book-api

Signed-off-by: airghy <tchuinkoufongue@gmail.com>
rjtch · Aug 10, 2024 · bf4cbe9 · bf4cbe9
1 parent 17fe315
commit bf4cbe9
Show file tree

Hide file tree

Showing 7 changed files with 391 additions and 352 deletions.
diff --git a/Dockerfile-books b/Dockerfile-books
@@ -1,5 +1,5 @@
 # Build the Go Binary.
-FROM golang:1.13 as build_books-api
+FROM golang:1.22.2 as build_books-api
 ENV CGO_ENABLED 0
 ARG VCS_REF
 ARG PACKAGE_NAME
@@ -36,14 +36,14 @@ ARG BUILD_DATE
 ARG VCS_REF
 ARG PACKAGE_NAME
 ARG PACKAGE_PREFIX
-COPY --from=build_books-api /book-library/private.pem /app-library/private.pem
+COPY --from=build_books-api /book-library/cmd/book-api/oidc /app-library/oidc
 COPY --from=build_books-api /book-library/cmd/${PACKAGE_PREFIX}admin/admin /app-library/book-api
 COPY --from=build_books-api /book-library/cmd/${PACKAGE_PREFIX}${PACKAGE_NAME}/${PACKAGE_NAME} /app-library/book-api
 WORKDIR /app-library
 CMD ["./book-api"]
 
 LABEL org.opencontainers.image.created="${BUILD_DATE}" \
       org.opencontainers.image.title="book-api" \
-      org.opencontainers.image.authors="Hergy Tchuinkou <tchuinkoufongue@gmail.com>" \
+      org.opencontainers.image.authors="Hergy Fongue" \
       org.opencontainers.image.source="https://github.com/rjtch/book-library/cmd/book-api" \
       org.opencontainers.image.revision="${VCS_REF}"
diff --git a/Dockerfile-metrics b/Dockerfile-metrics
@@ -36,6 +36,6 @@ CMD ["./metrics"]
 
 LABEL org.opencontainers.image.created="${BUILD_DATE}" \
       org.opencontainers.image.title="metrics" \
-      org.opencontainers.image.authors="Hergy Tchuinkou <tchuinkoufongue@gmail.com>" \
+      org.opencontainers.image.authors="Hergy Fongue" \
       org.opencontainers.image.source="https://github.com/rjtch/book-library/cmd/sidecar/metrics" \
       org.opencontainers.image.revision="${VCS_REF}"
diff --git a/cmd/book-api/internal/handlers/user.go b/cmd/book-api/internal/handlers/user.go
@@ -2,6 +2,7 @@ package handlers
 
 import (
 	"context"
+	"log"
 	"net/http"
 	"time"
 
@@ -35,6 +36,7 @@ func (u *User) List(ctx context.Context, w http.ResponseWriter, r *http.Request,
 	defer span.End()
 
 	claims, ok := ctx.Value(auth.Key).(auth.Claims)
+	log.Println("parameters %s", params)
 	if !ok {
 		if !claims.HasRole(auth.RoleAdmin) {
 			return errors.New("claims missing from context")

diff --git a/cmd/book-api/main.go b/cmd/book-api/main.go
@@ -2,12 +2,16 @@ package main
 
 import (
 	"context"
+	"crypto/rand"
+	"encoding/base64"
 	"expvar"
+	"io"
 	"log"
 	"net/http"
 	"os"
 	"os/signal"
 	"syscall"
+	"time"
 
 	"contrib.go.opencensus.io/exporter/zipkin"
 	"github.com/book-library/cmd/book-api/internal/handlers"
@@ -20,6 +24,7 @@ import (
 	_ "github.com/rakyll/statik/fs"
 	"github.com/spf13/viper"
 	"go.opencensus.io/trace"
+	"golang.org/x/oauth2"
 )
 
 // build is the git version of this program. It is set using build flags in the makefile.
@@ -35,6 +40,25 @@ func main() {
 	}
 }
 
+func randString(nByte int) (string, error) {
+	b := make([]byte, nByte)
+	if _, err := io.ReadFull(rand.Reader, b); err != nil {
+		return "", err
+	}
+	return base64.RawURLEncoding.EncodeToString(b), nil
+}
+
+func setCallbackCookie(w http.ResponseWriter, r *http.Request, name, value string) {
+	c := &http.Cookie{
+		Name:     name,
+		Value:    value,
+		MaxAge:   int(time.Hour.Seconds()),
+		Secure:   r.TLS != nil,
+		HttpOnly: true,
+	}
+	http.SetCookie(w, c)
+}
+
 func run() error {
 	ctx := context.Background()
 
