Compare commits
1 commit
Author | SHA1 | Date | |
---|---|---|---|
4d0be8fe49 |
48 changed files with 534 additions and 1961 deletions
18
.envrc
18
.envrc
|
@ -1,18 +0,0 @@
|
|||
# Can be debug,info,warning,error
|
||||
export POLYCULECONNECT_LOG_LEVEL=debug
|
||||
|
||||
# Can be net,unix
|
||||
export POLYCULECONNECT_SERVER_MODE=net
|
||||
export POLYCULECONNECT_SERVER_HOST="0.0.0.0"
|
||||
export POLYCULECONNECT_SERVER_PORT="5000"
|
||||
# POLYCULECONNECT_SERVER_SOCK_PATH = ""
|
||||
|
||||
export POLYCULECONNECT_STORAGE_TYPE="sqlite"
|
||||
export POLYCULECONNECT_STORAGE_FILEPATH="./build/polyculeconnect.db"
|
||||
# POLYCULECONNECT_STORAGE_HOST = "127.0.0.1"
|
||||
# POLYCULECONNECT_STORAGE_PORT = "5432"
|
||||
# POLYCULECONNECT_STORAGE_DB = "polyculeconnect"
|
||||
# POLYCULECONNECT_STORAGE_USER = "polyculeconnect"
|
||||
# POLYCULECONNECT_STORAGE_PASSWORD = "polyculeconnect"
|
||||
# POLYCULECONNECT_STORAGE_SSL_MODE = "disable"
|
||||
# POLYCULECONNECT_STORAGE_SSL_CA_FILE = ""
|
|
@ -1,21 +0,0 @@
|
|||
on:
|
||||
push:
|
||||
branches:
|
||||
- "main"
|
||||
jobs:
|
||||
docker-build-push:
|
||||
runs-on: cth-ubuntu-latest
|
||||
steps:
|
||||
- name: set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v3
|
||||
- name: login to repository
|
||||
uses: docker/login-action@v3
|
||||
with:
|
||||
registry: git.faercol.me
|
||||
username: ${{ secrets.DOCKER_LOGIN }}
|
||||
password: ${{ secrets.DOCKER_PASSWORD }}
|
||||
- name: build and push image
|
||||
uses: docker/build-push-action@v6
|
||||
with:
|
||||
push: true
|
||||
tags: git.faercol.me/polyculeconnect/polyculeconnect:latest
|
|
@ -1,21 +0,0 @@
|
|||
on:
|
||||
push:
|
||||
tags:
|
||||
- "**"
|
||||
jobs:
|
||||
docker-build-push:
|
||||
runs-on: cth-ubuntu-latest
|
||||
steps:
|
||||
- name: set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v3
|
||||
- name: login to repository
|
||||
uses: docker/login-action@v3
|
||||
with:
|
||||
registry: git.faercol.me
|
||||
username: ${{ secrets.DOCKER_LOGIN }}
|
||||
password: ${{ secrets.DOCKER_PASSWORD }}
|
||||
- name: build and push image
|
||||
uses: docker/build-push-action@v6
|
||||
with:
|
||||
push: true
|
||||
tags: git.faercol.me/polyculeconnect/polyculeconnect:${{ gitea.ref_name }}
|
|
@ -1,16 +0,0 @@
|
|||
on:
|
||||
push:
|
||||
branches:
|
||||
- "**"
|
||||
- "!main"
|
||||
jobs:
|
||||
docker-build-only:
|
||||
runs-on: cth-ubuntu-latest
|
||||
steps:
|
||||
- name: set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v3
|
||||
- name: build image (build only)
|
||||
uses: docker/build-push-action@v6
|
||||
with:
|
||||
push: false
|
||||
tags: git.faercol.me/polyculeconnect/polyculeconnect
|
|
@ -1,17 +0,0 @@
|
|||
on:
|
||||
push:
|
||||
branches:
|
||||
- "**"
|
||||
jobs:
|
||||
go-test:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: Setup Go
|
||||
uses: actions/setup-go@v5
|
||||
with:
|
||||
go-version: 1.22
|
||||
- name: Run unit tests
|
||||
run: make -C polyculeconnect test
|
||||
- name: Build go package
|
||||
