libauth/examples/server.go

100 lines
2.1 KiB
Go

package main
import (
"encoding/json"
"fmt"
"net/http"
"os"
"strings"
"git.rootprojects.org/root/libauth"
"git.rootprojects.org/root/libauth/chiauth"
"github.com/go-chi/chi/v5"
"github.com/joho/godotenv"
)
func main() {
godotenv.Load(".env")
r := chi.NewRouter()
if 0 == len(os.Getenv("OIDC_ISSUERS")) {
os.Setenv("OIDC_ISSUERS", "https://therootcompany.github.io/libauth/")
}
whitelist, err := libauth.ParseIssuerEnvs("OIDC_ISSUERS", "OIDC_ISSUERS_INTERNAL")
if nil != err {
panic(err)
}
// Unauthenticated Routes
r.Group(func(r chi.Router) {
tokenVerifier := chiauth.NewTokenVerifier(chiauth.VerificationParams{
Issuers: whitelist,
Optional: true,
})
r.Use(tokenVerifier)
r.Post("/api/hello", func(w http.ResponseWriter, r *http.Request) {
jws := chiauth.GetJWS(r)
w.Write([]byte(
fmt.Sprintf(`{ "message": "Hello, World!", "authenticated": %t }`, jws.Trusted),
))
})
})
// Authenticated Routes
r.Group(func(r chi.Router) {
tokenVerifier := chiauth.NewTokenVerifier(chiauth.VerificationParams{
Issuers: whitelist,
Optional: false,
})
r.Use(tokenVerifier)
r.Post("/api/users/profile", func(w http.ResponseWriter, r *http.Request) {
jws := chiauth.GetJWS(r)
if nil == jws || !jws.Trusted {
http.Error(w, "Unauthorized", http.StatusUnauthorized)
return
}
userID := jws.Claims["sub"].(string)
b, _ := json.MarshalIndent(struct {
UserID string `json:"user_id"`
}{
UserID: userID,
}, "", " ")
w.Write(append(b, '\n'))
})
})
// ...
bindAddr := ":3000"
fmt.Println("Listening on", bindAddr)
fmt.Println("")
fmt.Println("Try this:")
fmt.Println("")
fmt.Println("")
cwd, _ := os.Getwd()
fmt.Println(" pushd", cwd)
fmt.Println("")
fmt.Println(" my_jwt=\"$(cat ./jwt.txt)\"")
fmt.Println(
strings.Join(
[]string{
" curl -X POST http://localhost:3000/api/users/profile",
" -H \"Authorization: Bearer ${my_jwt}\"",
" -H 'Content-Type: application/json'",
" --data-binary '{ \"foo\": \"bar\" }'",
},
" \\\n",
),
)
fmt.Println("")
http.ListenAndServe(bindAddr, r)
}