Add oauth for admin interface

author: Tim <contact@bytim.eu> 2025-05-10 10:59:30 +0200
committer: Tim <contact@bytim.eu> 2025-05-10 10:59:30 +0200
commit: 77594fd2b62e4ea3e6a55fed2dabcce50e618bd3 (patch)
tree: 5ddfa7589b5d9a46dbd40d5eea49c3e782c22d1a /src
parent: 79e32a55801fc53c8d60843c6676ca05cc899299 (diff)
download: chef-77594fd2b62e4ea3e6a55fed2dabcce50e618bd3.tar.xz
chef-77594fd2b62e4ea3e6a55fed2dabcce50e618bd3.zip
5 files changed, 44 insertions, 15 deletions
diff --git a/src/chef/core.clj b/src/chef/core.clj
index 86aeb17..638698d 100644
--- a/src/chef/core.clj
+++ b/src/chef/core.clj
@@ -5,4 +5,4 @@
 
 (defn -main [& args]
   (println "Starting http server...")
-  (http-server/run-server croutes/ring-handler {:port 8080}))
+  (http-server/run-server @croutes/ring-handler {:port 8080}))
diff --git a/src/chef/pages/admin.clj b/src/chef/pages/admin.clj
index c06b475..3e2b0a1 100644
--- a/src/chef/pages/admin.clj
+++ b/src/chef/pages/admin.clj
@@ -1,10 +1,11 @@
 (ns chef.pages.admin
-  (:require [chef.pages.utils :as cputils]
+  (:require [chef.utils :as cutils]
             [hiccup2.core :as html]
             [ring.util.response :as ruresp]))
 
 (defn handler [req]
-  (-> (cputils/gen-page "chef - Dashboard" [:i "Coming soon..."])
-      html/html
-      str
-      ruresp/response))
+  (cutils/auth-only req
+                    (-> (cutils/gen-page "chef - Dashboard" [:i "Coming soon..."])
+                        html/html
+                        str
+                        ruresp/response)))
diff --git a/src/chef/pages/home.clj b/src/chef/pages/home.clj
index 725ba2b..84f643f 100644
--- a/src/chef/pages/home.clj
+++ b/src/chef/pages/home.clj
@@ -1,10 +1,15 @@
 (ns chef.pages.home
   (:require [hiccup2.core :as html]
             [ring.util.response :as ruresp]
-            [chef.pages.utils :as cputils]))
+            [chef.utils :as cutils]
+            [ring.middleware.session :as rmsession]))
 
 (defn handler [req]
-  (-> (cputils/gen-page "chef" [:i "Coming soon..."])
-      html/html
-      str
-      ruresp/response))
+  (let [access-token (get-in req [:oauth2/access-tokens :auth])
+        resp (-> (cutils/gen-page "chef" [:i "Coming soon..."])
+                 html/html
+                 str
+                 ruresp/response)]
+    (if (some? access-token)
+      (assoc resp :session (assoc (:session req) :oauth-token access-token))
+      resp)))
diff --git a/src/chef/routes.clj b/src/chef/routes.clj
index 51c721a..c2fd6c7 100644
--- a/src/chef/routes.clj
+++ b/src/chef/routes.clj
@@ -1,5 +1,10 @@
 (ns chef.routes
   (:require [reitit.ring :as rring]
+            [ring.middleware.oauth2 :as rmoauth2]
+            [ring.middleware.params :as rmparams]
+            [ring.middleware.session :as rmsession]
+            [dotenv :as env]
+            [clojure.string :as cstr]
 
             [chef.pages.home :as cphome]
             [chef.pages.admin :as cpadmin]))
@@ -8,6 +13,17 @@
              ["/admin/" {:get {:handler cpadmin/handler}}]
              ["/static/*" (rring/create-resource-handler)]])
 
-(def ring-handler (-> router
-                      rring/router
-                      (rring/ring-handler (rring/redirect-trailing-slash-handler))))
+(def ring-handler (delay (-> router
+                             rring/router
+                             (rring/ring-handler (rring/redirect-trailing-slash-handler))
+                             (rmoauth2/wrap-oauth2 {:auth {:authorize-uri    (env/env "OAUTH_AUTH_URI")
+                                                           :access-token-uri (env/env "OAUTH_ACCESS_TOKEN_URI")
+                                                           :client-id        (env/env "OAUTH_CLIENT_ID")
+                                                           :client-secret    (env/env "OAUTH_CLIENT_SECRET")
+                                                           :scopes           (cstr/split (env/env "OAUTH_SCOPES") #",")
+                                                           :launch-uri       "/auth"
+                                                           :redirect-uri     "/auth/callback"
+                                                           :landing-uri      "/"
+                                                           :pkce?            true}})
+                             rmparams/wrap-params
+                             rmsession/wrap-session)))
diff --git a/src/chef/pages/utils.clj b/src/chef/utils.clj
index 72d33fd..a721617 100644
--- a/src/chef/pages/utils.clj
+++ b/src/chef/utils.clj
@@ -1,4 +1,5 @@
-(ns chef.pages.utils)
+(ns chef.utils
+  (:require [ring.util.response :as ruresp]))
 
 (defn gen-page [title & content]
   [:html
@@ -6,3 +7,9 @@
     [:meta {:name "viewport" :content "width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0"}]
     [:title title]]
    (apply conj [:body] content [[:script {:src "/static/htmx.js"}]])])
+
+(defmacro auth-only [request & body]
+  `(if (some? (get-in ~request [:session :oauth-token]))
+     (do ~@body)
+     ~(-> (ruresp/response "Unauthorized.")
+          (ruresp/status 401))))
author	Tim <contact@bytim.eu>	2025-05-10 10:59:30 +0200
committer	Tim <contact@bytim.eu>	2025-05-10 10:59:30 +0200
commit	77594fd2b62e4ea3e6a55fed2dabcce50e618bd3 (patch)
tree	5ddfa7589b5d9a46dbd40d5eea49c3e782c22d1a /src
parent	79e32a55801fc53c8d60843c6676ca05cc899299 (diff)
download	chef-77594fd2b62e4ea3e6a55fed2dabcce50e618bd3.tar.xz chef-77594fd2b62e4ea3e6a55fed2dabcce50e618bd3.zip