run: make -C polyculeconnect build
|
69
.woodpecker/deploy.yml
Normal file
69
.woodpecker/deploy.yml
Normal file
|
@ -0,0 +1,69 @@
|
|||
steps:
|
||||
docker-build-only:
|
||||
image: woodpeckerci/plugin-docker-buildx
|
||||
privileged: true
|
||||
settings:
|
||||
repo: git.faercol.me/polyculeconnect/polyculeconnect
|
||||
tags: latest
|
||||
dry_run: true
|
||||
build_args_from_env:
|
||||
- GOPROXY
|
||||
platforms:
|
||||
- linux/amd64
|
||||
# - linux/arm64
|
||||
environment:
|
||||
- GOPROXY=http://goproxy.home:3000
|
||||
when:
|
||||
- event: pull_request
|
||||
- event: push
|
||||
branch:
|
||||
exclude: [main]
|
||||
|
||||
docker-build-push:
|
||||
image: woodpeckerci/plugin-docker-buildx
|
||||
privileged: true
|
||||
settings:
|
||||
repo: git.faercol.me/polyculeconnect/polyculeconnect
|
||||
registry: git.faercol.me
|
||||
tags: latest
|
||||
build_args_from_env:
|
||||
- GOPROXY
|
||||
username:
|
||||
from_secret: git_username
|
||||
password:
|
||||
from_secret: git_password
|
||||
platforms:
|
||||
- linux/amd64
|
||||
# - linux/arm64
|
||||
environment:
|
||||
- GOPROXY=http://goproxy.home:3000
|
||||
when:
|
||||
- event: push
|
||||
branch: main
|
||||
|
||||
docker-push-tag:
|
||||
image: woodpeckerci/plugin-docker-buildx
|
||||
privileged: true
|
||||
settings:
|
||||
registry: git.faercol.me
|
||||
repo: git.faercol.me/polyculeconnect/polyculeconnect
|
||||
auto_tag: true
|
||||
build_args_from_env:
|
||||
- GOPROXY
|
||||
platforms:
|
||||
- linux/amd64
|
||||
# - linux/arm64
|
||||
username:
|
||||
from_secret: git_username
|
||||
password:
|
||||
from_secret: git_password
|
||||
environment:
|
||||
- GOPROXY=http://goproxy.home:3000
|
||||
when:
|
||||
- event: tag
|
||||
|
||||
depends_on:
|
||||
- test
|
||||
|
||||
when:
|
||||
event: [push, tag]
|
17
.woodpecker/test.yml
Normal file
17
.woodpecker/test.yml
Normal file
|
@ -0,0 +1,17 @@
|
|||
steps:
|
||||
go-test:
|
||||
image: golang
|
||||
commands:
|
||||
- make -C polyculeconnect test
|
||||
environment:
|
||||
- GOPROXY=http://goproxy.home:3000
|
||||
|
||||
go-build:
|
||||
image: golang
|
||||
commands:
|
||||
- make -C polyculeconnect build
|
||||
environment:
|
||||
- GOPROXY=http://goproxy.home:3000
|
||||
|
||||
when:
|
||||
event: [push, tag]
|
|
@ -1,14 +1,13 @@
|
|||
FROM --platform=$TARGETPLATFORM golang:1.20 AS builder
|
||||
ARG TARGETPLATFORM
|
||||
ARG BUILDPLATFORM
|
||||
ARG GOPROXY
|
||||
WORKDIR /go/src/git.faercol.me/polyculeconnect
|
||||
COPY polyculeconnect ./
|
||||
RUN make build
|
||||
|
||||
# Replace with from scratch later on
|
||||
FROM --platform=$TARGETPLATFORM debian:latest
|
||||
RUN apt-get update && \
|
||||
DEBIAN_FRONTEND=noninteractive apt-get -qq install ca-certificates
|
||||
FROM --platform=$TARGETPLATFORM alpine:latest
|
||||
WORKDIR /root
|
||||
COPY --from=builder go/src/git.faercol.me/polyculeconnect/build/polyculeconnect ./
|
||||
ADD polyculeconnect/robots.txt /root/
|
||||
|
@ -18,4 +17,4 @@ ADD polyculeconnect/templates /root/templates/
