Move SSO clients from config to database
- Add sso_clients table (migration 000010) with client_id, redirect_uri, tags (JSON), enabled flag, and audit timestamps - Add SSOClient model struct and audit events - Implement DB CRUD with 10 unit tests - Add REST API: GET/POST/PATCH/DELETE /v1/sso/clients (policy-gated) - Add gRPC SSOClientService with 5 RPCs (admin-only) - Add mciasctl sso list/create/get/update/delete commands - Add web UI admin page at /sso-clients with HTMX create/toggle/delete - Migrate handleSSOAuthorize and handleSSOTokenExchange to use DB - Remove SSOConfig, SSOClient struct, lookup methods from config - Simplify: client_id = service_name for policy evaluation Security: - SSO client CRUD is admin-only (policy-gated REST, requireAdmin gRPC) - redirect_uri must use https:// (validated at DB layer) - Disabled clients are rejected at both authorize and token exchange - All mutations write audit events Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
129
internal/ui/handlers_sso_clients.go
Normal file
129
internal/ui/handlers_sso_clients.go
Normal file
@@ -0,0 +1,129 @@
|
||||
package ui
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"net/http"
|
||||
"strings"
|
||||
|
||||
"git.wntrmute.dev/mc/mcias/internal/audit"
|
||||
"git.wntrmute.dev/mc/mcias/internal/model"
|
||||
)
|
||||
|
||||
func (u *UIServer) handleSSOClientsPage(w http.ResponseWriter, r *http.Request) {
|
||||
csrfToken, err := u.setCSRFCookies(w)
|
||||
if err != nil {
|
||||
http.Error(w, "internal error", http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
|
||||
clients, err := u.db.ListSSOClients()
|
||||
if err != nil {
|
||||
u.renderError(w, r, http.StatusInternalServerError, "failed to load SSO clients")
|
||||
return
|
||||
}
|
||||
|
||||
u.render(w, "sso_clients", SSOClientsData{
|
||||
PageData: PageData{CSRFToken: csrfToken, ActorName: u.actorName(r), IsAdmin: isAdmin(r)},
|
||||
Clients: clients,
|
||||
})
|
||||
}
|
||||
|
||||
func (u *UIServer) handleCreateSSOClientUI(w http.ResponseWriter, r *http.Request) {
|
||||
r.Body = http.MaxBytesReader(w, r.Body, maxFormBytes)
|
||||
if err := r.ParseForm(); err != nil {
|
||||
u.renderError(w, r, http.StatusBadRequest, "invalid form submission")
|
||||
return
|
||||
}
|
||||
|
||||
clientID := strings.TrimSpace(r.FormValue("client_id"))
|
||||
redirectURI := strings.TrimSpace(r.FormValue("redirect_uri"))
|
||||
tagsStr := strings.TrimSpace(r.FormValue("tags"))
|
||||
|
||||
if clientID == "" || redirectURI == "" {
|
||||
u.renderError(w, r, http.StatusBadRequest, "client_id and redirect_uri are required")
|
||||
return
|
||||
}
|
||||
|
||||
var tags []string
|
||||
if tagsStr != "" {
|
||||
for _, t := range strings.Split(tagsStr, ",") {
|
||||
t = strings.TrimSpace(t)
|
||||
if t != "" {
|
||||
tags = append(tags, t)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
claims := claimsFromContext(r.Context())
|
||||
var actorID *int64
|
||||
if claims != nil {
|
||||
if acct, err := u.db.GetAccountByUUID(claims.Subject); err == nil {
|
||||
actorID = &acct.ID
|
||||
}
|
||||
}
|
||||
|
||||
c, err := u.db.CreateSSOClient(clientID, redirectURI, tags, actorID)
|
||||
if err != nil {
|
||||
u.renderError(w, r, http.StatusBadRequest, err.Error())
|
||||
return
|
||||
}
|
||||
|
||||
u.writeAudit(r, model.EventSSOClientCreated, actorID, nil,
|
||||
audit.JSON("client_id", c.ClientID))
|
||||
|
||||
u.render(w, "sso_client_row", c)
|
||||
}
|
||||
|
||||
func (u *UIServer) handleToggleSSOClient(w http.ResponseWriter, r *http.Request) {
|
||||
clientID := r.PathValue("clientId")
|
||||
r.Body = http.MaxBytesReader(w, r.Body, maxFormBytes)
|
||||
if err := r.ParseForm(); err != nil {
|
||||
u.renderError(w, r, http.StatusBadRequest, "invalid form")
|
||||
return
|
||||
}
|
||||
|
||||
enabled := r.FormValue("enabled") == "true"
|
||||
if err := u.db.UpdateSSOClient(clientID, nil, nil, &enabled); err != nil {
|
||||
u.renderError(w, r, http.StatusInternalServerError, "failed to update SSO client")
|
||||
return
|
||||
}
|
||||
|
||||
claims := claimsFromContext(r.Context())
|
||||
var actorID *int64
|
||||
if claims != nil {
|
||||
if acct, err := u.db.GetAccountByUUID(claims.Subject); err == nil {
|
||||
actorID = &acct.ID
|
||||
}
|
||||
}
|
||||
u.writeAudit(r, model.EventSSOClientUpdated, actorID, nil,
|
||||
fmt.Sprintf(`{"client_id":%q,"enabled":%v}`, clientID, enabled))
|
||||
|
||||
c, err := u.db.GetSSOClient(clientID)
|
||||
if err != nil {
|
||||
u.renderError(w, r, http.StatusInternalServerError, "failed to reload SSO client")
|
||||
return
|
||||
}
|
||||
u.render(w, "sso_client_row", c)
|
||||
}
|
||||
|
||||
func (u *UIServer) handleDeleteSSOClientUI(w http.ResponseWriter, r *http.Request) {
|
||||
clientID := r.PathValue("clientId")
|
||||
|
||||
if err := u.db.DeleteSSOClient(clientID); err != nil {
|
||||
u.renderError(w, r, http.StatusInternalServerError, "failed to delete SSO client")
|
||||
return
|
||||
}
|
||||
|
||||
claims := claimsFromContext(r.Context())
|
||||
var actorID *int64
|
||||
if claims != nil {
|
||||
if acct, err := u.db.GetAccountByUUID(claims.Subject); err == nil {
|
||||
actorID = &acct.ID
|
||||
}
|
||||
}
|
||||
u.writeAudit(r, model.EventSSOClientDeleted, actorID, nil,
|
||||
audit.JSON("client_id", clientID))
|
||||
|
||||
// Return empty response so HTMX removes the row.
|
||||
w.WriteHeader(http.StatusOK)
|
||||
}
|
||||
Reference in New Issue
Block a user