ContainerImage.Pinniped/internal/oidc/idpdiscovery/idp_discovery_handler.go

// Copyright 2021 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0

// Package idpdiscovery provides a handler for the upstream IDP discovery endpoint.
package idpdiscovery

import (
	"bytes"
	"encoding/json"
	"net/http"
	"sort"

	"go.pinniped.dev/internal/oidc"
)

const (
	idpDiscoveryTypeLDAP = "ldap"
	idpDiscoveryTypeOIDC = "oidc"
)

type response struct {
	IDPs []identityProviderResponse `json:"pinniped_identity_providers"`
}

type identityProviderResponse struct {
	Name string `json:"name"`
	Type string `json:"type"`
}

// NewHandler returns an http.Handler that serves the upstream IDP discovery endpoint.
func NewHandler(upstreamIDPs oidc.UpstreamIdentityProvidersLister) http.Handler {
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		if r.Method != http.MethodGet {
			http.Error(w, `Method not allowed (try GET)`, http.StatusMethodNotAllowed)
			return
		}

		encodedMetadata, encodeErr := responseAsJSON(upstreamIDPs)
		if encodeErr != nil {
			http.Error(w, encodeErr.Error(), http.StatusInternalServerError)
			return
		}

		w.Header().Set("Content-Type", "application/json")
		if _, err := w.Write(encodedMetadata); err != nil {
			http.Error(w, err.Error(), http.StatusInternalServerError)
			return
		}
	})
}

func responseAsJSON(upstreamIDPs oidc.UpstreamIdentityProvidersLister) ([]byte, error) {
	r := response{
		IDPs: []identityProviderResponse{},
	}

	// The cache of IDPs could change at any time, so always recalculate the list.
	for _, provider := range upstreamIDPs.GetLDAPIdentityProviders() {
		r.IDPs = append(r.IDPs, identityProviderResponse{Name: provider.GetName(), Type: idpDiscoveryTypeLDAP})
	}
	for _, provider := range upstreamIDPs.GetOIDCIdentityProviders() {
		r.IDPs = append(r.IDPs, identityProviderResponse{Name: provider.GetName(), Type: idpDiscoveryTypeOIDC})
	}

	// Nobody like an API that changes the results unnecessarily. :)
	sort.SliceStable(r.IDPs, func(i, j int) bool {
		return r.IDPs[i].Name < r.IDPs[j].Name
	})

	var b bytes.Buffer
	encodeErr := json.NewEncoder(&b).Encode(&r)
	encodedMetadata := b.Bytes()

	return encodedMetadata, encodeErr
}
Move Supervisor IDP discovery to its own new endpoint 2021-05-11 17:31:33 +00:00			`// Copyright 2021 the Pinniped contributors. All Rights Reserved.`
			`// SPDX-License-Identifier: Apache-2.0`

			`// Package idpdiscovery provides a handler for the upstream IDP discovery endpoint.`
			`package idpdiscovery`

			`import (`
			`"bytes"`
			`"encoding/json"`
			`"net/http"`
			`"sort"`

			`"go.pinniped.dev/internal/oidc"`
			`)`

			`const (`
			`idpDiscoveryTypeLDAP = "ldap"`
			`idpDiscoveryTypeOIDC = "oidc"`
			`)`

			`type response struct {`
			IDPs []identityProviderResponse `json:"pinniped_identity_providers"`
			`}`

			`type identityProviderResponse struct {`
			Name string `json:"name"`
			Type string `json:"type"`
			`}`

			`// NewHandler returns an http.Handler that serves the upstream IDP discovery endpoint.`
			`func NewHandler(upstreamIDPs oidc.UpstreamIdentityProvidersLister) http.Handler {`
			`return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
			`if r.Method != http.MethodGet {`
			http.Error(w, `Method not allowed (try GET)`, http.StatusMethodNotAllowed)
			`return`
			`}`

			`encodedMetadata, encodeErr := responseAsJSON(upstreamIDPs)`
			`if encodeErr != nil {`
			`http.Error(w, encodeErr.Error(), http.StatusInternalServerError)`
			`return`
			`}`

			`w.Header().Set("Content-Type", "application/json")`
			`if _, err := w.Write(encodedMetadata); err != nil {`
			`http.Error(w, err.Error(), http.StatusInternalServerError)`
			`return`
			`}`
			`})`
			`}`

			`func responseAsJSON(upstreamIDPs oidc.UpstreamIdentityProvidersLister) ([]byte, error) {`
			`r := response{`
			`IDPs: []identityProviderResponse{},`
			`}`

			`// The cache of IDPs could change at any time, so always recalculate the list.`
			`for _, provider := range upstreamIDPs.GetLDAPIdentityProviders() {`
			`r.IDPs = append(r.IDPs, identityProviderResponse{Name: provider.GetName(), Type: idpDiscoveryTypeLDAP})`
			`}`
			`for _, provider := range upstreamIDPs.GetOIDCIdentityProviders() {`
			`r.IDPs = append(r.IDPs, identityProviderResponse{Name: provider.GetName(), Type: idpDiscoveryTypeOIDC})`
			`}`

			`// Nobody like an API that changes the results unnecessarily. :)`
			`sort.SliceStable(r.IDPs, func(i, j int) bool {`
			`return r.IDPs[i].Name < r.IDPs[j].Name`
			`})`

			`var b bytes.Buffer`
			`encodeErr := json.NewEncoder(&b).Encode(&r)`
			`encodedMetadata := b.Bytes()`

			`return encodedMetadata, encodeErr`
			`}`