|
|||
VOLUME [ "/config" ]
|
||||
|
||||
ENTRYPOINT [ "./polyculeconnect" ]
|
||||
CMD [ "serve", "--config", "/config/config.json" ]
|
||||
CMD [ "-config", "/config/config.json" ]
|
||||
|
|
47
README.md
47
README.md
|
@ -1,6 +1,6 @@
|
|||
# PolyculeConnect
|
||||
|
||||
[![status-badge](https://git.faercol.me/PolyculeConnect/polycule-connect/badges/workflows/go-test.yml/badge.svg?branch=main)](https://ci-polycule-connect.chapoline.me/repos/1)
|
||||
[![status-badge](https://ci-polycule-connect.chapoline.me/api/badges/1/status.svg)](https://ci-polycule-connect.chapoline.me/repos/1)
|
||||
|
||||
![Project logo](./polyculeconnect/static/img/logo-text.png)
|
||||
|
||||
|
@ -10,13 +10,21 @@ TODO
|
|||
|
||||
## Configuration
|
||||
|
||||
As a temporary solution, the list of backends and applications, as well as the openconnect configuration
|
||||
can only be handled through the JSON config file.
|
||||
Here is an example config file
|
||||
|
||||
```json
|
||||
{
|
||||
"log": {
|
||||
"level": "debug" // debug,info,warn,error
|
||||
},
|
||||
"server": {
|
||||
"port": 5000, // only used in net mode
|
||||
"host": "0.0.0.0", // only used in net mode
|
||||
// "sock": "/your/sock.sock" // path to your unix sock if "mode" is set to "unix"
|
||||
"mode": "net" // net,unix
|
||||
},
|
||||
"openconnect": {
|
||||
"issuer": "https://polyculeconnect.domain",
|
||||
"issuer": "https://polyculeconnect.domain", // hostname of your polyculeconnect server
|
||||
"clients": [
|
||||
{
|
||||
"name": "<name>",
|
||||
|
@ -32,44 +40,19 @@ can only be handled through the JSON config file.
|
|||
"id": "<unique_id>",
|
||||
"name": "<human_readable_name>",
|
||||
"local": true,
|
||||
"type": "oidc",
|
||||
"type": "oidc", // must be "oidc" for now
|
||||
"config": {
|
||||
"issuer": "https://polyculeconnect.domain",
|
||||
"issuer": "https://polyculeconnect.domain", // must be the same as current issuer
|
||||
"clientID": "<client_id>",
|
||||
"clientSecret": "<client_secret>",
|
||||
"redirectURI": "<redirect_uri>"
|
||||
}
|
||||
}
|
||||
},
|
||||
]
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
The rest of the configuration is handled through environment variables
|
||||
|
||||
```ini
|
||||
# Can be debug,info,warning,error
|
||||
LOG_LEVEL = "info"
|
||||
|
||||
ISSUER = "http://localhost"
|
||||
|
||||
# Can be net,unix
|
||||
SERVER_MODE = "net"
|
||||
SERVER_HOST = "0.0.0.0"
|
||||
SERVER_PORT = "5000"
|
||||
# SERVER_SOCK_PATH = ""
|
||||
|
||||
STORAGE_TYPE = "sqlite"
|
||||
STORAGE_FILEPATH = "./build/polyculeconnect.db"
|
||||
# STORAGE_HOST = "127.0.0.1"
|
||||
# STORAGE_PORT = "5432"
|
||||
# STORAGE_DB = "polyculeconnect"
|
||||
# STORAGE_USER = "polyculeconnect"
|
||||
# STORAGE_PASSWORD = "polyculeconnect"
|
||||
# STORAGE_SSL_MODE = "disable"
|
||||
# STORAGE_SSL_CA_FILE = ""
|
||||
```
|
||||
|
||||
You can register multiple backend and multiple clients (applications)
|
||||
|
||||
## Running the server
|
||||
|
|
|
@ -1,102 +0,0 @@
|
|||
package cmd
