joakim
4eb18388db
- Add OAuth2 client for Authentik integration - Implement JWT token generation and validation - Add refresh token support with database storage - Update database schema with oauth_subject, oauth_provider, and refresh_tokens table - Create auth package with config, jwt, oauth, and token management - Add OAuth endpoints: /auth/login, /auth/callback, /auth/refresh, /auth/logout - Update AuthMiddleware to support both JWT and API key authentication - Add user helper functions for OAuth user creation and retrieval - Add .env.example with OAuth configuration template API keys still work for CLI compatibility while JWT tokens support web/mobile clients.
85 lines
1.8 KiB
Go
85 lines
1.8 KiB
Go
package engine
|
|
|
|
import (
|
|
"database/sql"
|
|
"fmt"
|
|
"time"
|
|
)
|
|
|
|
type User struct {
|
|
ID int
|
|
Username string
|
|
Email string
|
|
OAuthSubject string
|
|
OAuthProvider string
|
|
CreatedAt int64
|
|
}
|
|
|
|
func FindOrCreateOAuthUser(subject, username, email string) (*User, error) {
|
|
db := GetDB()
|
|
if db == nil {
|
|
return nil, fmt.Errorf("database not initialized")
|
|
}
|
|
|
|
// Try to find existing user
|
|
var user User
|
|
err := db.QueryRow(`
|
|
SELECT id, username, COALESCE(email, ''), COALESCE(oauth_subject, ''), COALESCE(oauth_provider, ''), created_at
|
|
FROM users
|
|
WHERE oauth_subject = ?
|
|
`, subject).Scan(&user.ID, &user.Username, &user.Email, &user.OAuthSubject, &user.OAuthProvider, &user.CreatedAt)
|
|
|
|
if err == nil {
|
|
// User exists
|
|
return &user, nil
|
|
}
|
|
|
|
if err != sql.ErrNoRows {
|
|
return nil, err
|
|
}
|
|
|
|
// Create new user
|
|
result, err := db.Exec(`
|
|
INSERT INTO users (username, email, oauth_subject, oauth_provider, created_at)
|
|
VALUES (?, ?, ?, ?, ?)
|
|
`, username, email, subject, "authentik", time.Now().Unix())
|
|
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
id, err := result.LastInsertId()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
user.ID = int(id)
|
|
user.Username = username
|
|
user.Email = email
|
|
user.OAuthSubject = subject
|
|
user.OAuthProvider = "authentik"
|
|
user.CreatedAt = time.Now().Unix()
|
|
|
|
return &user, nil
|
|
}
|
|
|
|
func GetUser(id int) (*User, error) {
|
|
db := GetDB()
|
|
if db == nil {
|
|
return nil, fmt.Errorf("database not initialized")
|
|
}
|
|
|
|
var user User
|
|
err := db.QueryRow(`
|
|
SELECT id, username, COALESCE(email, ''), COALESCE(oauth_subject, ''), COALESCE(oauth_provider, ''), created_at
|
|
FROM users
|
|
WHERE id = ?
|
|
`, id).Scan(&user.ID, &user.Username, &user.Email, &user.OAuthSubject, &user.OAuthProvider, &user.CreatedAt)
|
|
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return &user, nil
|
|
}
|