authHandler starts the OAuth2 PKCE flow to authenticate the user and get a rill access token.
(httpPort int, secure bool)
| 809 | |
| 810 | // authHandler starts the OAuth2 PKCE flow to authenticate the user and get a rill access token. |
| 811 | func (s *Server) authHandler(httpPort int, secure bool) http.Handler { |
| 812 | scheme := "http" |
| 813 | if secure { |
| 814 | scheme = "https" |
| 815 | } |
| 816 | redirectURL := fmt.Sprintf("%s://localhost:%d/auth/callback", scheme, httpPort) |
| 817 | |
| 818 | return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { |
| 819 | // generate random state |
| 820 | b := make([]byte, 32) |
| 821 | _, err := rand.Read(b) |
| 822 | if err != nil { |
| 823 | http.Error(w, fmt.Sprintf("failed to generate state: %s", err), http.StatusInternalServerError) |
| 824 | return |
| 825 | } |
| 826 | state := base64.URLEncoding.EncodeToString(b) |
| 827 | |
| 828 | // check the request for redirect query param, we will use this to redirect back to this after auth |
| 829 | origin := r.URL.Query().Get("redirect") |
| 830 | if origin == "" { |
| 831 | origin = "/" |
| 832 | } |
| 833 | |
| 834 | authenticator, err := pkce.NewAuthenticator(s.app.ch.AdminURL(), redirectURL, database.AuthClientIDRillWebLocal, origin) |
| 835 | if err != nil { |
| 836 | http.Error(w, fmt.Sprintf("failed to generate pkce authenticator: %s", err), http.StatusInternalServerError) |
| 837 | return |
| 838 | } |
| 839 | s.app.pkceAuthenticators[state] = authenticator |
| 840 | authURL := authenticator.GetAuthURL(state) |
| 841 | http.Redirect(w, r, authURL, http.StatusFound) |
| 842 | }) |
| 843 | } |
| 844 | |
| 845 | // authCallbackHandler handles the OAuth2 PKCE callback to exchange the authorization code for a rill access token. |
| 846 | func (s *Server) authCallbackHandler() http.Handler { |
no test coverage detected