From 08d887f021b3a6be234c26a7c7fa82382d0102c0 Mon Sep 17 00:00:00 2001
From: consolethinks <consolethinks@gmail.com>
Date: Mon, 23 Dec 2024 15:19:54 +0100
Subject: [PATCH 1/3] add configurable callback redirect address

---
 internal/core/config_test.go           |  3 ++-
 internal/webserver/api.go              |  2 ++
 internal/webserver/auth.go             |  2 +-
 internal/webserver/wsconfig/config.go  | 13 +++++++------
 test/testdata/valid_config_globus.yaml |  1 +
 test/testdata/valid_config_s3.yaml     |  1 +
 6 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/internal/core/config_test.go b/internal/core/config_test.go
index fd56720..eb882e1 100644
--- a/internal/core/config_test.go
+++ b/internal/core/config_test.go
@@ -55,7 +55,8 @@ func createExpectedValidConfig(transferConfig task.TransferConfig) Config {
 
 	expected_ws := wsconfig.WebServerConfig{
 		AuthConf: wsconfig.AuthConf{
-			SessionDuration: 28800,
+			SessionDuration:  28800,
+			CallbackRedirect: "http://scicat.localhost/ingest",
 			OAuth2Conf: wsconfig.OAuth2Conf{
 				ClientID:    "ingestor",
 				RedirectURL: "http://localhost:8888/callback",
diff --git a/internal/webserver/api.go b/internal/webserver/api.go
index 4b7f7a0..5eb01ed 100644
--- a/internal/webserver/api.go
+++ b/internal/webserver/api.go
@@ -31,6 +31,7 @@ type IngestorWebServerImplemenation struct {
 	sessionDuration  uint
 	scopeToRoleMap   map[string]string
 	pathConfig       wsconfig.PathsConf
+	callbackRedirect string
 }
 
 func NewIngestorWebServer(version string, tq *core.TaskQueue, eh *metadataextractor.ExtractorHandler, ws wsconfig.WebServerConfig) (*IngestorWebServerImplemenation, error) {
@@ -88,5 +89,6 @@ func NewIngestorWebServer(version string, tq *core.TaskQueue, eh *metadataextrac
 		sessionDuration:  ws.SessionDuration,
 		pathConfig:       ws.PathsConf,
 		metp:             metp,
+		callbackRedirect: ws.CallbackRedirect,
 	}, nil
 }
diff --git a/internal/webserver/auth.go b/internal/webserver/auth.go
index edfe2ae..e5dc4b9 100644
--- a/internal/webserver/auth.go
+++ b/internal/webserver/auth.go
@@ -202,6 +202,6 @@ func (i *IngestorWebServerImplemenation) GetLogout(ctx context.Context, request
 	}
 
 	return GetLogout302Response{GetLogout302ResponseHeaders{
-		Location: "/",
+		Location: i.callbackRedirect,
 	}}, nil
 }
diff --git a/internal/webserver/wsconfig/config.go b/internal/webserver/wsconfig/config.go
index 8ab05a8..4822fe3 100644
--- a/internal/webserver/wsconfig/config.go
+++ b/internal/webserver/wsconfig/config.go
@@ -37,12 +37,13 @@ type RBACConf struct {
 
 // full authentication config
 type AuthConf struct {
-	Disable         bool `bool:"Disable"`
-	SessionDuration uint // duration of a user session before it expires (by default never)
-	OAuth2Conf      `mapstructure:"OAuth2" validate:"required_if=Disable false,omitempty"`
-	OIDCConf        `mapstructure:"OIDC" validate:"required_if=Disable false,omitempty"`
-	JWTConf         `mapstructure:"JWT" validate:"required_if=Disable false,omitempty"`
-	RBACConf        `mapstructure:"RBAC" validate:"required_if=Disable false,omitempty"`
+	Disable          bool   `bool:"Disable"`
+	SessionDuration  uint   // duration of a user session before it expires (by default never)
+	CallbackRedirect string `validate:"required_if=Disable false,omitempty"`
+	OAuth2Conf       `mapstructure:"OAuth2" validate:"required_if=Disable false,omitempty"`
+	OIDCConf         `mapstructure:"OIDC" validate:"required_if=Disable false,omitempty"`
+	JWTConf          `mapstructure:"JWT" validate:"required_if=Disable false,omitempty"`
+	RBACConf         `mapstructure:"RBAC" validate:"required_if=Disable false,omitempty"`
 }
 
