feat: add OIDC authentication for server mode

2026-04-01 19:33:15 +02:00
parent 7bce56384f
commit 52a975b66d
13 changed files with 515 additions and 7 deletions
--- a/service/session.go
+++ b/service/session.go
@@ -0,0 +1,67 @@
+package service
+
+import (
+	"encoding/json"
+	"os"
+	"path/filepath"
+)
+
+// Session holds the server-issued token returned by POST /auth/poll.
+// The ax server owns the full OIDC flow; the client only needs this token.
+type Session struct {
+	Token string `json:"token"`
+}
+
+func sessionPath() (string, error) {
+	home, err := os.UserHomeDir()
+	if err != nil {
+		return "", err
+	}
+	return filepath.Join(home, ".config", "ax", "session.json"), nil
+}
+
+func LoadSession() (*Session, error) {
+	path, err := sessionPath()
+	if err != nil {
+		return nil, err
+	}
+	data, err := os.ReadFile(path)
+	if err != nil {
+		if os.IsNotExist(err) {
+			return nil, nil
+		}
+		return nil, err
+	}
+	var s Session
+	if err := json.Unmarshal(data, &s); err != nil {
+		return nil, err
+	}
+	return &s, nil
+}
+
+func SaveSession(s *Session) error {
+	path, err := sessionPath()
+	if err != nil {
+		return err
+	}
+	if err := os.MkdirAll(filepath.Dir(path), 0700); err != nil {
+		return err
+	}
+	data, err := json.MarshalIndent(s, "", "  ")
+	if err != nil {
+		return err
+	}
+	return os.WriteFile(path, data, 0600)
+}
+
+func ClearSession() error {
+	path, err := sessionPath()
+	if err != nil {
+		return err
+	}
+	err = os.Remove(path)
+	if os.IsNotExist(err) {
+		return nil
+	}
+	return err
+}