steve/restic-manager
1
0
Fork 0
Code Issues Pull Requests Actions Projects Releases 1 Wiki Activity

http: GET /auth/oidc/login — generate state/PKCE, redirect to IdP

Browse Source
This commit is contained in:
Steve Cliff
2026-05-05 13:26:06 +01:00
parent ede014e85b
commit 746324e65a
3 changed files with 129 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/server/http/server.go
+8
View File
@@ -17,6 +17,7 @@ import (
"gitea.dcglab.co.uk/steve/restic-manager/internal/crypto"
"gitea.dcglab.co.uk/steve/restic-manager/internal/notification"
"gitea.dcglab.co.uk/steve/restic-manager/internal/server/config"
"gitea.dcglab.co.uk/steve/restic-manager/internal/server/oidc"
"gitea.dcglab.co.uk/steve/restic-manager/internal/server/ui"
"gitea.dcglab.co.uk/steve/restic-manager/internal/server/ws"
"gitea.dcglab.co.uk/steve/restic-manager/internal/store"
@@ -45,6 +46,9 @@ type Deps struct {
// admin-bootstrap token printed in the server logs. While set, the
// /bootstrap endpoint accepts it to create the first admin user.
BootstrapToken string
// OIDC (optional). Non-nil when the operator has configured an
// IdP — handlers under /auth/oidc/* are mounted only when set.
OIDC *oidc.Client
}
// Server is the running HTTP server.
@@ -140,6 +144,10 @@ func (s *Server) routes(r chi.Router) {
r.Get("/setup", s.handleUISetupGet)
r.Post("/setup", s.handleUISetupPost)
}
if s.deps.OIDC != nil {
r.Get("/auth/oidc/login", s.handleOIDCLogin)
// /auth/oidc/callback registered in D2
}
// Viewer band — anyone authenticated can read.
r.Group(func(r chi.Router) {