Documentation
¶
Overview ¶
Package github provides the GitHub oauth2 authentication controller for the opampcommander.
Index ¶
- func ValidateRedirect(rawURL string, allowedHosts []string) error
- type Controller
- func (c *Controller) APIAuth(ctx *gin.Context)
- func (c *Controller) AuthCodeURL(ctx *gin.Context)
- func (c *Controller) Callback(ctx *gin.Context)
- func (c *Controller) ExchangeDeviceAuth(ctx *gin.Context)
- func (c *Controller) GetDeviceAuth(ctx *gin.Context)
- func (c *Controller) HTTPAuth(ctx *gin.Context)
- func (c *Controller) RoutesInfo() gin.RoutesInfo
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ValidateRedirect ¶ added in v0.1.40
ValidateRedirect ensures the redirect URI is safe to redirect tokens to. Loopback hosts (127.0.0.1, ::1, localhost) are always accepted so the CLI loopback flow keeps working; additional hosts can be allowlisted via the auth.oauth2.allowedRedirectHosts config (e.g. a deployed web UI host). Comparison is case-insensitive because DNS hostnames are case-insensitive and operators should not get tripped up by browser-vs-config casing. Exported so the validation can be reused (and tested in black-box).
Types ¶
type Controller ¶
type Controller struct {
// contains filtered or unexported fields
}
Controller is a struct that implements the GitHub OAuth2 authentication controller.
func NewController ¶
func NewController( logger *slog.Logger, service *security.Service, userUsecase userport.UserUsecase, rbacUsecase userport.RBACUsecase, ) *Controller
NewController creates a new instance of the Controller struct with the provided settings.
func (*Controller) APIAuth ¶
func (c *Controller) APIAuth(ctx *gin.Context)
APIAuth handles the API request for GitHub OAuth2 authentication.
@Summary GitHub OAuth2 Authentication @Tags auth, github @Description Returns the GitHub OAuth2 authentication URL. @Accept json @Produce json @Success 200 {object} OAuth2AuthCodeURLResponse @Failure 500 {object} map[string]any @Router /api/v1/auth/github [get].
func (*Controller) AuthCodeURL ¶ added in v0.1.39
func (c *Controller) AuthCodeURL(ctx *gin.Context)
AuthCodeURL returns the GitHub OAuth2 authentication URL bound to a CLI loopback redirect. The provided redirect URI must point to a loopback host (127.0.0.1 / ::1 / localhost). On callback the server will redirect the browser to redirect_uri?token=...&refreshToken=... instead of returning JSON.
@Summary GitHub OAuth2 Auth Code URL with CLI loopback redirect @Tags auth, github @Description Returns an OAuth2 authorization URL whose state encodes a CLI loopback redirect URI. @Accept json @Produce json @Param redirect_uri query string true "Loopback redirect URI (http(s)://127.0.0.1:PORT/...)" @Success 200 {object} OAuth2AuthCodeURLResponse @Failure 400 {object} map[string]any @Failure 500 {object} map[string]any @Router /api/v1/auth/github/authcode [get].
func (*Controller) Callback ¶
func (c *Controller) Callback(ctx *gin.Context)
Callback handles the callback from GitHub after the user has authenticated. If the state encoded a CLI loopback redirect, the browser is redirected there with the tokens as query parameters. Otherwise the tokens are returned as JSON.
@Summary GitHub OAuth2 Callback @Tags auth, github @Description Exchanges the code received from GitHub for an authentication token. @Accept json @Produce json @Param state query string true "State parameter to prevent CSRF attacks" @Param code query string true "Code received from GitHub after authentication" @Success 200 {object} AuthnTokenResponse @Success 302 @Failure 500 {object} map[string]any @Router /auth/github/callback [get].
func (*Controller) ExchangeDeviceAuth ¶ added in v0.1.1
func (c *Controller) ExchangeDeviceAuth(ctx *gin.Context)
ExchangeDeviceAuth handles the request to exchange a device code for an authentication token. It expects the request to contain a device code and an optional expiry time.
@Summary GitHub Device Code Exchange @Tags auth, github @Description Exchanges a device code for an authentication token. @Accept json @Produce json @Param device_code query string true "Device code to exchange" @Param expiry query string false "Optional expiry time in RFC3339 format" @Success 200 {object} AuthnTokenResponse @Failure 400 {object} map[string]any @Failure 500 {object} map[string]any @Router /api/v1/auth/github/device/exchange [get].
func (*Controller) GetDeviceAuth ¶ added in v0.1.1
func (c *Controller) GetDeviceAuth(ctx *gin.Context)
GetDeviceAuth handles the request to get device authentication information.
@Summary GitHub Device Authentication @Tags auth, github @Description Initiates device authorization for GitHub OAuth2. @Accept json @Produce json @Success 200 {object} DeviceAuthnTokenResponse @Failure 500 {object} map[string]any @Router /api/v1/auth/github/device [get].
func (*Controller) HTTPAuth ¶
func (c *Controller) HTTPAuth(ctx *gin.Context)
HTTPAuth handles the HTTP request for GitHub OAuth2 authentication.
@Summary GitHub OAuth2 Authentication @Tags auth, github @Description Redirects to GitHub for OAuth2 authentication. @Accept json @Produce json @Success 302 @Failure 500 {object} map[string]any @Router /auth/github [get].
func (*Controller) RoutesInfo ¶
func (c *Controller) RoutesInfo() gin.RoutesInfo
RoutesInfo returns the routes information for the GitHub OAuth2 authentication controller.
Source Files