Display a form to create an Opengist account coming from a OAuth provider (#623)

internal/auth/oauth/gitea.go

@@ -110,6 +110,10 @@ func (p *GiteaCallbackProvider) UpdateUserDB(user *db.User) {
 	user.AvatarURL = field.(string)
 }
 
+func (p *GiteaCallbackProvider) IsAdmin() bool {
+	return false
+}
+
 func NewGiteaCallbackProvider(user *goth.User) CallbackProvider {
 	return &GiteaCallbackProvider{
 		User: user,

internal/auth/oauth/github.go

@@ -77,6 +77,10 @@ func (p *GitHubCallbackProvider) UpdateUserDB(user *db.User) {
 	user.AvatarURL = "https://avatars.githubusercontent.com/u/" + p.User.UserID + "?v=4"
 }
 
+func (p *GitHubCallbackProvider) IsAdmin() bool {
+	return false
+}
+
 func NewGitHubCallbackProvider(user *goth.User) CallbackProvider {
 	return &GitHubCallbackProvider{
 		User: user,

internal/auth/oauth/gitlab.go

@@ -111,6 +111,10 @@ func (p *GitLabCallbackProvider) UpdateUserDB(user *db.User) {
 	user.AvatarURL = field.(string)
 }
 
+func (p *GitLabCallbackProvider) IsAdmin() bool {
+	return false
+}
+
 func NewGitLabCallbackProvider(user *goth.User) CallbackProvider {
 	return &GitLabCallbackProvider{
 		User: user,

internal/auth/oauth/openid.go

@@ -3,6 +3,8 @@ package oauth
 import (
 	gocontext "context"
 	"errors"
+	"slices"
+
 	"github.com/markbates/goth"
 	"github.com/markbates/goth/gothic"
 	"github.com/markbates/goth/providers/openidConnect"
@@ -79,6 +81,31 @@ func (p *OIDCCallbackProvider) UpdateUserDB(user *db.User) {
 	user.AvatarURL = p.User.AvatarURL
 }
 
+func (p *OIDCCallbackProvider) IsAdmin() bool {
+	if config.C.OIDCAdminGroup == "" {
+		return false
+	}
+
+	groupClaimName := config.C.OIDCGroupClaimName
+	if groupClaimName == "" {
+		return false
+	}
+
+	groups, ok := p.User.RawData[groupClaimName].([]interface{})
+	if !ok {
+		return false
+	}
+
+	var groupNames []string
+	for _, group := range groups {
+		if groupName, ok := group.(string); ok {
+			groupNames = append(groupNames, groupName)
+		}
+	}
+
+	return slices.Contains(groupNames, config.C.OIDCAdminGroup)
+}
+
 func NewOIDCCallbackProvider(user *goth.User) CallbackProvider {
 	return &OIDCCallbackProvider{
 		User: user,

internal/auth/oauth/provider.go

@@ -2,15 +2,16 @@ package oauth
 
 import (
 	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	"strings"
+
 	"github.com/markbates/goth"
 	"github.com/markbates/goth/gothic"
 	"github.com/rs/zerolog/log"
 	"github.com/thomiceli/opengist/internal/db"
 	"github.com/thomiceli/opengist/internal/web/context"
-	"io"
-	"net/http"
-	"net/url"
-	"strings"
 )
 
 const (
@@ -32,6 +33,7 @@ type CallbackProvider interface {
 	GetProviderUserID(user *db.User) bool
 	GetProviderUserSSHKeys() ([]string, error)
 	UpdateUserDB(user *db.User)
+	IsAdmin() bool
 }
 
 func DefineProvider(provider string, url string) (Provider, error) {
@@ -69,6 +71,29 @@ func CompleteUserAuth(ctx *context.Context) (CallbackProvider, error) {
 	return nil, fmt.Errorf("unsupported provider %s", user.Provider)
 }
 
+func NewCallbackProviderFromSession(provider string, userID string, nickname string, email string, avatarURL string) (CallbackProvider, error) {
+	user := &goth.User{
+		Provider:  provider,
+		UserID:    userID,
+		NickName:  nickname,
+		Email:     email,
+		AvatarURL: avatarURL,
+	}
+
+	switch provider {
+	case GitHubProviderString:
+		return NewGitHubCallbackProvider(user), nil
+	case GitLabProviderString:
+		return NewGitLabCallbackProvider(user), nil
+	case GiteaProviderString:
+		return NewGiteaCallbackProvider(user), nil
+	case OpenIDConnectString:
+		return NewOIDCCallbackProvider(user), nil
+	}
+
+	return nil, fmt.Errorf("unsupported provider %s", provider)
+}
+
 func urlJoin(base string, elem ...string) string {
 	joined, err := url.JoinPath(base, elem...)
 	if err != nil {