 type PathsConf struct {
diff --git a/test/testdata/valid_config_globus.yaml b/test/testdata/valid_config_globus.yaml
index 31875f5..a07654b 100644
--- a/test/testdata/valid_config_globus.yaml
+++ b/test/testdata/valid_config_globus.yaml
@@ -59,6 +59,7 @@ WebServer:
   Auth:
     Disable: false
     SessionDuration: 28800
+    CallbackRedirect: "http://scicat.localhost/ingest"
     OAuth2:
       ClientID: "ingestor"
       RedirectURL: "http://localhost:8888/callback"
diff --git a/test/testdata/valid_config_s3.yaml b/test/testdata/valid_config_s3.yaml
index 4a2b0c1..8dbb08c 100644
--- a/test/testdata/valid_config_s3.yaml
+++ b/test/testdata/valid_config_s3.yaml
@@ -56,6 +56,7 @@ WebServer:
   Auth:
     Disable: false
     SessionDuration: 28800
+    CallbackRedirect: "http://scicat.localhost/ingest"
     OAuth2:
       ClientID: "ingestor"
       RedirectURL: "http://localhost:8888/callback"

From 9286dc4526bfe4a9180fb109decd8ea483cf2dd0 Mon Sep 17 00:00:00 2001
From: consolethinks <consolethinks@gmail.com>
Date: Tue, 7 Jan 2025 13:17:06 +0100
Subject: [PATCH 2/3] rename CallbackRedirect to FrontendUrl for better clarity

---
 internal/core/config_test.go          |  4 ++--
 internal/webserver/api.go             |  4 ++--
 internal/webserver/auth.go            |  2 +-
 internal/webserver/wsconfig/config.go | 14 +++++++-------
 4 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/internal/core/config_test.go b/internal/core/config_test.go
index eb882e1..b4dc1f2 100644
--- a/internal/core/config_test.go
+++ b/internal/core/config_test.go
@@ -55,8 +55,8 @@ func createExpectedValidConfig(transferConfig task.TransferConfig) Config {
 
 	expected_ws := wsconfig.WebServerConfig{
 		AuthConf: wsconfig.AuthConf{
-			SessionDuration:  28800,
-			CallbackRedirect: "http://scicat.localhost/ingest",
+			SessionDuration: 28800,
+			FrontendUrl:     "http://scicat.localhost/ingest",
 			OAuth2Conf: wsconfig.OAuth2Conf{
 				ClientID:    "ingestor",
 				RedirectURL: "http://localhost:8888/callback",
diff --git a/internal/webserver/api.go b/internal/webserver/api.go
index 5eb01ed..58db0fc 100644
--- a/internal/webserver/api.go
+++ b/internal/webserver/api.go
@@ -31,7 +31,7 @@ type IngestorWebServerImplemenation struct {
 	sessionDuration  uint
 	scopeToRoleMap   map[string]string
 	pathConfig       wsconfig.PathsConf
-	callbackRedirect string
+	frontendUrl      string
 }
 
 func NewIngestorWebServer(version string, tq *core.TaskQueue, eh *metadataextractor.ExtractorHandler, ws wsconfig.WebServerConfig) (*IngestorWebServerImplemenation, error) {
@@ -89,6 +89,6 @@ func NewIngestorWebServer(version string, tq *core.TaskQueue, eh *metadataextrac
 		sessionDuration:  ws.SessionDuration,
 		pathConfig:       ws.PathsConf,
 		metp:             metp,
-		callbackRedirect: ws.CallbackRedirect,
+		frontendUrl:      ws.FrontendUrl,
 	}, nil
 }
diff --git a/internal/webserver/auth.go b/internal/webserver/auth.go
index e5dc4b9..29a886c 100644
--- a/internal/webserver/auth.go
+++ b/internal/webserver/auth.go
@@ -202,6 +202,6 @@ func (i *IngestorWebServerImplemenation) GetLogout(ctx context.Context, request
 	}
 
