119 lines
3.1 KiB
Elixir
119 lines
3.1 KiB
Elixir
defmodule SsoBsnWeb.Router do
|
|
use SsoBsnWeb, :router
|
|
|
|
import SsoBsnWeb.UserAuth
|
|
|
|
pipeline :browser do
|
|
plug :accepts, ["html"]
|
|
plug :fetch_session
|
|
plug :fetch_live_flash
|
|
plug :put_root_layout, html: {SsoBsnWeb.Layouts, :root}
|
|
plug :protect_from_forgery
|
|
plug :put_secure_browser_headers
|
|
plug :fetch_current_user
|
|
end
|
|
|
|
pipeline :api do
|
|
plug :accepts, ["json"]
|
|
end
|
|
|
|
scope "/", SsoBsnWeb do
|
|
pipe_through :browser
|
|
|
|
get "/", PageController, :home
|
|
get "/redirect", UserSessionController, :redirect_next
|
|
end
|
|
|
|
# Other scopes may use custom stacks.
|
|
# scope "/api", SsoBsnWeb do
|
|
# pipe_through :api
|
|
# end
|
|
|
|
# Enable LiveDashboard in development
|
|
if Application.compile_env(:sso_bsn, :dev_routes) do
|
|
# If you want to use the LiveDashboard in production, you should put
|
|
# it behind authentication and allow only admins to access it.
|
|
# If your application does not have an admins-only section yet,
|
|
# you can use Plug.BasicAuth to set up some basic authentication
|
|
# as long as you are also using SSL (which you should anyway).
|
|
import Phoenix.LiveDashboard.Router
|
|
|
|
scope "/dev" do
|
|
pipe_through :browser
|
|
|
|
live_dashboard "/dashboard", metrics: SsoBsnWeb.Telemetry
|
|
end
|
|
end
|
|
|
|
## Authentication routes
|
|
|
|
scope "/", SsoBsnWeb do
|
|
pipe_through [:browser, :redirect_if_user_is_authenticated]
|
|
|
|
live_session :redirect_if_user_is_authenticated,
|
|
on_mount: [{SsoBsnWeb.UserAuth, :redirect_if_user_is_authenticated}] do
|
|
live "/users/register", UserRegistrationLive, :new
|
|
live "/users/log_in", UserLoginLive, :new
|
|
end
|
|
|
|
get "/users/log_in/:token", UserSessionController, :login
|
|
end
|
|
|
|
scope "/", SsoBsnWeb do
|
|
pipe_through [:browser, :require_authenticated_user]
|
|
|
|
live_session :require_authenticated_user,
|
|
on_mount: [{SsoBsnWeb.UserAuth, :ensure_authenticated}] do
|
|
live "/users/settings", UserSettingsLive, :edit
|
|
end
|
|
end
|
|
|
|
scope "/", SsoBsnWeb do
|
|
pipe_through [:browser]
|
|
|
|
delete "/users/log_out", UserSessionController, :delete
|
|
end
|
|
|
|
scope "/", SsoBsnWeb do
|
|
pipe_through [:api, :fetch_session, :fetch_current_user, :require_authenticated_user]
|
|
|
|
get "/whoami", UserSessionController, :check_auth
|
|
end
|
|
|
|
|
|
# OIDC
|
|
scope "/oauth", SsoBsnWeb.Oauth do
|
|
pipe_through :api
|
|
|
|
post "/revoke", RevokeController, :revoke
|
|
post "/token", TokenController, :token
|
|
post "/introspect", IntrospectController, :introspect
|
|
end
|
|
|
|
|
|
scope "/openid", SsoBsnWeb.Openid do
|
|
pipe_through :api
|
|
|
|
get "/userinfo", UserinfoController, :userinfo
|
|
post "/userinfo", UserinfoController, :userinfo
|
|
get "/jwks", JwksController, :jwks_index
|
|
end
|
|
|
|
scope "/oauth", SsoBsnWeb.Oauth do
|
|
pipe_through [:browser, :fetch_current_user]
|
|
|
|
get "/authorize", AuthorizeController, :authorize
|
|
end
|
|
|
|
scope "/openid", SsoBsnWeb.Openid do
|
|
pipe_through [:browser, :fetch_current_user]
|
|
|
|
get "/authorize", AuthorizeController, :authorize
|
|
end
|
|
|
|
scope "/.well-known", SsoBsnWeb.Openid do
|
|
pipe_through :api
|
|
get "/openid-configuration", ConfigurationController, :config
|
|
end
|
|
end
|