TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-04-26 10:00:51 +00:00
Code Issues Packages Projects Releases Wiki Activity
zitadel/internal/ui/login/handler/login.go
Livio Amstutz 34ec2508d3
feat: add domain verification notification (#649) 
* fix: dont (re)generate client secret with auth type none

* fix(cors): allow Origin from request

* feat: add origin allow list and fix some core issues

* rename migration

* fix UserIDsByDomain

* feat: send email to users after domain claim

* username

* check origin on userinfo

* update oidc pkg

* fix: add migration 1.6

* change username

* change username

* remove unique email aggregate

* change username in mgmt

* search global user by login name

* fix test

* change user search in angular

* fix tests

* merge

* userview in angular

* fix merge

* Update pkg/grpc/management/proto/management.proto

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>

* Update internal/notification/static/i18n/de.yaml

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>

* fix

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
2020-08-27 17:18:23 +02:00

131 lines
3.6 KiB
Go
Raw Blame History

package handler
import (
"context"
"net"
"net/http"
"github.com/caos/logging"
"github.com/gorilla/csrf"
"github.com/rakyll/statik/fs"
"golang.org/x/text/language"
"github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/api/http/middleware"
auth_repository "github.com/caos/zitadel/internal/auth/repository"
"github.com/caos/zitadel/internal/auth/repository/eventsourcing"
"github.com/caos/zitadel/internal/crypto"
"github.com/caos/zitadel/internal/form"
_ "github.com/caos/zitadel/internal/ui/login/statik"
)
type Login struct {
endpoint string
router http.Handler
renderer *Renderer
parser *form.Parser
authRepo auth_repository.Repository
zitadelURL string
oidcAuthCallbackURL string
}
type Config struct {
OidcAuthCallbackURL string
ZitadelURL string
LanguageCookieName string
DefaultLanguage language.Tag
CSRF CSRF
Cache middleware.CacheConfig
}
type CSRF struct {
CookieName string
Key *crypto.KeyConfig
Development bool
}
const (
login = "LOGIN"
)
func CreateLogin(config Config, authRepo *eventsourcing.EsRepository, prefix string) *Login {
login := &Login{
oidcAuthCallbackURL: config.OidcAuthCallbackURL,
zitadelURL: config.ZitadelURL,
authRepo: authRepo,
}
statikFS, err := fs.NewWithNamespace("login")
logging.Log("CONFI-Ga21f").OnError(err).Panic("unable to create filesystem")
csrf, err := csrfInterceptor(config.CSRF, login.csrfErrorHandler())
logging.Log("CONFI-dHR2a").OnError(err).Panic("unable to create csrfInterceptor")
cache, err := middleware.DefaultCacheInterceptor(EndpointResources, config.Cache.MaxAge.Duration, config.Cache.SharedMaxAge.Duration)
logging.Log("CONFI-BHq2a").OnError(err).Panic("unable to create cacheInterceptor")
security := middleware.SecurityHeaders(csp(), login.cspErrorHandler)
login.router = CreateRouter(login, statikFS, csrf, cache, security)
login.renderer = CreateRenderer(prefix, statikFS, config.LanguageCookieName, config.DefaultLanguage)
login.parser = form.NewParser()
return login
}
func csp() *middleware.CSP {
csp := middleware.DefaultSCP
csp.ObjectSrc = middleware.CSPSourceOptsSelf()
csp.StyleSrc = csp.StyleSrc.AddNonce()
csp.ScriptSrc = csp.ScriptSrc.AddNonce()
return &csp
}
func csrfInterceptor(config CSRF, errorHandler http.Handler) (func(http.Handler) http.Handler, error) {
csrfKey, err := crypto.LoadKey(config.Key, config.Key.EncryptionKeyID)
if err != nil {
return nil, err
}
return csrf.Protect([]byte(csrfKey),
csrf.Secure(!config.Development),
csrf.CookieName(config.CookieName),
csrf.Path("/"),
csrf.ErrorHandler(errorHandler),
), nil
}
func (l *Login) Handler() http.Handler {
return l.router
}
func (l *Login) Listen(ctx context.Context) {
if l.endpoint == "" {
l.endpoint = ":80"
} else {
l.endpoint = ":" + l.endpoint
}
defer logging.LogWithFields("APP-xUZof", "port", l.endpoint).Info("html is listening")
httpListener, err := net.Listen("tcp", l.endpoint)
logging.Log("CONFI-W5q2O").OnError(err).Panic("unable to start listener")
httpServer := &http.Server{
Handler: l.router,
}
go func() {
<-ctx.Done()
if err = httpServer.Shutdown(ctx); err != nil {
logging.Log("APP-mJKTv").WithError(err)
}
}()
go func() {
err := httpServer.Serve(httpListener)
logging.Log("APP-oSklt").OnError(err).Panic("unable to start listener")
}()
}
func setContext(ctx context.Context, resourceOwner string) context.Context {
data := authz.CtxData{
UserID: login,
OrgID: resourceOwner,
}
return authz.SetCtxData(ctx, data)
}
Reference in New Issue View Git Blame Copy Permalink