main.go aktualisiert
This commit is contained in:
@@ -24,10 +24,10 @@ const (
|
||||
var (
|
||||
oauthConfig *oauth2.Config
|
||||
verifier *oidc.IDTokenVerifier
|
||||
sessionManager *scs.SessionManager
|
||||
)
|
||||
|
||||
func main() {
|
||||
|
||||
http.DefaultTransport.(*http.Transport).TLSClientConfig =
|
||||
&tls.Config{
|
||||
InsecureSkipVerify: true,
|
||||
@@ -35,6 +35,27 @@ func main() {
|
||||
|
||||
ctx := context.Background()
|
||||
|
||||
// valkey session
|
||||
client, err := valkey.NewClient(
|
||||
valkey.ClientOption{
|
||||
InitAddress: []string{
|
||||
"valkey:6379",
|
||||
},
|
||||
},
|
||||
)
|
||||
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
|
||||
sessionManager = scs.New()
|
||||
sessionManager.Store = valkeystore.New(client)
|
||||
sessionManager.Lifetime = 24 * time.Hour
|
||||
sessionManager.Cookie.HttpOnly = true
|
||||
sessionManager.Cookie.Secure = true
|
||||
sessionManager.Cookie.SameSite = http.SameSiteLaxMode
|
||||
// valkey session end
|
||||
|
||||
// OIDC Discovery (.well-known/openid-configuration)
|
||||
provider, err := oidc.NewProvider(ctx, keycloakURL)
|
||||
if err != nil {
|
||||
@@ -65,7 +86,12 @@ func main() {
|
||||
http.HandleFunc("/logout", logout)
|
||||
|
||||
log.Println("running :8080")
|
||||
log.Fatal(http.ListenAndServe(":8080", nil))
|
||||
log.Fatal(
|
||||
http.ListenAndServe(
|
||||
":8080",
|
||||
sessionManager.LoadAndSave(http.DefaultServeMux),
|
||||
),
|
||||
)
|
||||
}
|
||||
|
||||
|
||||
@@ -75,11 +101,11 @@ func login(w http.ResponseWriter, r *http.Request) {
|
||||
// CSRF-Schutz: State erzeugen
|
||||
state := randomString()
|
||||
|
||||
http.SetCookie(w, &http.Cookie{
|
||||
Name: "oidc_state",
|
||||
Value: state,
|
||||
Path: "/",
|
||||
})
|
||||
sessionManager.Put(
|
||||
r.Context(),
|
||||
"user",
|
||||
claims.Username,
|
||||
)
|
||||
|
||||
url := oauthConfig.AuthCodeURL(
|
||||
state,
|
||||
@@ -153,41 +179,49 @@ func callback(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
func home(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
cookie, err := r.Cookie("user")
|
||||
user := sessionManager.GetString(
|
||||
r.Context(),
|
||||
"user",
|
||||
)
|
||||
|
||||
if err != nil {
|
||||
if user == "" {
|
||||
|
||||
fmt.Fprint(w, `
|
||||
<h1>OIDC Demo</h1>
|
||||
|
||||
<a href="/login">
|
||||
<button>Anmeldung über OIDC</button>
|
||||
</a>
|
||||
`)
|
||||
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
fmt.Fprintf(w, `
|
||||
fmt.Fprintf(
|
||||
w,
|
||||
`
|
||||
<h1>Hallo %s</h1>
|
||||
|
||||
<form action="/logout" method="post">
|
||||
<button>Abmelden</button>
|
||||
</form>
|
||||
`, cookie.Value)
|
||||
`,
|
||||
user,
|
||||
)
|
||||
|
||||
}
|
||||
|
||||
|
||||
func logout(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
http.SetCookie(w, &http.Cookie{
|
||||
Name: "user",
|
||||
Value: "",
|
||||
Path: "/",
|
||||
MaxAge: -1,
|
||||
})
|
||||
|
||||
http.Redirect(w, r, "/", 302)
|
||||
sessionManager.Destroy(
|
||||
r.Context(),
|
||||
)
|
||||
http.Redirect(
|
||||
w,
|
||||
r,
|
||||
"/",
|
||||
http.StatusFound,
|
||||
)
|
||||
}
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user