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
|
||||
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/cmd/utils"
|
||||
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/services"
|
||||
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/services/app"
|
||||
"github.com/dexidp/dex/storage"
|
||||
"github.com/spf13/cobra"
|
||||
)
|
||||
|
||||
var (
|
||||
appID string
|
||||
appClientID string
|
||||
appClientSecret string
|
||||
appName string
|
||||
appRedirectURIs []string
|
||||
appInteractive bool
|
||||
)
|
||||
|
||||
var appAddCmd = &cobra.Command{
|
||||
Use: "add",
|
||||
Short: "Add a new app to the storage",
|
||||
Long: `Add a new app to the storage.
|
||||
|
||||
Parameters to provide:
|
||||
- id: Unique ID to represent the app in the storage
|
||||
- name: Human readable name to represent the app.
|
||||
- redirect-uri: list of allowed redirection URIs for this app
|
||||
|
||||
Optional parameters:
|
||||
- client-id: Client ID used by the OpenIDConnect protocol, automatically generated if not provided
|
||||
- client-secret: Client secret used by the OpenIDConnect protocol, automatically generated if not provided
|
||||
- interactive: Pass this parameter to use a prompt to pass unset parameters (client id and secret)`,
|
||||
Run: func(cmd *cobra.Command, args []string) {
|
||||
addNewApp()
|
||||
},
|
||||
}
|
||||
|
||||
func generateSecret(interactive bool, currentValue, valueName string) (string, error) {
|
||||
if currentValue != "" {
|
||||
return currentValue, nil
|
||||
}
|
||||
if !interactive {
|
||||
val, err := services.GenerateRandomHex(services.IDSecretSize)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("failed to generate %s: %w", valueName, err)
|
||||
}
|
||||
return val, nil
|
||||
}
|
||||
fmt.Printf("Enter value for %s, use an empty value to automatically generate it.\n", valueName)
|
||||
var enteredVal string
|
||||
fmt.Scanln(&enteredVal)
|
||||
if enteredVal == "" {
|
||||
return generateSecret(false, currentValue, valueName)
|
||||
}
|
||||
return enteredVal, nil
|
||||
}
|
||||
|
||||
func addNewApp() {
|
||||
c := utils.InitConfig("")
|
||||
s := utils.InitStorage(c)
|
||||
|
||||
clientID, err := generateSecret(appInteractive, appClientID, "client ID")
|
||||
if err != nil {
|
||||
utils.Fail(err.Error())
|
||||
}
|
||||
clientSecret, err := generateSecret(appInteractive, appClientSecret, "client secret")
|
||||
if err != nil {
|
||||
utils.Fail(err.Error())
|
||||
}
|
||||
|
||||
appConf := storage.Client{
|
||||
ID: clientID,
|
||||
Secret: clientSecret,
|
||||
Name: appName,
|
||||
RedirectURIs: appRedirectURIs,
|
||||
}
|
||||
if err := app.New(s).AddApp(appConf); err != nil {
|
||||
utils.Failf("Failed to add new app to storage: %s", err.Error())
|
||||
}
|
||||
|
||||
fmt.Printf("New app %s added.\n", appName)
|
||||
printProperty("Client ID", clientID, 1)
|
||||
printProperty("Client secret", clientSecret, 1)
|
||||
}
|
||||
|
||||
func init() {
|
||||
appCmd.AddCommand(appAddCmd)
|
||||
|
||||
