iris/_examples/auth/sso/main.go

//go:build go1.18

package main

import (
	"fmt"

	"github.com/kataras/iris/v12"
	"github.com/kataras/iris/v12/sso"
)

func allowRole(role AccessRole) sso.TVerify[User] {
	return func(u User) error {
		if !u.Role.Allow(role) {
			return fmt.Errorf("invalid role")
		}

		return nil
	}
}

const configFilename = "./sso.yml"

func main() {
	app := iris.New()
	app.RegisterView(iris.Blocks(iris.Dir("./views"), ".html").
		LayoutDir("layouts").
		Layout("main"))

	/*
		// Easiest 1-liner way, load from configuration and initialize a new sso instance:
		s := sso.MustLoad[User]("./sso.yml")
		// Bind a configuration from file:
		var c sso.Configuration
		c.BindFile("./sso.yml")
		s, err := sso.New[User](c)
		// OR create new programmatically configuration:
		config := sso.Configuration{
			...fields
		}
		s, err := sso.New[User](config)
		// OR generate a new configuration:
		config := sso.MustGenerateConfiguration()
		s, err := sso.New[User](config)
		// OR generate a new config and save it if cannot open the config file.
		if _, err := os.Stat(configFilename); err != nil {
		    generatedConfig := sso.MustGenerateConfiguration()
		    configContents, err := generatedConfig.ToYAML()
		    if err != nil {
		        panic(err)
		    }

		    err = os.WriteFile(configFilename, configContents, 0600)
		    if err != nil {
		        panic(err)
		    }
		}
	*/

	// 1. Load configuration from a file.
	ssoConfig, err := sso.LoadConfiguration(configFilename)
	if err != nil {
		panic(err)
	}

	// 2. Initialize a new sso instance for "User" claims (generics: go1.18 +).
	s, err := sso.New[User](ssoConfig)
	if err != nil {
		panic(err)
	}

	// 3. Add a custom provider, in our case is just a memory-based one.
	s.AddProvider(NewProvider())
	// 3.1. Optionally set a custom error handler.
	// s.SetErrorHandler(new(sso.DefaultErrorHandler))

	app.Get("/signin", renderSigninForm)
	// 4. generate token pairs.
	app.Post("/signin", s.SigninHandler)
	// 5. refresh token pairs.
	app.Post("/refresh", s.RefreshHandler)
	// 6. calls the provider's InvalidateToken method.
	app.Get("/signout", s.SignoutHandler)
	// 7. calls the provider's InvalidateTokens method.
	app.Get("/signout-all", s.SignoutAllHandler)

	// 8.1. allow access for users with "Member" role.
	app.Get("/member", s.VerifyHandler(allowRole(Member)), renderMemberPage(s))
	// 8.2. allow access for users with "Owner" role.
	app.Get("/owner", s.VerifyHandler(allowRole(Owner)), renderOwnerPage(s))

	/* Subdomain user verify:
	app.Subdomain("owner", s.VerifyHandler(allowRole(Owner))).Get("/", renderOwnerPage(s))
	*/
	app.Listen(":8080", iris.WithOptimizations) // Setup HTTPS/TLS for production instead.
	/* Test subdomain user verify, one way is ingrok,
	   add the below to the arguments above:
	, iris.WithConfiguration(iris.Configuration{
		EnableOptmizations: true,
		Tunneling: iris.TunnelingConfiguration{
			AuthToken: "YOUR_AUTH_TOKEN",
			Region:    "us",
			Tunnels: []tunnel.Tunnel{
				{
					Name:     "Iris SSO (Test)",
					Addr:     ":8080",
					Hostname: "YOUR_DOMAIN",
				},
				{
					Name:     "Iris SSO (Test Subdomain)",
					Addr:     ":8080",
					Hostname: "owner.YOUR_DOMAIN",
				},
			},
		},
	})*/
}

func renderSigninForm(ctx iris.Context) {
	ctx.View("signin", iris.Map{"Title": "Signin Page"})
}

func renderMemberPage(s *sso.SSO[User]) iris.Handler {
	return func(ctx iris.Context) {
		user := s.GetUser(ctx)
		ctx.Writef("Hello member: %s\n", user.Email)
	}
}

func renderOwnerPage(s *sso.SSO[User]) iris.Handler {
	return func(ctx iris.Context) {
		user := s.GetUser(ctx)
		ctx.Writef("Hello owner: %s\n", user.Email)
	}
}
first release of SSO package and more examples 2022-03-28 13:00:26 +02:00			`//go:build go1.18`

			`package main`

			`import (`
			`"fmt"`

			`"github.com/kataras/iris/v12"`
			`"github.com/kataras/iris/v12/sso"`
			`)`

			`func allowRole(role AccessRole) sso.TVerify[User] {`
			`return func(u User) error {`
			`if !u.Role.Allow(role) {`
			`return fmt.Errorf("invalid role")`
			`}`

