Compare commits
15 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| a7dedbe6db | |||
| f02370d5bc | |||
| 3dbfb4a917 | |||
| ddb220a889 | |||
| ddbc209324 | |||
| b4d866bbe8 | |||
| 4f14b47137 | |||
| 905f2aed8e | |||
| 3a0c288e55 | |||
| d650c1437c | |||
| 87b97ea82e | |||
| 72ed8073bf | |||
| 4058432f17 | |||
| 8b4a635d15 | |||
| 580f64b7f2 |
35
CHANGELOG.md
35
CHANGELOG.md
@ -1,3 +1,38 @@
|
||||
## [1.0.7](http://gitea.gitea.svc.cluster.local:3000/djpbessems/ContainerImage.SpamasaurusRex/compare/v1.0.6...v1.0.7) (2024-03-09)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* Expand scope of debugging variable ([3dbfb4a](http://gitea.gitea.svc.cluster.local:3000/djpbessems/ContainerImage.SpamasaurusRex/commit/3dbfb4a917fa5f886c52f0ae11c1cab73ecb7713))
|
||||
|
||||
## [1.0.6](http://gitea.gitea.svc.cluster.local:3000/djpbessems/ContainerImage.SpamasaurusRex/compare/v1.0.5...v1.0.6) (2024-03-09)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* Add verbose debugging output ([b4d866b](http://gitea.gitea.svc.cluster.local:3000/djpbessems/ContainerImage.SpamasaurusRex/commit/b4d866bbe8cf3f9632fdf69de4f15779c0099a9f))
|
||||
|
||||
## [1.0.5](http://gitea.gitea.svc.cluster.local:3000/djpbessems/ContainerImage.SpamasaurusRex/compare/v1.0.4...v1.0.5) (2024-03-08)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* Rebase to MSAL library for authentication ([3a0c288](http://gitea.gitea.svc.cluster.local:3000/djpbessems/ContainerImage.SpamasaurusRex/commit/3a0c288e55d4a717fa89f9548c5006e6c6bd7969))
|
||||
|
||||
## [1.0.4](http://gitea.gitea.svc.cluster.local:3000/djpbessems/ContainerImage.SpamasaurusRex/compare/v1.0.3...v1.0.4) (2024-03-08)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* Include Mozilla CA certificate list for TLS trust ([72ed807](http://gitea.gitea.svc.cluster.local:3000/djpbessems/ContainerImage.SpamasaurusRex/commit/72ed8073bf65a04efc68a4de28f5319b3931f6bc))
|
||||
|
||||
## [1.0.3](http://gitea.gitea.svc.cluster.local:3000/djpbessems/ContainerImage.SpamasaurusRex/compare/v1.0.2...v1.0.3) (2024-03-08)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* Refactor to use interactivebrowser login ([580f64b](http://gitea.gitea.svc.cluster.local:3000/djpbessems/ContainerImage.SpamasaurusRex/commit/580f64b7f203a2a55e0df1d34545e19fc070fecd))
|
||||
|
||||
## [1.0.2](http://gitea.gitea.svc.cluster.local:3000/djpbessems/ContainerImage.SpamasaurusRex/compare/v1.0.1...v1.0.2) (2024-03-01)
|
||||
|
||||
|
||||
|
||||
@ -14,6 +14,6 @@ WORKDIR /app
|
||||
|
||||
COPY --from=builder /app/main .
|
||||
|
||||
EXPOSE 80
|
||||
EXPOSE 8080
|
||||
|
||||
CMD ["./main"]
|
||||
|
||||
5
go.mod
5
go.mod
@ -3,12 +3,13 @@ module pkg/spamasaurusrex
|
||||
go 1.19
|
||||
|
||||
require (
|
||||
github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1
|
||||
github.com/breml/rootcerts v0.2.16
|
||||
github.com/gorilla/mux v1.8.1
|
||||
github.com/microsoftgraph/msgraph-sdk-go v1.34.0
|
||||
)
|
||||
|
||||
require (
|
||||
github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1 // indirect
|
||||
github.com/golang-jwt/jwt/v5 v5.2.0 // indirect
|
||||
github.com/kylelemons/godebug v1.1.0 // indirect
|
||||
github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
|
||||
@ -21,7 +22,7 @@ require (
|
||||
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1
|
||||
github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2 // indirect
|
||||
github.com/cjlapao/common-go v0.0.39 // indirect
|
||||
github.com/davecgh/go-spew v1.1.1 // indirect
|
||||
github.com/davecgh/go-spew v1.1.1
|
||||
github.com/go-logr/logr v1.4.1 // indirect
|
||||
github.com/go-logr/stdr v1.2.2 // indirect
|
||||
github.com/google/uuid v1.6.0 // indirect
|
||||
|
||||
2
go.sum
2
go.sum
@ -6,6 +6,8 @@ github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2 h1:LqbJ/WzJUwBf8UiaSzgX7aM
|
||||
