feat: refactor for using app config

internal/oauth/routes.go

@@ -10,6 +10,7 @@ import (
 	"time"
 
 	"gitea.local/admin/hspguard/internal/auth"
+	"gitea.local/admin/hspguard/internal/config"
 	"gitea.local/admin/hspguard/internal/repository"
 	"gitea.local/admin/hspguard/internal/types"
 	"gitea.local/admin/hspguard/internal/util"
@@ -21,11 +22,13 @@ import (
 
 type OAuthHandler struct {
 	repo *repository.Queries
+	cfg  *config.AppConfig
 }
 
-func NewOAuthHandler(repo *repository.Queries) *OAuthHandler {
+func NewOAuthHandler(repo *repository.Queries, cfg *config.AppConfig) *OAuthHandler {
 	return &OAuthHandler{
 		repo,
+		cfg,
 	}
 }
 
@@ -35,6 +38,55 @@ func (h *OAuthHandler) RegisterRoutes(r chi.Router) {
 	r.Post("/oauth/code", h.getAuthCode)
 }
 
+func (h *OAuthHandler) WriteJWKS(w http.ResponseWriter, r *http.Request) {
+	pubKey, err := auth.ParseBase64PublicKey(h.cfg.Jwt.PublicKey)
+	if err != nil {
+		web.Error(w, "failed to parse public key", http.StatusInternalServerError)
+	}
+
+	n := base64.RawURLEncoding.EncodeToString(pubKey.N.Bytes())
+	e := base64.RawURLEncoding.EncodeToString([]byte{1, 0, 1}) // 65537 = 0x010001
+
+	jwks := map[string]interface{}{
+		"keys": []map[string]string{
+			{
+				"kty": "RSA",
+				"kid": "my-rsa-key-1",
+				"use": "sig",
+				"alg": "RS256",
+				"n":   n,
+				"e":   e,
+			},
+		},
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+	json.NewEncoder(w).Encode(jwks)
+}
+
+func OpenIdConfiguration(w http.ResponseWriter, r *http.Request) {
+	type Response struct {
+		TokenEndpoint         string `json:"token_endpoint"`
+		AuthorizationEndpoint string `json:"authorization_endpoint"`
+		JwksURI               string `json:"jwks_uri"`
+		Issuer                string `json:"issuer"`
+		EndSessionEndpoint    string `json:"end_session_endpoint"`
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+
+	encoder := json.NewEncoder(w)
+	if err := encoder.Encode(Response{
+		TokenEndpoint:         "https://cb5f-2a00-10-5b00-c801-e955-5c68-63d0-b777.ngrok-free.app/api/v1/oauth/token",
+		AuthorizationEndpoint: "https://cb5f-2a00-10-5b00-c801-e955-5c68-63d0-b777.ngrok-free.app/authorize",
+		JwksURI:               "https://cb5f-2a00-10-5b00-c801-e955-5c68-63d0-b777.ngrok-free.app/.well-known/jwks.json",
+		Issuer:                "https://cb5f-2a00-10-5b00-c801-e955-5c68-63d0-b777.ngrok-free.app",
+		EndSessionEndpoint:    "https://cb5f-2a00-10-5b00-c801-e955-5c68-63d0-b777.ngrok-free.app/api/v1/oauth/logout",
+	}); err != nil {
+		web.Error(w, "failed to encode response", http.StatusInternalServerError)
+	}
+}
+
 func (h *OAuthHandler) getAuthCode(w http.ResponseWriter, r *http.Request) {
 	userId, ok := util.GetRequestUserId(r.Context())
 	if !ok {
@@ -155,7 +207,7 @@ func (h *OAuthHandler) tokenEndpoint(w http.ResponseWriter, r *http.Request) {
 			},
 		}
 
-		idToken, err := auth.SignJwtToken(claims)
+		idToken, err := auth.SignJwtToken(claims, h.cfg.Jwt.PrivateKey)
 		if err != nil {
 			web.Error(w, "failed to sign id token", http.StatusInternalServerError)
 			return