fix auth stuff

auth/auth0/auth0.go

@@ -2,6 +2,7 @@ package auth0
 
 import (
 	"context"
+	"encoding/gob"
 	"fmt"
 	"net/http"
 	"net/url"
@@ -11,6 +12,10 @@ import (
 	"git.citc.tech/go/web/auth/auth0/authenticator"
 )
 
+func init() {
+	gob.Register(SessionUser{})
+}
+
 type Logger interface {
 	Debug(msg string, args ...any)
 	Info(msg string, args ...any)

auth/auth0/handlers.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"crypto/rand"
 	"encoding/base64"
+	"encoding/json"
 	"net/http"
 	"net/url"
 
@@ -34,11 +35,7 @@ func HandleLogin(deps *deps) http.HandlerFunc {
 
 		deps.log.Info("generated state", "state", state)
 
-		if err = deps.sessions.Put(r.Context(), StateKey, state); err != nil {
+		deps.sessions.Put(r.Context(), StateKey, state)
-			deps.log.Error("unable to store state in session", "error", err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
 
 		http.Redirect(w, r, deps.auth.AuthCodeURL(state), http.StatusFound)
 	}
@@ -46,13 +43,8 @@ func HandleLogin(deps *deps) http.HandlerFunc {
 
 func HandleLogout(deps *deps) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		if err := deps.sessions.Put(r.Context(), "user", nil); err != nil {
+		deps.sessions.Put(r.Context(), "user", nil)
-			deps.log.Error("unable to remove user from session", "error", err)
+		deps.sessions.Put(r.Context(), StateKey, nil)
-		}
-
-		if err := deps.sessions.Put(r.Context(), StateKey, nil); err != nil {
-			deps.log.Error("unable to remove state from session", "error", err)
-		}
 
 		scheme := "http"
 		if r.TLS != nil {
@@ -85,9 +77,7 @@ func HandleCallback(deps *deps) http.HandlerFunc {
 			return
 		}
 
-		if err := deps.sessions.Put(r.Context(), StateKey, nil); err != nil {
+		deps.sessions.Put(r.Context(), StateKey, nil)
-			deps.log.Error("unable to remove state from session", "error", err)
-		}
 
 		token, err := deps.auth.Exchange(r.Context(), r.URL.Query().Get("code"))
 		if err != nil {
@@ -103,25 +93,41 @@ func HandleCallback(deps *deps) http.HandlerFunc {
 			return
 		}
 
-		var profile map[string]any
+		var rawClaims map[string]json.RawMessage
-		if err = idToken.Claims(&profile); err != nil {
+		if err = idToken.Claims(&rawClaims); err != nil {
 			deps.log.Error("unable to decode ID token claims", "error", err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
 
-		if err = deps.sessions.Put(r.Context(), "user", profile); err != nil {
+		var user SessionUser
-			deps.log.Error("unable to store user profile in session", "error", err)
+		if sub, ok := rawClaims["sub"]; ok {
-			http.Error(w, err.Error(), http.StatusInternalServerError)
+			json.Unmarshal(sub, &user)
-			return
+		}
+		if name, ok := rawClaims["name"]; ok {
+			json.Unmarshal(name, &user.Name)
+		}
+		if email, ok := rawClaims["email"]; ok {
+			json.Unmarshal(email, &user.Email)
+		}
+		if picture, ok := rawClaims["picture"]; ok {
+			json.Unmarshal(picture, &user.Picture)
 		}
 
-		if err = deps.sessions.Put(r.Context(), "access_token", token.AccessToken); err != nil {
+		customMap := make(map[string]json.RawMessage)
-			deps.log.Error("unable to store access token in session", "error", err)
+		for k, v := range rawClaims {
-			http.Error(w, err.Error(), http.StatusInternalServerError)
+			if k != "sub" && k != "name" && k != "email" && k != "picture" {
-			return
+				customMap[k] = v
+			}
 		}
 
+		if len(customMap) > 0 {
+			user.Custom, _ = json.Marshal(customMap)
+		}
+
+		deps.sessions.Put(r.Context(), "user", user)
+		deps.sessions.Put(r.Context(), "access_token", token.AccessToken)
+
 		http.Redirect(w, r, "/", http.StatusFound)
 	}
 }

auth/auth0/handlers_test.go

@@ -29,7 +29,7 @@ func (m *mockSessionManager) Get(ctx context.Context, key string) any {
 	return m.store[key]
 }
 
-func (m *mockSessionManager) Put(ctx context.Context, key string, value any) error {
+func (m *mockSessionManager) Put(ctx context.Context, key string, value any) {
 	m.mu.Lock()
 	defer m.mu.Unlock()
 	if value == nil {
@@ -37,7 +37,6 @@ func (m *mockSessionManager) Put(ctx context.Context, key string, value any) err
 	} else {
 		m.store[key] = value
 	}
-	return nil
 }
 
 func TestHandleLogic(t *testing.T) {

auth/auth0/middleware.go

@@ -20,11 +20,7 @@ func authenticatedMiddleware(deps *deps, next http.Handler) http.Handler {
 				return
 			}
 
-			if err = deps.sessions.Put(r.Context(), StateKey, state); err != nil {
+			deps.sessions.Put(r.Context(), StateKey, state)
-				deps.log.Error("unable to store state in session", "error", err)
-				http.Error(w, err.Error(), http.StatusInternalServerError)
-				return
-			}
 
 			loginURL := deps.auth.AuthCodeURL(state)
 			http.Redirect(w, r, loginURL, http.StatusFound)

auth/auth0/session.go

@@ -0,0 +1,25 @@
+package auth0
+
+import "encoding/json"
+
+type SessionUser struct {
+	Sub     string `json:"sub"`
+	Name    string `json:"name"`
+	Email   string `json:"email"`
+	Picture string `json:"picture"`
+
+	Custom json.RawMessage `json:"-"`
+}
+
+func (u *SessionUser) CustomClaims() (map[string]any, error) {
+	if len(u.Custom) == 0 {
+		return nil, nil
+	}
+
+	var claims map[string]any
+	if err := json.Unmarshal(u.Custom, &claims); err != nil {
+		return nil, err
+	}
+
+	return claims, nil
+}

server/options.go

@@ -2,6 +2,7 @@ package server
 
 import (
 	"log/slog"
+	"net/http"
 	"time"
 
 	"github.com/go-chi/chi/v5"
@@ -32,3 +33,7 @@ func WithWriteTimeout(d time.Duration) Option {
 func WithIdleTimeout(d time.Duration) Option {
 	return func(server *Server) { server.idleTimeout = d }
 }
+
+func WithMiddleware(mw func(http.Handler) http.Handler) Option {
+	return func(server *Server) { server.Router.Use(mw) }
+}