tsivinsky/oauth2-proxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

make it universal

Browse Source
This commit is contained in:
Dan Tsivinsky
2026-02-21 19:33:19 +03:00
parent 408ae6a76b
commit 3090b18ff9
10 changed files with 109 additions and 212 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.dockerignore Normal file
View File

@@ -0,0 +1 @@
.env

24
Dockerfile Normal file
View File

@@ -0,0 +1,24 @@
FROM golang:1.26 AS builder
WORKDIR /app
RUN apt-get update && apt-get install -y \
gcc \
libc6-dev \
&& rm -rf /var/lib/apt/lists/*
COPY go.mod go.sum ./
RUN go mod download
COPY . .
RUN go build -ldflags="-linkmode external -extldflags '-static' -s -w" -o oauth2-proxy .
FROM scratch
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
COPY --from=builder /app/oauth2-proxy /oauth2-proxy
EXPOSE 5000
ENTRYPOINT ["/oauth2-proxy"]

8
Justfile
View File

@@ -1,4 +1,10 @@
set dotenv-load := true set dotenv-load := true
dev: dev:
CLIENT_ID=$CLIENT_ID CLIENT_SECRET=$CLIENT_SECRET REDIRECT_URI=$REDIRECT_URI AUTH_CONFIG=$AUTH_CONFIG go run . go run .
build tag="latest":
docker build -t git.zatch.ru/tsivinsky/oauth2-proxy:{{tag}} .
push tag="latest":
docker push git.zatch.ru/tsivinsky/oauth2-proxy:{{tag}}

49
config.go Normal file
View File

@@ -0,0 +1,49 @@
package main
import (
"encoding/json"
"fmt"
"os"
"golang.org/x/oauth2"
)
func readConfig(filePath string) (*oauth2.Token, error) {
if _, err := os.Stat(filePath); os.IsNotExist(err) {
f, err := os.Create(filePath)
if err != nil {
return nil, fmt.Errorf("failed to create config file: %v", err)
}
if _, err := f.Write([]byte("{}")); err != nil {
return nil, fmt.Errorf("failed to write empty object: %v", err)
}
return &oauth2.Token{}, nil
}
f, err := os.OpenFile(filePath, os.O_RDWR, 0644)
if err != nil {
return nil, fmt.Errorf("failed to open config file: %v", err)
}
defer f.Close()
token := new(oauth2.Token)
if err := json.NewDecoder(f).Decode(token); err != nil {
return nil, fmt.Errorf("failed to decode json from config file: %v", err)
}
return token, nil
}
func writeConfig(filePath string, token *oauth2.Token) error {
f, err := os.OpenFile(filePath, os.O_WRONLY, 0644)
if err != nil {
return fmt.Errorf("failed to open config file: %v", err)
}
defer f.Close()
if err := json.NewEncoder(f).Encode(token); err != nil {
return fmt.Errorf("failed to encode json to config file: %v", err)
}
return nil
}

4
go.mod
View File

@@ -1,3 +1,5 @@
module raindrop-glance module oauth2-proxy
go 1.25.0 go 1.25.0
require golang.org/x/oauth2 v0.35.0 // indirect

2
go.sum Normal file
View File

@@ -0,0 +1,2 @@
golang.org/x/oauth2 v0.35.0 h1:Mv2mzuHuZuY2+bkyWXIHMfhNdJAdwW3FuWeCPYN5GVQ=
golang.org/x/oauth2 v0.35.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=

