podman

1
package middleware
2

3
import (
4
	"bytes"
5
	"fmt"
6
	"net/http"
7
	"path"
8
	"text/template"
9
)
10

11
func SwaggerUIOAuth2Callback(opts SwaggerUIOpts, next http.Handler) http.Handler {
12
	opts.EnsureDefaults()
13

14
	pth := opts.OAuthCallbackURL
15
	tmpl := template.Must(template.New("swaggeroauth").Parse(swaggerOAuthTemplate))
16

17
	buf := bytes.NewBuffer(nil)
18
	_ = tmpl.Execute(buf, &opts)
19
	b := buf.Bytes()
20

21
	return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
22
		if path.Join(r.URL.Path) == pth {
23
			rw.Header().Set("Content-Type", "text/html; charset=utf-8")
24
			rw.WriteHeader(http.StatusOK)
25

26
			_, _ = rw.Write(b)
27
			return
28
		}
29

30
		if next == nil {
31
			rw.Header().Set("Content-Type", "text/plain")
32
			rw.WriteHeader(http.StatusNotFound)
33
			_, _ = rw.Write([]byte(fmt.Sprintf("%q not found", pth)))
34
			return
35
		}
36
		next.ServeHTTP(rw, r)
37
	})
38
}
39

40
const (
41
	swaggerOAuthTemplate = `
42
<!DOCTYPE html>
43
<html lang="en">
44
<head>
45
    <title>{{ .Title }}</title>
46
</head>
47
<body>
48
<script>
49
    'use strict';
50
    function run () {
51
        var oauth2 = window.opener.swaggerUIRedirectOauth2;
52
        var sentState = oauth2.state;
53
        var redirectUrl = oauth2.redirectUrl;
54
        var isValid, qp, arr;
55

56
        if (/code|token|error/.test(window.location.hash)) {
57
            qp = window.location.hash.substring(1).replace('?', '&');
58
        } else {
59
            qp = location.search.substring(1);
60
        }
61

62
        arr = qp.split("&");
63
        arr.forEach(function (v,i,_arr) { _arr[i] = '"' + v.replace('=', '":"') + '"';});
64
        qp = qp ? JSON.parse('{' + arr.join() + '}',
65
                function (key, value) {
66
                    return key === "" ? value : decodeURIComponent(value);
67
                }
68
        ) : {};
69

70
        isValid = qp.state === sentState;
71

72
        if ((
73
          oauth2.auth.schema.get("flow") === "accessCode" ||
74
          oauth2.auth.schema.get("flow") === "authorizationCode" ||
75
          oauth2.auth.schema.get("flow") === "authorization_code"
76
        ) && !oauth2.auth.code) {
77
            if (!isValid) {
78
                oauth2.errCb({
79
                    authId: oauth2.auth.name,
80
                    source: "auth",
81
                    level: "warning",
82
                    message: "Authorization may be unsafe, passed state was changed in server. The passed state wasn't returned from auth server."
83
                });
84
            }
85

86
            if (qp.code) {
87
                delete oauth2.state;
88
                oauth2.auth.code = qp.code;
89
                oauth2.callback({auth: oauth2.auth, redirectUrl: redirectUrl});
90
            } else {
91
                let oauthErrorMsg;
92
                if (qp.error) {
93
                    oauthErrorMsg = "["+qp.error+"]: " +
94
                        (qp.error_description ? qp.error_description+ ". " : "no accessCode received from the server. ") +
95
                        (qp.error_uri ? "More info: "+qp.error_uri : "");
96
                }
97

98
                oauth2.errCb({
99
                    authId: oauth2.auth.name,
100
                    source: "auth",
101
                    level: "error",
102
                    message: oauthErrorMsg || "[Authorization failed]: no accessCode received from the server."
103
                });
104
            }
105
        } else {
106
            oauth2.callback({auth: oauth2.auth, token: qp, isValid: isValid, redirectUrl: redirectUrl});
107
        }
108
        window.close();
109
    }
110

111
    if (document.readyState !== 'loading') {
112
        run();
113
    } else {
114
        document.addEventListener('DOMContentLoaded', function () {
115
            run();
116
        });
117
    }
118
</script>
119
</body>
120
</html>
121
`
122
)
123