appAddCmd.Flags().StringVarP(&appName, "name", "n", "", "Name to represent the app")
|
||||
appAddCmd.Flags().StringVarP(&appID, "id", "i", "", "ID to identify the app in the storage")
|
||||
appAddCmd.Flags().StringVarP(&appClientID, "client-id", "", "", "OpenIDConnect client secret")
|
||||
appAddCmd.Flags().StringVarP(&appClientSecret, "client-secret", "", "", "OpenIDConnect client secret")
|
||||
appAddCmd.Flags().StringSliceVarP(&appRedirectURIs, "redirect-uri", "r", []string{}, "Allowed redirect URI")
|
||||
|
||||
appAddCmd.Flags().BoolVar(&appInteractive, "interactive", false, "Set the client ID and secret in an interactive way")
|
||||
|
||||
appAddCmd.MarkFlagRequired("name")
|
||||
appAddCmd.MarkFlagRequired("redirect-uri")
|
||||
}
|
|
@ -1,28 +0,0 @@
|
|||
package cmd
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"strings"
|
||||
|
||||
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/cmd"
|
||||
"github.com/spf13/cobra"
|
||||
)
|
||||
|
||||
var appCmd = &cobra.Command{
|
||||
Use: "app",
|
||||
Short: "Handle client applications",
|
||||
Long: `Add, Remove or Show currently installed client applications`,
|
||||
}
|
||||
|
||||
func printProperty(key, value string, indent int) {
|
||||
prefix := strings.Repeat("\t", indent)
|
||||
keyStr := ""
|
||||
if key != "" {
|
||||
keyStr = key + ": "
|
||||
}
|
||||
fmt.Printf("%s- %s%s\n", prefix, keyStr, value)
|
||||
}
|
||||
|
||||
func init() {
|
||||
cmd.RootCmd.AddCommand(appCmd)
|
||||
}
|
|
@ -1,36 +0,0 @@
|
|||
package cmd
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
|
||||
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/cmd/utils"
|
||||
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/services/app"
|
||||
"github.com/dexidp/dex/storage"
|
||||
"github.com/spf13/cobra"
|
||||
)
|
||||
|
||||
var appRemoveCmd = &cobra.Command{
|
||||
Use: "remove <app_client_id>",
|
||||
Short: "Remove an app",
|
||||
Long: `Remove the app with the given ID from the database.`,
|
||||
Args: cobra.ExactArgs(1),
|
||||
Run: func(cmd *cobra.Command, args []string) {
|
||||
removeApp(args[0])
|
||||
},
|
||||
}
|
||||
|
||||
func removeApp(appID string) {
|
||||
s := utils.InitStorage(utils.InitConfig(""))
|
||||
|
||||
if err := app.New(s).RemoveApp(appID); err != nil {
|
||||
if !errors.Is(err, storage.ErrNotFound) {
|
||||
utils.Failf("Failed to remove app: %s", err.Error())
|
||||
}
|
||||
}
|
||||
fmt.Println("App deleted")
|
||||
}
|
||||
|
||||
func init() {
|
||||
appCmd.AddCommand(appRemoveCmd)
|
||||
}
|
|
@ -1,68 +0,0 @@
|
|||
package cmd
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
|
||||
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/cmd/utils"
|
||||
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/services/app"
|
||||
"github.com/dexidp/dex/storage"
|
||||
"github.com/spf13/cobra"
|
||||
)
|
||||
|
||||
var appShowCmd = &cobra.Command{
|
||||
Use: "show [app_id]",
|
||||
Short: "Display installed apps",
|
||||
Long: `Display the configuration for the apps.
