feat: add redirect origin (#215)

Author: DanielleHuisman

Cargo.lock

@@ -82,6 +82,7 @@ tower-service = "0.3.3"
 tower-sessions = "0.14.0"
 tracing = "0.1.41"
 tracing-subscriber = "0.3.19"
+url = "2.5.7"
 utoipa = { version = "5.3.1", features = ["chrono", "uuid"] }
 utoipa-axum = "0.2.0"
 uuid = "1.11.0"

Cargo.toml

@@ -20,5 +20,6 @@ tokio = { workspace = true, features = ["macros", "rt-multi-thread"] }
 tower-sessions.workspace = true
 tracing.workspace = true
 tracing-subscriber.workspace = true
+url.workspace = true
 utoipa-axum.workspace = true
 utoipa-scalar = { version = "0.3.0", features = ["axum"] }

examples/axum/Cargo.toml

@@ -5,11 +5,12 @@ use axum::{Json, middleware::from_fn, routing::get};
 use shield::{Shield, ShieldOptions};
 use shield_axum::{AuthRoutes, ShieldLayer, auth_required};
 use shield_memory::{MemoryStorage, User};
-use shield_oidc::{Keycloak, OidcMethod};
+use shield_oidc::{Keycloak, OidcMethod, OidcOptions};
 use time::Duration;
 use tokio::net::TcpListener;
 use tower_sessions::{Expiry, MemoryStore, SessionManagerLayer};
 use tracing::{info, level_filters::LevelFilter};
+use url::Url;
 use utoipa_axum::router::OpenApiRouter;
 use utoipa_scalar::{Scalar, Servable};
 
@@ -34,17 +35,26 @@ async fn main() {
     let shield = Shield::new(
         storage.clone(),
         vec![Arc::new(
-            OidcMethod::new(storage).with_providers([Keycloak::builder(
-                "keycloak",
-                "http://localhost:18080/realms/Shield",
-                "client1",
-            )
-            .client_secret("xcpQsaGbRILTljPtX4npjmYMBjKrariJ")
-            .redirect_url(format!(
-                "http://localhost:{}/api/auth/oidc/sign-in-callback/keycloak",
-                addr.port()
-            ))
-            .build()]),
+            OidcMethod::new(storage)
+                .with_providers([Keycloak::builder(
+                    "keycloak",
+                    "http://localhost:18080/realms/Shield",
+                    "client1",
+                )
+                .client_secret("xcpQsaGbRILTljPtX4npjmYMBjKrariJ")
+                .redirect_url(format!(
+                    "http://localhost:{}/api/auth/oidc/sign-in-callback/keycloak",
+                    addr.port()
+                ))
+                .build()])
+                .with_options(
+                    OidcOptions::builder()
+                        .redirect_origins([
+                            Url::parse(&format!("http://localhost:{}", addr.port())).unwrap(),
+                            Url::parse("http://localhost:5173").unwrap(),
+                        ])
+                        .build(),
+                ),
         )],
         ShieldOptions::default(),
     );

examples/axum/src/main.rs

@@ -1,4 +1,4 @@
-use crate::{MethodSession, Provider, ShieldError};
+use crate::{error::ShieldError, provider::Provider, session::MethodSession};
 
 const ACTION_ID: &str = "sign-in-callback";
 const ACTION_NAME: &str = "Sign in callback";

packages/core/shield/src/actions/sign_in_callback.rs

@@ -1,4 +1,9 @@
-use crate::{Form, Input, InputType, InputTypeSubmit, MethodSession, Provider, ShieldError};
+use crate::{
+    error::ShieldError,
+    form::{Form, Input, InputType, InputTypeSubmit, InputValue},
+    provider::Provider,
+    session::MethodSession,
+};
 
 const ACTION_ID: &str = "sign-out";
 const ACTION_NAME: &str = "Sign out";
@@ -37,7 +42,9 @@ impl SignOutAction {
                 name: "submit".to_owned(),
                 label: None,
                 r#type: InputType::Submit(InputTypeSubmit {}),
-                value: Some(Self::name()),
+                value: Some(InputValue::String {
+                    value: Self::name(),
+                }),
             }],
         }])
     }

packages/core/shield/src/actions/sign_out.rs

@@ -14,7 +14,15 @@ pub struct Input {
     pub name: String,
     pub label: Option<String>,
     pub r#type: InputType,
-    pub value: Option<String>,
+    pub value: Option<InputValue>,
+}
+
+#[derive(Clone, Debug, Deserialize, PartialEq, Serialize)]
+#[cfg_attr(feature = "utoipa", derive(utoipa::ToSchema))]
+#[serde(tag = "type", rename_all = "kebab-case")]
+pub enum InputValue {
+    Origin,
+    String { value: String },
 }
 
 #[derive(Clone, Debug, Deserialize, PartialEq, Serialize)]

packages/core/shield/src/form.rs

@@ -1,9 +1,25 @@
 // This file is auto-generated by @hey-api/openapi-ts
-import { type UseMutationOptions, queryOptions } from '@tanstack/react-query';
+import { type DefaultError, type UseMutationOptions, queryOptions } from '@tanstack/react-query';
 
 import { client } from '../client.gen.js';
-import { type Options, callAction, getActionForms, getCurrentUser } from '../sdk.gen.js';
-import type { CallActionData, CallActionError, GetActionFormsData, GetCurrentUserData } from '../types.gen.js';
+import {
+    type Options,
+    callAction,
+    getActionForms,
+    getCurrentUser,
+    signInCallbackOidc,
+    signInOidc,
+    signOutOidc,
+} from '../sdk.gen.js';
+import type {
+    CallActionData,
+    CallActionError,
+    GetActionFormsData,
+    GetCurrentUserData,
+    SignInCallbackOidcData,
+    SignInOidcData,
+    SignOutOidcData,
+} from '../types.gen.js';
 
 export type QueryKey<TOptions extends Options> = [
     Pick<TOptions, 'baseUrl' | 'body' | 'headers' | 'path' | 'query'> & {
@@ -49,6 +65,7 @@ export const getActionFormsQueryKey = (options: Options<GetActionFormsData>) =>
 
