feat: Add optional OIDC support (#39)

This allows the API to trigger an OAuth workflow to create the JWT for authentication. For now the workflow is triggered by manually visiting `/api/login/oidc` on the frontend app until the UI repo is updated to add support.

Co-authored-by: Peter Olds <peter@olds.co>

internal/common/env.go

@@ -45,6 +45,12 @@ var (
 	APIJWTTokenTTL  = GetDurationEnv("API_JWT_TOKEN_TTL", time.Hour)
 	APIUser         = GetEnvString("API_USER", "admin")
 	APIPasswordHash = HashPassword(GetEnvString("API_PASSWORD", "password"))
+
+	// OIDC Configuration
+	OIDCIssuerURL    = GetEnvString("OIDC_ISSUER_URL", "")
+	OIDCClientID     = GetEnvString("OIDC_CLIENT_ID", "")
+	OIDCClientSecret = GetEnvString("OIDC_CLIENT_SECRET", "")
+	OIDCRedirectURL  = GetEnvString("OIDC_REDIRECT_URL", "")
 )
 
 func GetEnv[T any](key string, defaultValue T, parser func(string) (T, error)) T {

internal/common/random.go

@@ -0,0 +1,13 @@
+package common
+
+import (
+	"crypto/rand"
+	"encoding/base64"
+)
+
+// GenerateRandomString generates a random string of specified length.
+func GenerateRandomString(length int) string {
+	b := make([]byte, length)
+	rand.Read(b)
+	return base64.URLEncoding.EncodeToString(b)[:length]
+}