From 1dbe4410d736f2888572505994238f58b2140a9f Mon Sep 17 00:00:00 2001
From: Kenneth Jenkins <51246568+kenjenkins@users.noreply.github.com>
Date: Mon, 11 Dec 2023 19:42:56 -0800
Subject: [PATCH] move events.go out of internal/authenticateflow (#4852)

Commit b7896b3153 moved events.go from the 'authenticate' package to
'internal/authenticateflow' in order to avoid an import cycle. However
this location is not actually suitable, as the hosted authenticate
service refers to AuthEvent and AuthEventFn.

Move events.go back out from under 'internal', to a new package
'authenticate/events'. This should still avoid an import cycle between
'authenticate' and 'internal/authenticateflow', while also allowing the
hosted authenticate service to use the events types.
---
 authenticate/config.go                                |  6 +++---
 .../events}/events.go                                 |  3 ++-
 internal/authenticateflow/stateless.go                | 11 ++++++-----
 3 files changed, 11 insertions(+), 9 deletions(-)
 rename {internal/authenticateflow => authenticate/events}/events.go (93%)

diff --git a/authenticate/config.go b/authenticate/config.go
index a1f9a8ecd..3e6afcb4c 100644
--- a/authenticate/config.go
+++ b/authenticate/config.go
@@ -1,8 +1,8 @@
 package authenticate
 
 import (
+	"github.com/pomerium/pomerium/authenticate/events"
 	"github.com/pomerium/pomerium/config"
-	"github.com/pomerium/pomerium/internal/authenticateflow"
 	"github.com/pomerium/pomerium/internal/identity"
 	identitypb "github.com/pomerium/pomerium/pkg/grpc/identity"
 )
@@ -10,7 +10,7 @@ import (
 type authenticateConfig struct {
 	getIdentityProvider func(options *config.Options, idpID string) (identity.Authenticator, error)
 	profileTrimFn       func(*identitypb.Profile)
-	authEventFn         authenticateflow.AuthEventFn
+	authEventFn         events.AuthEventFn
 }
 
 // An Option customizes the Authenticate config.
@@ -40,7 +40,7 @@ func WithProfileTrimFn(profileTrimFn func(*identitypb.Profile)) Option {
 }
 
 // WithOnAuthenticationEventHook sets the authEventFn function in the config
-func WithOnAuthenticationEventHook(fn authenticateflow.AuthEventFn) Option {
+func WithOnAuthenticationEventHook(fn events.AuthEventFn) Option {
 	return func(cfg *authenticateConfig) {
 		cfg.authEventFn = fn
 	}
diff --git a/internal/authenticateflow/events.go b/authenticate/events/events.go
similarity index 93%
rename from internal/authenticateflow/events.go
rename to authenticate/events/events.go
index ca261e008..08878ce0b 100644
--- a/internal/authenticateflow/events.go
+++ b/authenticate/events/events.go
@@ -1,4 +1,5 @@
-package authenticateflow
+// Package events defines authentication flow event types.
+package events
 
 import (
 	"context"
diff --git a/internal/authenticateflow/stateless.go b/internal/authenticateflow/stateless.go
index e5b429faf..c0175098e 100644
--- a/internal/authenticateflow/stateless.go
+++ b/internal/authenticateflow/stateless.go
@@ -12,6 +12,7 @@ import (
 	"golang.org/x/oauth2"
 	"google.golang.org/protobuf/encoding/protojson"
 
+	"github.com/pomerium/pomerium/authenticate/events"
 	"github.com/pomerium/pomerium/config"
 	"github.com/pomerium/pomerium/internal/encoding"
 	"github.com/pomerium/pomerium/internal/encoding/jws"
@@ -57,7 +58,7 @@ type Stateless struct {
 
 	getIdentityProvider func(options *config.Options, idpID string) (identity.Authenticator, error)
 	profileTrimFn       func(*identitypb.Profile)
-	authEventFn         AuthEventFn
+	authEventFn         events.AuthEventFn
 }
 
 // NewStateless initializes the authentication flow for the given
@@ -67,7 +68,7 @@ func NewStateless(
 	sessionStore sessions.SessionStore,
 	getIdentityProvider func(options *config.Options, idpID string) (identity.Authenticator, error),
 	profileTrimFn func(*identitypb.Profile),
-	authEventFn AuthEventFn,
+	authEventFn events.AuthEventFn,
 ) (*Stateless, error) {
 	s := &Stateless{
 		options:             cfg.Options,
@@ -295,7 +296,7 @@ func (s *Stateless) logAuthenticateEvent(r *http.Request, profile *identitypb.Pr
 		log.Warn(ctx).Err(err).Msg("log authenticate event: failed to decrypt request params")
 	}
 
-	evt := AuthEvent{
+	evt := events.AuthEvent{
 		IP:          httputil.GetClientIP(r),
 		Version:     params.Get(urlutil.QueryVersion),
 		RequestUUID: params.Get(urlutil.QueryRequestUUID),
@@ -310,9 +311,9 @@ func (s *Stateless) logAuthenticateEvent(r *http.Request, profile *identitypb.Pr
 	}
 
 	if evt.UID != nil {
-		evt.Event = AuthEventSignInComplete
+		evt.Event = events.AuthEventSignInComplete
 	} else {
-		evt.Event = AuthEventSignInRequest
+		evt.Event = events.AuthEventSignInRequest
 	}
 
 	if redirectURL, err := url.Parse(params.Get(urlutil.QueryRedirectURI)); err == nil {