2021-07-24 13:16:34 +03:00
|
|
|
// Copyright 2021 The Gitea Authors. All rights reserved.
|
2022-11-27 21:20:29 +03:00
|
|
|
// SPDX-License-Identifier: MIT
|
2021-07-24 13:16:34 +03:00
|
|
|
|
|
|
|
package oauth2
|
|
|
|
|
|
|
|
import (
|
2023-10-14 11:37:24 +03:00
|
|
|
"context"
|
2021-11-03 03:33:54 +03:00
|
|
|
"encoding/gob"
|
2021-07-24 13:16:34 +03:00
|
|
|
"net/http"
|
2021-07-29 20:53:18 +03:00
|
|
|
"sync"
|
2021-07-24 13:16:34 +03:00
|
|
|
|
2022-01-02 16:12:35 +03:00
|
|
|
"code.gitea.io/gitea/models/auth"
|
2023-11-24 06:49:41 +03:00
|
|
|
"code.gitea.io/gitea/models/db"
|
2021-07-24 13:16:34 +03:00
|
|
|
"code.gitea.io/gitea/modules/log"
|
2024-03-02 18:42:31 +03:00
|
|
|
"code.gitea.io/gitea/modules/optional"
|
2021-07-24 13:16:34 +03:00
|
|
|
"code.gitea.io/gitea/modules/setting"
|
|
|
|
|
|
|
|
"github.com/google/uuid"
|
2021-11-03 03:33:54 +03:00
|
|
|
"github.com/gorilla/sessions"
|
2021-07-24 13:16:34 +03:00
|
|
|
"github.com/markbates/goth/gothic"
|
|
|
|
)
|
|
|
|
|
2021-07-29 20:53:18 +03:00
|
|
|
var gothRWMutex = sync.RWMutex{}
|
|
|
|
|
2021-07-24 13:16:34 +03:00
|
|
|
// UsersStoreKey is the key for the store
|
|
|
|
const UsersStoreKey = "gitea-oauth2-sessions"
|
|
|
|
|
|
|
|
// ProviderHeaderKey is the HTTP header key
|
|
|
|
const ProviderHeaderKey = "gitea-oauth2-provider"
|
|
|
|
|
|
|
|
// Init initializes the oauth source
|
2023-10-14 11:37:24 +03:00
|
|
|
func Init(ctx context.Context) error {
|
2021-07-24 13:16:34 +03:00
|
|
|
if err := InitSigningKey(); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2021-07-29 20:53:18 +03:00
|
|
|
// Lock our mutex
|
|
|
|
gothRWMutex.Lock()
|
|
|
|
|
2021-11-03 03:33:54 +03:00
|
|
|
gob.Register(&sessions.Session{})
|
|
|
|
|
|
|
|
gothic.Store = &SessionsStore{
|
|
|
|
maxLength: int64(setting.OAuth2.MaxTokenLength),
|
|
|
|
}
|
2021-07-24 13:16:34 +03:00
|
|
|
|
|
|
|
gothic.SetState = func(req *http.Request) string {
|
|
|
|
return uuid.New().String()
|
|
|
|
}
|
|
|
|
|
|
|
|
gothic.GetProviderName = func(req *http.Request) (string, error) {
|
|
|
|
return req.Header.Get(ProviderHeaderKey), nil
|
|
|
|
}
|
|
|
|
|
2021-07-29 20:53:18 +03:00
|
|
|
// Unlock our mutex
|
|
|
|
gothRWMutex.Unlock()
|
|
|
|
|
2023-10-14 11:37:24 +03:00
|
|
|
return initOAuth2Sources(ctx)
|
2021-07-24 13:16:34 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
// ResetOAuth2 clears existing OAuth2 providers and loads them from DB
|
2023-10-14 11:37:24 +03:00
|
|
|
func ResetOAuth2(ctx context.Context) error {
|
2021-07-24 13:16:34 +03:00
|
|
|
ClearProviders()
|
2023-10-14 11:37:24 +03:00
|
|
|
return initOAuth2Sources(ctx)
|
2021-07-24 13:16:34 +03:00
|
|
|
}
|
|
|
|
|
2022-01-02 16:12:35 +03:00
|
|
|
// initOAuth2Sources is used to load and register all active OAuth2 providers
|
2023-10-14 11:37:24 +03:00
|
|
|
func initOAuth2Sources(ctx context.Context) error {
|
2023-11-24 06:49:41 +03:00
|
|
|
authSources, err := db.Find[auth.Source](ctx, auth.FindSourcesOptions{
|
2024-03-02 18:42:31 +03:00
|
|
|
IsActive: optional.Some(true),
|
2023-11-03 04:41:00 +03:00
|
|
|
LoginType: auth.OAuth2,
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2022-01-02 16:12:35 +03:00
|
|
|
for _, source := range authSources {
|
2021-07-24 13:16:34 +03:00
|
|
|
oauth2Source, ok := source.Cfg.(*Source)
|
|
|
|
if !ok {
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
err := oauth2Source.RegisterSource()
|
|
|
|
if err != nil {
|
2021-07-29 20:53:18 +03:00
|
|
|
log.Critical("Unable to register source: %s due to Error: %v.", source.Name, err)
|
2021-07-24 13:16:34 +03:00
|
|
|
}
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|