Merge branch 'main' of https://code.spamasaurus.com/djpbessems/ContainerImage.SpamasaurusRex

fix: Include Mozilla CA certificate list for TLS trust
chore(release): 1.0.3 [skip ci]
2024-03-08 12:31:19 +11:00 · 2024-03-08 12:31:17 +11:00 · 2024-03-08 00:58:33 +00:00 · 2024-03-08 11:50:03 +11:00 · 2024-03-08 11:50:00 +11:00
5 changed files with 64 additions and 31 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,10 @@
+## [1.0.3](http://gitea.gitea.svc.cluster.local:3000/djpbessems/ContainerImage.SpamasaurusRex/compare/v1.0.2...v1.0.3) (2024-03-08)
+
+
+### Bug Fixes
+
+* Refactor to use interactivebrowser login ([580f64b](http://gitea.gitea.svc.cluster.local:3000/djpbessems/ContainerImage.SpamasaurusRex/commit/580f64b7f203a2a55e0df1d34545e19fc070fecd))
+
 ## [1.0.2](http://gitea.gitea.svc.cluster.local:3000/djpbessems/ContainerImage.SpamasaurusRex/compare/v1.0.1...v1.0.2) (2024-03-01)


--- a/go.mod
+++ b/go.mod
@@ -3,6 +3,7 @@ module pkg/spamasaurusrex
 go 1.19

 require (
+	github.com/breml/rootcerts v0.2.16
 	github.com/gorilla/mux v1.8.1
 	github.com/microsoftgraph/msgraph-sdk-go v1.34.0
 )
--- a/go.sum
+++ b/go.sum
@@ -6,6 +6,8 @@ github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2 h1:LqbJ/WzJUwBf8UiaSzgX7aM
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2/go.mod h1:yInRyqWXAuaPrgI7p70+lDDgh3mlBohis29jGMISnmc=
 github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1 h1:DzHpqpoJVaCgOUdVHxE8QB52S6NiVdDQvGlny1qvPqA=
 github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI=
+github.com/breml/rootcerts v0.2.16 h1:yN1TGvicfHx8dKz3OQRIrx/5nE/iN3XT1ibqGbd6urc=
+github.com/breml/rootcerts v0.2.16/go.mod h1:S/PKh+4d1HUn4HQovEB8hPJZO6pUZYrIhmXBhsegfXw=
 github.com/cjlapao/common-go v0.0.39 h1:bAAUrj2B9v0kMzbAOhzjSmiyDy+rd56r2sy7oEiQLlA=
 github.com/cjlapao/common-go v0.0.39/go.mod h1:M3dzazLjTjEtZJbbxoA5ZDiGCiHmpwqW9l4UWaddwOA=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
--- a/pkg/graphhelper/graphhelper.go
+++ b/pkg/graphhelper/graphhelper.go
@@ -2,22 +2,21 @@ package graphhelper

 import (
 	"context"
-	"fmt"
-	"os"
 	"strings"

 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
 	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
 	auth "github.com/microsoft/kiota-authentication-azure-go"
 	msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
-	// "github.com/microsoftgraph/msgraph-sdk-go/models"
-	// "github.com/microsoftgraph/msgraph-sdk-go/users"
+	"github.com/microsoftgraph/msgraph-sdk-go/models"
+	"github.com/microsoftgraph/msgraph-sdk-go/users"
 )

 type GraphHelper struct {
-	deviceCodeCredential *azidentity.DeviceCodeCredential
-	userClient           *msgraphsdk.GraphServiceClient
-	graphUserScopes      []string
+	// deviceCodeCredential *azidentity.DeviceCodeCredential
+	InteractiveBrowserCredential *azidentity.InteractiveBrowserCredential
+	userClient                   *msgraphsdk.GraphServiceClient
+	graphUserScopes              []string
 }

 func NewGraphHelper() *GraphHelper {
@@ -26,25 +25,30 @@ func NewGraphHelper() *GraphHelper {
 }

 func (g *GraphHelper) InitializeGraphForUserAuth() error {
-	clientId := os.Getenv("CLIENT_ID")
-	tenantId := os.Getenv("TENANT_ID")
-	scopes := os.Getenv("GRAPH_USER_SCOPES")
+	// clientId := os.Getenv("CLIENT_ID")
+	clientId := "dccb4b93-3f75-4775-a94a-da39216d7daf"
+	// tenantId := os.Getenv("TENANT_ID")
+	tenantId := "ceeae22e-f163-4ac9-b7c2-45972d3aed4f"
+	// scopes := os.Getenv("GRAPH_USER_SCOPES")
+	scopes := "user.read"
 	g.graphUserScopes = strings.Split(scopes, ",")

 	// Create the device code credential
-	credential, err := azidentity.NewDeviceCodeCredential(&azidentity.DeviceCodeCredentialOptions{
+	// credential, err := azidentity.NewDeviceCodeCredential(&azidentity.DeviceCodeCredentialOptions{
+	credential, err := azidentity.NewInteractiveBrowserCredential(&azidentity.InteractiveBrowserCredentialOptions{
 		ClientID: clientId,
 		TenantID: tenantId,
-		UserPrompt: func(ctx context.Context, message azidentity.DeviceCodeMessage) error {
-			fmt.Println(message.Message)
-			return nil
-		},
+		// UserPrompt: func(ctx context.Context, message azidentity.DeviceCodeMessage) error {
+		// 	fmt.Println(message.Message)
+		// 	return nil
+		// },
+		RedirectURL: "https://alias.spamasaurus.com/",
 	})
 	if err != nil {
 		return err
 	}

-	g.deviceCodeCredential = credential
+	g.InteractiveBrowserCredential = credential