 /**
  * Get action forms
+ *
  * Get action forms.
  */
 export const getActionFormsOptions = (options: Options<GetActionFormsData>) => {
@@ -66,11 +83,77 @@ export const getActionFormsOptions = (options: Options<GetActionFormsData>) => {
     });
 };
 
+export const signInCallbackOidcQueryKey = (options: Options<SignInCallbackOidcData>) =>
+    createQueryKey('signInCallbackOidc', options);
+
+/**
+ * Sign in callback for OpenID Connect
+ *
+ * Sign in callback for OpenID Connect.
+ */
+export const signInCallbackOidcOptions = (options: Options<SignInCallbackOidcData>) => {
+    return queryOptions({
+        queryFn: async ({ queryKey, signal }) => {
+            const { data } = await signInCallbackOidc({
+                ...options,
+                ...queryKey[0],
+                signal,
+                throwOnError: true,
+            });
+            return data;
+        },
+        queryKey: signInCallbackOidcQueryKey(options),
+    });
+};
+
+/**
+ * Sign in with OpenID Connect
+ *
+ * Sign in with OpenID Connect.
+ */
+export const signInOidcMutation = (
+    options?: Partial<Options<SignInOidcData>>,
+): UseMutationOptions<unknown, DefaultError, Options<SignInOidcData>> => {
+    const mutationOptions: UseMutationOptions<unknown, DefaultError, Options<SignInOidcData>> = {
+        mutationFn: async (fnOptions) => {
+            const { data } = await signInOidc({
+                ...options,
+                ...fnOptions,
+                throwOnError: true,
+            });
+            return data;
+        },
+    };
+    return mutationOptions;
+};
+
+/**
+ * Sign out with OpenID Connect
+ *
+ * Sign out with OpenID Connect.
+ */
+export const signOutOidcMutation = (
+    options?: Partial<Options<SignOutOidcData>>,
+): UseMutationOptions<unknown, DefaultError, Options<SignOutOidcData>> => {
+    const mutationOptions: UseMutationOptions<unknown, DefaultError, Options<SignOutOidcData>> = {
+        mutationFn: async (fnOptions) => {
+            const { data } = await signOutOidc({
+                ...options,
+                ...fnOptions,
+                throwOnError: true,
+            });
+            return data;
+        },
+    };
+    return mutationOptions;
+};
+
 export const getCurrentUserQueryKey = (options?: Options<GetCurrentUserData>) =>
     createQueryKey('getCurrentUser', options);
 
 /**
  * Get current user
+ *
  * Get the current user account.
  */
 export const getCurrentUserOptions = (options?: Options<GetCurrentUserData>) => {
@@ -90,6 +173,7 @@ export const getCurrentUserOptions = (options?: Options<GetCurrentUserData>) =>
 
 /**
  * Call action
+ *
  * Call an action.
  */
 export const callActionMutation = (

packages/integrations/shield-react/src/client/@tanstack/react-query.gen.ts

@@ -16,7 +16,6 @@ export type {
     Config,
     CreateClientConfig,
     Options,
-    OptionsLegacyParser,
     RequestOptions,
     RequestResult,
     ResolvedRequestOptions,

packages/integrations/shield-react/src/client/client/index.ts

@@ -163,7 +163,7 @@ type BuildUrlFn = <
         url: string;
     },
 >(
-    options: Pick<TData, 'url'> & Options<TData>,
+    options: TData & Options<TData>,
 ) => string;
 
 export type Client = CoreClient<RequestFn, Config, MethodFn, BuildUrlFn, SseFn> & {
@@ -198,20 +198,4 @@ export type Options<
     TResponse = unknown,
     TResponseStyle extends ResponseStyle = 'fields',
 > = OmitKeys<RequestOptions<TResponse, TResponseStyle, ThrowOnError>, 'body' | 'path' | 'query' | 'url'> &
-    Omit<TData, 'url'>;
-
-export type OptionsLegacyParser<
-    TData = unknown,
-    ThrowOnError extends boolean = boolean,
-    TResponseStyle extends ResponseStyle = 'fields',
-> = TData extends { body?: any }
-    ? TData extends { headers?: any }
-        ? OmitKeys<RequestOptions<unknown, TResponseStyle, ThrowOnError>, 'body' | 'headers' | 'url'> & TData
-        : OmitKeys<RequestOptions<unknown, TResponseStyle, ThrowOnError>, 'body' | 'url'> &
-              TData &
-              Pick<RequestOptions<unknown, TResponseStyle, ThrowOnError>, 'headers'>
-    : TData extends { headers?: any }
-      ? OmitKeys<RequestOptions<unknown, TResponseStyle, ThrowOnError>, 'headers' | 'url'> &
-            TData &
-            Pick<RequestOptions<unknown, TResponseStyle, ThrowOnError>, 'body'>
-      : OmitKeys<RequestOptions<unknown, TResponseStyle, ThrowOnError>, 'url'> & TData;
+    ([TData] extends [never] ? unknown : Omit<TData, 'url'>);