add .well-known proxy endpoints

Gaucho-Racing · Sep 12, 2024 · 3a5dbb2 · 3a5dbb2
1 parent f1d03be
commit 3a5dbb2
Show file tree

Hide file tree

Showing 5 changed files with 29 additions and 12 deletions.
diff --git a/controller/oauth_controller.go b/controller/oauth_controller.go
@@ -163,6 +163,11 @@ func OauthAuthorize(c *gin.Context) {
 	} else {
 		prompt = "consent"
 	}
+	reponseType := c.Query("response_type")
+	if reponseType == "" {
+		reponseType = "code"
+	}
+
 	// Handle Validate Request
 	if c.Request.Method == "GET" {
 		c.JSON(http.StatusOK, gin.H{
@@ -173,20 +178,24 @@ func OauthAuthorize(c *gin.Context) {
 		})
 		return
 	}
+
 	// Handle Authorize Request
-	code, err := service.GenerateAuthorizationCode(clientID, GetRequestUserID(c), scope)
-	if err != nil {
-		c.JSON(http.StatusInternalServerError, gin.H{"message": err.Error()})
-		return
-	}
-	go service.CreateLogin(model.UserLogin{
+	defer service.CreateLogin(model.UserLogin{
 		UserID:      GetRequestUserID(c),
 		Destination: clientID,
 		Scope:       scope,
 		IPAddress:   c.ClientIP(),
 		LoginType:   "oauth",
 	})
-	c.JSON(http.StatusOK, code)
+	if reponseType == "code" {
+		code, err := service.GenerateAuthorizationCode(clientID, GetRequestUserID(c), scope)
+		if err != nil {
+			c.JSON(http.StatusInternalServerError, gin.H{"message": err.Error()})
+			return
+		}
+		c.JSON(http.StatusOK, code)
+		return
+	}
 }
 
 func OauthExchange(c *gin.Context) {

diff --git a/controller/route_controller.go b/controller/route_controller.go
@@ -31,8 +31,8 @@ func SetupRouter() *gin.Engine {
 
 func InitializeRoutes(router *gin.Engine) {
 	router.GET("/ping", Ping)
-	router.GET("/jwks.json", GetJWKS)
-	router.GET("/openid-configuration", GetOpenIDConfig)
+	router.GET("/config/jwks.json", GetJWKS)
+	router.GET("/config/openid-configuration", GetOpenIDConfig)
 	router.POST("/auth/register", RegisterAccountPassword)
 	router.POST("/auth/login", LoginAccount)
 	router.POST("/auth/login/discord", LoginDiscord)

diff --git a/model/auth.go b/model/auth.go
@@ -16,8 +16,8 @@ type TokenResponse struct {
 }
 
 type AuthClaims struct {
-	Email string `json:"email"`
-	Scope string `json:"scope"`
+	Email string `json:"email,omitempty"`
+	Scope string `json:"scope,omitempty"`
 	jwt.RegisteredClaims
 }
 

diff --git a/service/auth_service.go b/service/auth_service.go
@@ -14,6 +14,7 @@ import (
 	"unicode"
 
 	"github.com/golang-jwt/jwt/v4"
+	"github.com/google/uuid"
 	"golang.org/x/crypto/bcrypt"
 )
 
@@ -133,7 +134,8 @@ func GenerateJWT(userID string, email string, scope string, client_id string) (s
 		Email: email,
 		Scope: scope,
 		RegisteredClaims: jwt.RegisteredClaims{
-			ID:        userID,
+			ID:        uuid.NewString(),
+			Subject:   userID,
 			Issuer:    "https://sso.gauchoracing.com/",
 			Audience:  jwt.ClaimStrings{client_id},
 			IssuedAt:  jwt.NewNumericDate(time.Now()),

diff --git a/web/netlify.toml b/web/netlify.toml
@@ -4,6 +4,12 @@
   status = 200
   force = true
 
+[[redirects]]
+  from = "/.well-known/*"
+  to = "https://sentinel-api.gauchoracing.com/config/:splat"
+  status = 200
+  force = true
+
 [[redirects]]
   from = "/*"
   to = "/index.html"