@@ -43,16 +67,13 @@ func run() error {
 
 	log := log.New(os.Stdout, "BOOKS : ", log.LstdFlags|log.Lmicroseconds|log.Lshortfile)
 	// read config files
-	//	viper.SetConfigFile(configFile)
 	viper.AddConfigPath(configPath)
 	viper.SetConfigName(configName)
 	viper.SetConfigType(configType)
 	err := viper.ReadInConfig()
 	if err != nil {
 		return errors.Wrap(err, "generating config usage failed")
 	}
-	scopes := make([]string, 6)
-	scopes = append(scopes, viper.GetString("oauth.scopes"))
 	// =========================================================================
 	// Configuration
 	oauth := auth.OAuthenticator{
@@ -61,7 +82,7 @@ func run() error {
 		Endpoint:     viper.GetString("oauth.endpoint"),
 		RedirectUrl:  viper.GetString("oauth.redirectUrl"),
 		Issuer:       viper.GetString("oauth.issuer"),
-		Scopes:       scopes,
+		Scopes:       viper.GetStringSlice("oauth.scopes"),
 	}
 
 	db := auth.DB{
@@ -87,8 +108,21 @@ func run() error {
 		Probability:   viper.GetFloat64("zipkin.probability"),
 	}
 
-	provider := oidc.InsecureIssuerURLContext(ctx, viper.GetString("oauth.issuer"))
-	log.Printf("main : provider context version %q", provider)
+	provider, err := oidc.NewProvider(ctx, oauth.Issuer)
+	if err != nil {
+		return errors.Wrap(err, "Provider could not been  found")
+	}
+	oidcConfig := &oidc.Config{
+		ClientID: oauth.ClientID,
+	}
+	verifier := provider.Verifier(oidcConfig)
+	config := oauth2.Config{
+		ClientID:     oauth.ClientID,
+		ClientSecret: oauth.ClientSecret,
+		Endpoint:     provider.Endpoint(),
+		RedirectURL:  oauth.RedirectUrl,
+		Scopes:       oauth.Scopes,
+	}
 	// =========================================================================
 	// App Starting
 
@@ -101,9 +135,11 @@ func run() error {
 
 	log.Println("main : Started : Initializing authentication support")
 
-	authenticator, err := auth.OAuthenticate(oauth.ClientID, oauth.ClientSecret, oauth.Endpoint, oauth.RedirectUrl, oauth.Issuer, oauth.Scopes)
+	authenticator, err := auth.OAuthenticate(config.ClientID, config.ClientSecret, config.Endpoint.TokenURL, config.RedirectURL, oauth.Issuer, config.Scopes)
 	if err != nil {
 		return errors.Wrap(err, "constructing authenticator")
+	} else {
+		log.Println("Verifier %s", verifier)
 	}
 
 	// =========================================================================

diff --git a/cmd/book-api/oidc/config.json b/cmd/book-api/oidc/config.json
@@ -2,11 +2,11 @@
 {
 
         "oauth": {
-            "clientSecret": "eyJhbGciOiJIUzUxMiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIwZGU2YWRkZC1mZjZiLTRjZDAtODFjYi1iMDFiY2ViZDkzODEifQ.eyJleHAiOjE3Mjg5ODg1MDEsImlhdCI6MTcyMjA3NjUwMSwianRpIjoiZDcwYmYyNzItNzhiYS00ZDQ2LWFlYTctYWU5OTg4MTQ2ODZhIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL3JlYWxtcy9ib29rLXJlYWxtIiwiYXVkIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL3JlYWxtcy9ib29rLXJlYWxtIiwidHlwIjoiSW5pdGlhbEFjY2Vzc1Rva2VuIn0.s5c-u1tFCZejsIWBwwitwjFsSWaQQx5TyxA3ilUp7ju_kjAQddheGNsnOHyxIRWT5uqeYl0bxGkQR2cGvhKtXQ",
-            "clientID": "d70bf272-78ba-4d46-aea7-ae998814686a",
-            "endpoint": "http://localhost:8080/realms/book-realm/protocol/openid-connect/token",
-            "issuer": "http://localhost:8080/realms/book-realm",
-            "redirectUrl": "http://localhost:8080/realms/book-realm/auth/callback",
+            "clientSecret": "eyJhbGciOiJIUzUxMiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJiNDI5YTFkMy00ZjA1LTRkY2QtYTlkYy1iYTllNTJjMjRhOTcifQ.eyJleHAiOjE3MzE5NTc2NDMsImlhdCI6MTcyMzMxNzY0MywianRpIjoiYmVhZmM2ODEtZDY2Ny00YjMzLWJhYTctNzBhNzdjMjk3YzkzIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL3JlYWxtcy9ib29rLXJlYWxtIiwiYXVkIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL3JlYWxtcy9ib29rLXJlYWxtIiwidHlwIjoiSW5pdGlhbEFjY2Vzc1Rva2VuIn0.vLIJZWF0j9HJ7F-Gc1O74fNHamuxx2TPs10uXuOiv0Ur8K7TCkgtXvzSJQygHsHGh91P3kw7yJK2NQ5hTs2P-A",
+            "clientID": "book-auth",
+            "endpoint": "http://0.0.0.0:8080/realms/book-realm/protocol/openid-connect/token",
+            "issuer": "http://0.0.0.0:8080/realms/book-realm",
+            "redirectUrl": "http://0.0.0.0:8080/realms/book-realm/auth/callback",
             "scopes": ["oidc","profile", "email"]
         },
         "web": {