feat(backend): add OAuth2/JWT authentication support
- Add OAuth2 client for Authentik integration - Implement JWT token generation and validation - Add refresh token support with database storage - Update database schema with oauth_subject, oauth_provider, and refresh_tokens table - Create auth package with config, jwt, oauth, and token management - Add OAuth endpoints: /auth/login, /auth/callback, /auth/refresh, /auth/logout - Update AuthMiddleware to support both JWT and API key authentication - Add user helper functions for OAuth user creation and retrieval - Add .env.example with OAuth configuration template API keys still work for CLI compatibility while JWT tokens support web/mobile clients.
This commit is contained in:
@@ -0,0 +1,84 @@
|
||||
package engine
|
||||
|
||||
import (
|
||||
"database/sql"
|
||||
"fmt"
|
||||
"time"
|
||||
)
|
||||
|
||||
type User struct {
|
||||
ID int
|
||||
Username string
|
||||
Email string
|
||||
OAuthSubject string
|
||||
OAuthProvider string
|
||||
CreatedAt int64
|
||||
}
|
||||
|
||||
func FindOrCreateOAuthUser(subject, username, email string) (*User, error) {
|
||||
db := GetDB()
|
||||
if db == nil {
|
||||
return nil, fmt.Errorf("database not initialized")
|
||||
}
|
||||
|
||||
// Try to find existing user
|
||||
var user User
|
||||
err := db.QueryRow(`
|
||||
SELECT id, username, COALESCE(email, ''), COALESCE(oauth_subject, ''), COALESCE(oauth_provider, ''), created_at
|
||||
FROM users
|
||||
WHERE oauth_subject = ?
|
||||
`, subject).Scan(&user.ID, &user.Username, &user.Email, &user.OAuthSubject, &user.OAuthProvider, &user.CreatedAt)
|
||||
|
||||
if err == nil {
|
||||
// User exists
|
||||
return &user, nil
|
||||
}
|
||||
|
||||
if err != sql.ErrNoRows {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// Create new user
|
||||
result, err := db.Exec(`
|
||||
INSERT INTO users (username, email, oauth_subject, oauth_provider, created_at)
|
||||
VALUES (?, ?, ?, ?, ?)
|
||||
`, username, email, subject, "authentik", time.Now().Unix())
|
||||
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
id, err := result.LastInsertId()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
user.ID = int(id)
|
||||
user.Username = username
|
||||
user.Email = email
|
||||
user.OAuthSubject = subject
|
||||
user.OAuthProvider = "authentik"
|
||||
user.CreatedAt = time.Now().Unix()
|
||||
|
||||
return &user, nil
|
||||
}
|
||||
|
||||
func GetUser(id int) (*User, error) {
|
||||
db := GetDB()
|
||||
if db == nil {
|
||||
return nil, fmt.Errorf("database not initialized")
|
||||
}
|
||||
|
||||
var user User
|
||||
err := db.QueryRow(`
|
||||
SELECT id, username, COALESCE(email, ''), COALESCE(oauth_subject, ''), COALESCE(oauth_provider, ''), created_at
|
||||
FROM users
|
||||
WHERE id = ?
|
||||
`, id).Scan(&user.ID, &user.Username, &user.Email, &user.OAuthSubject, &user.OAuthProvider, &user.CreatedAt)
|
||||
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return &user, nil
|
||||
}
|
||||
Reference in New Issue
Block a user