", codeChallenge)
|
||||||
|
q.Set("code_challenge_method", "S256")
|
||||||
|
|
||||||
|
registrationURL.RawQuery = q.Encode()
|
||||||
|
|
||||||
|
// Log for debugging
|
||||||
|
log.Printf("Redirecting to registration URL: %s", registrationURL.String())
|
||||||
|
|
||||||
|
// Redirect to registration page
|
||||||
|
http.Redirect(w, r, registrationURL.String(), http.StatusFound)
|
||||||
|
}
|
||||||
|
|
||||||
// Helper function to generate random strings
|
// Helper function to generate random strings
|
||||||
func generateRandomString(n int) string {
|
func generateRandomString(n int) string {
|
||||||
b := make([]byte, n)
|
b := make([]byte, n)
|
||||||
|
|||||||
Reference in New Issue
Block a user