feat(oidc_provider) use askama templates

Implements a custom OidcResponse with CSP headers and oxide-auth processing compatibility.
2025-09-11 14:03:01 +02:00 · 2025-05-09 11:17:50 +02:00 · 2025-05-09 11:17:50 +02:00 · fa9b8869b6
commit fa9b8869b6
parent 3417ac2487
18 changed files with 621 additions and 225 deletions
--- a/src/web/oidc/consent.rs
+++ b/src/web/oidc/consent.rs
@ -0,0 +1,54 @@
+use super::{
+	encode,
+	ConsentPageTemplate,
+	AuthorizationQuery,
+	OidcResponse,
+};
+use askama::Template;
+use oxide_auth::frontends::simple::request::{Body, Status};
+
+/// A web consent solicitor form for the OIDC authentication flow.
+///
+/// Asks the resource owner for their consent to let a client access their data
+/// on this server.
+pub fn oidc_consent_form(
+	hostname: &str,
+	query: &AuthorizationQuery,
+) -> OidcResponse {
+	// The target request route.
+	let route = "/_matrix/client/unstable/org.matrix.msc2964/authorize";
+	let nonce = rand::random::<u64>().to_string();
+	let body = Some(Body::Text(consent_page(hostname, query, route, &nonce)));
+
+	OidcResponse {
+		status: Status::Ok,
+		location: None,
+		www_authenticate: None,
+		body,
+		nonce,
+	}
+}
+
+/// Render the html contents of the user consent page.
+fn consent_page(
+	hostname: &str,
+	query: &AuthorizationQuery,
+	route: &str,
+	nonce: &str,
+) -> String {
+	let template = ConsentPageTemplate {
+		nonce,
+		hostname,
+		route,
+		client_id: &encode(query.client_id.as_str()),
+		redirect_uri: &encode(query.redirect_uri.as_str()),
+		scope: &encode(query.scope.as_str()),
+		state: &encode(query.state.as_str()),
+		code_challenge: &encode(query.code_challenge.as_str()),
+		code_challenge_method: &encode(query.code_challenge_method.as_str()),
+		response_type: &encode(query.response_type.as_str()),
+		response_mode: &encode(query.response_mode.as_str()),
+	};
+
+	template.render().expect("consent page render")
+}