ATLAS/docker/ss-atlas/internal/handlers/auth.go

package handlers

import (
	"net/http"
	"strings"

	"git.nixc.us/a250/ss-atlas/internal/accounts"
)

func identityFromRequest(r *http.Request) accounts.Identity {
	username := firstHeader(r, "X-authentik-username", "Remote-User")
	email := firstHeader(r, "X-authentik-email", "Remote-Email", "X-Forwarded-Email", "X-Auth-Request-Email", "X-Email")
	name := firstHeader(r, "X-authentik-name", "Remote-Name", "X-Forwarded-User", "X-Auth-Request-User")
	groups := firstHeader(r, "X-authentik-groups", "Remote-Groups")
	subject := firstHeader(r, "X-authentik-uid", "X-authentik-username", "Remote-User")
	return accounts.Identity{
		Provider: "authentik",
		Subject:  strings.TrimSpace(subject),
		Username: strings.TrimSpace(username),
		Email:    strings.TrimSpace(email),
		Name:     strings.TrimSpace(name),
		Groups:   strings.TrimSpace(groups),
	}
}

func (a *App) currentAccount(r *http.Request) (*accounts.Account, accounts.Identity, error) {
	identity := identityFromRequest(r)
	if identity.Subject == "" && identity.Email == "" {
		return nil, identity, accounts.ErrNotFound
	}
	if a.accounts == nil {
		return nil, identity, accounts.ErrNotFound
	}
	acct, err := a.accounts.UpsertFromIdentity(r.Context(), identity)
	return acct, identity, err
}

func firstHeader(r *http.Request, names ...string) string {
	for _, name := range names {
		if value := r.Header.Get(name); value != "" {
			return value
		}
	}
	return ""
}

func accountDisplay(acct *accounts.Account, identity accounts.Identity) string {
	if identity.Email != "" {
		return identity.Email
	}
	if acct != nil {
		return acct.PrimaryEmail
	}
	if identity.Username != "" {
		return identity.Username
	}
	return ""
}

func firstNonEmpty(values ...string) string {
	for _, value := range values {
		if strings.TrimSpace(value) != "" {
			return strings.TrimSpace(value)
		}
	}
	return ""
}