proxy: add userinfo and webauthn endpoints (#3755)

* proxy: add userinfo and webauthn endpoints * use TLD for RP id * use EffectiveTLDPlusOne * upgrade webauthn * fix test * Update internal/handlers/jwks.go Co-authored-by: bobby <1544881+desimone@users.noreply.github.com> Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
2025-06-01 10:22:43 +02:00 · 2022-11-22 10:26:35 -07:00 · 2022-11-22 10:26:35 -07:00 · c1a522cd82
commit c1a522cd82
parent 81053ac8ef
33 changed files with 498 additions and 216 deletions
--- a/internal/handlers/userinfo.go
+++ b/internal/handlers/userinfo.go
@ -0,0 +1,65 @@
+package handlers
+
+import (
+	"encoding/json"
+	"net/http"
+
+	"google.golang.org/protobuf/encoding/protojson"
+
+	"github.com/pomerium/datasource/pkg/directory"
+	"github.com/pomerium/pomerium/internal/httputil"
+	"github.com/pomerium/pomerium/pkg/grpc/session"
+	"github.com/pomerium/pomerium/pkg/grpc/user"
+	"github.com/pomerium/pomerium/ui"
+	"github.com/pomerium/webauthn"
+)
+
+// UserInfoData is the data for the UserInfo page.
+type UserInfoData struct {
+	CSRFToken      string
+	IsImpersonated bool
+	Session        *session.Session
+	User           *user.User
+
+	IsEnterprise    bool
+	DirectoryUser   *directory.User
+	DirectoryGroups []*directory.Group
+
+	WebAuthnCreationOptions *webauthn.PublicKeyCredentialCreationOptions
+	WebAuthnRequestOptions  *webauthn.PublicKeyCredentialRequestOptions
+	WebAuthnURL             string
+
+	BrandingOptions httputil.BrandingOptions
+}
+
+// ToJSON converts the data into a JSON map.
+func (data UserInfoData) ToJSON() map[string]any {
+	m := map[string]any{}
+	m["csrfToken"] = data.CSRFToken
+	m["isImpersonated"] = data.IsImpersonated
+	if bs, err := protojson.Marshal(data.Session); err == nil {
+		m["session"] = json.RawMessage(bs)
+	}
+	if bs, err := protojson.Marshal(data.User); err == nil {
+		m["user"] = json.RawMessage(bs)
+	}
+	m["isEnterprise"] = data.IsEnterprise
+	if data.DirectoryUser != nil {
+		m["directoryUser"] = data.DirectoryUser
+	}
+	if len(data.DirectoryGroups) > 0 {
+		m["directoryGroups"] = data.DirectoryGroups
+	}
+	m["webAuthnCreationOptions"] = data.WebAuthnCreationOptions
+	m["webAuthnRequestOptions"] = data.WebAuthnRequestOptions
+	m["webAuthnUrl"] = data.WebAuthnURL
+	httputil.AddBrandingOptionsToMap(m, data.BrandingOptions)
+	return m
+}
+
+// UserInfo returns a handler that renders the user info page.
+func UserInfo(data UserInfoData) http.Handler {
+	return httputil.HandlerFunc(func(w http.ResponseWriter, r *http.Request) error {
+		return ui.ServePage(w, r, "UserInfo", data.ToJSON())
+	})
+}