mirror of
https://github.com/kataras/iris.git
synced 2025-01-24 11:11:03 +01:00
136 lines
3.5 KiB
Go
136 lines
3.5 KiB
Go
//go:build go1.18
|
|
|
|
package main
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
"github.com/kataras/iris/v12"
|
|
"github.com/kataras/iris/v12/sso"
|
|
)
|
|
|
|
func allowRole(role AccessRole) sso.TVerify[User] {
|
|
return func(u User) error {
|
|
if !u.Role.Allow(role) {
|
|
return fmt.Errorf("invalid role")
|
|
}
|
|
|
|
return nil
|
|
}
|
|
}
|
|
|
|
const configFilename = "./sso.yml"
|
|
|
|
func main() {
|
|
app := iris.New()
|
|
app.RegisterView(iris.Blocks(iris.Dir("./views"), ".html").
|
|
LayoutDir("layouts").
|
|
Layout("main"))
|
|
|
|
/*
|
|
// Easiest 1-liner way, load from configuration and initialize a new sso instance:
|
|
s := sso.MustLoad[User]("./sso.yml")
|
|
// Bind a configuration from file:
|
|
var c sso.Configuration
|
|
c.BindFile("./sso.yml")
|
|
s, err := sso.New[User](c)
|
|
// OR create new programmatically configuration:
|
|
config := sso.Configuration{
|
|
...fields
|
|
}
|
|
s, err := sso.New[User](config)
|
|
// OR generate a new configuration:
|
|
config := sso.MustGenerateConfiguration()
|
|
s, err := sso.New[User](config)
|
|
// OR generate a new config and save it if cannot open the config file.
|
|
if _, err := os.Stat(configFilename); err != nil {
|
|
generatedConfig := sso.MustGenerateConfiguration()
|
|
configContents, err := generatedConfig.ToYAML()
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
|
|
err = os.WriteFile(configFilename, configContents, 0600)
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
}
|
|
*/
|
|
|
|
// 1. Load configuration from a file.
|
|
ssoConfig, err := sso.LoadConfiguration(configFilename)
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
|
|
// 2. Initialize a new sso instance for "User" claims (generics: go1.18 +).
|
|
s, err := sso.New[User](ssoConfig)
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
|
|
// 3. Add a custom provider, in our case is just a memory-based one.
|
|
s.AddProvider(NewProvider())
|
|
// 3.1. Optionally set a custom error handler.
|
|
// s.SetErrorHandler(new(sso.DefaultErrorHandler))
|
|
|
|
app.Get("/signin", renderSigninForm)
|
|
// 4. generate token pairs.
|
|
app.Post("/signin", s.SigninHandler)
|
|
// 5. refresh token pairs.
|
|
app.Post("/refresh", s.RefreshHandler)
|
|
// 6. calls the provider's InvalidateToken method.
|
|
app.Get("/signout", s.SignoutHandler)
|
|
// 7. calls the provider's InvalidateTokens method.
|
|
app.Get("/signout-all", s.SignoutAllHandler)
|
|
|
|
// 8.1. allow access for users with "Member" role.
|
|
app.Get("/member", s.VerifyHandler(allowRole(Member)), renderMemberPage(s))
|
|
// 8.2. allow access for users with "Owner" role.
|
|
app.Get("/owner", s.VerifyHandler(allowRole(Owner)), renderOwnerPage(s))
|
|
|
|
/* Subdomain user verify:
|
|
app.Subdomain("owner", s.VerifyHandler(allowRole(Owner))).Get("/", renderOwnerPage(s))
|
|
*/
|
|
app.Listen(":8080", iris.WithOptimizations) // Setup HTTPS/TLS for production instead.
|
|
/* Test subdomain user verify, one way is ingrok,
|
|
add the below to the arguments above:
|
|
, iris.WithConfiguration(iris.Configuration{
|
|
EnableOptmizations: true,
|
|
Tunneling: iris.TunnelingConfiguration{
|
|
AuthToken: "YOUR_AUTH_TOKEN",
|
|
Region: "us",
|
|
Tunnels: []tunnel.Tunnel{
|
|
{
|
|
Name: "Iris SSO (Test)",
|
|
Addr: ":8080",
|
|
Hostname: "YOUR_DOMAIN",
|
|
},
|
|
{
|
|
Name: "Iris SSO (Test Subdomain)",
|
|
Addr: ":8080",
|
|
Hostname: "owner.YOUR_DOMAIN",
|
|
},
|
|
},
|
|
},
|
|
})*/
|
|
}
|
|
|
|
func renderSigninForm(ctx iris.Context) {
|
|
ctx.View("signin", iris.Map{"Title": "Signin Page"})
|
|
}
|
|
|
|
func renderMemberPage(s *sso.SSO[User]) iris.Handler {
|
|
return func(ctx iris.Context) {
|
|
user := s.GetUser(ctx)
|
|
ctx.Writef("Hello member: %s\n", user.Email)
|
|
}
|
|
}
|
|
|
|
func renderOwnerPage(s *sso.SSO[User]) iris.Handler {
|
|
return func(ctx iris.Context) {
|
|
user := s.GetUser(ctx)
|
|
ctx.Writef("Hello owner: %s\n", user.Email)
|
|
}
|
|
}
|