main.go aktualisiert

This commit is contained in:
ds
2026-07-11 03:46:49 +00:00
parent 9686823812
commit 4b325fd588
+55 -21
View File
@@ -24,10 +24,10 @@ const (
var ( var (
oauthConfig *oauth2.Config oauthConfig *oauth2.Config
verifier *oidc.IDTokenVerifier verifier *oidc.IDTokenVerifier
sessionManager *scs.SessionManager
) )
func main() { func main() {
http.DefaultTransport.(*http.Transport).TLSClientConfig = http.DefaultTransport.(*http.Transport).TLSClientConfig =
&tls.Config{ &tls.Config{
InsecureSkipVerify: true, InsecureSkipVerify: true,
@@ -35,6 +35,27 @@ func main() {
ctx := context.Background() ctx := context.Background()
// valkey session
client, err := valkey.NewClient(
valkey.ClientOption{
InitAddress: []string{
"valkey:6379",
},
},
)
if err != nil {
log.Fatal(err)
}
sessionManager = scs.New()
sessionManager.Store = valkeystore.New(client)
sessionManager.Lifetime = 24 * time.Hour
sessionManager.Cookie.HttpOnly = true
sessionManager.Cookie.Secure = true
sessionManager.Cookie.SameSite = http.SameSiteLaxMode
// valkey session end
// OIDC Discovery (.well-known/openid-configuration) // OIDC Discovery (.well-known/openid-configuration)
provider, err := oidc.NewProvider(ctx, keycloakURL) provider, err := oidc.NewProvider(ctx, keycloakURL)
if err != nil { if err != nil {
@@ -65,7 +86,12 @@ func main() {
http.HandleFunc("/logout", logout) http.HandleFunc("/logout", logout)
log.Println("running :8080") log.Println("running :8080")
log.Fatal(http.ListenAndServe(":8080", nil)) log.Fatal(
http.ListenAndServe(
":8080",
sessionManager.LoadAndSave(http.DefaultServeMux),
),
)
} }
@@ -75,11 +101,11 @@ func login(w http.ResponseWriter, r *http.Request) {
// CSRF-Schutz: State erzeugen // CSRF-Schutz: State erzeugen
state := randomString() state := randomString()
http.SetCookie(w, &http.Cookie{ sessionManager.Put(
Name: "oidc_state", r.Context(),
Value: state, "user",
Path: "/", claims.Username,
}) )
url := oauthConfig.AuthCodeURL( url := oauthConfig.AuthCodeURL(
state, state,
@@ -153,12 +179,16 @@ func callback(w http.ResponseWriter, r *http.Request) {
func home(w http.ResponseWriter, r *http.Request) { func home(w http.ResponseWriter, r *http.Request) {
cookie, err := r.Cookie("user") user := sessionManager.GetString(
r.Context(),
"user",
)
if err != nil { if user == "" {
fmt.Fprint(w, ` fmt.Fprint(w, `
<h1>OIDC Demo</h1> <h1>OIDC Demo</h1>
<a href="/login"> <a href="/login">
<button>Anmeldung über OIDC</button> <button>Anmeldung über OIDC</button>
</a> </a>
@@ -167,27 +197,31 @@ func home(w http.ResponseWriter, r *http.Request) {
return return
} }
fmt.Fprintf(
fmt.Fprintf(w, ` w,
`
<h1>Hallo %s</h1> <h1>Hallo %s</h1>
<form action="/logout" method="post"> <form action="/logout" method="post">
<button>Abmelden</button> <button>Abmelden</button>
</form> </form>
`, cookie.Value) `,
user,
)
} }
func logout(w http.ResponseWriter, r *http.Request) { func logout(w http.ResponseWriter, r *http.Request) {
sessionManager.Destroy(
http.SetCookie(w, &http.Cookie{ r.Context(),
Name: "user", )
Value: "", http.Redirect(
Path: "/", w,
MaxAge: -1, r,
}) "/",
http.StatusFound,
http.Redirect(w, r, "/", 302) )
} }