taldir

Directory service to resolve wallet mailboxes by messenger addresses
Log | Files | Refs | Submodules | README | LICENSE
commit c796b33529a59764573bc426221c532104ce14dd
parent 808ecaa9274b8b38c0fb03a417692bbb7b9ed1c0
Author: Martin Schanzenbach <schanzen@gnunet.org>
Date:   Wed, 13 Aug 2025 08:59:24 +0200

forgot file

Diffstat:

Apkg/taldir/oidc_validator.go | 101+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


1 file changed, 101 insertions(+), 0 deletions(-)

diff --git a/pkg/taldir/oidc_validator.go b/pkg/taldir/oidc_validator.go
@@ -0,0 +1,101 @@
+// This file is part of tdir, the Taler Directory implementation.
+// Copyright (C) 2025 Martin Schanzenbach
+//
+// Taldir is free software: you can redistribute it and/or modify it
+// under the terms of the GNU Affero General Public License as published
+// by the Free Software Foundation, either version 3 of the License,
+// or (at your option) any later version.
+//
+// Taldir is distributed in the hope that it will be useful, but
+// WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+// SPDX-License-Identifier: AGPL3.0-or-later
+
+package taldir
+
+import (
+	"fmt"
+	"html/template"
+	"regexp"
+)
+
+type OidcValidator struct {
+
+	// Name
+	name string
+
+	// Config
+	config *TaldirConfig
+
+	// Client ID
+	clientId string
+
+	// Client secret
+	clientSecret string
+
+	// Callback URI
+	callbackUri string
+
+	// OIDC authorization endpoint
+	authorizationEndpoint string
+
+	// registration/lookup page
+	landingPageTpl *template.Template
+
+	// Validator alias regex
+	validAliasRegex string
+}
+
+func (t *OidcValidator) LandingPageTpl() *template.Template {
+	return t.landingPageTpl
+}
+
+func (t *OidcValidator) Type() ValidatorType {
+	return ValidatorTypeOIDC
+}
+
+func (t *OidcValidator) Name() string {
+	return t.name
+}
+
+func (t *OidcValidator) IsEnabled() bool {
+	return t.config.Ini.Section("taldir-validator-" + t.name).Key("enabled").MustBool(false)
+}
+
+func (t *OidcValidator) ChallengeFee() string {
+	return t.config.Ini.Section("taldir-validator-" + t.name).Key("challenge_fee").MustString("KUDOS:0")
+}
+
+func (t *OidcValidator) IsAliasValid(alias string) (err error) {
+	if t.validAliasRegex != "" {
+		matched, _ := regexp.MatchString(t.validAliasRegex, alias)
+		if !matched {
+			return fmt.Errorf("alias `%s' invalid", alias) // TODO i18n
+		}
+	}
+	return
+}
+
+func (t *OidcValidator) RegistrationStart(topic string, link string, message string, address string, challenge string) (string, error) {
+	// FIXME
+	return t.authorizationEndpoint, nil
+}
+
+func make_oidc_validator(cfg *TaldirConfig, name string, landingPageTpl *template.Template) OidcValidator {
+	sec := cfg.Ini.Section("taldir-validator-" + name)
+	return OidcValidator{
+		name:                  name,
+		config:                cfg,
+		landingPageTpl:        landingPageTpl,
+		clientId:              sec.Key("client_id").MustString(""),
+		clientSecret:          sec.Key("client_secret").MustString(""),
+		callbackUri:           sec.Key("callback_uri").MustString(""),
+		authorizationEndpoint: sec.Key("authorization_endpoint").MustString(""),
+		validAliasRegex:       sec.Key("valid_alias_regex").MustString(""),
+	}
+}