diff --git a/polyculeconnect/cmd/backend/add.go b/polyculeconnect/cmd/backend/add.go index ba70a18..7d21a34 100644 --- a/polyculeconnect/cmd/backend/add.go +++ b/polyculeconnect/cmd/backend/add.go @@ -1,11 +1,14 @@ package cmd import ( + "context" "fmt" "git.faercol.me/faercol/polyculeconnect/polyculeconnect/cmd/utils" + "git.faercol.me/faercol/polyculeconnect/polyculeconnect/internal/db" + "git.faercol.me/faercol/polyculeconnect/polyculeconnect/internal/model" "git.faercol.me/faercol/polyculeconnect/polyculeconnect/logger" - "git.faercol.me/faercol/polyculeconnect/polyculeconnect/services/backend" + "github.com/google/uuid" "github.com/spf13/cobra" ) @@ -38,7 +41,11 @@ Parameters to provide: func addNewBackend() { c := utils.InitConfig("") logger.Init(c.LogLevel) - s := utils.InitStorage(c) + + s, err := db.New(*c) + if err != nil { + utils.Failf("failed to init storage: %s", err.Error()) + } if backendClientID == "" { utils.Fail("Empty client ID") @@ -47,15 +54,19 @@ func addNewBackend() { utils.Fail("Empty client secret") } - backendConf := backend.BackendConfig{ - Issuer: backendIssuer, - ClientID: backendClientID, - ClientSecret: backendClientSecret, - RedirectURI: c.RedirectURI(), - ID: backendID, - Name: backendName, + backendIDUUID := uuid.New() + + backendConf := model.Backend{ + ID: backendIDUUID, + Name: backendName, + OIDCConfig: model.BackendOIDCConfig{ + ClientID: backendClientID, + ClientSecret: backendClientSecret, + Issuer: backendIssuer, + RedirectURI: c.RedirectURI(), + }, } - if err := backend.New(s).AddBackend(backendConf); err != nil { + if err := s.BackendStorage().AddBackend(context.Background(), &backendConf); err != nil { utils.Failf("Failed to add new backend to storage: %s", err.Error()) } diff --git a/polyculeconnect/cmd/backend/remove.go b/polyculeconnect/cmd/backend/remove.go index de52874..a74de87 100644 --- a/polyculeconnect/cmd/backend/remove.go +++ b/polyculeconnect/cmd/backend/remove.go @@ -1,12 +1,14 @@ package cmd import ( + "context" "errors" "fmt" "git.faercol.me/faercol/polyculeconnect/polyculeconnect/cmd/utils" - "git.faercol.me/faercol/polyculeconnect/polyculeconnect/services/backend" + "git.faercol.me/faercol/polyculeconnect/polyculeconnect/internal/db" "github.com/dexidp/dex/storage" + "github.com/google/uuid" "github.com/spf13/cobra" ) @@ -20,10 +22,18 @@ var backendRemoveCmd = &cobra.Command{ }, } -func removeBackend(backendID string) { - s := utils.InitStorage(utils.InitConfig("")) +func removeBackend(backendIDStr string) { + backendID, err := uuid.Parse(backendIDStr) + if err != nil { + utils.Failf("Invalid UUID format: %s", err.Error()) + } - if err := backend.New(s).RemoveBackend(backendID); err != nil { + s, err := db.New(*utils.InitConfig("")) + if err != nil { + utils.Failf("Failed to init storage: %s", err.Error()) + } + + if err := s.BackendStorage().DeleteBackend(context.Background(), backendID); err != nil { if !errors.Is(err, storage.ErrNotFound) { utils.Failf("Failed to remove backend: %s", err.Error()) } diff --git a/polyculeconnect/cmd/backend/show.go b/polyculeconnect/cmd/backend/show.go index 1fc8253..6999e5c 100644 --- a/polyculeconnect/cmd/backend/show.go +++ b/polyculeconnect/cmd/backend/show.go @@ -1,11 +1,13 @@ package cmd import ( + "context" "errors" "fmt" "git.faercol.me/faercol/polyculeconnect/polyculeconnect/cmd/utils" - "git.faercol.me/faercol/polyculeconnect/polyculeconnect/services/backend" + "git.faercol.me/faercol/polyculeconnect/polyculeconnect/internal/db" + "git.faercol.me/faercol/polyculeconnect/polyculeconnect/internal/db/backend" "github.com/dexidp/dex/storage" "github.com/spf13/cobra" ) @@ -19,36 +21,39 @@ Optional parameters: - app-id: id of the backend to display. If empty, display the list of available backends instead`, Args: cobra.MaximumNArgs(1), Run: func(cmd *cobra.Command, args []string) { - s := utils.InitStorage(utils.InitConfig("")) + s, err := db.New(*utils.InitConfig("")) + if err != nil { + utils.Failf("Failed to init storage: %s", err.Error()) + } if len(args) > 0 { - showBackend(args[0], backend.New(s)) + showBackend(args[0], s.BackendStorage()) } else { - listBackends(backend.New(s)) + listBackends(s.BackendStorage()) } }, } -func showBackend(backendId string, backendService backend.Service) { - backendConfig, err := backendService.GetBackend(backendId) +func showBackend(backendName string, backendService backend.BackendDB) { + backendConfig, err := backendService.GetBackendByName(context.Background(), backendName) if err != nil { if errors.Is(err, storage.ErrNotFound) { - utils.Failf("Backend with ID %s does not exist\n", backendId) + utils.Failf("Backend with name %s does not exist\n", backendName) } - utils.Failf("Failed to get config for backend %s: %q\n", backendId, err.Error()) + utils.Failf("Failed to get config for backend %s: %q\n", backendName, err.Error()) } fmt.Println("Backend config:") - printProperty("ID", backendConfig.ID) + printProperty("ID", backendConfig.ID.String()) printProperty("Name", backendConfig.Name) - printProperty("Issuer", backendConfig.Issuer) - printProperty("Client ID", backendConfig.ClientID) - printProperty("Client secret", backendConfig.ClientSecret) - printProperty("Redirect URI", backendConfig.RedirectURI) + printProperty("Issuer", backendConfig.OIDCConfig.Issuer) + printProperty("Client ID", backendConfig.OIDCConfig.ClientID) + printProperty("Client secret", backendConfig.OIDCConfig.ClientSecret) + printProperty("Redirect URI", backendConfig.OIDCConfig.RedirectURI) } -func listBackends(backendService backend.Service) { - backends, err := backendService.ListBackends() +func listBackends(backendStorage backend.BackendDB) { + backends, err := backendStorage.GetAllBackends(context.Background()) if err != nil { utils.Failf("Failed to list backends: %q\n", err.Error()) } @@ -58,7 +63,7 @@ func listBackends(backendService backend.Service) { return } for _, b := range backends { - fmt.Printf("\t - %s: (%s) - %s\n", b.ID, b.Name, b.Issuer) + fmt.Printf("\t - %s: (%s) - %s\n", b.ID, b.Name, b.OIDCConfig.Issuer) } } diff --git a/polyculeconnect/internal/db/backend/backend.go b/polyculeconnect/internal/db/backend/backend.go index 8a7928f..3708442 100644 --- a/polyculeconnect/internal/db/backend/backend.go +++ b/polyculeconnect/internal/db/backend/backend.go @@ -7,25 +7,35 @@ import ( "fmt" "git.faercol.me/faercol/polyculeconnect/polyculeconnect/internal/model" + "github.com/google/uuid" ) var ErrNotFound = errors.New("backend not found") -// const backendRows = `"id", "name", "oidc_id", "oidc_secret"` -const backendRows = `"id", "name"` +const backendRows = `"id", "name", "oidc_issuer", "oidc_client_id", "oidc_client_secret", "oidc_redirect_uri"` + +type scannable interface { + Scan(dest ...any) error +} type BackendDB interface { + GetAllBackends(ctx context.Context) ([]*model.Backend, error) + GetBackendByName(ctx context.Context, name string) (*model.Backend, error) + + AddBackend(ctx context.Context, newBackend *model.Backend) error + + DeleteBackend(ctx