github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2/go.mod h1:yInRyqWXAuaPrgI7p70+lDDgh3mlBohis29jGMISnmc=
|
||||
github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1 h1:DzHpqpoJVaCgOUdVHxE8QB52S6NiVdDQvGlny1qvPqA=
|
||||
github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI=
|
||||
github.com/breml/rootcerts v0.2.16 h1:yN1TGvicfHx8dKz3OQRIrx/5nE/iN3XT1ibqGbd6urc=
|
||||
github.com/breml/rootcerts v0.2.16/go.mod h1:S/PKh+4d1HUn4HQovEB8hPJZO6pUZYrIhmXBhsegfXw=
|
||||
github.com/cjlapao/common-go v0.0.39 h1:bAAUrj2B9v0kMzbAOhzjSmiyDy+rd56r2sy7oEiQLlA=
|
||||
github.com/cjlapao/common-go v0.0.39/go.mod h1:M3dzazLjTjEtZJbbxoA5ZDiGCiHmpwqW9l4UWaddwOA=
|
||||
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
|
||||
|
||||
@ -2,22 +2,21 @@ package graphhelper
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"os"
|
||||
"strings"
|
||||
|
||||
"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
|
||||
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
|
||||
auth "github.com/microsoft/kiota-authentication-azure-go"
|
||||
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
|
||||
// "github.com/microsoftgraph/msgraph-sdk-go/models"
|
||||
// "github.com/microsoftgraph/msgraph-sdk-go/users"
|
||||
"github.com/microsoftgraph/msgraph-sdk-go/models"
|
||||
"github.com/microsoftgraph/msgraph-sdk-go/users"
|
||||
)
|
||||
|
||||
type GraphHelper struct {
|
||||
deviceCodeCredential *azidentity.DeviceCodeCredential
|
||||
userClient *msgraphsdk.GraphServiceClient
|
||||
graphUserScopes []string
|
||||
// deviceCodeCredential *azidentity.DeviceCodeCredential
|
||||
InteractiveBrowserCredential *azidentity.InteractiveBrowserCredential
|
||||
userClient *msgraphsdk.GraphServiceClient
|
||||
graphUserScopes []string
|
||||
}
|
||||
|
||||
func NewGraphHelper() *GraphHelper {
|
||||
@ -26,25 +25,30 @@ func NewGraphHelper() *GraphHelper {
|
||||
}
|
||||
|
||||
func (g *GraphHelper) InitializeGraphForUserAuth() error {
|
||||
clientId := os.Getenv("CLIENT_ID")
|
||||
tenantId := os.Getenv("TENANT_ID")
|
||||
scopes := os.Getenv("GRAPH_USER_SCOPES")
|
||||
// clientId := os.Getenv("CLIENT_ID")
|
||||
clientId := "dccb4b93-3f75-4775-a94a-da39216d7daf"
|
||||
// tenantId := os.Getenv("TENANT_ID")
|
||||
tenantId := "ceeae22e-f163-4ac9-b7c2-45972d3aed4f"
|
||||
// scopes := os.Getenv("GRAPH_USER_SCOPES")
|
||||
scopes := "user.read"
|
||||
g.graphUserScopes = strings.Split(scopes, ",")
|
||||
|
||||
// Create the device code credential
|
||||
credential, err := azidentity.NewDeviceCodeCredential(&azidentity.DeviceCodeCredentialOptions{
|
||||
// credential, err := azidentity.NewDeviceCodeCredential(&azidentity.DeviceCodeCredentialOptions{
|
||||
credential, err := azidentity.NewInteractiveBrowserCredential(&azidentity.InteractiveBrowserCredentialOptions{
|
||||
ClientID: clientId,
|
||||
TenantID: tenantId,
|
||||
UserPrompt: func(ctx context.Context, message azidentity.DeviceCodeMessage) error {
|
||||
fmt.Println(message.Message)
|
||||
return nil
|
||||
},
|
||||
// UserPrompt: func(ctx context.Context, message azidentity.DeviceCodeMessage) error {
|
||||
// fmt.Println(message.Message)
|
||||
// return nil
|
||||
// },
|
||||
RedirectURL: "https://alias.spamasaurus.com/",
|
||||
})
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
g.deviceCodeCredential = credential
|
||||
g.InteractiveBrowserCredential = credential
|
||||
|
||||
// Create an auth provider using the credential
|
||||
authProvider, err := auth.NewAzureIdentityAuthenticationProviderWithScopes(credential, g.graphUserScopes)
|
||||
@ -66,7 +70,7 @@ func (g *GraphHelper) InitializeGraphForUserAuth() error {
|
||||
}
|
||||
|
||||
func (g *GraphHelper) GetUserToken() (*string, error) {
|
||||
token, err := g.deviceCodeCredential.GetToken(context.Background(), policy.TokenRequestOptions{
|
||||
token, err := g.InteractiveBrowserCredential.GetToken(context.Background(), policy.TokenRequestOptions{
|
||||
Scopes: g.graphUserScopes,
|
||||
})
|
||||
if err != nil {
|
||||
@ -75,3 +79,15 @@ func (g *GraphHelper) GetUserToken() (*string, error) {
|
||||
|
||||
return &token.Token, nil
|
||||
}
|
||||
|
||||
func (g *GraphHelper) GetUser() (models.Userable, error) {
|
||||
query := users.UserItemRequestBuilderGetQueryParameters{
|
||||
// Only request specific properties
|
||||
Select: []string{"displayName", "mail", "userPrincipalName"},
|
||||
}
|
||||
|
||||
return g.userClient.Me().Get(context.Background(),
|
||||
&users.UserItemRequestBuilderGetRequestConfiguration{
|
||||
QueryParameters: &query,
|
||||
})
|
||||
}
|
||||
|
||||
@ -11,39 +11,66 @@ import (
|
||||
"syscall"
|
||||
"time"
|
||||
|
||||
_ "github.com/breml/rootcerts"
|
||||
"github.com/gorilla/mux"
|
||||
|
||||
"github.com/davecgh/go-spew/spew"
|
||||
|
||||
"github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential"
|
||||
)
|
||||
|
||||
func handler(w http.ResponseWriter, r *http.Request) {
|
||||
query := r.URL.Query()
|
||||
name := query.Get("name")
|
||||
clientId := "dccb4b93-3f75-4775-a94a-da39216d7daf"
|
||||
tenantId := "ceeae22e-f163-4ac9-b7c2-45972d3aed4f"
|
||||
// redirectURI := "https://alias.spamasaurus.com/"
|
||||
scopes := []string{"email"}
|
||||
|
||||
graphHelper := graphhelper.NewGraphHelper()
|
||||
|
||||
initializeGraph(graphHelper)
|
||||
greetUser(graphHelper)
|
||||
|
||||
if name == "" {
|
||||
name = "Guest"
|
||||
// confidential clients have a credential, such as a secret or a certificate
|
||||
cred, err := confidential.NewCredFromSecret("client_secret")
|
||||
if err != nil {
|
||||
// TODO: handle error
|
||||
}
|
||||
log.Printf("Received request for %s\n", name)
|
||||
w.Write([]byte(fmt.Sprintf("Hello, %s\n", name)))
|
||||
|
||||
confidentialClient, err := confidential.New("https://login.microsoftonline.com/"+tenantId, clientId, cred)
|
||||
if err != nil {
|
||||
// TODO: handle error
|
||||
}
|
||||
|
||||
result, err := confidentialClient.AcquireTokenSilent(context.TODO(), scopes)
|
||||
if err != nil {
|
||||
// cache miss, authenticate with another AcquireToken... method
|
||||
result, err = confidentialClient.AcquireTokenByCredential(context.TODO(), scopes)
|
||||
if err != nil {
|
||||
// TODO: handle error
|
||||
}
|
||||
}
|
||||
// accessToken := result.AccessToken
|
||||
w.Write([]byte(fmt.Sprintf("Hello, %s\n", spew.Sdump(result))))
|
||||
}
|
||||
|
||||
func healthHandler(w http.ResponseWriter, r *http.Request) {
|
||||
w.WriteHeader(http.StatusOK)
|
||||
}
|
||||
|
||||
func loginHandler(w http.ResponseWriter, r *http.Request) {
|
||||
clientId := "dccb4b93-3f75-4775-a94a-da39216d7daf"
|
||||
tenantId := "ceeae22e-f163-4ac9-b7c2-45972d3aed4f"
|
||||
redirectURI := "https://alias.spamasaurus.com/"
|
||||
|
||||
http.Redirect(w, r,
|
||||
"https://login.microsoftonline.com/"+tenantId+"/oauth2/v2.0/authorize?client_id="+clientId+"&response_type=code&redirect_uri="+redirectURI+"&scope=openid profile offline_access", http.StatusMovedPermanently)
|
||||
}
|
||||
|
||||
func readinessHandler(w http.ResponseWriter, r *http.Request) {
|
||||
w.WriteHeader(http.StatusOK)
|
||||
}
|
||||
|
||||
func main() {
|
||||
// Create Server and Route Handlers
|
||||
r := mux.NewRouter()
|
||||
|
||||
r.HandleFunc("/", handler)
|
||||
r.HandleFunc("/health", healthHandler)
|
||||
r.HandleFunc("/login", loginHandler)
|
||||
r.HandleFunc("/readiness", readinessHandler)
|
||||
|
||||
srv := &http.Server{
|
||||
@ -88,10 +115,6 @@ func initializeGraph(graphHelper *graphhelper.GraphHelper) {
|
||||
}
|
||||
}
|
||||
|
||||
func greetUser(graphHelper *graphhelper.GraphHelper) {
|
||||
// TODO
|
||||
}
|
||||
|
||||
func displayAccessToken(graphHelper *graphhelper.GraphHelper) {
|
||||
token, err := graphHelper.GetUserToken()
|
||||
if err != nil {
|
||||
|
||||
Reference in New Issue
Block a user