move events.go out of internal/authenticateflow (#4852)

Commit b7896b3153 moved events.go from the 'authenticate' package to
'internal/authenticateflow' in order to avoid an import cycle. However
this location is not actually suitable, as the hosted authenticate
service refers to AuthEvent and AuthEventFn.

Move events.go back out from under 'internal', to a new package
'authenticate/events'. This should still avoid an import cycle between
'authenticate' and 'internal/authenticateflow', while also allowing the
hosted authenticate service to use the events types.

authenticate/config.go

@@ -1,8 +1,8 @@
 package authenticate
 
 import (
+	"github.com/pomerium/pomerium/authenticate/events"
 	"github.com/pomerium/pomerium/config"
-	"github.com/pomerium/pomerium/internal/authenticateflow"
 	"github.com/pomerium/pomerium/internal/identity"
 	identitypb "github.com/pomerium/pomerium/pkg/grpc/identity"
 )
@@ -10,7 +10,7 @@ import (
 type authenticateConfig struct {
 	getIdentityProvider func(options *config.Options, idpID string) (identity.Authenticator, error)
 	profileTrimFn       func(*identitypb.Profile)
-	authEventFn         authenticateflow.AuthEventFn
+	authEventFn         events.AuthEventFn
 }
 
 // An Option customizes the Authenticate config.
@@ -40,7 +40,7 @@ func WithProfileTrimFn(profileTrimFn func(*identitypb.Profile)) Option {
 }
 
 // WithOnAuthenticationEventHook sets the authEventFn function in the config
-func WithOnAuthenticationEventHook(fn authenticateflow.AuthEventFn) Option {
+func WithOnAuthenticationEventHook(fn events.AuthEventFn) Option {
 	return func(cfg *authenticateConfig) {
 		cfg.authEventFn = fn
 	}

authenticate/events/events.go

@@ -1,4 +1,5 @@
-package authenticateflow
+// Package events defines authentication flow event types.
+package events
 
 import (
 	"context"

internal/authenticateflow/stateless.go

@@ -12,6 +12,7 @@ import (
 	"golang.org/x/oauth2"
 	"google.golang.org/protobuf/encoding/protojson"
 
+	"github.com/pomerium/pomerium/authenticate/events"
 	"github.com/pomerium/pomerium/config"
 	"github.com/pomerium/pomerium/internal/encoding"
 	"github.com/pomerium/pomerium/internal/encoding/jws"
@@ -57,7 +58,7 @@ type Stateless struct {
 
 	getIdentityProvider func(options *config.Options, idpID string) (identity.Authenticator, error)
 	profileTrimFn       func(*identitypb.Profile)
-	authEventFn         AuthEventFn
+	authEventFn         events.AuthEventFn
 }
 
 // NewStateless initializes the authentication flow for the given
@@ -67,7 +68,7 @@ func NewStateless(
 	sessionStore sessions.SessionStore,
 	getIdentityProvider func(options *config.Options, idpID string) (identity.Authenticator, error),
 	profileTrimFn func(*identitypb.Profile),
-	authEventFn AuthEventFn,
+	authEventFn events.AuthEventFn,
 ) (*Stateless, error) {
 	s := &Stateless{
 		options:             cfg.Options,
@@ -295,7 +296,7 @@ func (s *Stateless) logAuthenticateEvent(r *http.Request, profile *identitypb.Pr
 		log.Warn(ctx).Err(err).Msg("log authenticate event: failed to decrypt request params")
 	}
 
-	evt := AuthEvent{
+	evt := events.AuthEvent{
 		IP:          httputil.GetClientIP(r),
 		Version:     params.Get(urlutil.QueryVersion),
 		RequestUUID: params.Get(urlutil.QueryRequestUUID),
@@ -310,9 +311,9 @@ func (s *Stateless) logAuthenticateEvent(r *http.Request, profile *identitypb.Pr
 	}
 
 	if evt.UID != nil {
-		evt.Event = AuthEventSignInComplete
+		evt.Event = events.AuthEventSignInComplete
 	} else {
-		evt.Event = AuthEventSignInRequest
+		evt.Event = events.AuthEventSignInRequest
 	}
 
 	if redirectURL, err := url.Parse(params.Get(urlutil.QueryRedirectURI)); err == nil {