go.chromium.org/luci@v0.0.0-20240309015107-7cdc2e660f33/server/auth/handlers.go

go.chromium.org/luci@v0.0.0-20240309015107-7cdc2e660f33/server/auth/handlers.go (about)

     1  // Copyright 2015 The LUCI Authors.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //      http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package auth
    16  
    17  import (
    18  	"encoding/json"
    19  	"fmt"
    20  	"net/http"
    21  
    22  	"go.chromium.org/luci/common/logging"
    23  
    24  	"go.chromium.org/luci/server/router"
    25  )
    26  
    27  // InstallHandlers installs authentication related HTTP handlers.
    28  //
    29  // All new HTTP routes live under '/auth/api/' prefix.
    30  //
    31  // If you are using appengine/gaeauth/server, these handlers are already
    32  // installed.
    33  func InstallHandlers(r *router.Router, base router.MiddlewareChain) {
    34  	r.GET("/auth/api/v1/server/certificates", base, certsHandler)
    35  	r.GET("/auth/api/v1/server/info", base, infoHandler)
    36  	r.GET("/auth/api/v1/server/client_id", base, clientIDHandler)
    37  }
    38  
    39  // certsHandler servers public certificates of the signer in the context.
    40  func certsHandler(c *router.Context) {
    41  	s := GetSigner(c.Request.Context())
    42  	if s == nil {
    43  		httpReplyError(c, http.StatusNotFound, "No Signer instance available")
    44  		return
    45  	}
    46  	certs, err := s.Certificates(c.Request.Context())
    47  	if err != nil {
    48  		httpReplyError(c, http.StatusInternalServerError, fmt.Sprintf("Can't fetch certificates - %s", err))
    49  	} else {
    50  		httpReply(c, http.StatusOK, certs)
    51  	}
    52  }
    53  
    54  // infoHandler returns information about the current service identity.
    55  func infoHandler(c *router.Context) {
    56  	s := GetSigner(c.Request.Context())
    57  	if s == nil {
    58  		httpReplyError(c, http.StatusNotFound, "No Signer instance available")
    59  		return
    60  	}
    61  	info, err := s.ServiceInfo(c.Request.Context())
    62  	if err != nil {
    63  		httpReplyError(c, http.StatusInternalServerError, fmt.Sprintf("Can't grab service info - %s", err))
    64  	} else {
    65  		httpReply(c, http.StatusOK, info)
    66  	}
    67  }
    68  
    69  // clientIDHandler returns OAuth2.0 client ID intended for the frontend.
    70  func clientIDHandler(c *router.Context) {
    71  	clientID, err := GetFrontendClientID(c.Request.Context())
    72  	if err != nil {
    73  		httpReplyError(c, http.StatusInternalServerError, fmt.Sprintf("Can't grab the client ID - %s", err))
    74  	} else {
    75  		httpReply(c, http.StatusOK, map[string]string{"client_id": clientID})
    76  	}
    77  }
    78  
    79  ////
    80  
    81  func httpReply(c *router.Context, code int, out any) {
    82  	c.Writer.Header().Set("Content-Type", "application/json")
    83  	c.Writer.WriteHeader(code)
    84  	if err := json.NewEncoder(c.Writer).Encode(out); err != nil {
    85  		logging.Errorf(c.Request.Context(), "Failed to JSON encode output - %s", err)
    86  	}
    87  }
    88  
    89  func httpReplyError(c *router.Context, code int, msg string) {
    90  	errorReply := struct {
    91  		Error string `json:"error"`
    92  	}{msg}
    93  	httpReply(c, code, &errorReply)
    94  }