feat: implement basic oidc functionality

Author: steveiliop56

frontend/src/pages/authorize-page.tsx

@@ -1,6 +1,6 @@
 import { useUserContext } from "@/context/user-context";
-import { useQuery } from "@tanstack/react-query";
-import { Navigate } from "react-router";
+import { useMutation, useQuery } from "@tanstack/react-query";
+import { Navigate, useNavigate } from "react-router";
 import { useLocation } from "react-router";
 import {
   Card,
@@ -11,6 +11,8 @@ import {
 } from "@/components/ui/card";
 import { getOidcClientInfoScehma } from "@/schemas/oidc-schemas";
 import { Button } from "@/components/ui/button";
+import axios from "axios";
+import { toast } from "sonner";
 
 type AuthorizePageProps = {
   scope: string;
@@ -25,6 +27,7 @@ const optionalAuthorizeProps = ["state"];
 export const AuthorizePage = () => {
   const { isLoggedIn } = useUserContext();
   const { search } = useLocation();
+  const navigate = useNavigate();
 
   const searchParams = new URLSearchParams(search);
 
@@ -46,20 +49,46 @@ export const AuthorizePage = () => {
     },
   });
 
+  const authorizeMutation = useMutation({
+    mutationFn: () => {
+      return axios.post("/api/oidc/authorize", {
+        scope: props.scope,
+        response_type: props.responseType,
+        client_id: props.clientId,
+        redirect_uri: props.redirectUri,
+        state: props.state,
+      });
+    },
+    mutationKey: ["authorize", props.clientId],
+    onSuccess: (data) => {
+      toast.info("Authorized", {
+        description: "You will be soon redirected to your application",
+      });
+      window.location.replace(
+        `${data.data.redirect_uri}?code=${encodeURIComponent(data.data.code)}&state=${encodeURIComponent(data.data.state)}`,
+      );
+    },
+    onError: (error) => {
+      window.location.replace(
+        `/error?error=${encodeURIComponent(error.message)}`,
+      );
+    },
+  });
+
   if (!isLoggedIn) {
     // TODO: Pass the params to the login page, so user can login -> authorize
     return <Navigate to="/login" replace />;
   }
 
-  for (const key in Object.keys(props)) {
+  Object.keys(props).forEach((key) => {
     if (
       !props[key as keyof AuthorizePageProps] &&
       !optionalAuthorizeProps.includes(key)
     ) {
       // TODO: Add reason for error
       return <Navigate to="/error" replace />;
     }
-  }
+  });
 
   if (getClientInfo.isLoading) {
     return (
@@ -91,8 +120,19 @@ export const AuthorizePage = () => {
         </CardDescription>
       </CardHeader>
       <CardFooter className="flex flex-col items-stretch gap-2">
-        <Button>Authorize</Button>
-        <Button variant="outline">Cancel</Button>
+        <Button
+          onClick={() => authorizeMutation.mutate()}
+          loading={authorizeMutation.isPending}
+        >
+          Authorize
+        </Button>
+        <Button
+          onClick={() => navigate("/")}
+          disabled={authorizeMutation.isPending}
+          variant="outline"
+        >
+          Cancel
+        </Button>
       </CardFooter>
     </Card>
   );

internal/assets/migrations/000005_oidc_session.down.sql

@@ -0,0 +1,3 @@
+DROP TABLE IF EXISTS "oidc_tokens";
+DROP TABLE IF EXISTS "oidc_userinfo";
+DROP TABLE IF EXISTS "oidc_codes";

internal/assets/migrations/000005_oidc_session.up.sql

@@ -0,0 +1,25 @@
+CREATE TABLE IF NOT EXISTS "oidc_codes" (
+    "sub" TEXT NOT NULL UNIQUE,
+    "code" TEXT NOT NULL PRIMARY KEY UNIQUE,
+    "scope" TEXT NOT NULL,
+    "redirect_uri" TEXT NOT NULL,
+    "client_id" TEXT NOT NULL,
+    "expires_at" INTEGER NOT NULL
+);
+
+CREATE TABLE IF NOT EXISTS "oidc_tokens" (
+    "sub" TEXT NOT NULL UNIQUE,
+    "access_token" TEXT NOT NULL PRIMARY KEY UNIQUE,
+    "scope" TEXT NOT NULL,
+    "client_id" TEXT NOT NULL,
+    "expires_at" INTEGER NOT NULL
+);
+
+CREATE TABLE IF NOT EXISTS "oidc_userinfo" (
+    "sub" TEXT NOT NULL UNIQUE PRIMARY KEY,
+    "name" TEXT NOT NULL,
+    "preferred_username" TEXT NOT NULL,
+    "email" TEXT NOT NULL,
+    "groups" TEXT NOT NULL,
+    "updated_at" INTEGER NOT NULL
+);

internal/bootstrap/app_bootstrap.go

@@ -176,7 +176,7 @@ func (app *BootstrapApp) Setup() error {
 	app.context.configuredProviders = configuredProviders
 
 	// Setup router
-	router, err := app.setupRouter()
+	router, err := app.setupRouter(queries)
 
 	if err != nil {
 		return fmt.Errorf("failed to setup routes: %w", err)

internal/bootstrap/router_bootstrap.go

@@ -7,13 +7,14 @@ import (
 	"github.com/steveiliop56/tinyauth/internal/config"
 	"github.com/steveiliop56/tinyauth/internal/controller"
 	"github.com/steveiliop56/tinyauth/internal/middleware"
+	"github.com/steveiliop56/tinyauth/internal/repository"
 
 	"github.com/gin-gonic/gin"
 )
 
 var DEV_MODES = []string{"main", "test", "development"}
 
-func (app *BootstrapApp) setupRouter() (*gin.Engine, error) {
+func (app *BootstrapApp) setupRouter(queries *repository.Queries) (*gin.Engine, error) {
 	if !slices.Contains(DEV_MODES, config.Version) {
 		gin.SetMode(gin.ReleaseMode)
 	}
@@ -88,7 +89,8 @@ func (app *BootstrapApp) setupRouter() (*gin.Engine, error) {
 
 	oidcController := controller.NewOIDCController(controller.OIDCControllerConfig{
 		Clients: app.context.oidcClients,
-	}, apiRouter)
+		AppURL:  app.config.AppURL,
+	}, apiRouter, queries)
 
 	oidcController.SetupRoutes()