87
main.go
View File

@@ -1,22 +1,15 @@
package main package main
import ( import (
"encoding/json" "context"
"fmt" "fmt"
"io" "io"
"log" "log"
"net/http" "net/http"
"os" "os"
"raindrop-glance/raindrop"
)
func sendJSON(w http.ResponseWriter, data any, status int) { "golang.org/x/oauth2"
w.Header().Set("Content-Type", "application/json") )
w.WriteHeader(status)
if err := json.NewEncoder(w).Encode(data); err != nil {
http.Error(w, err.Error(), 500)
}
}
func main() { func main() {
authConfigPath := os.Getenv("AUTH_CONFIG") authConfigPath := os.Getenv("AUTH_CONFIG")
@@ -24,72 +17,47 @@ func main() {
log.Fatalf("AUTH_CONFIG env is missing") log.Fatalf("AUTH_CONFIG env is missing")
} }
if _, err := os.Stat(authConfigPath); os.IsNotExist(err) { token, err := readConfig(authConfigPath)
os.Create(authConfigPath)
os.WriteFile(authConfigPath, []byte("{}"), 0644)
}
data, err := os.ReadFile(authConfigPath)
if err != nil { if err != nil {
log.Fatalf("failed to read auth config file: %v\n", err) log.Fatalf("failed to read config file: %v\n", err)
} }
config := new(raindrop.TokensResponse) oauthConfig := oauth2.Config{
if err := json.Unmarshal(data, config); err != nil { ClientID: os.Getenv("CLIENT_ID"),
log.Fatalf("failed to decode auth config file: %v\n", err)
}
rdClient, err := raindrop.NewClient(raindrop.ClientConfig{
ClientId: os.Getenv("CLIENT_ID"),
ClientSecret: os.Getenv("CLIENT_SECRET"), ClientSecret: os.Getenv("CLIENT_SECRET"),
RedirectURI: os.Getenv("REDIRECT_URI"), Endpoint: oauth2.Endpoint{
}) AuthURL: os.Getenv("AUTH_URL"),
if err != nil { TokenURL: os.Getenv("TOKEN_URL"),
log.Fatalf("failed to create raindrop client: %v\n", err) DeviceAuthURL: os.Getenv("DEVICE_AUTH_URL"),
} AuthStyle: oauth2.AuthStyleAutoDetect,
},
if config.AccessToken != "" { RedirectURL: os.Getenv("REDIRECT_URI"),
rdClient.SetApiToken(config.TokenType, config.AccessToken)
} }
mux := http.NewServeMux() mux := http.NewServeMux()
mux.HandleFunc("GET /login", func(w http.ResponseWriter, r *http.Request) { mux.HandleFunc("GET /oauth", func(w http.ResponseWriter, r *http.Request) {
rdClient.OauthRedirect(w, r) http.Redirect(w, r, oauthConfig.AuthCodeURL(""), http.StatusTemporaryRedirect)
}) })
mux.HandleFunc("GET /oauth/redirect", func(w http.ResponseWriter, r *http.Request) { mux.HandleFunc("GET /oauth/callback", func(w http.ResponseWriter, r *http.Request) {
code := r.URL.Query().Get("code") token, err = oauthConfig.Exchange(context.Background(), r.URL.Query().Get("code"))
if code == "" {
http.Error(w, "invalid request", 400)
return
}
resp, err := rdClient.ExchangeOauthCode(code)
if err != nil { if err != nil {
http.Error(w, err.Error(), 500) http.Error(w, err.Error(), 500)
return return
} }
config = resp
jsonData, err := json.MarshalIndent(resp, "", " ") if err := writeConfig(authConfigPath, token); err != nil {
if err != nil { http.Error(w, err.Error(), 500)
http.Error(w, fmt.Sprintf("failed to encode config file: %v", err), 500)
return return
} }
if err := os.WriteFile(authConfigPath, jsonData, 0644); err != nil {
http.Error(w, fmt.Sprintf("failed to save config file: %v", err), 500)
return
}
rdClient.SetApiToken(resp.TokenType, resp.AccessToken)
w.WriteHeader(200) w.WriteHeader(200)
fmt.Fprintf(w, "ok") fmt.Fprintf(w, "ok")
}) })
mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) { mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
baseURL := "https://api.raindrop.io/rest/v1" baseURL := os.Getenv("API_URL")
req, err := http.NewRequest(r.Method, baseURL+r.URL.Path, r.Body) req, err := http.NewRequest(r.Method, baseURL+r.URL.Path, r.Body)
if err != nil { if err != nil {
http.Error(w, fmt.Sprintf("failed to create request: %v", err), 500) http.Error(w, fmt.Sprintf("failed to create request: %v", err), 500)
@@ -97,8 +65,8 @@ func main() {
} }
req.URL.RawQuery = r.URL.RawQuery req.URL.RawQuery = r.URL.RawQuery
if config.AccessToken != "" { if token.AccessToken != "" {
authHeader := fmt.Sprintf("%s %s", config.TokenType, config.AccessToken) authHeader := fmt.Sprintf("%s %s", token.TokenType, token.AccessToken)
req.Header.Add("Authorization", authHeader) req.Header.Add("Authorization", authHeader)
} }
@@ -118,15 +86,6 @@ func main() {
if _, err := io.Copy(w, resp.Body); err != nil { if _, err := io.Copy(w, resp.Body); err != nil {
http.Error(w, err.Error(), 500) http.Error(w, err.Error(), 500)
} }
// data, err, status := rdClient.MakeApiRequest(r.Method, r.URL.Path, r.Body, r.URL.Query())
// if err != nil {
// http.Error(w, err.Error(), status)
// return
// }
// w.Header().Set("Content-Type", "application/json")
// w.WriteHeader(status)
// w.Write(data)
}) })
log.Println("starting http server") log.Println("starting http server")