 	return GetLogout302Response{GetLogout302ResponseHeaders{
-		Location: i.callbackRedirect,
+		Location: i.frontendUrl,
 	}}, nil
 }
diff --git a/internal/webserver/wsconfig/config.go b/internal/webserver/wsconfig/config.go
index 4822fe3..c581c96 100644
--- a/internal/webserver/wsconfig/config.go
+++ b/internal/webserver/wsconfig/config.go
@@ -37,13 +37,13 @@ type RBACConf struct {
 
 // full authentication config
 type AuthConf struct {
-	Disable          bool   `bool:"Disable"`
-	SessionDuration  uint   // duration of a user session before it expires (by default never)
-	CallbackRedirect string `validate:"required_if=Disable false,omitempty"`
-	OAuth2Conf       `mapstructure:"OAuth2" validate:"required_if=Disable false,omitempty"`
-	OIDCConf         `mapstructure:"OIDC" validate:"required_if=Disable false,omitempty"`
-	JWTConf          `mapstructure:"JWT" validate:"required_if=Disable false,omitempty"`
-	RBACConf         `mapstructure:"RBAC" validate:"required_if=Disable false,omitempty"`
+	Disable         bool   `bool:"Disable"`
+	SessionDuration uint   // duration of a user session before it expires (by default never)
+	FrontendUrl     string `validate:"required_if=Disable false,omitempty"` // used for redirecting the user back to the frontend after login
+	OAuth2Conf      `mapstructure:"OAuth2" validate:"required_if=Disable false,omitempty"`
+	OIDCConf        `mapstructure:"OIDC" validate:"required_if=Disable false,omitempty"`
+	JWTConf         `mapstructure:"JWT" validate:"required_if=Disable false,omitempty"`
+	RBACConf        `mapstructure:"RBAC" validate:"required_if=Disable false,omitempty"`
 }
 
 type PathsConf struct {

From 4a4fc4234ee910c09c639b6986a47776f2959245 Mon Sep 17 00:00:00 2001
From: consolethinks <consolethinks@gmail.com>
Date: Tue, 7 Jan 2025 16:05:51 +0100
Subject: [PATCH 3/3] update tests for config

---
 test/testdata/valid_config_globus.yaml | 2 +-
 test/testdata/valid_config_s3.yaml     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/test/testdata/valid_config_globus.yaml b/test/testdata/valid_config_globus.yaml
index a07654b..f17677a 100644
--- a/test/testdata/valid_config_globus.yaml
+++ b/test/testdata/valid_config_globus.yaml
@@ -59,7 +59,7 @@ WebServer:
   Auth:
     Disable: false
     SessionDuration: 28800
-    CallbackRedirect: "http://scicat.localhost/ingest"
+    FrontendUrl: "http://scicat.localhost/ingest"
     OAuth2:
       ClientID: "ingestor"
       RedirectURL: "http://localhost:8888/callback"
diff --git a/test/testdata/valid_config_s3.yaml b/test/testdata/valid_config_s3.yaml
index 8dbb08c..e00025e 100644
--- a/test/testdata/valid_config_s3.yaml
+++ b/test/testdata/valid_config_s3.yaml
@@ -56,7 +56,7 @@ WebServer:
   Auth:
     Disable: false
     SessionDuration: 28800
-    CallbackRedirect: "http://scicat.localhost/ingest"
+    FrontendUrl: "http://scicat.localhost/ingest"
     OAuth2:
       ClientID: "ingestor"
       RedirectURL: "http://localhost:8888/callback"