oidc: move routes to server.js for visibility

src/server.js

@@ -39,6 +39,11 @@ async function initializeExpressSync() {
     const json = middleware.json({ strict: true, limit: QUERY_LIMIT }), // application/json
         urlencoded = middleware.urlencoded({ extended: false, limit: QUERY_LIMIT }); // application/x-www-form-urlencoded
 
+    function setNoCache(req, res, next) {
+        res.set('cache-control', 'no-store');
+        next();
+    }
+
     app.set('json spaces', 2); // pretty json
 
     // for rate limiting
@@ -373,11 +378,16 @@ async function initializeExpressSync() {
     // OpenID connect
     const oidcPrefix = '/api/v1/oidc';
     const oidcProvider = await oidc.getProvider(oidcPrefix);
-    oidc.attachInteractionRoutes(oidcPrefix, app, oidcProvider);
-    app.use(oidcPrefix, oidcProvider.callback());
     app.set('views', path.join(__dirname, 'oidc_templates'));
     app.set('view engine', 'ejs');
 
+    router.get ('/api/v1/oidc/interaction/:uid',          setNoCache,       oidc.routes.renderInteractionPage(oidcPrefix, oidcProvider));
+    router.post('/api/v1/oidc/interaction/:uid/login',    setNoCache, json, oidc.routes.interactionLogin(oidcProvider));
+    router.post('/api/v1/oidc/interaction/:uid/confirm',  setNoCache, json, oidc.routes.interactionConfirm(oidcProvider));
+    router.get ('/api/v1/oidc/interaction/:uid/abort',    setNoCache,       oidc.routes.interactionAbort(oidcProvider));
+
+    app.use(oidcPrefix, oidcProvider.callback());
+
     // disable server socket "idle" timeout. we use the timeout middleware to handle timeouts on a route level
     // we rely on nginx for timeouts on the TCP level (see client_header_timeout)
     httpServer.setTimeout(0);