From 71cd89e5b36f3e970de734fb737c8442ff83b7dd Mon Sep 17 00:00:00 2001 From: Sneha <55897319+sneha-afk@users.noreply.github.com> Date: Fri, 9 Feb 2024 11:18:57 -0800 Subject: [PATCH 1/3] redirect to homepage after logging out --- authentication/user_accounts.go | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/authentication/user_accounts.go b/authentication/user_accounts.go index 7a6be9b..f7e1fb9 100644 --- a/authentication/user_accounts.go +++ b/authentication/user_accounts.go @@ -13,6 +13,8 @@ import ( "github.com/gin-gonic/gin" ) +const FRONTEND_HOST string = "localhost:5185" + // TODO: make this more elegant with Gin sessions or something var Curr_user_id string = "hi" @@ -75,7 +77,9 @@ func LogoutHandler(c *gin.Context) { scheme = "https" } - returnTo, err := url.Parse(scheme + "://" + c.Request.Host) + // Return to the not logged in page + // returnTo, err := url.Parse(scheme + "://" + c.Request.Host) + returnTo, err := url.Parse(scheme + "://" + FRONTEND_HOST) if err != nil { c.String(http.StatusInternalServerError, err.Error()) return @@ -134,7 +138,7 @@ func CallbackHandler(auth *Authenticator) gin.HandlerFunc { Curr_user_id = user_id // Redirect to logged in page. - c.Redirect(http.StatusTemporaryRedirect, "http://localhost:5185/loggedin") + c.Redirect(http.StatusTemporaryRedirect, "http://"+FRONTEND_HOST+"/loggedin") } } From 30d9cb3f7f984a1f295bc8d5097ee1a0ececab95 Mon Sep 17 00:00:00 2001 From: Sneha <55897319+sneha-afk@users.noreply.github.com> Date: Fri, 9 Feb 2024 11:58:41 -0800 Subject: [PATCH 2/3] allow CORS, sync with FE to allow credentials for protected endpoints --- authentication/user_accounts.go | 6 +++++- flake.lock | 6 +++--- go.mod | 7 ++----- go.sum | 10 ++-------- gomod2nix.toml | 15 ++++++--------- router.go | 12 ++++++++++++ 6 files changed, 30 insertions(+), 26 deletions(-) diff --git a/authentication/user_accounts.go b/authentication/user_accounts.go index f7e1fb9..1817cee 100644 --- a/authentication/user_accounts.go +++ b/authentication/user_accounts.go @@ -23,7 +23,10 @@ func IsAuthenticated(c *gin.Context) { // Auth token: for direct calls to this endpoint auth_token := c.GetHeader("Authorization") - if auth_token == "" && sessions.Default(c).Get("profile") == nil { + // Should have user profile saved to session + user_profile := sessions.Default(c).Get("profile") + + if auth_token == "" && user_profile == nil { // c.Redirect(http.StatusSeeOther, "/") // TODO: maybe make an "Oops, wrong page" c.String(http.StatusUnauthorized, "Forbidden") c.Abort() @@ -134,6 +137,7 @@ func CallbackHandler(auth *Authenticator) gin.HandlerFunc { } user_id := profile["sub"].(string)[len("auth0|"):] session.Set("user_id", user_id) + session.Save() c.Set("user_id", user_id) Curr_user_id = user_id diff --git a/flake.lock b/flake.lock index 013e58a..d952037 100644 --- a/flake.lock +++ b/flake.lock @@ -43,11 +43,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1707092692, - "narHash": "sha256-ZbHsm+mGk/izkWtT4xwwqz38fdlwu7nUUKXTOmm4SyE=", + "lastModified": 1707268954, + "narHash": "sha256-2en1kvde3cJVc3ZnTy8QeD2oKcseLFjYPLKhIGDanQ0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "faf912b086576fd1a15fca610166c98d47bc667e", + "rev": "f8e2ebd66d097614d51a56a755450d4ae1632df1", "type": "github" }, "original": { diff --git a/go.mod b/go.mod index f66d400..55ca12c 100644 --- a/go.mod +++ b/go.mod @@ -12,11 +12,7 @@ require ( golang.org/x/oauth2 v0.16.0 ) -require ( - github.com/kr/pretty v0.3.0 // indirect - github.com/rogpeppe/go-internal v1.8.0 // indirect - gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect -) +require github.com/kr/text v0.2.0 // indirect require ( github.com/bytedance/sonic v1.10.2 // indirect @@ -24,6 +20,7 @@ require ( github.com/chenzhuoyu/iasm v0.9.1 // indirect github.com/coreos/go-oidc/v3 v3.9.0 github.com/gabriel-vasile/mimetype v1.4.3 // indirect + github.com/gin-contrib/cors v1.5.0 github.com/gin-contrib/sessions v0.0.5 github.com/gin-contrib/sse v0.1.0 // indirect github.com/go-jose/go-jose/v3 v3.0.1 // indirect diff --git a/go.sum b/go.sum index 355e7fe..7f1c87a 100644 --- a/go.sum +++ b/go.sum @@ -19,6 +19,8 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0= github.com/gabriel-vasile/mimetype v1.4.3/go.mod h1:d8uq/6HKRL6CGdk+aubisF/M5GcPfT7nKyLpA0lbSSk= +github.com/gin-contrib/cors v1.5.0 h1:DgGKV7DDoOn36DFkNtbHrjoRiT5ExCe+PC9/xp7aKvk= +github.com/gin-contrib/cors v1.5.0/go.mod h1:TvU7MAZ3EwrPLI2ztzTt3tqgvBCq+wn8WpZmfADjupI= github.com/gin-contrib/sessions v0.0.5 h1:CATtfHmLMQrMNpJRgzjWXD7worTh7g7ritsQfmF+0jE= github.com/gin-contrib/sessions v0.0.5/go.mod h1:vYAuaUPqie3WUSsft6HUlCjlwwoJQs97miaG2+7neKY= github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE= @@ -68,12 +70,8 @@ github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa02 github.com/klauspost/cpuid/v2 v2.2.6 h1:ndNyv040zDGIDh8thGkXYjnFtiN02M1PVVF+JE/48xc= github.com/klauspost/cpuid/v2 v2.2.6/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws= github.com/knz/go-libedit v1.10.1/go.mod h1:MZTVkCWyz0oBc7JOWP3wNAzd002ZbM/5hgShxwh4x8M= -github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= -github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0= github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk= -github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= -github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/leodido/go-urn v1.3.0 h1:jX8FDLfW4ThVXctBNZ+3cIWnCSnrACDV73r76dy0aQQ= @@ -93,10 +91,8 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/pelletier/go-toml/v2 v2.1.1 h1:LWAJwfNvjQZCFIDKWYQaM62NcYeYViCmWIwmOStowAI= github.com/pelletier/go-toml/v2 v2.1.1/go.mod h1:tJU2Z3ZkXwnxa4DPO899bsyIoywizdUvyaeZurnPPDc= -github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= github.com/rogpeppe/go-internal v1.8.0 h1:FCbCCtXNOY3UtUuHUYaghJg4y7Fd14rXifAYUAtL9R8= github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= @@ -166,10 +162,8 @@ google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ google.golang.org/protobuf v1.32.0 h1:pPC6BG5ex8PDFnkbrGU3EixyhKcQ2aDuBS36lqK/C7I= google.golang.org/protobuf v1.32.