summaryrefslogtreecommitdiff
path: root/internal/server/secureinternet.go
diff options
context:
space:
mode:
Diffstat (limited to 'internal/server/secureinternet.go')
-rw-r--r--internal/server/secureinternet.go32
1 files changed, 29 insertions, 3 deletions
diff --git a/internal/server/secureinternet.go b/internal/server/secureinternet.go
index f97cef1..e0d081a 100644
--- a/internal/server/secureinternet.go
+++ b/internal/server/secureinternet.go
@@ -4,16 +4,42 @@ import (
"context"
"errors"
"log/slog"
+ "net/url"
+ "strings"
"time"
"codeberg.org/eduVPN/eduvpn-common/internal/api"
"codeberg.org/eduVPN/eduvpn-common/internal/config/v2"
"codeberg.org/eduVPN/eduvpn-common/internal/discovery"
- "codeberg.org/eduVPN/eduvpn-common/internal/util"
"codeberg.org/eduVPN/eduvpn-common/types/server"
"github.com/jwijenbergh/eduoauth-go"
)
+// ReplaceWAYF replaces an authorization template containing of @RETURN_TO@ and @ORG_ID@ with the authorization URL and the organization ID
+// See https://github.com/eduvpn/documentation/blob/dc4d53c47dd7a69e95d6650eec408e16eaa814a2/SERVER_DISCOVERY_SKIP_WAYF.md
+func ReplaceWAYF(template string, authURL string, orgID string) string {
+ // We just return the authURL in the cases where the template is not given or is invalid
+ if template == "" {
+ return authURL
+ }
+ if !strings.Contains(template, "@RETURN_TO@") {
+ return authURL
+ }
+ if !strings.Contains(template, "@ORG_ID@") {
+ return authURL
+ }
+ // Replace authURL
+ template = strings.Replace(template, "@RETURN_TO@", url.QueryEscape(authURL), 1)
+
+ // If now there is no more ORG_ID, return as there weren't enough @ symbols
+ if !strings.Contains(template, "@ORG_ID@") {
+ return authURL
+ }
+ // Replace ORG ID
+ template = strings.Replace(template, "@ORG_ID@", url.QueryEscape(orgID), 1)
+ return template
+}
+
// AddSecure adds a secure internet server
// `ctx` is the context used for cancellation
// `disco` are the discovery servers
@@ -47,7 +73,7 @@ func (s *Servers) AddSecure(ctx context.Context, discom *discovery.Manager, orgI
if err != nil {
return "", err
}
- ret := util.ReplaceWAYF(updsrv.AuthenticationURLTemplate, url, updorg.OrgID)
+ ret := ReplaceWAYF(updsrv.AuthenticationURLTemplate, url, updorg.OrgID)
return ret, nil
},
}
@@ -127,7 +153,7 @@ func (s *Servers) GetSecure(ctx context.Context, orgID string, discom *discovery
if err != nil {
return "", err
}
- ret := util.ReplaceWAYF(updsrv.AuthenticationURLTemplate, url, updorg.OrgID)
+ ret := ReplaceWAYF(updsrv.AuthenticationURLTemplate, url, updorg.OrgID)
return ret, nil
},
DisableAuthorize: disableAuth,