context.Context, id uuid.UUID) error } type sqlBackendDB struct { db *sql.DB } -func backendFromRow(row sql.Row) (*model.Backend, error) { +func backendFromRow(row scannable) (*model.Backend, error) { var res model.Backend - if err := row.Scan(&res.ID, &res.Name); err != nil { + if err := row.Scan(&res.ID, &res.Name, &res.OIDCConfig.Issuer, &res.OIDCConfig.ClientID, &res.OIDCConfig.ClientSecret, &res.OIDCConfig.RedirectURI); err != nil { if errors.Is(err, sql.ErrNoRows) { return nil, ErrNotFound } @@ -36,9 +46,66 @@ func backendFromRow(row sql.Row) (*model.Backend, error) { func (db *sqlBackendDB) GetBackendByName(ctx context.Context, name string) (*model.Backend, error) { query := fmt.Sprintf(`SELECT %s FROM "backend" WHERE "name" = ?`, backendRows) - fmt.Println(query, name) row := db.db.QueryRowContext(ctx, query, name) - return backendFromRow(*row) + return backendFromRow(row) +} + +func (db *sqlBackendDB) GetAllBackends(ctx context.Context) ([]*model.Backend, error) { + rows, err := db.db.QueryContext(ctx, fmt.Sprintf(`SELECT %s FROM "backend"`, backendRows)) + if err != nil { + return nil, err + } + + var res []*model.Backend + for rows.Next() { + b, err := backendFromRow(rows) + if err != nil { + return nil, err + } + res = append(res, b) + } + return res, nil +} + +func (db *sqlBackendDB) AddBackend(ctx context.Context, newBackend *model.Backend) error { + tx, err := db.db.BeginTx(ctx, nil) + if err != nil { + return fmt.Errorf("failed to start transaction: %w", err) + } + defer func() { _ = tx.Rollback() }() + + query := fmt.Sprintf(`INSERT INTO "backend" (%s) VALUES ($1, $2, $3, $4, $5, $6)`, backendRows) + _, err = tx.ExecContext( + ctx, query, + newBackend.ID, newBackend.Name, + newBackend.OIDCConfig.Issuer, newBackend.OIDCConfig.ClientID, + newBackend.OIDCConfig.ClientSecret, newBackend.OIDCConfig.RedirectURI, + ) + if err != nil { + return fmt.Errorf("failed to insert in DB: %w", err) + } + + if err := tx.Commit(); err != nil { + return fmt.Errorf("failed to commit transaction: %w", err) + } + return nil +} + +func (db *sqlBackendDB) DeleteBackend(ctx context.Context, id uuid.UUID) error { + tx, err := db.db.BeginTx(ctx, nil) + if err != nil { + return fmt.Errorf("failed to start transaction: %w", err) + } + defer func() { _ = tx.Rollback() }() + + if _, err := tx.ExecContext(ctx, `DELETE FROM "backend" WHERE id = $1`, id.String()); err != nil { + return fmt.Errorf("failed to run query: %w", err) + } + + if err := tx.Commit(); err != nil { + return fmt.Errorf("failed to commit transaction: %w", err) + } + return nil } func New(db *sql.DB) *sqlBackendDB { diff --git a/polyculeconnect/internal/model/backend.go b/polyculeconnect/internal/model/backend.go index a832d33..1453733 100644 --- a/polyculeconnect/internal/model/backend.go +++ b/polyculeconnect/internal/model/backend.go @@ -2,9 +2,15 @@ package model import "github.com/google/uuid" +type BackendOIDCConfig struct { + Issuer string + ClientID string + ClientSecret string + RedirectURI string +} + type Backend struct { ID uuid.UUID Name string - OIDCID string - OIDCSecret string + OIDCConfig BackendOIDCConfig } diff --git a/polyculeconnect/migrations/0_create_backend_table.up.sql b/polyculeconnect/migrations/0_create_backend_table.up.sql index 44c8d03..498fef0 100644 --- a/polyculeconnect/migrations/0_create_backend_table.up.sql +++ b/polyculeconnect/migrations/0_create_backend_table.up.sql @@ -1,4 +1,8 @@ CREATE TABLE "backend" ( id TEXT NOT NULL PRIMARY KEY, - name TEXT