add session management routes and session page template

containers/auth-gateway/auth_gateway/templates/session.html

@@ -0,0 +1,64 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Session</title>
+    <link rel="stylesheet" href="{{ external_path }}/static/style.css">
+    <style>
+        .info-table { width: 100%; border-collapse: collapse; margin: 0 0 24px; }
+        .info-table tr + tr td { border-top: 1px solid var(--line); }
+        .info-table td { padding: 10px 0; font-size: 0.9rem; vertical-align: top; }
+        .info-table td:first-child { color: var(--muted); width: 40%; }
+        .badge { display: inline-block; padding: 2px 10px; border-radius: 99px; font-size: 0.78rem; font-weight: 600; background: rgba(107,63,36,0.12); color: var(--accent-strong); margin: 2px 2px 2px 0; }
+    </style>
+</head>
+<body>
+    <main class="shell">
+        <section class="card">
+            <p class="eyebrow">Auth Gateway</p>
+            <h1>Active session</h1>
+            <table class="info-table">
+                {% if session.username %}
+                <tr>
+                    <td>Username</td>
+                    <td>{{ session.username }}</td>
+                </tr>
+                {% endif %}
+                {% if session.email %}
+                <tr>
+                    <td>E-mail</td>
+                    <td>{{ session.email }}</td>
+                </tr>
+                {% endif %}
+                <tr>
+                    <td>Authenticated via</td>
+                    <td>
+                        {% for factor in session.auth_factors %}
+                        <span class="badge">{{ factor }}</span>
+                        {% endfor %}
+                    </td>
+                </tr>
+                {% if session.groups %}
+                <tr>
+                    <td>Groups</td>
+                    <td>
+                        {% for group in session.groups %}
+                        <span class="badge">{{ group }}</span>
+                        {% endfor %}
+                    </td>
+                </tr>
+                {% endif %}
+                <tr>
+                    <td>Expires</td>
+                    <td>{{ session.expires_at.strftime('%Y-%m-%d %H:%M UTC') }}</td>
+                </tr>
+            </table>
+            <form method="post" action="{{ external_path }}/logout">
+                <input type="hidden" name="next" value="/">
+                <button class="button" type="submit" style="width:100%">Sign out</button>
+            </form>
+        </section>
+    </main>
+</body>
+</html>

containers/auth-gateway/auth_gateway/web/login_routes.py

@@ -44,6 +44,14 @@ def _redirect_with_cookie(request: Request, destination: str, session) -> Redire
     return response
 
 
+@router.get("/", response_class=HTMLResponse)
+async def session_page(request: Request):
+    session = get_session(request)
+    if not session or not session.auth_factors:
+        return RedirectResponse(build_external_url(request, "/login"), status_code=303)
+    return _render(request, "session.html", session=session)
+
+
 @router.get("/login", response_class=HTMLResponse)
 async def login_page(request: Request, next: str = "/"):
     runtime_config = get_runtime_config(request)
@@ -236,10 +244,19 @@ async def login_oidc_callback(request: Request, state: str):
     return _redirect_with_cookie(request, oidc_state.next_url, session)
 
 
-@router.post("/logout")
-async def logout(request: Request, next: str = Form("/")):
+def _do_logout(request: Request, next_url: str = "/") -> RedirectResponse:
     session_cookie = request.cookies.get(request.app.state.settings.cookie_name)
     request.app.state.session_service.delete_session(session_cookie)
-    response = RedirectResponse(next or "/", status_code=303)
+    response = RedirectResponse(next_url or "/", status_code=303)
     response.delete_cookie(request.app.state.settings.cookie_name, path="/")
     return response
+
+
+@router.get("/logout")
+async def logout_get(request: Request, next: str = "/"):
+    return _do_logout(request, next)
+
+
+@router.post("/logout")
+async def logout_post(request: Request, next: str = Form("/")):
+    return _do_logout(request, next)

containers/caddy/process_config.py

@@ -15,8 +15,8 @@ from urllib.parse import urlparse
 
 JSON_DIR = os.environ.get("JSON_DIR", "/caddy_json_export")
 CADDYFILE_PATH = os.environ.get("CADDYFILE_PATH", "/etc/caddy/Caddyfile")
-AUTH_GATEWAY_INTERNAL_URL = "http://wireguard-webadmin-auth-gateway:9091"
-AUTH_GATEWAY_PORTAL_PATH = "/auth-gateway"
+AUTH_GATEWAY_INTERNAL_URL = os.environ.get("AUTH_GATEWAY_INTERNAL_URL", "http://wireguard-webadmin-auth-gateway:9091")
+AUTH_GATEWAY_PORTAL_PATH = os.environ.get("AUTH_GATEWAY_EXTERNAL_PATH", "/auth-gateway")
 AUTH_GATEWAY_CHECK_URI = "/auth/check"