-
-
Notifications
You must be signed in to change notification settings - Fork 1
/
auth.go
60 lines (48 loc) · 1.3 KB
/
auth.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
package charon
import (
"io"
"net/http"
"gitlab.com/tozd/go/x"
"gitlab.com/tozd/identifier"
"gitlab.com/tozd/waf"
)
type AccountRef struct {
ID identifier.Identifier `json:"id"`
}
type AuthSignoutRequest struct {
Location string `json:"location"`
}
type AuthSignoutResponse struct {
URL string `json:"url"`
Replace bool `json:"replace"`
}
// TODO: Allow specifying that a) provider who signed the user in should be signed out as well b) all providers user is known with is signed out as well.
func (s *Service) AuthSignoutPost(w http.ResponseWriter, req *http.Request, _ waf.Params) {
defer req.Body.Close()
defer io.Copy(io.Discard, req.Body) //nolint:errcheck
var authSignoutRequest AuthSignoutRequest
errE := x.DecodeJSONWithoutUnknownFields(req.Body, &authSignoutRequest)
if errE != nil {
s.BadRequestWithError(w, req, errE)
return
}
location, errE := validRedirectLocation(s, authSignoutRequest.Location)
if errE != nil {
s.BadRequestWithError(w, req, errE)
return
}
cookie := http.Cookie{ //nolint:exhaustruct
Name: SessionCookieName,
Path: "/",
Domain: "",
MaxAge: -1,
Secure: true,
HttpOnly: true,
SameSite: http.SameSiteLaxMode,
}
http.SetCookie(w, &cookie)
s.WriteJSON(w, req, AuthSignoutResponse{
URL: location,
Replace: false,
}, nil)
}