diff options
-rw-r--r-- | .gitignore | 19 | ||||
-rw-r--r-- | LICENSE | 191 | ||||
-rw-r--r-- | README.md | 9 | ||||
-rw-r--r-- | rebar.config | 2 | ||||
-rw-r--r-- | rebar.lock | 32 | ||||
-rw-r--r-- | src/ory.app.src | 16 | ||||
-rw-r--r-- | src/ory.erl | 3 | ||||
-rw-r--r-- | src/ory_hydra.erl | 67 | ||||
-rw-r--r-- | src/ory_kratos.erl | 103 |
9 files changed, 442 insertions, 0 deletions
diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..f1c4554 --- /dev/null +++ b/.gitignore @@ -0,0 +1,19 @@ +.rebar3 +_* +.eunit +*.o +*.beam +*.plt +*.swp +*.swo +.erlang.cookie +ebin +log +erl_crash.dump +.rebar +logs +_build +.idea +*.iml +rebar3.crashdump +*~ @@ -0,0 +1,191 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + Copyright 2021, Jordan Bracco <href@random.sh>. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + diff --git a/README.md b/README.md new file mode 100644 index 0000000..33d9d20 --- /dev/null +++ b/README.md @@ -0,0 +1,9 @@ +ory +===== + +Ory library + +Build +----- + + $ rebar3 compile diff --git a/rebar.config b/rebar.config new file mode 100644 index 0000000..a5ac854 --- /dev/null +++ b/rebar.config @@ -0,0 +1,2 @@ +{erl_opts, [debug_info]}. +{deps, [{hackney, "1.17.4"}, {jsone, "1.6.1"}]}. diff --git a/rebar.lock b/rebar.lock new file mode 100644 index 0000000..ea07c33 --- /dev/null +++ b/rebar.lock @@ -0,0 +1,32 @@ +{"1.2.0", +[{<<"certifi">>,{pkg,<<"certifi">>,<<"2.6.1">>},1}, + {<<"hackney">>,{pkg,<<"hackney">>,<<"1.17.4">>},0}, + {<<"idna">>,{pkg,<<"idna">>,<<"6.1.1">>},1}, + {<<"jsone">>,{pkg,<<"jsone">>,<<"1.6.1">>},0}, + {<<"metrics">>,{pkg,<<"metrics">>,<<"1.0.1">>},1}, + {<<"mimerl">>,{pkg,<<"mimerl">>,<<"1.2.0">>},1}, + {<<"parse_trans">>,{pkg,<<"parse_trans">>,<<"3.3.1">>},1}, + {<<"ssl_verify_fun">>,{pkg,<<"ssl_verify_fun">>,<<"1.1.6">>},1}, + {<<"unicode_util_compat">>,{pkg,<<"unicode_util_compat">>,<<"0.7.0">>},1}]}. +[ +{pkg_hash,[ + {<<"certifi">>, <<"DBAB8E5E155A0763EEA978C913CA280A6B544BFA115633FA20249C3D396D9493">>}, + {<<"hackney">>, <<"99DA4674592504D3FB0CFEF0DB84C3BA02B4508BAE2DFF8C0108BAA0D6E0977C">>}, + {<<"idna">>, <<"8A63070E9F7D0C62EB9D9FCB360A7DE382448200FBBD1B106CC96D3D8099DF8D">>}, + {<<"jsone">>, <<"7EA1098FE004C4127320FE0E3CF6A951B01F82039FEAA56C322DC7E34DD59762">>}, + {<<"metrics">>, <<"25F094DEA2CDA98213CECC3AEFF09E940299D950904393B2A29D191C346A8486">>}, + {<<"mimerl">>, <<"67E2D3F571088D5CFD3E550C383094B47159F3EEE8FFA08E64106CDF5E981BE3">>}, + {<<"parse_trans">>, <<"16328AB840CC09919BD10DAB29E431DA3AF9E9E7E7E6F0089DD5A2D2820011D8">>}, + {<<"ssl_verify_fun">>, <<"CF344F5692C82D2CD7554F5EC8FD961548D4FD09E7D22F5B62482E5AEAEBD4B0">>}, + {<<"unicode_util_compat">>, <<"BC84380C9AB48177092F43AC89E4DFA2C6D62B40B8BD132B1059ECC7232F9A78">>}]}, +{pkg_hash_ext,[ + {<<"certifi">>, <<"524C97B4991B3849DD5C17A631223896272C6B0AF446778BA4675A1DFF53BB7E">>}, + {<<"hackney">>, <<"DE16FF4996556C8548D512F4DBE22DD58A587BF3332E7FD362430A7EF3986B16">>}, + {<<"idna">>, <<"92376EB7894412ED19AC475E4A86F7B413C1B9FBB5BD16DCCD57934157944CEA">>}, + {<<"jsone">>, <<"A6C1DF6081DF742068D2ED747A4FE8A7740C56421B53E02BC9D4907DD3502922">>}, + {<<"metrics">>, <<"69B09ADDDC4F74A40716AE54D140F93BEB0FB8978D8636EADED0C31B6F099F16">>}, + {<<"mimerl">>, <<"F278585650AA581986264638EBF698F8BB19DF297F66AD91B18910DFC6E19323">>}, + {<<"parse_trans">>, <<"07CD9577885F56362D414E8C4C4E6BDF10D43A8767ABB92D24CBE8B24C54888B">>}, + {<<"ssl_verify_fun">>, <<"BDB0D2471F453C88FF3908E7686F86F9BE327D065CC1EC16FA4540197EA04680">>}, + {<<"unicode_util_compat">>, <<"25EEE6D67DF61960CF6A794239566599B09E17E668D3700247BC498638152521">>}]} +]. diff --git a/src/ory.app.src b/src/ory.app.src new file mode 100644 index 0000000..c4098ee --- /dev/null +++ b/src/ory.app.src @@ -0,0 +1,16 @@ +{application, ory, + [{description, "Ory library"}, + {vsn, "0.1.0"}, + {registered, []}, + {applications, + [kernel, + stdlib, + hackney, + jsone + ]}, + {env,[]}, + {modules, []}, + + {licenses, ["Apache 2.0"]}, + {links, []} + ]}. diff --git a/src/ory.erl b/src/ory.erl new file mode 100644 index 0000000..5c06bc9 --- /dev/null +++ b/src/ory.erl @@ -0,0 +1,3 @@ +-module(ory). + +-export([]). diff --git a/src/ory_hydra.erl b/src/ory_hydra.erl new file mode 100644 index 0000000..d31cd82 --- /dev/null +++ b/src/ory_hydra.erl @@ -0,0 +1,67 @@ +-module(ory_hydra). +-export([url/0, admin_url/0, userinfo/1, login_request/1, accept_login_request/2, consent_request/1, accept_consent_request/2, reject_consent_request/2]). + +login_request(Challenge) -> + Url = [admin_url(), "/oauth2/auth/requests/login?login_challenge=", Challenge], + Headers = [{"accept", "application/json"}], + SSLOpts = application:get_env(ory, hackney_ssl_opts, []), + Opts = [{ssl_options, SSLOpts}], + api_response(hackney:request(get, Url, Headers, <<>>, Opts)). + +accept_login_request(Challenge, Data) -> + Url = [admin_url(), "/oauth2/auth/requests/login/accept?login_challenge=", Challenge], + Headers = [{"accept", "application/json"}, {"content_type", "application/json"}], + Json = jsone:encode(Data), + SSLOpts = application:get_env(ory, hackney_ssl_opts, []), + Opts = [{ssl_options, SSLOpts}], + api_response(hackney:request(put, Url, Headers, Json, Opts)). + +consent_request(Challenge) -> + Url = [admin_url(), "/oauth2/auth/requests/consent?consent_challenge=", Challenge], + Headers = [{"accept", "application/json"}], + SSLOpts = application:get_env(ory, hackney_ssl_opts, []), + Opts = [{ssl_options, SSLOpts}], + api_response(hackney:request(get, Url, Headers, <<>>, Opts)). + +accept_consent_request(Challenge, Data) -> + Url = [admin_url(), "/oauth2/auth/requests/consent/accept?consent_challenge=", Challenge], + Headers = [{"accept", "application/json"}, {"content_type", "application/json"}], + Json = jsone:encode(Data), + SSLOpts = application:get_env(ory, hackney_ssl_opts, []), + Opts = [{ssl_options, SSLOpts}], + api_response(hackney:request(put, Url, Headers, Json, Opts)). + +reject_consent_request(Challenge, Data) -> + Url = [admin_url(), "/oauth2/auth/requests/consent/reject?consent_challenge=", Challenge], + Headers = [{"accept", "application/json"}, {"content_type", "application/json"}], + Json = jsone:encode(Data), + SSLOpts = application:get_env(ory, hackney_ssl_opts, []), + Opts = [{ssl_options, SSLOpts}], + api_response(hackney:request(put, Url, Headers, Json, Opts)). + +userinfo(Authorization) -> + Url = [url(), "/userinfo"], + Headers = [{"accept", "application/json"}, {"authorization", Authorization}], + SSLOpts = application:get_env(ory, hackney_ssl_opts, []), + Opts = [{ssl_options, SSLOpts}], + api_response(hackney:request(get, Url, Headers, <<>>, Opts)). + +admin_url() -> + {ok, Value} = application:get_env(ory, hydra_admin_url), + Value. + +url() -> + {ok, Value} = application:get_env(ory, hydra_url), + Value. + +api_response(Error = {error, Error}) -> + logger:error("ory_kratos hackney error: ~p", [Error]), + {error, #{<<"code">> => 503, <<"status">> => "Not Available", <<"message">> => "This service isn't available at the moment."}}; +api_response({ok, 200, _, Client}) -> + {ok, Body} = hackney:body(Client), + {ok, jsone:decode(Body)}; +api_response({ok, _Code, _, Client}) -> + {ok, Body} = hackney:body(Client), + JSON = #{<<"error">> := Error} = jsone:decode(Body), + logger:debug("hydra error: ~p", [JSON]), + {error, Error}. diff --git a/src/ory_kratos.erl b/src/ory_kratos.erl new file mode 100644 index 0000000..162df05 --- /dev/null +++ b/src/ory_kratos.erl @@ -0,0 +1,103 @@ +-module(ory_kratos). + +-export([login_url/1, registration_url/1, settings_url/1, recovery_url/1, verification_url/1, url/0, admin_url/0]). +-export([registration_flow/2, login_flow/2, settings_flow/2, recovery_flow/2, verification_flow/2, logout_flow/1, whoami/1, error/1]). +-export([get_identity/1]). + +login_url(browser) -> + [url(), "/self-service/login/browser"]. + +registration_url(browser) -> + [url(), "/self-service/registration/browser"]. + +settings_url(browser) -> + [url(), "/self-service/settings/browser"]. + +recovery_url(browser) -> + [url(), "/self-service/recovery/browser"]. + +verification_url(browser) -> + [url(), "/self-service/verification/browser"]. + +url() -> + {ok, Value} = application:get_env(ory, kratos_url), + Value. + +admin_url() -> + {ok, Value} = application:get_env(ory, kratos_admin_url), + Value. + +registration_flow(Cookie, Id) -> + Url = [url(), "/self-service/registration/flows?id=", Id], + Headers = [{<<"cookie">>, Cookie}, {"accept", "application/json"}], + SSLOpts = application:get_env(ory, hackney_ssl_opts, []), + Opts = [{ssl_options, SSLOpts}], + api_response(hackney:request(get, Url, Headers, <<>>, Opts)). + +login_flow(Cookie, Id) -> + Url = [url(), "/self-service/login/flows?id=", Id], + Headers = [{<<"cookie">>, Cookie}, {"accept", "application/json"}], + SSLOpts = application:get_env(ory, hackney_ssl_opts, []), + Opts = [{ssl_options, SSLOpts}], + api_response(hackney:request(get, Url, Headers, <<>>, Opts)). + +settings_flow(Cookie, Id) -> + Url = [url(), "/self-service/settings/flows?id=", Id], + Headers = [{<<"cookie">>, Cookie}, {"accept", "application/json"}], + SSLOpts = application:get_env(ory, hackney_ssl_opts, []), + Opts = [{ssl_options, SSLOpts}], + api_response(hackney:request(get, Url, Headers, <<>>, Opts)). + +recovery_flow(Cookie, Id) -> + Url = [url(), "/self-service/recovery/flows?id=", Id], + Headers = [{<<"cookie">>, Cookie}, {"accept", "application/json"}], + SSLOpts = application:get_env(ory, hackney_ssl_opts, []), + Opts = [{ssl_options, SSLOpts}], + api_response(hackney:request(get, Url, Headers, <<>>, Opts)). + +verification_flow(Cookie, Id) -> + Url = [url(), "/self-service/verification/flows?id=", Id], + Headers = [{<<"cookie">>, Cookie}, {"accept", "application/json"}], + SSLOpts = application:get_env(ory, hackney_ssl_opts, []), + Opts = [{ssl_options, SSLOpts}], + api_response(hackney:request(get, Url, Headers, <<>>, Opts)). + +logout_flow(Cookie) -> + Url = [url(), "/self-service/logout/browser"], + Headers = [{<<"cookie">>, Cookie}, {"accept", "application/json"}], + SSLOpts = application:get_env(ory, hackney_ssl_opts, []), + Opts = [{ssl_options, SSLOpts}], + api_response(hackney:request(get, Url, Headers, <<>>, Opts)). + +whoami(Cookie) -> + Url = [url(), "/sessions/whoami"], + Headers = [{<<"cookie">>, Cookie}, {"accept", "application/json"}], + SSLOpts = application:get_env(ory, hackney_ssl_opts, []), + Opts = [{ssl_options, SSLOpts}], + api_response(hackney:request(get, Url, Headers, <<>>, Opts)). + +error(Id) -> + Url = [url(), "/self-service/errors?id=", Id], + Headers = [{"accept", "application/json"}], + SSLOpts = application:get_env(ory, hackney_ssl_opts, []), + Opts = [{ssl_options, SSLOpts}], + api_response(hackney:request(get, Url, Headers, <<>>, Opts)). + +get_identity(Id) -> + Url = [admin_url(), "/identities/", Id], + Headers = [{"accept", "application/json"}], + SSLOpts = application:get_env(ory, hackney_ssl_opts, []), + Opts = [{ssl_options, SSLOpts}], + api_response(hackney:request(get, Url, Headers, <<>>, Opts)). + +api_response(Error = {error, Error}) -> + logger:error("ory_kratos hackney error: ~p", [Error]), + {error, #{<<"code">> => 503, <<"status">> => "Not Available", <<"message">> => "This service isn't available at the moment."}}; +api_response({ok, 200, _, Client}) -> + {ok, Body} = hackney:body(Client), + {ok, jsone:decode(Body)}; +api_response({ok, _Code, _, Client}) -> + {ok, Body} = hackney:body(Client), + JSON = #{<<"error">> := Error} = jsone:decode(Body), + logger:debug("hydra error: ~p", [JSON]), + {error, Error}. |