Skip to content

Commit c650133

Browse files
ThomasK33ThomasK33
authored
refactor: move OAuth2 provider code to dedicated package (#18746)
# Refactor OAuth2 Provider Code into Dedicated Package This PR refactors the OAuth2 provider functionality by moving it from the main `coderd` package into a dedicated `oauth2provider` package. The change improves code organization and maintainability without changing functionality. Key changes: - Created a new `oauth2provider` package to house all OAuth2 provider-related code - Moved existing OAuth2 provider functionality from `coderd/identityprovider` to the new package - Refactored handler functions to follow a consistent pattern of returning `http.HandlerFunc` instead of being handlers directly - Split large files into smaller, more focused files organized by functionality: - `app_secrets.go` - Manages OAuth2 application secrets - `apps.go` - Handles OAuth2 application CRUD operations - `authorize.go` - Implements the authorization flow - `metadata.go` - Provides OAuth2 metadata endpoints - `registration.go` - Handles dynamic client registration - `revoke.go` - Implements token revocation - `secrets.go` - Manages secret generation and validation - `tokens.go` - Handles token issuance and validation This refactoring improves code organization and makes the OAuth2 provider functionality more maintainable while preserving all existing behavior.
1 parent 7fbb3ce commit c650133

File tree

17 files changed

+1095
-981
lines changed

17 files changed

+1095
-981
lines changed

coderd/coderd.go

Lines changed: 16 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,7 @@ import (
1919
"sync/atomic"
2020
"time"
2121

22+
"github.com/coder/coder/v2/coderd/oauth2provider"
2223
"github.com/coder/coder/v2/coderd/prebuilds"
2324

2425
"github.com/andybalholm/brotli"
@@ -913,9 +914,9 @@ func New(options *Options) *API {
913914
}
914915

915916
// OAuth2 metadata endpoint for RFC 8414 discovery
916-
r.Get("/.well-known/oauth-authorization-server", api.oauth2AuthorizationServerMetadata)
917+
r.Get("/.well-known/oauth-authorization-server", api.oauth2AuthorizationServerMetadata())
917918
// OAuth2 protected resource metadata endpoint for RFC 9728 discovery
918-
r.Get("/.well-known/oauth-protected-resource", api.oauth2ProtectedResourceMetadata)
919+
r.Get("/.well-known/oauth-protected-resource", api.oauth2ProtectedResourceMetadata())
919920

920921
// OAuth2 linking routes do not make sense under the /api/v2 path. These are
921922
// for an external application to use Coder as an OAuth2 provider, not for
@@ -952,17 +953,17 @@ func New(options *Options) *API {
952953
})
953954

954955
// RFC 7591 Dynamic Client Registration - Public endpoint
955-
r.Post("/register", api.postOAuth2ClientRegistration)
956+
r.Post("/register", api.postOAuth2ClientRegistration())
956957

957958
// RFC 7592 Client Configuration Management - Protected by registration access token
958959
r.Route("/clients/{client_id}", func(r chi.Router) {
959960
r.Use(
960961
// Middleware to validate registration access token
961-
api.requireRegistrationAccessToken,
962+
oauth2provider.RequireRegistrationAccessToken(api.Database),
962963
)
963-
r.Get("/", api.oauth2ClientConfiguration) // Read client configuration
964-
r.Put("/", api.putOAuth2ClientConfiguration) // Update client configuration
965-
r.Delete("/", api.deleteOAuth2ClientConfiguration) // Delete client
964+
r.Get("/", api.oauth2ClientConfiguration()) // Read client configuration
965+
r.Put("/", api.putOAuth2ClientConfiguration()) // Update client configuration
966+
r.Delete("/", api.deleteOAuth2ClientConfiguration()) // Delete client
966967
})
967968
})
968969

@@ -1479,22 +1480,22 @@ func New(options *Options) *API {
14791480
httpmw.RequireExperimentWithDevBypass(api.Experiments, codersdk.ExperimentOAuth2),
14801481
)
14811482
r.Route("/apps", func(r chi.Router) {
1482-
r.Get("/", api.oAuth2ProviderApps)
1483-
r.Post("/", api.postOAuth2ProviderApp)
1483+
r.Get("/", api.oAuth2ProviderApps())
1484+
r.Post("/", api.postOAuth2ProviderApp())
14841485

14851486
r.Route("/{app}", func(r chi.Router) {
14861487
r.Use(httpmw.ExtractOAuth2ProviderApp(options.Database))
1487-
r.Get("/", api.oAuth2ProviderApp)
1488-
r.Put("/", api.putOAuth2ProviderApp)
1489-
r.Delete("/", api.deleteOAuth2ProviderApp)
1488+
r.Get("/", api.oAuth2ProviderApp())
1489+
r.Put("/", api.putOAuth2ProviderApp())
1490+
r.Delete("/", api.deleteOAuth2ProviderApp())
14901491

14911492
r.Route("/secrets", func(r chi.Router) {
1492-
r.Get("/", api.oAuth2ProviderAppSecrets)
1493-
r.Post("/", api.postOAuth2ProviderAppSecret)
1493+
r.Get("/", api.oAuth2ProviderAppSecrets())
1494+
r.Post("/", api.postOAuth2ProviderAppSecret())
14941495

14951496
r.Route("/{secretID}", func(r chi.Router) {
14961497
r.Use(httpmw.ExtractOAuth2ProviderAppSecret(options.Database))
1497-
r.Delete("/", api.deleteOAuth2ProviderAppSecret)
1498+
r.Delete("/", api.deleteOAuth2ProviderAppSecret())
14981499
})
14991500
})
15001501
})

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy