126 lines
3.5 KiB
Go
126 lines
3.5 KiB
Go
package main
|
|
|
|
import (
|
|
"fmt"
|
|
"log"
|
|
|
|
"github.com/gin-contrib/sessions"
|
|
"github.com/gin-contrib/sessions/cookie"
|
|
"github.com/gin-gonic/gin"
|
|
"gorm.io/driver/sqlite"
|
|
"gorm.io/gorm"
|
|
|
|
"html/template"
|
|
"oidc-oauth2-server/config"
|
|
"oidc-oauth2-server/handlers"
|
|
"oidc-oauth2-server/middleware"
|
|
"oidc-oauth2-server/models"
|
|
"oidc-oauth2-server/services"
|
|
)
|
|
|
|
func main() {
|
|
// 初始化配置
|
|
if err := config.Init(); err != nil {
|
|
log.Fatalf("Failed to initialize config: %v", err)
|
|
}
|
|
|
|
// 初始化数据库连接
|
|
db, err := gorm.Open(sqlite.Open(config.GlobalConfig.Database.Path), &gorm.Config{})
|
|
if err != nil {
|
|
log.Fatalf("Failed to connect to database: %v", err)
|
|
}
|
|
|
|
// 运行数据库迁移
|
|
if err := models.AutoMigrate(db); err != nil {
|
|
log.Fatalf("Failed to run database migrations: %v", err)
|
|
}
|
|
|
|
// 初始化服务
|
|
authService := services.NewAuthService(db)
|
|
oauthService, err := services.NewOAuthService(db)
|
|
if err != nil {
|
|
log.Fatalf("Failed to initialize OAuth service: %v", err)
|
|
}
|
|
clientService := services.NewClientService(db)
|
|
tokenService := services.NewTokenService(db, oauthService.GetKeyManager())
|
|
adminService := services.NewAdminService(db)
|
|
|
|
// 设置 Gin 路由
|
|
r := gin.Default()
|
|
|
|
// 设置模板目录
|
|
r.SetFuncMap(template.FuncMap{
|
|
"subtract": func(a, b int) int {
|
|
return a - b
|
|
},
|
|
"add": func(a, b int) int {
|
|
return a + b
|
|
},
|
|
})
|
|
r.LoadHTMLGlob("templates/*")
|
|
|
|
// 设置 session 中间件
|
|
store := cookie.NewStore([]byte(config.GlobalConfig.JWT.SigningKey))
|
|
r.Use(sessions.Sessions("oidc_session", store))
|
|
|
|
// 健康检查
|
|
r.GET("/health", func(c *gin.Context) {
|
|
c.JSON(200, gin.H{
|
|
"status": "ok",
|
|
})
|
|
})
|
|
|
|
// 创建处理器
|
|
authHandler := handlers.NewAuthHandler(authService)
|
|
oidcHandler := handlers.NewOIDCHandler(config.GlobalConfig.OAuth.IssuerURL, oauthService, authService)
|
|
registrationHandler := handlers.NewRegistrationHandler(clientService)
|
|
tokenHandler := handlers.NewTokenHandler(tokenService)
|
|
adminHandler := handlers.NewAdminHandler(adminService)
|
|
|
|
// 认证路由
|
|
r.GET("/login", authHandler.ShowLogin)
|
|
r.POST("/login", authHandler.HandleLogin)
|
|
r.GET("/signup", authHandler.ShowSignup)
|
|
r.POST("/signup", authHandler.HandleSignup)
|
|
|
|
// OIDC 端点
|
|
r.GET("/.well-known/openid-configuration", oidcHandler.OpenIDConfiguration)
|
|
r.GET("/authorize", oidcHandler.Authorize)
|
|
r.POST("/token", oidcHandler.Token)
|
|
r.GET("/userinfo", oidcHandler.Userinfo)
|
|
r.GET("/jwks", oidcHandler.JWKS)
|
|
|
|
// 客户端注册端点
|
|
r.POST("/register", registrationHandler.Register)
|
|
r.GET("/register/:client_id", registrationHandler.GetClient)
|
|
r.PUT("/register/:client_id", registrationHandler.UpdateClient)
|
|
r.DELETE("/register/:client_id", registrationHandler.DeleteClient)
|
|
|
|
// 令牌管理端点
|
|
r.POST("/revoke", tokenHandler.Revoke)
|
|
r.POST("/introspect", tokenHandler.Introspect)
|
|
|
|
// 管理后台路由
|
|
admin := r.Group("/admin")
|
|
{
|
|
admin.GET("/login", adminHandler.ShowAdminLogin)
|
|
admin.POST("/login", adminHandler.HandleAdminLogin)
|
|
|
|
// 需要管理员认证的路由
|
|
authorized := admin.Group("/")
|
|
authorized.Use(middleware.AdminAuthRequired())
|
|
{
|
|
authorized.GET("/dashboard", adminHandler.Dashboard)
|
|
authorized.GET("/users", adminHandler.ListUsers)
|
|
authorized.GET("/clients", adminHandler.ListClients)
|
|
}
|
|
}
|
|
|
|
// 启动服务器
|
|
addr := fmt.Sprintf("%s:%d", config.GlobalConfig.Server.Host, config.GlobalConfig.Server.Port)
|
|
log.Printf("Starting server on %s", addr)
|
|
if err := r.Run(addr); err != nil {
|
|
log.Fatalf("Failed to start server: %v", err)
|
|
}
|
|
}
|