NOT NULL UNIQUE + name TEXT NOT NULL UNIQUE, + oidc_issuer TEXT NOT NULL, + oidc_client_id TEXT NOT NULL, + oidc_client_secret TEXT NOT NULL, + oidc_redirect_uri TEXT NOT NULL ); diff --git a/polyculeconnect/polyculeconnect.db b/polyculeconnect/polyculeconnect.db index 8709288..8cfa771 100644 Binary files a/polyculeconnect/polyculeconnect.db and b/polyculeconnect/polyculeconnect.db differ diff --git a/polyculeconnect/services/backend/backend.go b/polyculeconnect/services/backend/backend.go deleted file mode 100644 index 9f9d6f5..0000000 --- a/polyculeconnect/services/backend/backend.go +++ /dev/null @@ -1,123 +0,0 @@ -package backend - -import ( - "encoding/json" - "errors" - "fmt" - - "git.faercol.me/faercol/polyculeconnect/polyculeconnect/connector" - "github.com/dexidp/dex/connector/oidc" - "github.com/dexidp/dex/storage" -) - -var ErrUnsupportedType = errors.New("unsupported connector type") - -type BackendConfig struct { - ID string - Name string - Issuer string - ClientID string - ClientSecret string - RedirectURI string -} - -func (bc *BackendConfig) OIDC() oidc.Config { - return oidc.Config{ - Issuer: bc.Issuer, - ClientID: bc.ClientID, - ClientSecret: bc.ClientSecret, - RedirectURI: bc.RedirectURI, - } -} - -func (bc *BackendConfig) Storage() (storage.Connector, error) { - oidcJSON, err := json.Marshal(bc.OIDC()) - if err != nil { - return storage.Connector{}, fmt.Errorf("failed to serialize oidc config: %w", err) - } - - return storage.Connector{ - ID: bc.ID, - Type: "oidc", - Name: bc.Name, - Config: oidcJSON, - }, nil -} - -func (bc *BackendConfig) FromConnector(connector storage.Connector) error { - var oidc oidc.Config - if connector.Type != "oidc" { - return ErrUnsupportedType - } - if err := json.Unmarshal(connector.Config, &oidc); err != nil { - return fmt.Errorf("invalid OIDC config: %w", err) - } - bc.ID = connector.ID - bc.Name = connector.Name - bc.ClientID = oidc.ClientID - bc.ClientSecret = oidc.ClientSecret - bc.Issuer = oidc.Issuer - bc.RedirectURI = oidc.RedirectURI - return nil -} - -type Service interface { - ListBackends() ([]BackendConfig, error) - GetBackend(id string) (BackendConfig, error) - AddBackend(config BackendConfig) error - RemoveBackend(id string) error -} - -type concreteBackendService struct { - s storage.Storage -} - -func (cbs *concreteBackendService) ListBackends() ([]BackendConfig, error) { - connectors, err := cbs.s.ListConnectors() - if err != nil { - return nil, fmt.Errorf("failed to get connectors from storage: %w", err) - } - var res []BackendConfig - for _, c := range connectors { - - // We know that this type is special, we don't want to use it at all here - if c.Type == connector.TypeRefuseAll { - continue - } - - var b BackendConfig - if err := b.FromConnector(c); err != nil { - return res, err - } - res = append(res, b) - } - return res, nil -} - -func (cbs *concreteBackendService) GetBackend(connectorID string) (BackendConfig, error) { - c, err := cbs.s.GetConnector(connectorID) - if err != nil { - return BackendConfig{}, fmt.Errorf("failed to get connector from storage: %w", err) - } - var res BackendConfig - if err := res.FromConnector(c); err != nil { - return BackendConfig{}, err - } - return res, nil -} - -func (cbs *concreteBackendService) AddBackend(config BackendConfig) error { - storageConf, err := config.Storage() - if err != nil { - return fmt.Errorf("failed to create storage configuration: %w", err) - } - return cbs.s.CreateConnector(storageConf) -} - -func (cbs *concreteBackendService) RemoveBackend(connectorID string) error { - return cbs.s.DeleteConnector(connectorID) -} - -func New(s storage.Storage) Service { - return &concreteBackendService{s} -} diff --git a/polyculeconnect/services/backend/backend_test.go b/polyculeconnect/services/backend/backend_test.go deleted file mode 100644 index 4fde675..0000000 --- a/polyculeconnect/services/backend/backend_test.go +++ /dev/null @@ -1,215 +0,0 @@ -package backend_test - -import ( - "encoding/json" - "fmt" - "testing" - - "git.faercol.me/faercol/polyculeconnect/polyculeconnect/connector" - "git.faercol.me/faercol/polyculeconnect/polyculeconnect/services/backend" - "github.com/dexidp/dex/storage" - "github.com/dexidp/dex/storage/memory" - logt "github.com/sirupsen/logrus/hooks/test" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" -) - -const ( - testDomain string = "https://test.domain.com" - testClientID string = "this_is_an_id" - testClientSecret string = "this_is_a_secret" - testRedirectURI string = "http://127.0.0.1:5000/callback" - testConnectorName string = "Test connector" -) - -func generateConnector(id string) storage.Connector { - confJson := fmt.Sprintf(`{ - "issuer": "%s", - "clientID": "%s", - "clientSecret": "%s", - "redirectURI": "%s" -}`, testDomain, testClientID, testClientSecret, testRedirectURI) - storageConfig := storage.Connector{ - ID: id, - Name: testConnectorName, - Type: "oidc", - Config: []byte(confJson), - } - return storageConfig -} - -func generateConfig(id string) backend.BackendConfig { - return backend.BackendConfig{ - ID: id, - Name: testConnectorName, - Issuer: testDomain, - ClientID: testClientID, - ClientSecret: testClientSecret, - RedirectURI: testRedirectURI, - } -} - -func checkStrInMap(t *testing.T, vals map[string]interface{}, key, expected string) { - rawVal, ok := vals[key] - require.Truef(t, ok, "missing key %s", key) - strVal, ok := rawVal.(string) - require.Truef(t, ok, "invalid string format %v", rawVal) - assert.Equal(t, expected, strVal, "unexpected value") -} - -func initStorage(t *testing.T) storage.Storage { - logger, _ := logt.NewNullLogger() - s := memory.New(logger) - - require.NoError(t, s.CreateConnector(connector.RefuseAllConnectorConfig)) - require.NoError(t, s.CreateConnector(generateConnector("test0"))) - require.NoError(t, s.CreateConnector(generateConnector("test1"))) - - return s -} - -func TestBackendConfigFromConnector(t *testing.T) { - connector := generateConnector("test") - var bc backend.BackendConfig - require.NoError(t, bc.FromConnector(connector)) - - assert.Equal(t, testDomain, bc.Issuer) - assert.Equal(t, testClientID, bc.ClientID) - assert.Equal(t, testClientSecret, bc.ClientSecret) - assert.Equal(t, testRedirectURI, bc.RedirectURI) - assert.Equal(t, testConnectorName, bc.Name) - assert.Equal(t, "test", bc.ID) -} - -func TestBackendConfigInvalidType(t *testing.T) { - connector := generateConnector("test") - connector.Type = "test" - var bc backend.BackendConfig - assert.ErrorIs(t, bc.FromConnector(connector), backend.ErrUnsupportedType) -} - -func TestBackendConfigInvalidOIDCConfig(t *testing.T) { - connector := generateConnector("test") - connector.Config = []byte("toto") - var bc backend.BackendConfig - assert.ErrorContains(t, bc.FromConnector(connector), "invalid OIDC config") -} - -func TestOIDCConfigFromBackendConfig(t *testing.T) { - conf := generateConfig("test") - oidcConf := conf.OIDC() - - assert.Equal(t, testDomain, oidcConf.Issuer) - assert.Equal(t, testClientID, oidcConf.ClientID) - assert.Equal(t, testClientSecret, oidcConf.ClientSecret) - assert.Equal(t, testRedirectURI, oidcConf.RedirectURI) -} - -func TestConnectorConfigFromBackendConfig(t *testing.T) { - conf := generateConfig("test") - con, err := conf.Storage() - require.NoError(t, err) - - // The OIDC config is stored as JSON data, we just want the raw keys here - var oidcConf map[string]interface{} - require.NoError(t, json.Unmarshal(con.Config, &oidcConf)) - - assert.Equal(t, "oidc", con.Type) - assert.Equal(t, "test", con.ID) - assert.Equal(t, testConnectorName, con.Name) - checkStrInMap(t, oidcConf, "issuer", testDomain) - checkStrInMap(t, oidcConf, "clientID", testClientID) - checkStrInMap(t, oidcConf, "clientSecret", testClientSecret) - checkStrInMap(t, oidcConf, "redirectURI", testRedirectURI) -} - -func TestListBackendsEmpty(t *testing.T) { - logger, _ := logt.NewNullLogger() - s := memory.New(logger) - - // add the default refuse all connector, it should not be visible in the list - require.NoError(t, s.CreateConnector(connector.RefuseAllConnectorConfig)) - srv := backend.New(s) - - backends, err := srv.ListBackends() // empty list, and no error - require.NoError(t, err) - require.Len(t, backends, 0) -} - -func TestListBackendsNotEmpty(t *testing.T) { - s := initStorage(t) - srv := backend.New(s) - - backends, err := srv.ListBackends() // empty list, and no error - expectedIds := []string{"test0", "test1"} - require.NoError(t, err) - assert.Len(t, backends, 2) - for _, c := range backends { - assert.Contains(t, expectedIds, c.ID) - } -} - -func TestGetBackend(t *testing.T) { - s := initStorage(t) - srv := backend.New(s) - - t.Run("OK", func(t *testing.T) { - conf, err := srv.GetBackend("test0") - require.NoError(t, err) - assert.Equal(t, testDomain, conf.Issuer) - assert.Equal(t, testClientID, conf.ClientID) - assert.Equal(t, testClientSecret, conf.ClientSecret) - assert.Equal(t, testRedirectURI, conf.RedirectURI) - assert.Equal(t, testConnectorName, conf.Name) - assert.Equal(t, "test0", conf.ID) - }) - - t.Run("Not exist", func(t *testing.T) { - _, err := srv.GetBackend("toto") - assert.ErrorIs(t, err, storage.ErrNotFound) - }) - - t.Run("Invalid type", func(t *testing.T) { - _, err := srv.GetBackend("null") // null has a RefuseAll type, which is unsupported here - assert.ErrorIs(t, err, backend.ErrUnsupportedType) - }) -} - -func TestAddBackend(t *testing.T) { - s := initStorage(t) - srv := backend.New(s) - - t.Run("OK", func(t *testing.T) { - conf := generateConfig("test_add") - require.NoError(t, srv.AddBackend(conf)) - - var parsedConf backend.BackendConfig - storageConf, err := s.GetConnector("test_add") - require.NoError(t, err) - require.NoError(t, parsedConf.FromConnector(storageConf)) - assert.Equal(t, conf, parsedConf) - }) - - t.Run("Already exists", func(t *testing.T) { - require.ErrorIs(t, srv.AddBackend(generateConfig("test0")), storage.ErrAlreadyExists) - }) -} - -func TestRemoveBackend(t *testing.T) { - s := initStorage(t) - srv := backend.New(s) - - t.Run("OK", func(t *testing.T) { - require.NoError(t, srv.AddBackend(generateConfig("to_remove"))) - _, err := s.GetConnector("to_remove") - require.NoError(t, err) // no error means it's present - - require.NoError(t, srv.RemoveBackend("to_remove")) - _, err = s.GetConnector("to_remove") - assert.ErrorIs(t, err, storage.ErrNotFound) // means it's been deleted - }) - - t.Run("No present", func(t *testing.T) { - require.ErrorIs(t, srv.RemoveBackend("toto"), storage.ErrNotFound) - }) -}