Use AuthInfoRequest

DefGuard · Nov 10, 2024 · 8bc43e3 · 8bc43e3
1 parent a5ffb68
commit 8bc43e3
Show file tree

Hide file tree

Showing 3 changed files with 39 additions and 5 deletions.
diff --git a/src/config.rs b/src/config.rs
@@ -35,6 +35,13 @@ pub struct Config {
     #[arg(long, env = "DEFGUARD_PROXY_RATELIMIT_BURST", default_value_t = 0)]
     pub rate_limit_burst: u32,
 
+    #[arg(
+        long,
+        env = "DEFGUARD_PROXY_URL",
+        default_value = "http://localhost:8080"
+    )]
+    pub url: String,
+
     /// Configuration file path
     #[arg(long = "config", short)]
     #[serde(skip)]

diff --git a/src/handlers/openid_login.rs b/src/handlers/openid_login.rs
@@ -1,24 +1,30 @@
-use axum::{extract::State, routing::get, Json, Router};
+use axum::{
+    extract::State,
+    routing::{get, post},
+    Json, Router,
+};
 use axum_extra::extract::{
     cookie::{Cookie, SameSite},
     PrivateCookieJar,
 };
-use serde::Serialize;
+use serde::{Deserialize, Serialize};
 use time::Duration;
 
 use crate::{
     error::ApiError,
     handlers::get_core_response,
     http::AppState,
-    proto::{core_request, core_response},
+    proto::{core_request, core_response, AuthInfoRequest},
 };
 
 const COOKIE_MAX_AGE: Duration = Duration::days(1);
 static CSRF_COOKIE_NAME: &str = "csrf";
 static NONCE_COOKIE_NAME: &str = "nonce";
 
 pub(crate) fn router() -> Router<AppState> {
-    Router::new().route("/auth_info", get(auth_info))
+    Router::new()
+        .route("/auth_info", get(auth_info))
+        .route("/callback", post(auth_callback))
 }
 
 #[derive(Serialize)]
@@ -41,9 +47,13 @@ async fn auth_info(
 ) -> Result<(PrivateCookieJar, Json<AuthInfo>), ApiError> {
     debug!("Getting auth info for OAuth2/OpenID login");
 
+    let mut redirect_url = state.url.clone();
+    redirect_url.push_str("/openid/callback");
+    let request = AuthInfoRequest { redirect_url };
+
     let rx = state
         .grpc_server
-        .send(Some(core_request::Payload::AuthInfo(())), None)?;
+        .send(Some(core_request::Payload::AuthInfo(request)), None)?;
     let payload = get_core_response(rx).await?;
     if let core_response::Payload::AuthInfo(response) = payload {
         debug!("Got auth info {response:?}");
@@ -73,3 +83,18 @@ async fn auth_info(
         Err(ApiError::InvalidResponseType)
     }
 }
+
+#[derive(Debug, Deserialize)]
+pub struct AuthenticationResponse {
+    id_token: String,
+    state: String,
+}
+
+#[instrument(level = "debug", skip(state))]
+async fn auth_callback(
+    State(state): State<AppState>,
+    private_cookies: PrivateCookieJar,
+    Json(payload): Json<AuthenticationResponse>,
+) -> Result<(PrivateCookieJar, Json<AuthInfo>), ApiError> {
+    Err(ApiError::InvalidResponseType)
+}
diff --git a/src/http.rs b/src/http.rs
@@ -41,6 +41,7 @@ const RATE_LIMITER_CLEANUP_PERIOD: Duration = Duration::from_secs(60);
 pub(crate) struct AppState {
     pub(crate) grpc_server: ProxyServer,
     key: Key,
+    pub(crate) url: String,
 }
 
 impl FromRef<AppState> for Key {
@@ -112,6 +113,7 @@ pub async fn run_server(config: Config) -> anyhow::Result<()> {
         grpc_server: grpc_server.clone(),
         // Generate secret key for encrypting cookies.
         key: Key::generate(),
+        url: config.url.clone(),
     };
 
     // Read gRPC TLS certificate and key.