Compare commits

...

3 Commits

Author SHA1 Message Date
ds 8f61827f8a main.go aktualisiert 2026-07-11 04:11:41 +00:00
ds 4b325fd588 main.go aktualisiert 2026-07-11 03:46:49 +00:00
ds 9686823812 add imports 2026-07-11 03:30:47 +00:00
2 changed files with 67 additions and 24 deletions
+5
View File
@@ -5,9 +5,14 @@ go 1.23.0
require (
github.com/coreos/go-oidc/v3 v3.11.0
golang.org/x/oauth2 v0.27.0
"time"
"github.com/alexedwards/scs/v2"
"github.com/alexedwards/scs/valkeystore"
"github.com/valkey-io/valkey-go"
)
require (
github.com/go-jose/go-jose/v4 v4.0.2 // indirect
golang.org/x/crypto v0.25.0 // indirect
)
+59 -21
View File
@@ -5,11 +5,15 @@ import (
"crypto/rand"
"encoding/base64"
"fmt"
"time"
"log"
"net/http"
"crypto/tls"
"github.com/coreos/go-oidc/v3/oidc"
"golang.org/x/oauth2"
"github.com/alexedwards/scs/v2"
"github.com/alexedwards/scs/valkeystore"
"github.com/valkey-io/valkey-go"
)
const (
@@ -24,10 +28,10 @@ const (
var (
oauthConfig *oauth2.Config
verifier *oidc.IDTokenVerifier
sessionManager *scs.SessionManager
)
func main() {
http.DefaultTransport.(*http.Transport).TLSClientConfig =
&tls.Config{
InsecureSkipVerify: true,
@@ -35,6 +39,27 @@ func main() {
ctx := context.Background()
// valkey session
client, err := valkey.NewClient(
valkey.ClientOption{
InitAddress: []string{
"valkey:6379",
},
},
)
if err != nil {
log.Fatal(err)
}
sessionManager = scs.New()
sessionManager.Store = valkeystore.New(client)
sessionManager.Lifetime = 24 * time.Hour
sessionManager.Cookie.HttpOnly = true
sessionManager.Cookie.Secure = true
sessionManager.Cookie.SameSite = http.SameSiteLaxMode
// valkey session end
// OIDC Discovery (.well-known/openid-configuration)
provider, err := oidc.NewProvider(ctx, keycloakURL)
if err != nil {
@@ -65,7 +90,12 @@ func main() {
http.HandleFunc("/logout", logout)
log.Println("running :8080")
log.Fatal(http.ListenAndServe(":8080", nil))
log.Fatal(
http.ListenAndServe(
":8080",
sessionManager.LoadAndSave(http.DefaultServeMux),
),
)
}
@@ -75,11 +105,11 @@ func login(w http.ResponseWriter, r *http.Request) {
// CSRF-Schutz: State erzeugen
state := randomString()
http.SetCookie(w, &http.Cookie{
Name: "oidc_state",
Value: state,
Path: "/",
})
sessionManager.Put(
r.Context(),
"user",
claims.Username,
)
url := oauthConfig.AuthCodeURL(
state,
@@ -153,12 +183,16 @@ func callback(w http.ResponseWriter, r *http.Request) {
func home(w http.ResponseWriter, r *http.Request) {
cookie, err := r.Cookie("user")
user := sessionManager.GetString(
r.Context(),
"user",
)
if err != nil {
if user == "" {
fmt.Fprint(w, `
<h1>OIDC Demo</h1>
<a href="/login">
<button>Anmeldung über OIDC</button>
</a>
@@ -167,27 +201,31 @@ func home(w http.ResponseWriter, r *http.Request) {
return
}
fmt.Fprintf(w, `
fmt.Fprintf(
w,
`
<h1>Hallo %s</h1>
<form action="/logout" method="post">
<button>Abmelden</button>
</form>
`, cookie.Value)
`,
user,
)
}
func logout(w http.ResponseWriter, r *http.Request) {
http.SetCookie(w, &http.Cookie{
Name: "user",
Value: "",
Path: "/",
MaxAge: -1,
})
http.Redirect(w, r, "/", 302)
sessionManager.Destroy(
r.Context(),
)
http.Redirect(
w,
r,
"/",
http.StatusFound,
)
}