134 lines
3.3 KiB
Go
134 lines
3.3 KiB
Go
package main
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"log"
|
|
"net/http"
|
|
"os"
|
|
"strings"
|
|
|
|
"github.com/coreos/go-oidc"
|
|
"golang.org/x/oauth2"
|
|
"golang.org/x/oauth2/microsoft"
|
|
)
|
|
|
|
var (
|
|
clientID = os.Getenv("AZURE_CLIENT_ID")
|
|
clientSecret = os.Getenv("AZURE_CLIENT_SECRET")
|
|
redirectURL = os.Getenv("AZURE_REDIRECT_URL") // e.g., http://localhost:5000/callback
|
|
tenantID = os.Getenv("AZURE_TENANT_ID")
|
|
|
|
provider *oidc.Provider
|
|
verifier *oidc.IDTokenVerifier
|
|
oauth2Config *oauth2.Config
|
|
)
|
|
|
|
func main() {
|
|
|
|
nextIP, err := getNextFreeIP()
|
|
if err != nil {
|
|
fmt.Println("Error:", err)
|
|
} else {
|
|
fmt.Println("Next available IP:", nextIP)
|
|
}
|
|
|
|
ctx := context.Background()
|
|
issuer := fmt.Sprintf("https://login.microsoftonline.com/%s/v2.0", tenantID)
|
|
|
|
provider, err = oidc.NewProvider(ctx, issuer)
|
|
if err != nil {
|
|
log.Fatalf("failed to get provider: %v", err)
|
|
}
|
|
|
|
verifier = provider.Verifier(&oidc.Config{ClientID: clientID})
|
|
|
|
oauth2Config = &oauth2.Config{
|
|
ClientID: clientID,
|
|
ClientSecret: clientSecret,
|
|
Endpoint: microsoft.AzureADEndpoint(tenantID),
|
|
RedirectURL: redirectURL,
|
|
Scopes: []string{oidc.ScopeOpenID, "profile", "email"},
|
|
}
|
|
|
|
http.HandleFunc("/", handleIndex)
|
|
http.HandleFunc("/callback", handleCallback)
|
|
|
|
log.Println("Server started at http://localhost:5000")
|
|
log.Fatal(http.ListenAndServe(":5000", nil))
|
|
|
|
}
|
|
|
|
func handleIndex(w http.ResponseWriter, r *http.Request) {
|
|
idTokenCookie, err := r.Cookie("id_token")
|
|
if err != nil {
|
|
log.Println("No id_token cookie found:", err)
|
|
http.Redirect(w, r, oauth2Config.AuthCodeURL("state", oauth2.AccessTypeOffline), http.StatusFound)
|
|
return
|
|
}
|
|
|
|
token, err := verifier.Verify(r.Context(), idTokenCookie.Value)
|
|
if err != nil {
|
|
log.Println("Token verification failed:", err)
|
|
// Clear the invalid cookie to avoid another loop
|
|
http.SetCookie(w, &http.Cookie{
|
|
Name: "id_token",
|
|
Value: "",
|
|
Path: "/",
|
|
MaxAge: -1,
|
|
HttpOnly: true,
|
|
})
|
|
fmt.Printf("Tokent: %s", token)
|
|
http.Redirect(w, r, oauth2Config.AuthCodeURL("state", oauth2.AccessTypeOffline), http.StatusFound)
|
|
return
|
|
}
|
|
|
|
var claims struct {
|
|
Email string `json:"email"`
|
|
PreferredUsername string `json:"preferred_username"`
|
|
Name string `json:"name"`
|
|
}
|
|
if err := token.Claims(&claims); err != nil {
|
|
http.Error(w, "Failed to parse claims", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
email := claims.Email
|
|
if email == "" {
|
|
email = strings.Split(claims.PreferredUsername, "@")[0]
|
|
}
|
|
fmt.Fprintf(w, "Welcome! Logged in as: %s", email)
|
|
}
|
|
|
|
func handleCallback(w http.ResponseWriter, r *http.Request) {
|
|
ctx := r.Context()
|
|
code := r.URL.Query().Get("code")
|
|
|
|
token, err := oauth2Config.Exchange(ctx, code)
|
|
if err != nil {
|
|
http.Error(w, "Token exchange failed", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
rawIDToken, ok := token.Extra("id_token").(string)
|
|
if !ok {
|
|
http.Error(w, "No id_token found", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
// Verify and set as cookie
|
|
_, err = verifier.Verify(ctx, rawIDToken)
|
|
if err != nil {
|
|
http.Error(w, "Failed to verify ID token", http.StatusUnauthorized)
|
|
return
|
|
}
|
|
|
|
// Set token as cookie
|
|
http.SetCookie(w, &http.Cookie{
|
|
Name: "id_token",
|
|
Value: rawIDToken,
|
|
Path: "/",
|
|
HttpOnly: true,
|
|
})
|
|
http.Redirect(w, r, "/", http.StatusFound)
|
|
}
|