improving path handling, working on authorization flow

Signed-off-by: Stephan Richter <s.richter@srsoftware.de>

de.srsoftware.oidc.web/src/main/java/de/srsoftware/oidc/web/Forward.java

@@ -14,10 +14,10 @@ public class Forward extends PathHandler {
 	}
 
 	@Override
-	public void handle(HttpExchange ex) throws IOException {
-		System.out.printf("Forwarding (%d) %s to %s…\n", CODE, ex.getRequestURI(), toPath);
+	public boolean doGet(String path, HttpExchange ex) throws IOException {
+		System.out.printf("Forwarding (%d) %s to %s…\n", CODE, path, toPath);
 		ex.getResponseHeaders().add("Location", toPath);
 		ex.sendResponseHeaders(CODE, 0);
-		ex.getResponseBody().close();
+		return true;
 	}
 }

de.srsoftware.oidc.web/src/main/java/de/srsoftware/oidc/web/StaticPages.java

@@ -1,11 +1,12 @@
 /* © SRSoftware 2024 */
 package de.srsoftware.oidc.web;
 
+import static java.net.HttpURLConnection.HTTP_NOT_FOUND;
+
 import com.sun.net.httpserver.HttpExchange;
 import de.srsoftware.oidc.api.PathHandler;
 import java.io.FileNotFoundException;
 import java.io.IOException;
-import java.io.OutputStream;
 import java.net.MalformedURLException;
 import java.net.URL;
 import java.nio.file.Files;
@@ -14,6 +15,7 @@ import java.util.Optional;
 
 public class StaticPages extends PathHandler {
 	private static final String DEFAULT_LANGUAGE = "en";
+	private static final String FAVICON          = "favicon.ico";
 	private final Optional<Path> base;
 	private ClassLoader          loader;
 
@@ -27,27 +29,22 @@ public class StaticPages extends PathHandler {
 	private static final String INDEX = "en/index.html";
 
 	@Override
-	public void handle(HttpExchange ex) throws IOException {
-		String relativePath = relativePath(ex);
-		String lang	    = language(ex).orElse(DEFAULT_LANGUAGE);
-		String method	    = ex.getRequestMethod();
-
-		if (relativePath.isBlank()) relativePath = INDEX;
-		System.out.printf("%s %s: ", method, ex.getRequestURI());
+	public boolean doGet(String relativePath, HttpExchange ex) throws IOException {
+		String lang = language(ex).orElse(DEFAULT_LANGUAGE);
+		if (relativePath.startsWith("/")) relativePath = relativePath.substring(1);
+		if (relativePath.isBlank()) {
+			relativePath = ex.getRequestURI().toString().endsWith(FAVICON) ? FAVICON : INDEX;
+		}
 		try {
-			System.out.printf("Loading %s for lagnuage %s…", relativePath, lang);
+			System.out.printf("Loading %s for language %s…", relativePath, lang);
 			Response response = loadFile(lang, relativePath).orElseThrow(() -> new FileNotFoundException());
 
 			ex.getResponseHeaders().add(CONTENT_TYPE, response.contentType);
-			ex.sendResponseHeaders(200, response.content.length);
-			OutputStream os = ex.getResponseBody();
-			os.write(response.content);
-			os.close();
 			System.out.println("success.");
+			return sendContent(ex, response.content);
 		} catch (FileNotFoundException fnf) {
-			ex.sendResponseHeaders(404, 0);
-			ex.getResponseBody().close();
 			System.err.println("failed!");
+			return sendEmptyResponse(HTTP_NOT_FOUND, ex);
 		}
 	}
 

de.srsoftware.oidc.web/src/main/resources/en/authorization.html

@@ -0,0 +1,13 @@
+<html>
+<head>
+    <meta charset="utf-8">
+    <title>Light OIDC</title>
+    <script src="config.js"></script>
+    <script src="user.js"></script>
+    <script src="authorization.js"></script>
+</head>
+<body>
+<h1>Authorization!</h1>
+Not implemented, yet!
+</body>
+</html>

de.srsoftware.oidc.web/src/main/resources/en/authorization.js

@@ -0,0 +1,11 @@
+var params = new URLSearchParams(window.location.search)
+var json = Object.fromEntries(params);
+
+fetch(api+"/authorize",{
+    method: 'POST',
+    body: JSON.stringify(json),
+    headers: {
+        'Content-Type': 'application/json'
+    }
+})
+