|
||||
|
||||
Optional parameters:
|
||||
- app-id: id of the application to display. If empty, display the list of available apps instead`,
|
||||
Args: cobra.MaximumNArgs(1),
|
||||
Run: func(cmd *cobra.Command, args []string) {
|
||||
s := utils.InitStorage(utils.InitConfig(""))
|
||||
|
||||
if len(args) > 0 {
|
||||
showApp(args[0], app.New(s))
|
||||
} else {
|
||||
listApps(app.New(s))
|
||||
}
|
||||
},
|
||||
}
|
||||
|
||||
func showApp(appID string, appService app.Service) {
|
||||
appConfig, err := appService.GetApp(appID)
|
||||
if err != nil {
|
||||
if errors.Is(err, storage.ErrNotFound) {
|
||||
utils.Failf("App with ID %s does not exist\n", appID)
|
||||
}
|
||||
utils.Failf("Failed to get config for app %s: %q\n", appID, err.Error())
|
||||
}
|
||||
|
||||
fmt.Println("App config:")
|
||||
printProperty("Name", appConfig.Name, 1)
|
||||
printProperty("ID", appConfig.ID, 1)
|
||||
printProperty("Client secret", appConfig.Secret, 1)
|
||||
printProperty("Redirect URIs", "", 1)
|
||||
for _, uri := range appConfig.RedirectURIs {
|
||||
printProperty("", uri, 2)
|
||||
}
|
||||
}
|
||||
|
||||
func listApps(appService app.Service) {
|
||||
apps, err := appService.ListApps()
|
||||
if err != nil {
|
||||
utils.Failf("Failed to list apps: %q\n", err.Error())
|
||||
}
|
||||
|
||||
if len(apps) == 0 {
|
||||
fmt.Println("No app configured")
|
||||
return
|
||||
}
|
||||
for _, b := range apps {
|
||||
fmt.Printf("\t - %s: (%s)\n", b.ID, b.Name)
|
||||
}
|
||||
}
|
||||
|
||||
func init() {
|
||||
appCmd.AddCommand(appShowCmd)
|
||||
}
|
|
@ -1,73 +0,0 @@
|
|||
package cmd
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
|
||||
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/cmd/utils"
|
||||
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/logger"
|
||||
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/services/backend"
|
||||
"github.com/spf13/cobra"
|
||||
)
|
||||
|
||||
var (
|
||||
backendID string
|
||||
backendName string
|
||||
backendIssuer string
|
||||
backendClientID string
|
||||
backendClientSecret string
|
||||
)
|
||||
|
||||
var backendAddCmd = &cobra.Command{
|
||||
Use: "add",
|
||||
Short: "Add a new backend to the storage",
|
||||
Long: `Add a new backend to the storage.
|
||||
|
||||
Parameters to provide:
|
||||
- id: Unique ID to represent the backend in the storage
|
||||
- name: Human readable name to represent the backend. It will be used by
|
||||
the user in the authentication page to select a backend during
|
||||
authentication
|
||||
- issuer: Full hostname of the OIDC provider, e.g. 'https://github.com'
|
||||
- client-id: OIDC Client ID for the backend
|
||||
- client-secret OIDC Client secret for the backend`,
|
||||
Run: func(cmd *cobra.Command, args []string) {
|
||||
addNewBackend()
|
||||
},
|
||||
}
|
||||
|
||||
func addNewBackend() {
|
||||
c := utils.InitConfig("")
|
||||
logger.Init(c.LogLevel)
|
||||
s := utils.InitStorage(c)
|
||||
|
||||
if backendClientID == "" {
|
||||
utils.Fail("Empty client ID")
|
||||
}
|
||||
if backendClientSecret == "" {
|
||||
utils.Fail("Empty client secret")
|
||||
}
|
||||
|
||||
backendConf := backend.BackendConfig{
|
||||
Issuer: backendIssuer,
|
||||
ClientID: backendClientID,
|
||||
ClientSecret: backendClientSecret,
|
||||
RedirectURI: c.RedirectURI(),
|
||||
ID: backendID,
|
||||
Name: backendName,
|
||||
}
|
||||
if err := backend.New(s).AddBackend(backendConf); err != nil {
