Fixed build in start.go

- Fixed build error in start.go
- Moved authelia and authentik implementation to deprecated folder for reference purpose

src/mod/auth/sso/deprecated/authentik/authentik.go

@@ -0,0 +1,169 @@
+package authentik
+
+import (
+	"encoding/json"
+	"errors"
+	"io"
+	"net/http"
+	"net/url"
+	"strings"
+
+	"imuslab.com/zoraxy/mod/database"
+	"imuslab.com/zoraxy/mod/info/logger"
+	"imuslab.com/zoraxy/mod/utils"
+)
+
+type AuthentikRouterOptions struct {
+	UseHTTPS     bool   //If the Authentik server is using HTTPS
+	AuthentikURL string //The URL of the Authentik server
+	Logger       *logger.Logger
+	Database     *database.Database
+}
+
+type AuthentikRouter struct {
+	options *AuthentikRouterOptions
+}
+
+// NewAuthentikRouter creates a new AuthentikRouter object
+func NewAuthentikRouter(options *AuthentikRouterOptions) *AuthentikRouter {
+	options.Database.NewTable("authentik")
+
+	//Read settings from database, if exists
+	options.Database.Read("authentik", "authentikURL", &options.AuthentikURL)
+	options.Database.Read("authentik", "useHTTPS", &options.UseHTTPS)
+
+	return &AuthentikRouter{
+		options: options,
+	}
+}
+
+// HandleSetAuthentikURLAndHTTPS is the internal handler for setting the Authentik URL and HTTPS
+func (ar *AuthentikRouter) HandleSetAuthentikURLAndHTTPS(w http.ResponseWriter, r *http.Request) {
+	if r.Method == http.MethodGet {
+		//Return the current settings
+		js, _ := json.Marshal(map[string]interface{}{
+			"useHTTPS":     ar.options.UseHTTPS,
+			"authentikURL": ar.options.AuthentikURL,
+		})
+
+		utils.SendJSONResponse(w, string(js))
+		return
+	} else if r.Method == http.MethodPost {
+		//Update the settings
+		AuthentikURL, err := utils.PostPara(r, "authentikURL")
+		if err != nil {
+			utils.SendErrorResponse(w, "authentikURL not found")
+			return
+		}
+
+		useHTTPS, err := utils.PostBool(r, "useHTTPS")
+		if err != nil {
+			useHTTPS = false
+		}
+
+		//Write changes to runtime
+		ar.options.AuthentikURL = AuthentikURL
+		ar.options.UseHTTPS = useHTTPS
+
+		//Write changes to database
+		ar.options.Database.Write("authentik", "authentikURL", AuthentikURL)
+		ar.options.Database.Write("authentik", "useHTTPS", useHTTPS)
+
+		utils.SendOK(w)
+	} else {
+		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
+		return
+	}
+
+}
+
+// HandleAuthentikAuth is the internal handler for Authentik authentication
+// Set useHTTPS to true if your Authentik server is using HTTPS
+// Set AuthentikURL to the URL of the Authentik server, e.g. Authentik.example.com
+func (ar *AuthentikRouter) HandleAuthentikAuth(w http.ResponseWriter, r *http.Request) error {
+	const outpostPrefix = "outpost.goauthentik.io"
+	client := &http.Client{}
+
+	if ar.options.AuthentikURL == "" {
+		ar.options.Logger.PrintAndLog("Authentik", "Authentik URL not set", nil)
+		w.WriteHeader(500)
+		w.Write([]byte("500 - Internal Server Error"))
+		return errors.New("authentik URL not set")
+	}
+	protocol := "http"
+	if ar.options.UseHTTPS {
+		protocol = "https"
+	}
+
+	authentikBaseURL := protocol + "://" + ar.options.AuthentikURL
+	//Remove tailing slash if any
+	authentikBaseURL = strings.TrimSuffix(authentikBaseURL, "/")
+
+	scheme := "http"
+	if r.TLS != nil {
+		scheme = "https"
+	}
+	reqUrl := scheme + "://" + r.Host + r.RequestURI
+	// Pass request to outpost if path matches outpost prefix
+	if reqPath := strings.TrimPrefix(r.URL.Path, "/"); strings.HasPrefix(reqPath, outpostPrefix) {
+		req, err := http.NewRequest(r.Method, authentikBaseURL+r.RequestURI, r.Body)
+		if err != nil {
+			ar.options.Logger.PrintAndLog("Authentik", "Unable to create request", err)
+			w.WriteHeader(401)
+			return errors.New("unauthorized")
+		}
+		req.Header.Set("X-Original-URL", reqUrl)
+		req.Header.Set("Host", r.Host)
+		for _, cookie := range r.Cookies() {
+			req.AddCookie(cookie)
+		}
+		if resp, err := client.Do(req); err != nil {
+			ar.options.Logger.PrintAndLog("Authentik", "Unable to pass request to Authentik outpost", err)
+			w.WriteHeader(http.StatusInternalServerError)
+			return errors.New("internal server error")
+		} else {
+			defer resp.Body.Close()
+			for k := range resp.Header {
+				w.Header().Set(k, resp.Header.Get(k))
+			}
+			w.WriteHeader(resp.StatusCode)
+			if _, err = io.Copy(w, resp.Body); err != nil {
+				ar.options.Logger.PrintAndLog("Authentik", "Unable to pass Authentik outpost response to client", err)
+				w.WriteHeader(http.StatusInternalServerError)
+				return errors.New("internal server error")
+			}
+		}
+		return nil
+	}
+
+	//Make a request to Authentik to verify the request
+	req, err := http.NewRequest(http.MethodGet, authentikBaseURL+"/"+outpostPrefix+"/auth/nginx", nil)
+	if err != nil {
+		ar.options.Logger.PrintAndLog("Authentik", "Unable to create request", err)
+		w.WriteHeader(401)
+		return errors.New("unauthorized")
+	}
+
+	req.Header.Set("X-Original-URL", reqUrl)
+
+	// Copy cookies from the incoming request
+	for _, cookie := range r.Cookies() {
+		req.AddCookie(cookie)
+	}
+
+	// Making the verification request
+	resp, err := client.Do(req)
+	if err != nil {
+		ar.options.Logger.PrintAndLog("Authentik", "Unable to verify", err)
+		w.WriteHeader(401)
+		return errors.New("unauthorized")
+	}
+
+	if resp.StatusCode != 200 {
+		redirectURL := authentikBaseURL + "/" + outpostPrefix + "/start?rd=" + url.QueryEscape(scheme+"://"+r.Host+r.URL.String())
+		http.Redirect(w, r, redirectURL, http.StatusSeeOther)
+		return errors.New("unauthorized")
+	}
+
+	return nil
+}