bluepython508/sso-bsn
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
ba9a2a09574ff928f5b98bfe2cff1021a5f2aecf
sso-bsn/lib/sso_bsn_web/router.ex

138 lines
3.8 KiB
Elixir
Raw Blame History

defmodule SsoBsnWeb.Router do
use SsoBsnWeb, :router
use SsoBsnWeb, :verified_routes
import SsoBsnWeb.UserAuth
pipeline :browser do
plug :accepts, ["html"]
plug :fetch_session
plug :fetch_live_flash
plug :put_root_layout, html: {SsoBsnWeb.Layouts, :root}
plug :protect_from_forgery
plug :put_secure_browser_headers
plug :fetch_current_user
end
pipeline :api do
plug :accepts, ["json"]
plug Corsica, origins: "*"
end
scope "/", SsoBsnWeb do
pipe_through :browser
get "/", PageController, :home
get "/redirect", UserSessionController, :redirect_next
end
# Other scopes may use custom stacks.
# scope "/api", SsoBsnWeb do
# pipe_through :api
# end
# Enable LiveDashboard in development
if Application.compile_env(:sso_bsn, :dev_routes) do
# If you want to use the LiveDashboard in production, you should put
# it behind authentication and allow only admins to access it.
# If your application does not have an admins-only section yet,
# you can use Plug.BasicAuth to set up some basic authentication
# as long as you are also using SSL (which you should anyway).
import Phoenix.LiveDashboard.Router
scope "/dev" do
pipe_through :browser
live_dashboard "/dashboard", metrics: SsoBsnWeb.Telemetry
end
end
## Authentication routes
defp ts_auth(conn, _) do
ip = conn.req_headers |> Map.new |> Map.get("x-real-ip")
case System.cmd("tailscale", ["whois", "--json", ip], stderr_to_stdout: true) do
{json, 0} ->
username = Jason.decode!(json)["UserProfile"]["DisplayName"]
user = SsoBsn.Accounts.get_user_by_username(username)
login_token = SsoBsn.Accounts.generate_user_login_token(user)
conn |> redirect(to: if next = conn.query_params["next"] do ~p"/users/log_in/#{login_token}?next=#{next}" else ~p"/users/log_in/#{login_token}" end) |> halt()
{_, 1} ->
conn
end
end
scope "/", SsoBsnWeb do
pipe_through [:browser, :redirect_if_user_is_authenticated, :ts_auth]
live_session :redirect_if_user_is_authenticated,
on_mount: [{SsoBsnWeb.UserAuth, :redirect_if_user_is_authenticated}] do
live "/users/register", UserRegistrationLive, :new
live "/users/log_in", UserLoginLive, :new
end
end
scope "/", SsoBsnWeb do
pipe_through [:browser, :redirect_if_user_is_authenticated]
get "/users/log_in/:token", UserSessionController, :login
end
scope "/", SsoBsnWeb do
pipe_through [:browser, :require_authenticated_user]
live_session :require_authenticated_user,
on_mount: [{SsoBsnWeb.UserAuth, :ensure_authenticated}] do
live "/users/settings", UserSettingsLive, :edit
end
end
scope "/", SsoBsnWeb do
pipe_through [:browser]
delete "/users/log_out", UserSessionController, :delete
end
scope "/", SsoBsnWeb do
pipe_through [:api, :fetch_session, :fetch_current_user]
get "/whoami", UserSessionController, :check_auth
end
# OIDC
scope "/oauth", SsoBsnWeb.Oauth do
pipe_through :api
post "/revoke", RevokeController, :revoke
post "/token", TokenController, :token
post "/introspect", IntrospectController, :introspect
end
scope "/openid", SsoBsnWeb.Openid do
pipe_through :api
get "/userinfo", UserinfoController, :userinfo
post "/userinfo", UserinfoController, :userinfo
get "/jwks", JwksController, :jwks_index
end
scope "/oauth", SsoBsnWeb.Oauth do
pipe_through [:browser, :fetch_current_user]
get "/authorize", AuthorizeController, :authorize
end
scope "/openid", SsoBsnWeb.Openid do
pipe_through [:browser, :fetch_current_user]
get "/authorize", AuthorizeController, :authorize
end
scope "/.well-known", SsoBsnWeb do
pipe_through :api
get "/openid-configuration", Openid.ConfigurationController, :config
get "/webfinger", Webfinger, :webfinger
end
end
Reference in New Issue View Git Blame Copy Permalink