2024-08-12 11:00:25 +02:00
|
|
|
package model
|
|
|
|
|
|
|
|
|
|
import (
|
2024-08-23 17:04:19 +02:00
|
|
|
"database/sql/driver"
|
|
|
|
|
"encoding/json"
|
2025-09-09 02:31:50 -07:00
|
|
|
"strings"
|
2025-02-05 18:08:01 +01:00
|
|
|
|
2025-06-06 03:23:51 -07:00
|
|
|
datatype "github.com/pocket-id/pocket-id/backend/internal/model/types"
|
2025-10-24 12:14:19 +02:00
|
|
|
"github.com/pocket-id/pocket-id/backend/internal/utils"
|
2024-08-12 11:00:25 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type UserAuthorizedOidcClient struct {
|
2025-08-10 10:56:03 -05:00
|
|
|
Scope string
|
|
|
|
|
LastUsedAt datatype.DateTime `sortable:"true"`
|
|
|
|
|
|
2024-08-23 17:04:19 +02:00
|
|
|
UserID string `gorm:"primary_key;"`
|
2024-08-19 18:48:18 +02:00
|
|
|
User User
|
2024-08-12 11:00:25 +02:00
|
|
|
|
2024-08-23 17:04:19 +02:00
|
|
|
ClientID string `gorm:"primary_key;"`
|
2024-08-12 11:00:25 +02:00
|
|
|
Client OidcClient
|
|
|
|
|
}
|
|
|
|
|
|
2025-09-09 02:31:50 -07:00
|
|
|
func (c UserAuthorizedOidcClient) Scopes() []string {
|
|
|
|
|
if len(c.Scope) == 0 {
|
|
|
|
|
return []string{}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return strings.Split(c.Scope, " ")
|
|
|
|
|
}
|
|
|
|
|
|
2024-08-12 11:00:25 +02:00
|
|
|
type OidcAuthorizationCode struct {
|
|
|
|
|
Base
|
|
|
|
|
|
2024-11-15 15:00:25 +01:00
|
|
|
Code string
|
|
|
|
|
Scope string
|
|
|
|
|
Nonce string
|
|
|
|
|
CodeChallenge *string
|
|
|
|
|
CodeChallengeMethodSha256 *bool
|
|
|
|
|
ExpiresAt datatype.DateTime
|
2024-08-12 11:00:25 +02:00
|
|
|
|
|
|
|
|
UserID string
|
|
|
|
|
User User
|
|
|
|
|
|
|
|
|
|
ClientID string
|
|
|
|
|
}
|
|
|
|
|
|
2024-08-23 17:04:19 +02:00
|
|
|
type OidcClient struct {
|
|
|
|
|
Base
|
|
|
|
|
|
2025-08-22 08:56:40 +02:00
|
|
|
Name string `sortable:"true"`
|
|
|
|
|
Secret string
|
|
|
|
|
CallbackURLs UrlList
|
|
|
|
|
LogoutCallbackURLs UrlList
|
|
|
|
|
ImageType *string
|
2025-10-24 02:57:12 -05:00
|
|
|
DarkImageType *string
|
2025-08-22 08:56:40 +02:00
|
|
|
IsPublic bool
|
2025-11-04 13:27:05 +01:00
|
|
|
PkceEnabled bool `sortable:"true" filterable:"true"`
|
|
|
|
|
RequiresReauthentication bool `sortable:"true" filterable:"true"`
|
2025-08-22 08:56:40 +02:00
|
|
|
Credentials OidcClientCredentials
|
|
|
|
|
LaunchURL *string
|
2024-08-23 17:04:19 +02:00
|
|
|
|
2025-08-17 22:47:34 +02:00
|
|
|
AllowedUserGroups []UserGroup `gorm:"many2many:oidc_clients_allowed_user_groups;"`
|
2025-08-23 17:54:51 +02:00
|
|
|
CreatedByID *string
|
|
|
|
|
CreatedBy *User
|
2025-08-17 22:47:34 +02:00
|
|
|
UserAuthorizedOidcClients []UserAuthorizedOidcClient `gorm:"foreignKey:ClientID;references:ID"`
|
2024-08-12 11:00:25 +02:00
|
|
|
}
|
|
|
|
|
|
2025-09-29 10:07:55 -05:00
|
|
|
func (c OidcClient) HasLogo() bool {
|
|
|
|
|
return c.ImageType != nil && *c.ImageType != ""
|
|
|
|
|
}
|
|
|
|
|
|
2025-10-24 02:57:12 -05:00
|
|
|
func (c OidcClient) HasDarkLogo() bool {