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= -gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/go-jose/go-jose.v2 v2.6.2 h1:Rl5+9rA0kG3vsO1qhncMPRT5eHICihAMQYJkD7u/i4M= gopkg.in/go-jose/go-jose.v2 v2.6.2/go.mod h1:zzZDPkNNw/c9IE7Z9jr11mBZQhKQTMzoEEIoEdZlFBI= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/gomod2nix.toml b/gomod2nix.toml index 96fbd13..5096bfa 100644 --- a/gomod2nix.toml +++ b/gomod2nix.toml @@ -19,6 +19,9 @@ schema = 3 [mod."github.com/gabriel-vasile/mimetype"] version = "v1.4.3" hash = "sha256-EDmlRi3av27dq/ISVTglv08z4yZzMQ/SxL1c46EJro0=" + [mod."github.com/gin-contrib/cors"] + version = "v1.5.0" + hash = "sha256-NtdS8POOnyF+28ZZ3hFk4lt02jTz1BJL5Y73oCK2rII=" [mod."github.com/gin-contrib/sessions"] version = "v0.0.5" hash = "sha256-pqw/taGJ+E0wkeKC8zcg/8rxP+ihMJJoW42X+O6IDOk=" @@ -70,9 +73,9 @@ schema = 3 [mod."github.com/klauspost/cpuid/v2"] version = "v2.2.6" hash = "sha256-SlMBrOvotgIvGI7GsUmNxs++KpgzNCk1jOBAl8Oq8c8=" - [mod."github.com/kr/pretty"] - version = "v0.3.0" - hash = "sha256-5KfVas96NAU7pmN2ZOwQFFpUeagiJTqYKBLxq5aM5W4=" + [mod."github.com/kr/text"] + version = "v0.2.0" + hash = "sha256-fadcWxZOORv44oak3jTxm6YcITcFxdGt4bpn869HxUE=" [mod."github.com/leodido/go-urn"] version = "v1.3.0" hash = "sha256-AZTF26dTarC58fADEOfJAjM6YBOYw38ZSPU64Hu68MU=" @@ -91,9 +94,6 @@ schema = 3 [mod."github.com/pelletier/go-toml/v2"] version = "v2.1.1" hash = "sha256-BQtflYQ8Dt7FL/yFI9OnxwvsRk0oEO37ZXuGXFveVpo=" - [mod."github.com/rogpeppe/go-internal"] - version = "v1.8.0" - hash = "sha256-ze+/FkW3z3b+frAksjWPjDolP1UtSf6z0By6PGXTirM=" [mod."github.com/twitchyliquid64/golang-asm"] version = "v0.15.1" hash = "sha256-HLk6oUe7EoITrNvP0y8D6BtIgIcmDZYtb/xl/dufIoY=" @@ -127,9 +127,6 @@ schema = 3 [mod."google.golang.org/protobuf"] version = "v1.32.0" hash = "sha256-GJuTkMGHCzHbyK4yD5kY4oMn8wQWqgkeBK//yVDqHJk=" - [mod."gopkg.in/check.v1"] - version = "v1.0.0-20201130134442-10cb98267c6c" - hash = "sha256-VlIpM2r/OD+kkyItn6vW35dyc0rtkJufA93rjFyzncs=" [mod."gopkg.in/go-jose/go-jose.v2"] version = "v2.6.2" hash = "sha256-ZQalDV1vgfajnuHxjffCIi83GCHoJvqNgSICpFdqaPM=" diff --git a/router.go b/router.go index 02a85d5..ff0e1b6 100644 --- a/router.go +++ b/router.go @@ -7,7 +7,9 @@ import ( "log" "net/http" "strconv" + "time" + "github.com/gin-contrib/cors" "github.com/gin-contrib/sessions" "github.com/gin-contrib/sessions/cookie" "github.com/gin-gonic/gin" @@ -20,6 +22,16 @@ import ( func CreateRouter(auth *authentication.Authenticator) *gin.Engine { router := gin.Default() + // Allowing the frontend URL to get through CORS + router.Use(cors.New(cors.Config{ + AllowOrigins: []string{"http://" + authentication.FRONTEND_HOST}, + AllowMethods: []string{"GET", "PUT", "POST", "DELETE"}, + AllowHeaders: []string{"Origin"}, + ExposeHeaders: []string{"Content-Length"}, + AllowCredentials: true, + MaxAge: 12 * time.Hour, + })) + // To store custom types in our cookies, // we must first register them using gob.Register gob.Register(map[string]interface{}{}) From 0fd651255d8f0c6ef5f7696dfad690e2d9a1fda7 Mon Sep 17 00:00:00 2001 From: Sneha <55897319+sneha-afk@users.noreply.github.com> Date: Fri, 9 Feb 2024 15:12:43 -0800 Subject: [PATCH 3/3] cleanup b4 merge --- authentication/user_accounts.go | 3 --- 1 file changed, 3 deletions(-) diff --git a/authentication/user_accounts.go b/authentication/user_accounts.go index 1817cee..d0ae07a 100644 --- a/authentication/user_accounts.go +++ b/authentication/user_accounts.go @@ -136,9 +136,6 @@ func CallbackHandler(auth *Authenticator) gin.HandlerFunc { return } user_id := profile["sub"].(string)[len("auth0|"):] - session.Set("user_id", user_id) - session.Save() - c.Set("user_id", user_id) Curr_user_id = user_id // Redirect to logged in page.