de.srsoftware.oidc.web/src/main/resources/en/index.html

@@ -1,10 +1,24 @@
 <html>
     <head>
+        <meta charset="utf-8">
         <title>Light OIDC</title>
         <script src="config.js"></script>
-        <script src="index.js"></script>
+        <script src="user.js"></script>
     </head>
     <body>
         <h1>Welcome!</h1>
+        <h2>Connected sites</h2>
+        These are sites that are connected with your account:
+        <table>
+            <tr>
+                <th>Site</th>
+                <th>Actions</th>
+            </tr>
+            <tr>
+                <td>
+                    <button onclick="window.location.href='newclient.html';">Add new site…</button>
+                </td>
+            </tr>
+        </table>
     </body>
 </html>

de.srsoftware.oidc.web/src/main/resources/en/index.js

@@ -1,7 +0,0 @@
-const UNAUTHORIZED = 401;
-
-function handleUser(response){
-    console.log(response);
-}
-
-fetch(api+"/user").then(handleUser);

de.srsoftware.oidc.web/src/main/resources/en/login.html

@@ -1,25 +1,24 @@
 <html>
     <head>
+        <meta charset="utf-8">
         <title>Light OIDC</title>
         <script src="config.js"></script>
-        <script src="index.js"></script>
+        <script src="login.js"></script>
     </head>
     <body>
         <h1>Login</h1>
-        <form id="login">
-            <fieldset>
-                <legend>User credentials</legend>
+        <fieldset id="login">
+            <legend>User credentials</legend>
             <label>
                 Username
-                <input type="text" name="username" />
+                <input type="text" id="username" />
             </label>
             <label>
                 Password
-                <input type="password" name="password" />
+                <input type="password" id="password" />
             </label>
             <button type="button" onClick="tryLogin()">Login</button>
-            </fieldset>
-        </form>
+        </fieldset>
         <div id="error"></div>
     </body>
 </html>

de.srsoftware.oidc.web/src/main/resources/en/login.js

@@ -0,0 +1,33 @@
+async function handleLogin(response){
+    if (response.ok){
+        var body = await response.json();
+
+        setTimeout(doRedirect,100);
+    }
+    return false;
+}
+
+function doRedirect(){
+        let params = new URL(document.location.toString()).searchParams;
+        let redirect = params.get("return_to") || 'index.html';
+        window.location.href = redirect,true;
+        return false;
+}
+
+function tryLogin(){
+    document.getElementById("error").innerHTML = "";
+    var username = document.getElementById('username').value;
+    var password = document.getElementById('password').value;
+    fetch(api+"/login",{
+        method: 'POST',
+        headers: {
+          Accept: 'application/json',
+          'Content-Type': 'application/json'
+        },
+        body: JSON.stringify({
+            username : username,
+            password : password
+        })
+    }).then(handleLogin);
+    return false;
+}

de.srsoftware.oidc.web/src/main/resources/en/newclient.html

@@ -0,0 +1,28 @@
+<html>
+<head>
+    <meta charset="utf-8">
+    <title>Light OIDC</title>
+    <script src="config.js"></script>
+    <script src="user.js"></script>
+</head>
+<body>
+<h1>Add new client</h1>
+<fieldset>
+    <legend>Settings</legend>
+    <table>
+        <tr>
+            <th>client name</th>
+            <td><input type="text" size="50" id="client-name"></td>
+        </tr>
+        <tr>
+            <th>client secret</th>
+            <td><input type="text" size="50" id="client-secret"></td>
+        </tr>
+        <tr>
+            <th>redirect urls</th>
+            <td><textarea cols="50" rows="5" id="redirect-urls"></textarea></td>
+        </tr>
+    </table>
+</fieldset>
+</body>
+</html>

de.srsoftware.oidc.web/src/main/resources/en/user.js

@@ -0,0 +1,12 @@
+const UNAUTHORIZED = 401;
+
+async function handleUser(response){
+    if (response.status == UNAUTHORIZED) {
+        window.location.href = 'login.html?return_to='+encodeURI(window.location.href);
+        return;
+    }
+    var user = await response.json();
+    // TODO: load navigation
+}
+
+fetch(api+"/user",{method:'POST'}).then(handleUser);