Merge branch 'main' into feat-email-i18n

teamhanko · Jan 10, 2025 · 3f0f8bb · 3f0f8bb
2 parents f1e72bd + fc80743
commit 3f0f8bb
Show file tree

Hide file tree

Showing 4 changed files with 49 additions and 11 deletions.
diff --git a/backend/handler/thirdparty_auth_test.go b/backend/handler/thirdparty_auth_test.go
@@ -101,7 +101,7 @@ func (s *thirdPartySuite) TestThirdPartyHandler_Auth() {
 			requestedRedirectTo:      "https://app.test.example",
 			expectedBaseURL:          "https://login.test.example",
 			expectedError:            thirdparty.ErrorCodeInvalidRequest,
-			expectedErrorDescription: "unknownProvider",
+			expectedErrorDescription: "unknown provider",
 		},
 		{
 			name:                     "error redirect when requesting a redirectTo that is not allowed",

diff --git a/backend/test/database.go b/backend/test/database.go
@@ -57,7 +57,7 @@ func StartDB(name string, dialect string) (*TestDB, error) {
 	hostAndPort := resource.GetHostPort(getPortID(dialect))
 	dsn := getDsn(dialect, hostAndPort)
 
-	_ = resource.Expire(120)
+	_ = resource.Expire(300)
 
 	pool.MaxWait = 120 * time.Second
 	if err = pool.Retry(func() error {

diff --git a/backend/thirdparty/provider.go b/backend/thirdparty/provider.go
@@ -94,7 +94,7 @@ func GetProvider(config config.ThirdParty, id string) (OAuthProvider, error) {
 	if strings.HasPrefix(idLower, "custom_") {
 		return getCustomThirdPartyProvider(config, idLower)
 	} else {
-		return getThirdPartyProvider(config, id)
+		return getThirdPartyProvider(config, idLower)
 	}
 }
 

diff --git a/quickstart/middleware/session.go b/quickstart/middleware/session.go
@@ -1,16 +1,17 @@
 package middleware
 
 import (
-	"context"
+	"bytes"
+	"encoding/json"
 	"fmt"
 	"github.com/labstack/echo/v4"
-	"github.com/lestrrat-go/jwx/v2/jwk"
-	"github.com/lestrrat-go/jwx/v2/jwt"
+	"io"
 	"log"
 	"net/http"
 )
 
 func SessionMiddleware(hankoUrl string) echo.MiddlewareFunc {
+	client := http.Client{}
 	return func(next echo.HandlerFunc) echo.HandlerFunc {
 		return func(c echo.Context) error {
 			cookie, err := c.Cookie("hanko")
@@ -20,21 +21,58 @@ func SessionMiddleware(hankoUrl string) echo.MiddlewareFunc {
 			if err != nil {
 				return err
 			}
-			set, err := jwk.Fetch(context.Background(), fmt.Sprintf("%v/.well-known/jwks.json", hankoUrl))
+
+			requestBody := CheckSessionRequest{SessionToken: cookie.Value}
+
+			bodyJson, err := json.Marshal(requestBody)
+			if err != nil {
+				return fmt.Errorf("failed to marshal request body: %w", err)
+			}
+			httpReq, err := http.NewRequest(http.MethodPost, fmt.Sprintf("%s/sessions/validate", hankoUrl), bytes.NewReader(bodyJson))
 			if err != nil {
 				return err
 			}
+			httpReq.Header.Set("Content-Type", "application/json")
 
-			token, err := jwt.Parse([]byte(cookie.Value), jwt.WithKeySet(set))
+			response, err := client.Do(httpReq)
 			if err != nil {
-				return c.Redirect(http.StatusTemporaryRedirect, "/unauthorized")
+				return err
+			}
+			defer response.Body.Close()
+
+			if response.StatusCode != http.StatusOK {
+				return fmt.Errorf("failed to get session response: %d", response.StatusCode)
+			}
+
+			responseBytes, err := io.ReadAll(response.Body)
+			if err != nil {
+				return err
+			}
+
+			var sessionResponse CheckSessionResponse
+			err = json.Unmarshal(responseBytes, &sessionResponse)
+			if err != nil {
+				return err
 			}
 
-			log.Printf("session for user '%s' verified successfully", token.Subject())
+			if !sessionResponse.IsValid {
+				return c.Redirect(http.StatusTemporaryRedirect, "/unauthorized")
+			}
+			log.Printf("session for user '%s' verified successfully", sessionResponse.UserID)
 			c.Set("token", cookie.Value)
-			c.Set("user", token.Subject())
+			c.Set("user", sessionResponse.UserID)
 
 			return next(c)
 		}
 	}
 }
+
+type CheckSessionRequest struct {
+	SessionToken string `json:"session_token"`
+}
+
+type CheckSessionResponse struct {
+	IsValid        bool   `json:"is_valid"`
+	ExpirationTime string `json:"expiration_time"`
+	UserID         string `json:"user_id"`
+}