 	// Create an auth provider using the credential
 	authProvider, err := auth.NewAzureIdentityAuthenticationProviderWithScopes(credential, g.graphUserScopes)
@@ -66,7 +70,7 @@ func (g *GraphHelper) InitializeGraphForUserAuth() error {
 }

 func (g *GraphHelper) GetUserToken() (*string, error) {
-	token, err := g.deviceCodeCredential.GetToken(context.Background(), policy.TokenRequestOptions{
+	token, err := g.InteractiveBrowserCredential.GetToken(context.Background(), policy.TokenRequestOptions{
 		Scopes: g.graphUserScopes,
 	})
 	if err != nil {
@@ -75,3 +79,15 @@ func (g *GraphHelper) GetUserToken() (*string, error) {

 	return &token.Token, nil
 }
+
+func (g *GraphHelper) GetUser() (models.Userable, error) {
+	query := users.UserItemRequestBuilderGetQueryParameters{
+		// Only request specific properties
+		Select: []string{"displayName", "mail", "userPrincipalName"},
+	}
+
+	return g.userClient.Me().Get(context.Background(),
+		&users.UserItemRequestBuilderGetRequestConfiguration{
+			QueryParameters: &query,
+		})
+}
--- a/pkg/spamasaurusrex/main.go
+++ b/pkg/spamasaurusrex/main.go
@@ -11,39 +11,50 @@ import (
 	"syscall"
 	"time"

+	_ "github.com/breml/rootcerts"
 	"github.com/gorilla/mux"
 )

 func handler(w http.ResponseWriter, r *http.Request) {
-	query := r.URL.Query()
-	name := query.Get("name")
-
 	graphHelper := graphhelper.NewGraphHelper()
-
 	initializeGraph(graphHelper)
-	greetUser(graphHelper)

-	if name == "" {
-		name = "Guest"
+	user, err := graphHelper.GetUser()
+	if err != nil {
+		log.Panicf("Error getting user: %v\n", err)
 	}
-	log.Printf("Received request for %s\n", name)
-	w.Write([]byte(fmt.Sprintf("Hello, %s\n", name)))
+
+	fmt.Printf("Hello, %s!\n", *user.GetDisplayName())
+	w.Write([]byte(fmt.Sprintf("Hello, %s\n", *user.GetDisplayName())))
+
+	// query := r.URL.Query()
+	// name := query.Get("name")
+	// w.Write([]byte(fmt.Sprintf("Hello, %s\n", name)))
 }

 func healthHandler(w http.ResponseWriter, r *http.Request) {
 	w.WriteHeader(http.StatusOK)
 }

+func loginHandler(w http.ResponseWriter, r *http.Request) {
+	clientId := "dccb4b93-3f75-4775-a94a-da39216d7daf"
+	tenantId := "ceeae22e-f163-4ac9-b7c2-45972d3aed4f"
+	redirectURI := "https://alias.spamasaurus.com/"
+
+	http.Redirect(w, r,
+		"https://login.microsoftonline.com/"+tenantId+"/oauth2/v2.0/authorize?client_id="+clientId+"&response_type=code&redirect_uri="+redirectURI+"&scope=openid profile offline_access", http.StatusMovedPermanently)
+}
+
 func readinessHandler(w http.ResponseWriter, r *http.Request) {
 	w.WriteHeader(http.StatusOK)
 }

 func main() {
-	// Create Server and Route Handlers
 	r := mux.NewRouter()

 	r.HandleFunc("/", handler)
 	r.HandleFunc("/health", healthHandler)
+	r.HandleFunc("/login", loginHandler)
 	r.HandleFunc("/readiness", readinessHandler)

 	srv := &http.Server{
@@ -88,10 +99,6 @@ func initializeGraph(graphHelper *graphhelper.GraphHelper) {
 	}
 }

-func greetUser(graphHelper *graphhelper.GraphHelper) {
-	// TODO
-}
-
 func displayAccessToken(graphHelper *graphhelper.GraphHelper) {
 	token, err := graphHelper.GetUserToken()
 	if err != nil {
Author	SHA1	Message	Date
djpbessems	87b97ea82e	Merge branch 'main' of https://code.spamasaurus.com/djpbessems/ContainerImage.SpamasaurusRex All checks were successful Container & Helm chart / Semantic Release (Dry-run) (push) Successful in 26s Details Container & Helm chart / Helm chart (push) Successful in 15s Details Container & Helm chart / Container image (push) Successful in 5m24s Details Container & Helm chart / Semantic Release (push) Successful in 28s Details	2024-03-08 12:31:19 +11:00
djpbessems	72ed8073bf	fix: Include Mozilla CA certificate list for TLS trust	2024-03-08 12:31:17 +11:00
semantic-release-bot	4058432f17	chore(release): 1.0.3 [skip ci] ## [1.0.3](http://gitea.gitea.svc.cluster.local:3000/djpbessems/ContainerImage.SpamasaurusRex/compare/v1.0.2...v1.0.3) (2024-03-08) ### Bug Fixes * Refactor to use interactivebrowser login ([`580f64b`](`580f64b7f2`))	2024-03-08 00:58:33 +00:00
djpbessems	8b4a635d15	Merge branch 'main' of https://code.spamasaurus.com/djpbessems/ContainerImage.SpamasaurusRex All checks were successful Container & Helm chart / Semantic Release (Dry-run) (push) Successful in 1m29s Details Container & Helm chart / Helm chart (push) Successful in 36s Details Container & Helm chart / Container image (push) Successful in 6m31s Details Container & Helm chart / Semantic Release (push) Successful in 27s Details	2024-03-08 11:50:03 +11:00
djpbessems	580f64b7f2	fix: Refactor to use interactivebrowser login	2024-03-08 11:50:00 +11:00