			`return nil`
			`}`
			`}`

			`const configFilename = "./sso.yml"`

			`func main() {`
			`app := iris.New()`
			`app.RegisterView(iris.Blocks(iris.Dir("./views"), ".html").`
			`LayoutDir("layouts").`
			`Layout("main"))`

			`/*`
			`// Easiest 1-liner way, load from configuration and initialize a new sso instance:`
			`s := sso.MustLoad[User]("./sso.yml")`
			`// Bind a configuration from file:`
			`var c sso.Configuration`
			`c.BindFile("./sso.yml")`
			`s, err := sso.New[User](c)`
			`// OR create new programmatically configuration:`
			`config := sso.Configuration{`
			`...fields`
			`}`
			`s, err := sso.New[User](config)`
			`// OR generate a new configuration:`
			`config := sso.MustGenerateConfiguration()`
			`s, err := sso.New[User](config)`
			`// OR generate a new config and save it if cannot open the config file.`
			`if _, err := os.Stat(configFilename); err != nil {`
			`generatedConfig := sso.MustGenerateConfiguration()`
			`configContents, err := generatedConfig.ToYAML()`
			`if err != nil {`
			`panic(err)`
			`}`

			`err = os.WriteFile(configFilename, configContents, 0600)`
			`if err != nil {`
			`panic(err)`
			`}`
			`}`
			`*/`

			`// 1. Load configuration from a file.`
			`ssoConfig, err := sso.LoadConfiguration(configFilename)`
			`if err != nil {`
			`panic(err)`
			`}`

			`// 2. Initialize a new sso instance for "User" claims (generics: go1.18 +).`
			`s, err := sso.New[User](ssoConfig)`
			`if err != nil {`
			`panic(err)`
			`}`

			`// 3. Add a custom provider, in our case is just a memory-based one.`
			`s.AddProvider(NewProvider())`
			`// 3.1. Optionally set a custom error handler.`
			`// s.SetErrorHandler(new(sso.DefaultErrorHandler))`

			`app.Get("/signin", renderSigninForm)`
			`// 4. generate token pairs.`
			`app.Post("/signin", s.SigninHandler)`
			`// 5. refresh token pairs.`
			`app.Post("/refresh", s.RefreshHandler)`
			`// 6. calls the provider's InvalidateToken method.`
			`app.Get("/signout", s.SignoutHandler)`
			`// 7. calls the provider's InvalidateTokens method.`
			`app.Get("/signout-all", s.SignoutAllHandler)`

			`// 8.1. allow access for users with "Member" role.`
			`app.Get("/member", s.VerifyHandler(allowRole(Member)), renderMemberPage(s))`
			`// 8.2. allow access for users with "Owner" role.`
			`app.Get("/owner", s.VerifyHandler(allowRole(Owner)), renderOwnerPage(s))`

			`/* Subdomain user verify:`
			`app.Subdomain("owner", s.VerifyHandler(allowRole(Owner))).Get("/", renderOwnerPage(s))`
			`*/`
			`app.Listen(":8080", iris.WithOptimizations) // Setup HTTPS/TLS for production instead.`
			`/* Test subdomain user verify, one way is ingrok,`
			`add the below to the arguments above:`
			`, iris.WithConfiguration(iris.Configuration{`
			`EnableOptmizations: true,`
			`Tunneling: iris.TunnelingConfiguration{`
			`AuthToken: "YOUR_AUTH_TOKEN",`
			`Region: "us",`
			`Tunnels: []tunnel.Tunnel{`
			`{`
			`Name: "Iris SSO (Test)",`
			`Addr: ":8080",`
			`Hostname: "YOUR_DOMAIN",`
			`},`
			`{`
			`Name: "Iris SSO (Test Subdomain)",`
			`Addr: ":8080",`
			`Hostname: "owner.YOUR_DOMAIN",`
			`},`
			`},`
			`},`
			`})*/`
			`}`

			`func renderSigninForm(ctx iris.Context) {`
			`ctx.View("signin", iris.Map{"Title": "Signin Page"})`
			`}`

			`func renderMemberPage(s *sso.SSO[User]) iris.Handler {`
			`return func(ctx iris.Context) {`
			`user := s.GetUser(ctx)`
			`ctx.Writef("Hello member: %s\n", user.Email)`
			`}`
			`}`

			`func renderOwnerPage(s *sso.SSO[User]) iris.Handler {`
			`return func(ctx iris.Context) {`
			`user := s.GetUser(ctx)`
			`ctx.Writef("Hello owner: %s\n", user.Email)`
			`}`
			`}`