diff --git a/main.go b/main.go index 53f4621..32e647f 100644 --- a/main.go +++ b/main.go @@ -24,10 +24,10 @@ const ( var ( oauthConfig *oauth2.Config verifier *oidc.IDTokenVerifier + sessionManager *scs.SessionManager ) func main() { - http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{ InsecureSkipVerify: true, @@ -35,6 +35,27 @@ func main() { ctx := context.Background() + // valkey session + client, err := valkey.NewClient( + valkey.ClientOption{ + InitAddress: []string{ + "valkey:6379", + }, + }, + ) + + if err != nil { + log.Fatal(err) + } + + sessionManager = scs.New() + sessionManager.Store = valkeystore.New(client) + sessionManager.Lifetime = 24 * time.Hour + sessionManager.Cookie.HttpOnly = true + sessionManager.Cookie.Secure = true + sessionManager.Cookie.SameSite = http.SameSiteLaxMode + // valkey session end + // OIDC Discovery (.well-known/openid-configuration) provider, err := oidc.NewProvider(ctx, keycloakURL) if err != nil { @@ -65,7 +86,12 @@ func main() { http.HandleFunc("/logout", logout) log.Println("running :8080") - log.Fatal(http.ListenAndServe(":8080", nil)) + log.Fatal( + http.ListenAndServe( + ":8080", + sessionManager.LoadAndSave(http.DefaultServeMux), + ), + ) } @@ -75,11 +101,11 @@ func login(w http.ResponseWriter, r *http.Request) { // CSRF-Schutz: State erzeugen state := randomString() - http.SetCookie(w, &http.Cookie{ - Name: "oidc_state", - Value: state, - Path: "/", - }) + sessionManager.Put( + r.Context(), + "user", + claims.Username, + ) url := oauthConfig.AuthCodeURL( state, @@ -153,41 +179,49 @@ func callback(w http.ResponseWriter, r *http.Request) { func home(w http.ResponseWriter, r *http.Request) { - cookie, err := r.Cookie("user") + user := sessionManager.GetString( + r.Context(), + "user", +) - if err != nil { +if user == "" { - fmt.Fprint(w, ` + fmt.Fprint(w, `

OIDC Demo

+ `) - return - } + return +} - - fmt.Fprintf(w, ` +fmt.Fprintf( + w, + `

Hallo %s

-`, cookie.Value) +`, + user, +) + } func logout(w http.ResponseWriter, r *http.Request) { - - http.SetCookie(w, &http.Cookie{ - Name: "user", - Value: "", - Path: "/", - MaxAge: -1, - }) - - http.Redirect(w, r, "/", 302) + sessionManager.Destroy( + r.Context(), + ) + http.Redirect( + w, + r, + "/", + http.StatusFound, + ) }