add initial implementation of auth gateway with models, routes, and session management

2026-03-17 22:36:17 +00:00 · 2026-03-16 09:47:02 -03:00
parent 963ed54c86
commit d84cf0a174
32 changed files with 1532 additions and 0 deletions
--- a/containers/auth-gateway/auth_gateway/templates/error.html
+++ b/containers/auth-gateway/auth_gateway/templates/error.html
@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>{{ title }}</title>
+    <link rel="stylesheet" href="{{ external_path }}/static/style.css">
+</head>
+<body>
+    <main class="shell">
+        <section class="card">
+            <p class="eyebrow">Auth Gateway</p>
+            <h1>{{ title }}</h1>
+            <p class="muted">{{ message }}</p>
+        </section>
+    </main>
+</body>
+</html>
--- a/containers/auth-gateway/auth_gateway/templates/login.html
+++ b/containers/auth-gateway/auth_gateway/templates/login.html
@@ -0,0 +1,29 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Sign in</title>
+    <link rel="stylesheet" href="{{ external_path }}/static/style.css">
+</head>
+<body>
+    <main class="shell">
+        <section class="card">
+            <p class="eyebrow">Auth Gateway</p>
+            <h1>Sign in to {{ application_name }}</h1>
+            <p class="muted">Active policy: {{ policy_name }}</p>
+            <div class="stack">
+                {% if "password" in methods %}
+                <a class="button" href="{{ external_path }}/login/password?next={{ next | urlencode }}">Continue with username and password</a>
+                {% endif %}
+                {% if "oidc" in methods %}
+                <a class="button secondary" href="{{ external_path }}/login/oidc/start?next={{ next | urlencode }}">Continue with OIDC</a>
+                {% endif %}
+                {% if "totp" in methods %}
+                <a class="button secondary" href="{{ external_path }}/login/totp?next={{ next | urlencode }}">Continue with TOTP</a>
+                {% endif %}
+            </div>
+        </section>
+    </main>
+</body>
+</html>
--- a/containers/auth-gateway/auth_gateway/templates/login_password.html
+++ b/containers/auth-gateway/auth_gateway/templates/login_password.html
@@ -0,0 +1,33 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Password sign in</title>
+    <link rel="stylesheet" href="{{ external_path }}/static/style.css">
+</head>
+<body>
+    <main class="shell">
+        <section class="card">
+            <p class="eyebrow">Auth Gateway</p>
+            <h1>Sign in to {{ application_name }}</h1>
+            <p class="muted">Enter your local username and password.</p>
+            {% if error %}
+            <p class="error">{{ error }}</p>
+            {% endif %}
+            <form method="post" action="{{ external_path }}/login/password" class="stack">
+                <input type="hidden" name="next" value="{{ next }}">
+                <label class="field">
+                    <span>Username</span>
+                    <input type="text" name="username" autocomplete="username" required>
+                </label>
+                <label class="field">
+                    <span>Password</span>
+                    <input type="password" name="password" autocomplete="current-password" required>
+                </label>
+                <button class="button" type="submit">Continue</button>
+            </form>
+        </section>
+    </main>
+</body>
+</html>
--- a/containers/auth-gateway/auth_gateway/templates/login_totp.html
+++ b/containers/auth-gateway/auth_gateway/templates/login_totp.html
@@ -0,0 +1,29 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>TOTP verification</title>
+    <link rel="stylesheet" href="{{ external_path }}/static/style.css">
+</head>
+<body>
+    <main class="shell">
+        <section class="card">
+            <p class="eyebrow">Auth Gateway</p>
+            <h1>Verify access to {{ application_name }}</h1>
+            <p class="muted">Enter the current code from your authenticator app.</p>
+            {% if error %}
+            <p class="error">{{ error }}</p>
+            {% endif %}
+            <form method="post" action="{{ external_path }}/login/totp" class="stack">
+                <input type="hidden" name="next" value="{{ next }}">
+                <label class="field">
+                    <span>Verification code</span>
+                    <input type="text" name="token" inputmode="numeric" autocomplete="one-time-code" required>
+                </label>
+                <button class="button" type="submit">Verify</button>
+            </form>
+        </section>
+    </main>
+</body>
+</html>