Merge into one origin config.

This commit is contained in:
Gucheng Wang
2021-12-12 19:26:06 +08:00
parent 29807b82e1
commit 96e2f286ee
4 changed files with 12 additions and 14 deletions

View File

@ -14,5 +14,4 @@ httpProxy = "127.0.0.1:10808"
verificationCodeTimeout = 10 verificationCodeTimeout = 10
initScore = 2000 initScore = 2000
logPostOnly = true logPostOnly = true
oidcOrigin = "https://door.casbin.com" origin = "https://door.casbin.com"
samlOrigin = "http://localhost:8000"

View File

@ -19,9 +19,8 @@ import (
"encoding/pem" "encoding/pem"
"fmt" "fmt"
jose "gopkg.in/square/go-jose.v2"
"github.com/astaxie/beego" "github.com/astaxie/beego"
"gopkg.in/square/go-jose.v2"
) )
type OidcDiscovery struct { type OidcDiscovery struct {
@ -44,7 +43,7 @@ type OidcDiscovery struct {
var oidcDiscovery OidcDiscovery var oidcDiscovery OidcDiscovery
func init() { func init() {
oidcOrigin := beego.AppConfig.String("oidcOrigin") origin := beego.AppConfig.String("origin")
// Examples: // Examples:
// https://login.okta.com/.well-known/openid-configuration // https://login.okta.com/.well-known/openid-configuration
@ -52,11 +51,11 @@ func init() {
// https://accounts.google.com/.well-known/openid-configuration // https://accounts.google.com/.well-known/openid-configuration
// https://access.line.me/.well-known/openid-configuration // https://access.line.me/.well-known/openid-configuration
oidcDiscovery = OidcDiscovery{ oidcDiscovery = OidcDiscovery{
Issuer: oidcOrigin, Issuer: origin,
AuthorizationEndpoint: fmt.Sprintf("%s/login/oauth/authorize", oidcOrigin), AuthorizationEndpoint: fmt.Sprintf("%s/login/oauth/authorize", origin),
TokenEndpoint: fmt.Sprintf("%s/api/login/oauth/access_token", oidcOrigin), TokenEndpoint: fmt.Sprintf("%s/api/login/oauth/access_token", origin),
UserinfoEndpoint: fmt.Sprintf("%s/api/get-account", oidcOrigin), UserinfoEndpoint: fmt.Sprintf("%s/api/get-account", origin),
JwksUri: fmt.Sprintf("%s/api/certs", oidcOrigin), JwksUri: fmt.Sprintf("%s/api/certs", origin),
ResponseTypesSupported: []string{"id_token"}, ResponseTypesSupported: []string{"id_token"},
ResponseModesSupported: []string{"login", "code", "link"}, ResponseModesSupported: []string{"login", "code", "link"},
GrantTypesSupported: []string{"password", "authorization_code"}, GrantTypesSupported: []string{"password", "authorization_code"},

View File

@ -60,7 +60,7 @@ func buildSp(provider *Provider, samlResponse string) (*saml2.SAMLServiceProvide
certStore := dsig.MemoryX509CertificateStore{ certStore := dsig.MemoryX509CertificateStore{
Roots: []*x509.Certificate{}, Roots: []*x509.Certificate{},
} }
samlOrigin := beego.AppConfig.String("samlOrigin") origin := beego.AppConfig.String("origin")
certEncodedData := "" certEncodedData := ""
if samlResponse != "" { if samlResponse != "" {
de, err := base64.StdEncoding.DecodeString(samlResponse) de, err := base64.StdEncoding.DecodeString(samlResponse)
@ -84,8 +84,8 @@ func buildSp(provider *Provider, samlResponse string) (*saml2.SAMLServiceProvide
} }
certStore.Roots = append(certStore.Roots, idpCert) certStore.Roots = append(certStore.Roots, idpCert)
sp := &saml2.SAMLServiceProvider{ sp := &saml2.SAMLServiceProvider{
ServiceProviderIssuer: fmt.Sprintf("%s/api/acs", samlOrigin), ServiceProviderIssuer: fmt.Sprintf("%s/api/acs", origin),
AssertionConsumerServiceURL: fmt.Sprintf("%s/api/acs", samlOrigin), AssertionConsumerServiceURL: fmt.Sprintf("%s/api/acs", origin),
IDPCertificateStore: &certStore, IDPCertificateStore: &certStore,
} }
if provider != nil { if provider != nil {

View File

@ -43,7 +43,7 @@ func generateJwtToken(application *Application, user *User) (string, error) {
claims := Claims{ claims := Claims{
User: *user, User: *user,
RegisteredClaims: jwt.RegisteredClaims{ RegisteredClaims: jwt.RegisteredClaims{
Issuer: beego.AppConfig.String("oidcOrigin"), Issuer: beego.AppConfig.String("origin"),
Subject: user.Id, Subject: user.Id,
Audience: []string{application.ClientId}, Audience: []string{application.ClientId},
ExpiresAt: jwt.NewNumericDate(expireTime), ExpiresAt: jwt.NewNumericDate(expireTime),