feat: add auth providers #320
Conversation
Signed-off-by: Grant Linville <[email protected]>
Signed-off-by: Grant Linville <[email protected]>
Signed-off-by: Grant Linville <[email protected]>
g-linville
requested review from
drpebcak,
thedadams,
njhale,
StrongMonkey and
iwilltry42
There was a problem hiding this comment.
In addition to these comments, can we do a little more consolidation? Now that we are adding more Go-based model providers, there is an effort to combine as much of the common logic as is reasonable. Can we do the same thing here? Perhaps a common package at the top level?
| mux.HandleFunc("/", oauthProxy.ServeHTTP) | ||
|
|
||
| fmt.Printf("listening on 127.0.0.1:%s\n", port) | ||
| if err := http.ListenAndServe("127.0.0.1:"+port, mux); err != nil { |
There was a problem hiding this comment.
ListenAndServe always returns an error. I think we should catch the "server closed" error and not exit 1 in that case.
| for k, v := range sr.Header { | ||
| reqObj.Header[k] = v | ||
| } |
There was a problem hiding this comment.
Does something like this work? Maybe a cast is needed?
| for k, v := range sr.Header { | |
| reqObj.Header[k] = v | |
| } | |
| reqObj.Header = sr.Header |
| return | ||
| } | ||
|
|
||
| w.WriteHeader(http.StatusOK) |
There was a problem hiding this comment.
This is written the first time we write to w.
| Description: Auth provider for GitHub | ||
| Metadata: envVars: OBOT_GITHUB_AUTH_PROVIDER_CLIENT_ID,OBOT_GITHUB_AUTH_PROVIDER_CLIENT_SECRET,OBOT_AUTH_PROVIDER_COOKIE_SECRET,OBOT_AUTH_PROVIDER_EMAIL_DOMAINS | ||
| Metadata: optionalEnvVars: OBOT_GITHUB_AUTH_PROVIDER_TEAMS,OBOT_GITHUB_AUTH_PROVIDER_ORG,OBOT_GITHUB_AUTH_PROVIDER_REPO,OBOT_GITHUB_AUTH_PROVIDER_TOKEN,OBOT_GITHUB_AUTH_PROVIDER_ALLOW_USERS | ||
| Credential: ../model-provider-credential as github-auth-provider |
There was a problem hiding this comment.
Should we consider renaming this credential to something more descriptive?
| "strings" | ||
| ) | ||
|
|
||
| func LoadEnvForStruct[T any](s *T) error { |
There was a problem hiding this comment.
Can we have only one of these?
| return | ||
| } | ||
|
|
||
| w.WriteHeader(http.StatusOK) |
There was a problem hiding this comment.
Same comment about this already being written when we write w.
| mux.HandleFunc("/", oauthProxy.ServeHTTP) | ||
|
|
||
| fmt.Printf("listening on 127.0.0.1:%s\n", port) | ||
| if err := http.ListenAndServe("127.0.0.1:"+port, mux); err != nil { |
There was a problem hiding this comment.
Catch "server closed" error.
This PR adds auth provider tools for Google and GitHub. This is to replace the built-in auth providers that are currently in the Obot gateway code, but will soon be refactored to use these instead.
Once refactored, Obot will reverse proxy traffic to these daemon tools, which will then either respond on their own (for the
/obot*paths) or handle it with the oauth2proxy.The
/obot-get-statepath is used to get information about the logged in user. Obot will send over a serialized request, which gets reconstructed into anhttp.Requesthere in the auth provider, so that we can extract the state from the cookie using the oauth2proxy library.