|
|
|
|
|
return c.DarkImageType != nil && *c.DarkImageType != ""
|
|
|
|
|
}
|
|
|
|
|
|
2025-03-23 15:14:26 -05:00
|
|
|
type OidcRefreshToken struct {
|
|
|
|
|
Base
|
|
|
|
|
|
|
|
|
|
Token string
|
|
|
|
|
ExpiresAt datatype.DateTime
|
|
|
|
|
Scope string
|
|
|
|
|
|
|
|
|
|
UserID string
|
|
|
|
|
User User
|
|
|
|
|
|
|
|
|
|
ClientID string
|
|
|
|
|
Client OidcClient
|
|
|
|
|
}
|
|
|
|
|
|
2025-09-09 02:31:50 -07:00
|
|
|
func (c OidcRefreshToken) Scopes() []string {
|
|
|
|
|
if len(c.Scope) == 0 {
|
|
|
|
|
return []string{}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return strings.Split(c.Scope, " ")
|
|
|
|
|
}
|
|
|
|
|
|
2025-06-06 03:23:51 -07:00
|
|
|
type OidcClientCredentials struct { //nolint:recvcheck
|
|
|
|
|
FederatedIdentities []OidcClientFederatedIdentity `json:"federatedIdentities,omitempty"`
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type OidcClientFederatedIdentity struct {
|
|
|
|
|
Issuer string `json:"issuer"`
|
|
|
|
|
Subject string `json:"subject,omitempty"`
|
|
|
|
|
Audience string `json:"audience,omitempty"`
|
|
|
|
|
JWKS string `json:"jwks,omitempty"` // URL of the JWKS
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (occ OidcClientCredentials) FederatedIdentityForIssuer(issuer string) (OidcClientFederatedIdentity, bool) {
|
|
|
|
|
if issuer == "" {
|
|
|
|
|
return OidcClientFederatedIdentity{}, false
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for _, fi := range occ.FederatedIdentities {
|
|
|
|
|
if fi.Issuer == issuer {
|
|
|
|
|
return fi, true
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return OidcClientFederatedIdentity{}, false
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (occ *OidcClientCredentials) Scan(value any) error {
|
2025-10-24 12:14:19 +02:00
|
|
|
return utils.UnmarshalJSONFromDatabase(occ, value)
|
2025-06-06 03:23:51 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (occ OidcClientCredentials) Value() (driver.Value, error) {
|
|
|
|
|
return json.Marshal(occ)
|
|
|
|
|
}
|
|
|
|
|
|
2025-03-27 16:48:36 +01:00
|
|
|
type UrlList []string //nolint:recvcheck
|
2024-08-23 17:04:19 +02:00
|
|
|
|
2025-06-06 03:23:51 -07:00
|
|
|
func (cu *UrlList) Scan(value any) error {
|
2025-10-24 12:14:19 +02:00
|
|
|
return utils.UnmarshalJSONFromDatabase(cu, value)
|
2024-08-12 11:00:25 +02:00
|
|
|
}
|
2024-08-17 21:57:14 +02:00
|
|
|
|
2025-02-14 17:09:27 +01:00
|
|
|
func (cu UrlList) Value() (driver.Value, error) {
|
2024-08-24 00:49:08 +02:00
|
|
|
return json.Marshal(cu)
|
2024-08-17 21:57:14 +02:00
|
|
|
}
|
2025-04-25 12:14:51 -05:00
|
|
|
|
|
|
|
|
type OidcDeviceCode struct {
|
|
|
|
|
Base
|
|
|
|
|
DeviceCode string
|
|
|
|
|
UserCode string
|
|
|
|
|
Scope string
|
|
|
|
|
ExpiresAt datatype.DateTime
|
|
|
|
|
IsAuthorized bool
|
|
|
|
|
|
|
|
|
|
UserID *string
|
|
|
|
|
User User
|
|
|
|
|
ClientID string
|
|
|
|
|
Client OidcClient
|
|
|
|
|
}
|
