added cookie jar interface + authenticator setup function

.env.example

@@ -5,3 +5,4 @@ OIDC_REDIRECT_URL: "http://localhost:8081/auth/soarca_gui/callback"
 OIDC_PROVIDER: "https://localhost:9443/application/u/test/"
 OIDC_CLIENT_ID: "SOME_CLIENT_ID"
 OIDC_CLIENT_SECRET: "SOME_CLIENT_SECRET"
+COOKIE_SECRET_KEY: "SOME_COOKIE_SECRET" #openssl rand -base64 32  or head -c 32 /dev/urandom | base64

auth/auth.go

@@ -11,42 +11,60 @@ import (
 )
 
 type Authenticator struct {
-	Cookiejar   *cookies.CookieJar
-	OIDCconfig  *oidc.Config
-	OauthConfig *oauth2.Config
-	provider    *oidc.Provider
+	Cookiejar        cookies.ICookieJar
+	OIDCconfig       *oidc.Config
+	OauthConfig      *oauth2.Config
+	verifierProvider *oidc.Provider
 }
 
-func SetupAuthHanlder() *Authenticator {
+func SetupAuthHandler() *Authenticator {
 	providerLink := utils.GetEnv("OIDC_PROVIDER", "")
 	clientID := utils.GetEnv("OIDC_CLIENT_ID", "")
 	clientSecret := utils.GetEnv("OIDC_CLIENT_SECRET", "")
-
+	redirectURL := utils.GetEnv("OIDC_REDIRECT_URL", "")
+	cookieJarSecret := utils.GetEnv("COOKIE_SECRET", "")
 	if providerLink == "" {
 		log.Fatal("invalid provider link for the env: OIDC_PROVIDER")
-		return nil
 	}
 	if clientID == "" {
 		log.Fatal("invalid oidc client ID for the env: OIDC_CLIENT_ID")
-		return nil
 	}
 	if clientSecret == "" {
-		log.Fatal("invalid oidc client secret for the env: OIDC_CLIENT_secret")
-		return nil
+		log.Fatal("invalid oidc client secret for the env: OIDC_CLIENT_SECRET")
+	}
+	if redirectURL == "" {
+		log.Fatal("invalid redirect URL for the env: OIDC_REDIRECT_URL")
+	}
+	if cookieJarSecret == "" || len(cookieJarSecret) < 32 {
+		log.Fatal("invalid cookie secret key for the env: COOKIE_SECRET_KEY. Note: should be at leat 32 characters")
 	}
-	context := context.Background()
 
-	provider, err := oidc.NewProvider(context, providerLink)
+	ctx := context.Background()
+	provider, err := oidc.NewProvider(ctx, providerLink)
 	if err != nil {
 		log.Fatal(err)
 	}
-	return nil
+
+	oidcConfig := &oidc.Config{
+		ClientID: clientID,
+	}
+
+	oauthConfig := &oauth2.Config{
+		ClientID:     clientID,
+		ClientSecret: clientSecret,
+		RedirectURL:  redirectURL,
+		Endpoint:     provider.Endpoint(),
+		Scopes:       []string{oidc.ScopeOpenID, "profile", "email"},
+	}
+
+	cookieJar := cookies.NewCookieJar([]byte(cookieJarSecret))
+	return NewAuthenticator(cookieJar, oidcConfig, oauthConfig, provider)
 }
 
-func NewAuthenticator(cj *cookies.CookieJar, OIDCconfig *oidc.Config) *Authenticator {
-	return &Authenticator{Cookiejar: cj, OIDCconfig: OIDCconfig}
+func NewAuthenticator(cj cookies.ICookieJar, OIDCconfig *oidc.Config, OauthConfig *oauth2.Config, verifierProvider *oidc.Provider) *Authenticator {
+	return &Authenticator{Cookiejar: cj, OIDCconfig: OIDCconfig, OauthConfig: OauthConfig, verifierProvider: verifierProvider}
 }
 
 func (auth *Authenticator) GetVerifier() *oidc.Provider {
-	return auth.provider
+	return auth.verifierProvider
 }

auth/cookies/cookie.go

@@ -7,6 +7,10 @@ import (
 	"github.com/gorilla/sessions"
 )
 
+type ICookieJar interface {
+	SetCallBackCookie(*gin.Context, string, string)
+}
+
 type CookieJar struct {
 	store sessions.Store
 }
@@ -22,7 +26,7 @@ func (cj *CookieJar) SetCallBackCookie(g *gin.Context, name string, stateValue s
 	session.Options.Path = "/"
 	session.Options.Secure = g.Request.TLS != nil
 
-	if err := cj.store.Save(g.Request, c.Writer, session); err != nil {
+	if err := cj.store.Save(g.Request, g.Writer, session); err != nil {
 		fmt.Println("[error] failed to store session")
 		return
 	}

auth/gin_oidc.go

@@ -0,0 +1,32 @@
+package auth
+
+import (
+	"errors"
+	"net/http"
+	"soarca-gui/auth/api"
+
+	"github.com/coreos/go-oidc/v3/oidc"
+	"github.com/gin-gonic/gin"
+)
+
+const (
+	CALLBACK_STATE = "soarca_gui_state"
+	CALLBACK_NONCE = "soarca_gui_nonce"
+)
+
+func (auth *Authenticator) redirectToOIDCLogin(ctx *gin.Context) {
+	state, err := randString(32)
+	if err != nil {
+		api.JSONErrorStatus(ctx, http.StatusInsufficientStorage, errors.New("failed to generate state"))
+		return
+	}
+	nonce, err := randString(32)
+	if err != nil {
+		api.JSONErrorStatus(ctx, http.StatusInsufficientStorage, errors.New("failed to generate nonce"))
+		return
+	}
+	auth.Cookiejar.SetCallBackCookie(ctx, CALLBACK_STATE, state)
+	auth.Cookiejar.SetCallBackCookie(ctx, CALLBACK_NONCE, nonce)
+
+	ctx.Redirect(http.StatusFound, auth.OauthConfig.AuthCodeURL(state, oidc.Nonce(nonce)))
+}

auth/utils.go

@@ -4,7 +4,6 @@ import (
 	"crypto/rand"
 	"encoding/base64"
 	"io"
-	"net/http"
 )
 
 func randString(nByte int) (string, error) {
@@ -14,6 +13,3 @@ func randString(nByte int) (string, error) {
 	}
 	return base64.RawURLEncoding.EncodeToString(b), nil
 }
-
-func setCallbackCookie(w http.ResponseWriter, r *http.Request, name string, value string) {
-}