From 22170c192a35fbd6a11ffa77114ddc7f815e78a4 Mon Sep 17 00:00:00 2001 From: cangui Date: Sun, 11 May 2025 10:45:42 +0200 Subject: [PATCH] dddd --- backend/handlers/main.go | 38 ++++++++++++++++++++++++++++++++ backend/middleware/middleware.go | 33 +++++++++++++++++++++++++++ backend/routes/routes.go | 3 +++ 3 files changed, 74 insertions(+) diff --git a/backend/handlers/main.go b/backend/handlers/main.go index 3754f05..dcdfb18 100644 --- a/backend/handlers/main.go +++ b/backend/handlers/main.go @@ -93,6 +93,44 @@ func SSOLoginHandler(db *gorm.DB) http.HandlerFunc { http.Redirect(w, r, "/dashboard", http.StatusSeeOther) } } +func SSOLoginPostHandler(db *gorm.DB) http.HandlerFunc { + return func(w http.ResponseWriter, r *http.Request) { + var body struct { + Code string `json:"code"` + } + if err := json.NewDecoder(r.Body).Decode(&body); err != nil || body.Code == "" { + http.Error(w, "Code SSO requis", http.StatusBadRequest) + return + } + + var user models.User + if result := db.Where("sso_id = ?", body.Code).First(&user); result.Error != nil || !user.IsActive { + http.Error(w, "SSO invalide ou utilisateur inactif", http.StatusUnauthorized) + return + } + + token, err := jwt.CreateToken(user.SSOID) + if err != nil { + http.Error(w, "Erreur génération token", http.StatusInternalServerError) + return + } + + http.SetCookie(w, &http.Cookie{ + Name: "token", + Value: token, + Path: "/", + HttpOnly: true, + Secure: false, + SameSite: http.SameSiteLaxMode, + }) + + w.Header().Set("Content-Type", "application/json") + json.NewEncoder(w).Encode(map[string]string{ + "message": "Connexion réussie", + "token": token, + }) + } +} var MessageTypeCreditCost = map[string]uint{ diff --git a/backend/middleware/middleware.go b/backend/middleware/middleware.go index c206399..90b72ca 100644 --- a/backend/middleware/middleware.go +++ b/backend/middleware/middleware.go @@ -25,6 +25,39 @@ func AuthMiddleware(next http.Handler) http.Handler { next.ServeHTTP(w, r.WithContext(ctx)) }) } +func AuthWithTokenHandler() http.HandlerFunc { + return func(w http.ResponseWriter, r *http.Request) { + token := r.URL.Query().Get("token") + if token == "" { + http.Error(w, "Token JWT manquant", http.StatusBadRequest) + return + } + + // Facultatif : tu peux valider ici que le token est correct avant de le poser + _, err := jwt.Parse(token, func(t *jwt.Token) (interface{}, error) { + if _, ok := t.Method.(*jwt.SigningMethodHMAC); !ok { + return nil, fmt.Errorf("méthode de signature invalide") + } + return []byte("secret-key"), nil + }) + if err != nil { + http.Error(w, "Token invalide", http.StatusUnauthorized) + return + } + + // ✅ Pose le token comme cookie + http.SetCookie(w, &http.Cookie{ + Name: "token", + Value: token, + Path: "/", + HttpOnly: true, + Secure: false, // true en prod + SameSite: http.SameSiteLaxMode, + }) + + http.Redirect(w, r, "/dashboard", http.StatusSeeOther) + } +} // RedirectToLoginIfUnauthenticated vérifie le JWT et injecte ssoid dans le contexte, sinon redirige vers /login func RedirectToLoginIfUnauthenticated(w http.ResponseWriter, r *http.Request) (context.Context, bool) { diff --git a/backend/routes/routes.go b/backend/routes/routes.go index 76a5703..227b7dd 100644 --- a/backend/routes/routes.go +++ b/backend/routes/routes.go @@ -2,6 +2,7 @@ package routes import ( "cangui/whatsapp/backend/handlers" + "cangui/whatsapp/backend/middleware" "cangui/whatsapp/backend/renders" "net/http" @@ -40,6 +41,8 @@ func RoutesPublic(r *mux.Router, db *gorm.DB) { http.Redirect(w, r, "/dashboard", http.StatusSeeOther) }) // Page de login + r.HandleFunc("/auth/with-token", middleware.AuthWithTokenHandler()).Methods("GET") + r.HandleFunc("/api/sso/login", handlers.SSOLoginPostHandler(db)).Methods("POST") r.HandleFunc("/login", renders.Login) r.HandleFunc("/api/whatsapp/webhook", handlers.WebhookVerifyHandler()).Methods("GET") r.HandleFunc("/api/whatsapp/webhook", handlers.WebhookReceiveHandler(db)).Methods("POST")