2 Star 0 Fork 0

wangyuguo/console

加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
文件
.github/workflows
.history
cluster
cmd/console
docs
hack
images
integration
k8s
models
operator-integration
operatorapi
pkg
policies
portal-ui
replication
restapi
operations
policy
admin_arns.go
admin_arns_test.go
admin_config.go
admin_config_test.go
admin_console.go
admin_console_test.go
admin_groups.go
admin_groups_test.go
admin_heal.go
admin_heal_test.go
admin_health_info.go
admin_health_info_test.go
admin_idp.go
admin_idp_test.go
admin_info.go
admin_info_test.go
admin_inspect.go
admin_kms.go
admin_kms_test.go
admin_nodes.go
admin_notification_endpoints.go
admin_notification_endpoints_test.go
admin_objects.go
admin_objects_test.go
admin_policies.go
admin_policies_test.go
admin_profiling.go
admin_profiling_test.go
admin_remote_buckets.go
admin_replication_status.go
admin_service.go
admin_service_test.go
admin_site_replication.go
admin_site_replication_test.go
admin_speedtest.go
admin_subnet.go
admin_subnet_test.go
admin_test.go
admin_tiers.go
admin_tiers_test.go
admin_trace.go
admin_trace_test.go
admin_users.go
admin_users_test.go
client-admin.go
client.go
client_test.go
config.go
config_test.go
configure_console.go
configure_console_test.go
consts.go
doc.go
embedded_spec.go
errors.go
errors_test.go
logs.go
logs_test.go
server.go
tls.go
user_account.go
user_account_test.go
user_bucket_quota.go
user_buckets.go
user_buckets_events.go
user_buckets_events_test.go
user_buckets_lifecycle.go
user_buckets_lifecycle_test.go
user_buckets_test.go
user_log_search.go
user_log_search_test.go
user_login.go
user_login_test.go
user_logout.go
user_logout_test.go
user_objects.go
user_objects_test.go
user_service_accounts.go
user_service_accounts_test.go
user_session.go
user_session_test.go
user_version.go
user_watch.go
user_watch_test.go
utils.go
utils_test.go
ws_handle.go
ws_handle_test.go
sso-integration
systemd
tests
.dockerignore
.gitignore
.golangci.yml
.goreleaser.yml
.license.tmpl
.nvmrc
.semgrepignore
CONTRIBUTING.md
CREDITS
DEVELOPMENT.md
Dockerfile
Dockerfile.assets
Dockerfile.release
LICENSE
Makefile
NOTICE
README.md
SECURITY.md
VULNERABILITY_REPORT.md
code_of_conduct.md
cross-compile.sh
go.mod
go.sum
semgrep.yaml
swagger-console.yml
swagger-operator.yml
verify-gofmt.sh
yarn.lock
克隆/下载
user_logout.go 3.58 KB
一键复制 编辑 原始数据 按行查看 历史
wangyuguo 提交于 2年前 . 更新
// This file is part of MinIO Console Server
// Copyright (c) 2021 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
package restapi
import (
"context"
"encoding/base64"
"encoding/json"
"net/http"
"net/url"
"time"
"gitee.com/whubbledb/console/models"
"gitee.com/whubbledb/console/pkg/auth/idp/oauth2"
"gitee.com/whubbledb/console/restapi/operations"
authApi "gitee.com/whubbledb/console/restapi/operations/auth"
"github.com/go-openapi/runtime"
"github.com/go-openapi/runtime/middleware"
)
func registerLogoutHandlers(api *operations.ConsoleAPI) {
// logout from console
api.AuthLogoutHandler = authApi.LogoutHandlerFunc(func(params authApi.LogoutParams, session *models.Principal) middleware.Responder {
err := getLogoutResponse(session, params)
if err != nil {
return authApi.NewLogoutDefault(int(err.Code)).WithPayload(err)
}
// Custom response writer to expire the session cookies
return middleware.ResponderFunc(func(w http.ResponseWriter, p runtime.Producer) {
expiredCookie := ExpireSessionCookie()
// this will tell the browser to clear the cookie and invalidate user session
// additionally we are deleting the cookie from the client side
http.SetCookie(w, &expiredCookie)
http.SetCookie(w, &http.Cookie{
Path: "/",
Name: "idp-refresh-token",
Value: "",
MaxAge: -1,
Expires: time.Now().Add(-100 * time.Hour),
HttpOnly: true,
Secure: len(GlobalPublicCerts) > 0,
SameSite: http.SameSiteLaxMode,
})
authApi.NewLogoutOK().WriteResponse(w, p)
})
})
}
// logout() call Expire() on the provided ConsoleCredentials
func logout(credentials ConsoleCredentialsI) {
credentials.Expire()
}
// getLogoutResponse performs logout() and returns nil or errors
func getLogoutResponse(session *models.Principal, params authApi.LogoutParams) *models.Error {
ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
defer cancel()
state := params.Body.State
if state != "" {
if err := logoutFromIDPProvider(params.HTTPRequest, state); err != nil {
return ErrorWithContext(ctx, err)
}
}
creds := getConsoleCredentialsFromSession(session)
credentials := ConsoleCredentials{ConsoleCredentials: creds}
logout(credentials)
return nil
}
func logoutFromIDPProvider(r *http.Request, state string) error {
decodedRState, err := base64.StdEncoding.DecodeString(state)
if err != nil {
return err
}
var requestItems oauth2.LoginURLParams
err = json.Unmarshal(decodedRState, &requestItems)
if err != nil {
return err
}
providerCfg := GlobalMinIOConfig.OpenIDProviders[requestItems.IDPName]
refreshToken, err := r.Cookie("idp-refresh-token")
if err != nil {
return err
}
if providerCfg.EndSessionEndpoint != "" {
params := url.Values{}
params.Add("client_id", providerCfg.ClientID)
params.Add("client_secret", providerCfg.ClientSecret)
params.Add("refresh_token", refreshToken.Value)
_, err := http.PostForm(providerCfg.EndSessionEndpoint, params)
if err != nil {
return err
}
}
return nil
}
Loading...
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化
1
https://gitee.com/whubbledb/console.git
git@gitee.com:whubbledb/console.git
whubbledb
console
console
v1.0.6

搜索帮助