From 77594fd2b62e4ea3e6a55fed2dabcce50e618bd3 Mon Sep 17 00:00:00 2001
From: Tim <contact@bytim.eu>
Date: Sat, 10 May 2025 10:59:30 +0200
Subject: Add oauth for admin interface

---
 src/chef/core.clj        |  2 +-
 src/chef/pages/admin.clj | 11 ++++++-----
 src/chef/pages/home.clj  | 15 ++++++++++-----
 src/chef/pages/utils.clj |  8 --------
 src/chef/routes.clj      | 22 +++++++++++++++++++---
 src/chef/utils.clj       | 15 +++++++++++++++
 6 files changed, 51 insertions(+), 22 deletions(-)
 delete mode 100644 src/chef/pages/utils.clj
 create mode 100644 src/chef/utils.clj

(limited to 'src')

diff --git a/src/chef/core.clj b/src/chef/core.clj
index 86aeb17..638698d 100644
--- a/src/chef/core.clj
+++ b/src/chef/core.clj
@@ -5,4 +5,4 @@
 
 (defn -main [& args]
   (println "Starting http server...")
-  (http-server/run-server croutes/ring-handler {:port 8080}))
+  (http-server/run-server @croutes/ring-handler {:port 8080}))
diff --git a/src/chef/pages/admin.clj b/src/chef/pages/admin.clj
index c06b475..3e2b0a1 100644
--- a/src/chef/pages/admin.clj
+++ b/src/chef/pages/admin.clj
@@ -1,10 +1,11 @@
 (ns chef.pages.admin
-  (:require [chef.pages.utils :as cputils]
+  (:require [chef.utils :as cutils]
             [hiccup2.core :as html]
             [ring.util.response :as ruresp]))
 
 (defn handler [req]
-  (-> (cputils/gen-page "chef - Dashboard" [:i "Coming soon..."])
-      html/html
-      str
-      ruresp/response))
+  (cutils/auth-only req
+                    (-> (cutils/gen-page "chef - Dashboard" [:i "Coming soon..."])
+                        html/html
+                        str
+                        ruresp/response)))
diff --git a/src/chef/pages/home.clj b/src/chef/pages/home.clj
index 725ba2b..84f643f 100644
--- a/src/chef/pages/home.clj
+++ b/src/chef/pages/home.clj
@@ -1,10 +1,15 @@
 (ns chef.pages.home
   (:require [hiccup2.core :as html]
             [ring.util.response :as ruresp]
-            [chef.pages.utils :as cputils]))
+            [chef.utils :as cutils]
+            [ring.middleware.session :as rmsession]))
 
 (defn handler [req]
-  (-> (cputils/gen-page "chef" [:i "Coming soon..."])
-      html/html
-      str
-      ruresp/response))
+  (let [access-token (get-in req [:oauth2/access-tokens :auth])
+        resp (-> (cutils/gen-page "chef" [:i "Coming soon..."])
+                 html/html
+                 str
+                 ruresp/response)]
+    (if (some? access-token)
+      (assoc resp :session (assoc (:session req) :oauth-token access-token))
+      resp)))
diff --git a/src/chef/pages/utils.clj b/src/chef/pages/utils.clj
deleted file mode 100644
index 72d33fd..0000000
--- a/src/chef/pages/utils.clj
+++ /dev/null
@@ -1,8 +0,0 @@
-(ns chef.pages.utils)
-
-(defn gen-page [title & content]
-  [:html
-   [:head
-    [:meta {:name "viewport" :content "width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0"}]
-    [:title title]]
-   (apply conj [:body] content [[:script {:src "/static/htmx.js"}]])])
diff --git a/src/chef/routes.clj b/src/chef/routes.clj
index 51c721a..c2fd6c7 100644
--- a/src/chef/routes.clj
+++ b/src/chef/routes.clj
@@ -1,5 +1,10 @@
 (ns chef.routes
   (:require [reitit.ring :as rring]
+            [ring.middleware.oauth2 :as rmoauth2]
+            [ring.middleware.params :as rmparams]
+            [ring.middleware.session :as rmsession]
+            [dotenv :as env]
+            [clojure.string :as cstr]
 
             [chef.pages.home :as cphome]
             [chef.pages.admin :as cpadmin]))
@@ -8,6 +13,17 @@
              ["/admin/" {:get {:handler cpadmin/handler}}]
              ["/static/*" (rring/create-resource-handler)]])
 
-(def ring-handler (-> router
-                      rring/router
-                      (rring/ring-handler (rring/redirect-trailing-slash-handler))))
+(def ring-handler (delay (-> router
+                             rring/router
+                             (rring/ring-handler (rring/redirect-trailing-slash-handler))
+                             (rmoauth2/wrap-oauth2 {:auth {:authorize-uri    (env/env "OAUTH_AUTH_URI")
+                                                           :access-token-uri (env/env "OAUTH_ACCESS_TOKEN_URI")
+                                                           :client-id        (env/env "OAUTH_CLIENT_ID")
+                                                           :client-secret    (env/env "OAUTH_CLIENT_SECRET")
+                                                           :scopes           (cstr/split (env/env "OAUTH_SCOPES") #",")
+                                                           :launch-uri       "/auth"
+                                                           :redirect-uri     "/auth/callback"
+                                                           :landing-uri      "/"
+                                                           :pkce?            true}})
+                             rmparams/wrap-params
+                             rmsession/wrap-session)))
diff --git a/src/chef/utils.clj b/src/chef/utils.clj
new file mode 100644
index 0000000..a721617
--- /dev/null
+++ b/src/chef/utils.clj
@@ -0,0 +1,15 @@
+(ns chef.utils
+  (:require [ring.util.response :as ruresp]))
+
+(defn gen-page [title & content]
+  [:html
+   [:head
+    [:meta {:name "viewport" :content "width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0"}]
+    [:title title]]
+   (apply conj [:body] content [[:script {:src "/static/htmx.js"}]])])
+
+(defmacro auth-only [request & body]
+  `(if (some? (get-in ~request [:session :oauth-token]))
+     (do ~@body)
+     ~(-> (ruresp/response "Unauthorized.")
+          (ruresp/status 401))))
-- 
cgit v1.2.3