111 lines
3.4 KiB
Go
111 lines
3.4 KiB
Go
package handlers
|
|
|
|
import (
|
|
"net/http"
|
|
"os"
|
|
|
|
"github.com/gin-contrib/sessions"
|
|
"github.com/gin-gonic/gin"
|
|
"github.com/logto-io/go/client"
|
|
)
|
|
|
|
// SessionStorage implements Logto's Storage interface using Gin sessions
|
|
// Avoid cookie-based sessions due to size limits; use memory-based sessions for demo
|
|
// In production, use Redis/MongoDB
|
|
|
|
type SessionStorage struct {
|
|
session sessions.Session
|
|
}
|
|
|
|
func (s *SessionStorage) GetItem(key string) string {
|
|
value := s.session.Get(key)
|
|
if value == nil {
|
|
return ""
|
|
}
|
|
str, ok := value.(string)
|
|
if !ok {
|
|
return ""
|
|
}
|
|
return str
|
|
}
|
|
|
|
func (s *SessionStorage) SetItem(key, value string) {
|
|
s.session.Set(key, value)
|
|
s.session.Save()
|
|
}
|
|
|
|
// getLogtoConfig returns Logto config from environment variables
|
|
func getLogtoConfig() *client.LogtoConfig {
|
|
return &client.LogtoConfig{
|
|
Endpoint: os.Getenv("LOGTO_ENDPOINT"),
|
|
AppId: os.Getenv("LOGTO_APP_ID"),
|
|
AppSecret: os.Getenv("LOGTO_APP_SECRET"),
|
|
}
|
|
}
|
|
|
|
// HomeHandler shows auth state and sign-in/sign-out links
|
|
func HomeHandler(ctx *gin.Context) {
|
|
session := sessions.Default(ctx)
|
|
logtoClient := client.NewLogtoClient(getLogtoConfig(), &SessionStorage{session: session})
|
|
authState := "You are not logged in to this website. :("
|
|
if logtoClient.IsAuthenticated() {
|
|
authState = "You are logged in to this website! :)"
|
|
}
|
|
homePage := "<h1>Hello Logto</h1>" +
|
|
"<div>" + authState + "</div>" +
|
|
`<div><a href="/service/auth/sign-in">Sign In</a></div>` +
|
|
`<div><a href="/service/auth/sign-out">Sign Out</a></div>`
|
|
ctx.Data(http.StatusOK, "text/html; charset=utf-8", []byte(homePage))
|
|
}
|
|
|
|
// SignInHandler starts the Logto sign-in flow
|
|
func SignInHandler(ctx *gin.Context) {
|
|
session := sessions.Default(ctx)
|
|
logtoClient := client.NewLogtoClient(getLogtoConfig(), &SessionStorage{session: session})
|
|
redirectUri := os.Getenv("LOGTO_REDIRECT_URI")
|
|
signInUri, err := logtoClient.SignIn(redirectUri)
|
|
if err != nil {
|
|
ctx.String(http.StatusInternalServerError, err.Error())
|
|
return
|
|
}
|
|
ctx.Redirect(http.StatusTemporaryRedirect, signInUri)
|
|
}
|
|
|
|
// CallbackHandler handles the Logto sign-in callback
|
|
func CallbackHandler(ctx *gin.Context) {
|
|
session := sessions.Default(ctx)
|
|
logtoClient := client.NewLogtoClient(getLogtoConfig(), &SessionStorage{session: session})
|
|
err := logtoClient.HandleSignInCallback(ctx.Request)
|
|
if err != nil {
|
|
ctx.String(http.StatusInternalServerError, err.Error())
|
|
return
|
|
}
|
|
// Redirect to the frontend page instead of the backend auth page
|
|
ctx.Redirect(http.StatusTemporaryRedirect, os.Getenv("BASE_URL"))
|
|
}
|
|
|
|
// SignOutHandler starts the Logto sign-out flow
|
|
func SignOutHandler(ctx *gin.Context) {
|
|
session := sessions.Default(ctx)
|
|
logtoClient := client.NewLogtoClient(getLogtoConfig(), &SessionStorage{session: session})
|
|
postSignOutRedirectUri := os.Getenv("LOGTO_POST_SIGN_OUT_REDIRECT_URI")
|
|
signOutUri, err := logtoClient.SignOut(postSignOutRedirectUri)
|
|
if err != nil {
|
|
ctx.String(http.StatusOK, err.Error())
|
|
return
|
|
}
|
|
ctx.Redirect(http.StatusTemporaryRedirect, signOutUri)
|
|
}
|
|
|
|
// UserIdTokenClaimsHandler returns the user's ID token claims as JSON
|
|
func UserIdTokenClaimsHandler(ctx *gin.Context) {
|
|
session := sessions.Default(ctx)
|
|
logtoClient := client.NewLogtoClient(getLogtoConfig(), &SessionStorage{session: session})
|
|
idTokenClaims, err := logtoClient.GetIdTokenClaims()
|
|
if err != nil {
|
|
ctx.String(http.StatusOK, err.Error())
|
|
return
|
|
}
|
|
ctx.JSON(http.StatusOK, idTokenClaims)
|
|
}
|