feat: register /authorize route

authorize

internal/oauth/authorize.go

@@ -3,21 +3,13 @@ package oauth
 import (
 	"fmt"
 	"net/http"
+	"slices"
 	"strings"
 
 	"gitea.local/admin/hspguard/internal/web"
 )
 
 // client_id=gitea-client&redirect_uri=https://git.adalspace.com/user/oauth2/Home%20Guard/callback&response_type=code&scope=openid&state=4c3b4a25-9cf9-4b18-afc0-270e1078eb40
-func contains(s []string, str string) bool {
-	for _, v := range s {
-		if v == str {
-			return true
-		}
-	}
-	return false
-}
-
 func (h *OAuthHandler) AuthorizeClient(w http.ResponseWriter, r *http.Request) {
 	redirectUri := r.URL.Query().Get("redirect_uri")
 	if redirectUri == "" {
@@ -59,7 +51,7 @@ func (h *OAuthHandler) AuthorizeClient(w http.ResponseWriter, r *http.Request) {
 	scopes := strings.SplitSeq(strings.TrimSpace(r.URL.Query().Get("scope")), " ")
 
 	for scope := range scopes {
-		if !contains(client.Scopes, scope) {
+		if !slices.Contains(client.Scopes, scope) {
 			uri := fmt.Sprintf("%s?error=invalid_scope&error_description=Scope+%s+is+not+allowed", redirectUri, strings.ReplaceAll(scope, " ", "+"))
 			if state != "" {
 				uri += "&state=" + state

internal/oauth/openid.go

@@ -21,7 +21,7 @@ func (h *OAuthHandler) OpenIdConfiguration(w http.ResponseWriter, r *http.Reques
 	encoder := json.NewEncoder(w)
 	if err := encoder.Encode(Response{
 		TokenEndpoint:         h.cfg.Jwt.Issuer + "/api/v1/oauth/token",
-		AuthorizationEndpoint: h.cfg.Jwt.Issuer + "/auth",
+		AuthorizationEndpoint: h.cfg.Jwt.Issuer + "/api/v1/oauth/authorize",
 		JwksURI:               h.cfg.Jwt.Issuer + "/.well-known/jwks.json",
 		Issuer:                h.cfg.Jwt.Issuer,
 		EndSessionEndpoint:    h.cfg.Jwt.Issuer + "/api/v1/oauth/logout",

internal/oauth/routes.go

@@ -23,5 +23,6 @@ func (h *OAuthHandler) RegisterRoutes(router chi.Router) {
 		r.Post("/token", h.tokenEndpoint)
 
 		r.Post("/code", h.getAuthCode)
+		r.Get("/authorize", h.AuthorizeClient)
 	})
 }