Auth for frontend

author: LLLL Colonq <llll@colonq> 2024-08-08 21:52:29 -0400
committer: LLLL Colonq <llll@colonq> 2024-08-08 21:52:29 -0400
commit: 31d0954b9e51a0ca9071a92637e3a2e86660fe3e (patch)
tree: b8cfa0aecb709991c9ca8a9fca572814b74dac74 /fig-frontend/src/Fig/Frontend/Auth.hs
parent: 2482292d033013ff37bbd4cdac00632b3dc70323 (diff)
1 files changed, 29 insertions, 15 deletions
diff --git a/fig-frontend/src/Fig/Frontend/Auth.hs b/fig-frontend/src/Fig/Frontend/Auth.hs
index e9fe233..27e1045 100644
--- a/fig-frontend/src/Fig/Frontend/Auth.hs
+++ b/fig-frontend/src/Fig/Frontend/Auth.hs
@@ -4,6 +4,10 @@ import Fig.Prelude
 
 import qualified Network.HTTP.Req as R
 
+import Data.Maybe (mapMaybe)
+import qualified Data.Text as Text
+import qualified Data.Text.Lazy as Text.Lazy
+import qualified Data.Map.Strict as Map
 import qualified Data.Aeson as Aeson
 import qualified Data.Aeson.Types as Aeson
 
@@ -21,7 +25,7 @@ data TokenContents = TokenContents
   , iat :: !Int
   , iss :: !Text
   , sub :: !Text
-  , azp :: !Text
+  , azp :: !(Maybe Text)
   , nonce :: !Text
   , preferred_username :: !Text
   } deriving (Show, Eq, Generic)
@@ -53,21 +57,31 @@ validateToken encodedToken = fetchJwk >>= \case
 
 data Auth = Auth { id :: !Text, name :: !Text } deriving Show
 checkAuth :: Config -> Sc.ActionM (Maybe Auth)
-checkAuth cfg = (,)
-  <$> Sc.C.getCookie "id_token"
-  <*> Sc.C.getCookie "authnonce"
+checkAuth cfg =
+  Sc.header "Authorization"
   >>= \case
-    (Just token, Just nonce) -> do
-      validateToken (encodeUtf8 token) >>= \case
-        Just tc 
-          | tc.aud == cfg.clientId
-          , tc.nonce == nonce
-            -> do
-              log $ tshow tc
-              pure . Just $ Auth
-                { name = tc.preferred_username
-                , id = tc.sub
-                }
+    Just authstrLazy -> do
+      let authstr = drop 1 $ Text.splitOn " " $ Text.Lazy.toStrict authstrLazy
+      let pairs = Map.fromList $ flip mapMaybe authstr \s ->
+            case Text.splitOn "=" s of
+              [k, v] -> Just (k, Text.takeWhile (/='"') $ Text.drop 1 v)
+              _ -> Nothing
+      case (Map.lookup "token" pairs, Map.lookup "nonce" pairs) of
+        (Just token, Just nonce) -> do
+          log $ tshow token
+          log $ tshow nonce
+          validateToken (encodeUtf8 token) >>= \case
+            Just tc 
+              | tc.aud == cfg.clientId
+              , tc.nonce == nonce
+                -> do
+                  log $ tshow tc
+                  pure . Just $ Auth
+                    { name = tc.preferred_username
+                    , id = tc.sub
+                    }
+            _else -> do
+              pure Nothing
         _else -> pure Nothing
     _else -> pure Nothing
author	LLLL Colonq <llll@colonq>	2024-08-08 21:52:29 -0400
committer	LLLL Colonq <llll@colonq>	2024-08-08 21:52:29 -0400
commit	31d0954b9e51a0ca9071a92637e3a2e86660fe3e (patch)
tree	b8cfa0aecb709991c9ca8a9fca572814b74dac74 /fig-frontend/src/Fig/Frontend/Auth.hs
parent	2482292d033013ff37bbd4cdac00632b3dc70323 (diff)