mirror of
https://github.com/coder/coder.git
synced 2025-07-08 11:39:50 +00:00
c65013384a
# Refactor OAuth2 Provider Code into Dedicated Package This PR refactors the OAuth2 provider functionality by moving it from the main `coderd` package into a dedicated `oauth2provider` package. The change improves code organization and maintainability without changing functionality. Key changes: - Created a new `oauth2provider` package to house all OAuth2 provider-related code - Moved existing OAuth2 provider functionality from `coderd/identityprovider` to the new package - Refactored handler functions to follow a consistent pattern of returning `http.HandlerFunc` instead of being handlers directly - Split large files into smaller, more focused files organized by functionality: - `app_secrets.go` - Manages OAuth2 application secrets - `apps.go` - Handles OAuth2 application CRUD operations - `authorize.go` - Implements the authorization flow - `metadata.go` - Provides OAuth2 metadata endpoints - `registration.go` - Handles dynamic client registration - `revoke.go` - Implements token revocation - `secrets.go` - Manages secret generation and validation - `tokens.go` - Handles token issuance and validation This refactoring improves code organization and makes the OAuth2 provider functionality more maintainable while preserving all existing behavior.
52 lines
1.4 KiB
Go
52 lines
1.4 KiB
Go
package oauth2provider
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
"github.com/coder/coder/v2/coderd/userpassword"
|
|
"github.com/coder/coder/v2/cryptorand"
|
|
)
|
|
|
|
type AppSecret struct {
|
|
// Formatted contains the secret. This value is owned by the client, not the
|
|
// server. It is formatted to include the prefix.
|
|
Formatted string
|
|
// Prefix is the ID of this secret owned by the server. When a client uses a
|
|
// secret, this is the matching string to do a lookup on the hashed value. We
|
|
// cannot use the hashed value directly because the server does not store the
|
|
// salt.
|
|
Prefix string
|
|
// Hashed is the server stored hash(secret,salt,...). Used for verifying a
|
|
// secret.
|
|
Hashed string
|
|
}
|
|
|
|
// GenerateSecret generates a secret to be used as a client secret, refresh
|
|
// token, or authorization code.
|
|
func GenerateSecret() (AppSecret, error) {
|
|
// 40 characters matches the length of GitHub's client secrets.
|
|
secret, err := cryptorand.String(40)
|
|
if err != nil {
|
|
return AppSecret{}, err
|
|
}
|
|
|
|
// This ID is prefixed to the secret so it can be used to look up the secret
|
|
// when the user provides it, since we cannot just re-hash it to match as we
|
|
// will not have the salt.
|
|
prefix, err := cryptorand.String(10)
|
|
if err != nil {
|
|
return AppSecret{}, err
|
|
}
|
|
|
|
hashed, err := userpassword.Hash(secret)
|
|
if err != nil {
|
|
return AppSecret{}, err
|
|
}
|
|
|
|
return AppSecret{
|
|
Formatted: fmt.Sprintf("coder_%s_%s", prefix, secret),
|
|
Prefix: prefix,
|
|
Hashed: hashed,
|
|
}, nil
|
|
}
|