diff --git a/pkg/internal/http/api/accounts_api.go b/pkg/internal/http/api/accounts_api.go index 75400ac..75f6849 100644 --- a/pkg/internal/http/api/accounts_api.go +++ b/pkg/internal/http/api/accounts_api.go @@ -68,18 +68,6 @@ func getUserinfo(c *fiber.Ctx) error { raw, _ := jsoniter.Marshal(data) _ = jsoniter.Unmarshal(raw, &resp) - // Used to support OIDC standard - resp["sub"] = strconv.Itoa(int(data.ID)) - resp["family_name"] = data.Profile.FirstName - resp["given_name"] = data.Profile.LastName - resp["name"] = data.Name - resp["email"] = data.GetPrimaryEmail().Content - resp["preferred_username"] = data.Nick - - if data.Avatar != nil { - resp["picture"] = *data.GetAvatar() - } - return c.JSON(resp) } diff --git a/pkg/internal/http/api/index.go b/pkg/internal/http/api/index.go index 6e2c733..8d9b0db 100644 --- a/pkg/internal/http/api/index.go +++ b/pkg/internal/http/api/index.go @@ -60,6 +60,7 @@ func MapAPIs(app *fiber.App, baseURL string) { me.Put("/banner", setBanner) me.Get("/", getUserinfo) + me.Get("/oidc", getUserinfoForOidc) me.Put("/", updateUserinfo) me.Get("/events", getEvents) me.Get("/tickets", getTickets) diff --git a/pkg/internal/http/api/userinfo_api.go b/pkg/internal/http/api/userinfo_api.go index ed30a07..c54942d 100644 --- a/pkg/internal/http/api/userinfo_api.go +++ b/pkg/internal/http/api/userinfo_api.go @@ -3,13 +3,16 @@ package api import ( "context" "fmt" + "strconv" + "strings" + + "git.solsynth.dev/hypernet/nexus/pkg/nex/sec" "git.solsynth.dev/hypernet/passport/pkg/authkit/models" localCache "git.solsynth.dev/hypernet/passport/pkg/internal/cache" + "git.solsynth.dev/hypernet/passport/pkg/internal/http/exts" "github.com/eko/gocache/lib/v4/cache" "github.com/eko/gocache/lib/v4/marshaler" "gorm.io/gorm" - "strconv" - "strings" "git.solsynth.dev/hypernet/passport/pkg/internal/database" "git.solsynth.dev/hypernet/passport/pkg/internal/services" @@ -92,3 +95,35 @@ func getOtherUserinfoBatch(c *fiber.Ctx) error { return c.JSON(accounts) } + +func getUserinfoForOidc(c *fiber.Ctx) error { + if err := exts.EnsureAuthenticated(c); err != nil { + return err + } + user := c.Locals("user").(models.Account) + + var data models.Account + if err := database.C. + Where(&models.Account{BaseModel: models.BaseModel{ID: user.ID}}). + Preload("Profile"). + Preload("Contacts"). + Preload("Badges"). + First(&data).Error; err != nil { + return fiber.NewError(fiber.StatusInternalServerError, err.Error()) + } else { + data.PermNodes = c.Locals("nex_user").(*sec.UserInfo).PermNodes + } + + return c.JSON(fiber.Map{ + "sub": fmt.Sprintf("%d", data.ID), + "family_name": data.Profile.FirstName, + "given_name": data.Profile.LastName, + "name": data.Name, + "email": data.GetPrimaryEmail().Content, + "email_verified": data.GetPrimaryEmail().VerifiedAt != nil, + "preferred_username": data.Nick, + "picture": data.GetAvatar(), + "birthdate": data.Profile.Birthday, + "updated_at": data.UpdatedAt, + }) +} diff --git a/pkg/internal/http/api/well_known_api.go b/pkg/internal/http/api/well_known_api.go index 70dcf8d..4d5e7ee 100644 --- a/pkg/internal/http/api/well_known_api.go +++ b/pkg/internal/http/api/well_known_api.go @@ -16,7 +16,7 @@ func getOidcConfiguration(c *fiber.Ctx) error { "issuer": viper.GetString("security.issuer"), "authorization_endpoint": fmt.Sprintf("%s/authorize", basepath), "token_endpoint": fmt.Sprintf("%s/api/auth/token", basepath), - "userinfo_endpoint": fmt.Sprintf("%s/api/users/me", basepath), + "userinfo_endpoint": fmt.Sprintf("%s/api/users/me/oidc", basepath), "response_types_supported": []string{"code", "token"}, "grant_types_supported": []string{"authorization_code", "implicit", "refresh_token"}, "subject_types_supported": []string{"public"},