42
raindrop/api.go
View File

@@ -1,42 +0,0 @@
package raindrop
import (
"fmt"
"io"
"net/http"
"net/url"
)
func (c *Client) MakeApiRequest(method string, path string, body io.Reader, params url.Values) ([]byte, error, int) {
u, err := url.Parse(c.getApiURL(path))
if err != nil {
return nil, fmt.Errorf("failed to parse url: %v", err), 500
}
u.RawQuery = params.Encode()
req, err := http.NewRequest(method, u.String(), body)
if err != nil {
return nil, fmt.Errorf("failed to create request: %v", err), 500
}
if c.token != nil {
req.Header.Set("Authorization", c.token.Type+" "+c.token.Value)
}
resp, err := http.DefaultClient.Do(req)
if err != nil {
return nil, fmt.Errorf("failed to send request: %v", err), resp.StatusCode
}
defer resp.Body.Close()
data, err := io.ReadAll(resp.Body)
if err != nil {
return nil, fmt.Errorf("failed to read data from response: %v", err), 500
}
if resp.StatusCode >= 400 {
return data, fmt.Errorf("response failed with status %s", resp.Status), resp.StatusCode
}
return data, nil, resp.StatusCode
}

68
raindrop/auth.go
View File

@@ -1,68 +0,0 @@
package raindrop
import (
"bytes"
"encoding/json"
"fmt"
"net/http"
"net/url"
)
func (c *Client) OauthRedirect(w http.ResponseWriter, r *http.Request) {
authUrl, _ := url.Parse("https://raindrop.io/oauth/authorize")
params := url.Values{}
params.Set("redirect_uri", c.config.RedirectURI)
params.Set("client_id", c.config.ClientId)
params.Set("response_type", "code")
authUrl.RawQuery = params.Encode()
http.Redirect(w, r, authUrl.String(), http.StatusFound)
}
type TokensResponse struct {
AccessToken string `json:"access_token"`
RefreshToken string `json:"refresh_token"`
TokenType string `json:"token_type"`
// token lifetime in seconds
ExpiresIn int `json:"expires_in"`
}
func (c *Client) ExchangeOauthCode(code string) (*TokensResponse, error) {
body := struct {
GrantType string `json:"grant_type"`
Code string `json:"code"`
ClientId string `json:"client_id"`
ClientSecret string `json:"client_secret"`
RedirectURI string `json:"redirect_uri"`
}{
GrantType: "authorization_code",
Code: code,
ClientId: c.config.ClientId,
ClientSecret: c.config.ClientSecret,
RedirectURI: c.config.RedirectURI,
}
data, err := json.Marshal(body)
if err != nil {
return nil, fmt.Errorf("failed to encode data to send in request: %v", err)
}
resp, err := http.Post("https://raindrop.io/oauth/access_token", "application/json", bytes.NewReader(data))
if err != nil {
return nil, fmt.Errorf("failed to send request to raindrop api: %v", err)
}
defer resp.Body.Close()
response := &TokensResponse{}
if err := json.NewDecoder(resp.Body).Decode(response); err != nil {
return nil, fmt.Errorf("failed to decode response from raindrop api: %v", err)
}
return response, nil
}
func (c *Client) SetApiToken(tokenType string, value string) {
c.token = &ApiToken{
Type: tokenType,
Value: value,
}
}

36
raindrop/client.go
View File

@@ -1,36 +0,0 @@
package raindrop
import "fmt"
type ClientConfig struct {
ClientId string
ClientSecret string
RedirectURI string
}
type ApiToken struct {
Type string
Value string
}
type Client struct {
config ClientConfig
token *ApiToken
}
func NewClient(config ClientConfig) (*Client, error) {
if config.ClientId == "" || config.ClientSecret == "" || config.RedirectURI == "" {
return nil, fmt.Errorf("some environment variables missing")
}
return &Client{
config: config,
}, nil
}
func (c *Client) baseURL() string {
return "https://api.raindrop.io/rest/v1"
}
func (c *Client) getApiURL(path string) string {
return c.baseURL() + path
}