|
||||
utils.Failf("Failed to add new backend to storage: %s", err.Error())
|
||||
}
|
||||
|
||||
fmt.Printf("New backend %s added.\n", backendName)
|
||||
}
|
||||
|
||||
func init() {
|
||||
backendCmd.AddCommand(backendAddCmd)
|
||||
|
||||
backendAddCmd.Flags().StringVarP(&backendID, "id", "i", "", "ID to identify the backend in the storage")
|
||||
backendAddCmd.Flags().StringVarP(&backendName, "name", "n", "", "Name to represent the backend")
|
||||
backendAddCmd.Flags().StringVarP(&backendIssuer, "issuer", "d", "", "Full hostname of the backend")
|
||||
backendAddCmd.Flags().StringVarP(&backendClientID, "client-id", "", "", "OIDC Client ID for the backend")
|
||||
backendAddCmd.Flags().StringVarP(&backendClientSecret, "client-secret", "", "", "OIDC Client secret for the backend")
|
||||
}
|
|
@ -1,25 +0,0 @@
|
|||
package cmd
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
|
||||
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/cmd"
|
||||
"github.com/spf13/cobra"
|
||||
)
|
||||
|
||||
var backendCmd = &cobra.Command{
|
||||
Use: "backend",
|
||||
Short: "Handle authentication backends",
|
||||
Long: `Add, Remove or Show currently installed authentication backends`,
|
||||
Run: func(cmd *cobra.Command, args []string) {
|
||||
fmt.Println("backend called")
|
||||
},
|
||||
}
|
||||
|
||||
func printProperty(key, value string) {
|
||||
fmt.Printf("\t- %s: %s\n", key, value)
|
||||
}
|
||||
|
||||
func init() {
|
||||
cmd.RootCmd.AddCommand(backendCmd)
|
||||
}
|
|
@ -1,36 +0,0 @@
|
|||
package cmd
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
|
||||
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/cmd/utils"
|
||||
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/services/backend"
|
||||
"github.com/dexidp/dex/storage"
|
||||
"github.com/spf13/cobra"
|
||||
)
|
||||
|
||||
var backendRemoveCmd = &cobra.Command{
|
||||
Use: "remove <backend_id>",
|
||||
Short: "Remove a backend",
|
||||
Long: `Remove the backend with the given ID from the database.`,
|
||||
Args: cobra.ExactArgs(1),
|
||||
Run: func(cmd *cobra.Command, args []string) {
|
||||
removeBackend(args[0])
|
||||
},
|
||||
}
|
||||
|
||||
func removeBackend(backendID string) {
|
||||
s := utils.InitStorage(utils.InitConfig(""))
|
||||
|
||||
if err := backend.New(s).RemoveBackend(backendID); err != nil {
|
||||
if !errors.Is(err, storage.ErrNotFound) {
|
||||
utils.Failf("Failed to remove backend: %s", err.Error())
|
||||
}
|
||||
}
|
||||
fmt.Println("Backend deleted")
|
||||
}
|
||||
|
||||
func init() {
|
||||
backendCmd.AddCommand(backendRemoveCmd)
|
||||
}
|
|
@ -1,67 +0,0 @@
|
|||
package cmd
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
|
||||
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/cmd/utils"
|
||||
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/services/backend"
|
||||
"github.com/dexidp/dex/storage"
|
||||
"github.com/spf13/cobra"
|
||||
)
|
||||
|
||||
var backendShowCmd = &cobra.Command{
|
||||
Use: "show [backend_id]",
|
||||
Short: "Display installed backends",
|
||||
Long: `Display the configuration for the backends.
|
||||
|
||||
Optional parameters:
|
||||
- app-id: id of the backend to display. If empty, display the list of available backends instead`,
|
||||
Args: cobra.MaximumNArgs(1),
|
||||
Run: func(cmd *cobra.Command, args []string) {
|
||||
s := utils.InitStorage(utils.InitConfig(""))
|
||||
|
||||
if len(args) > 0 {
|
||||
showBackend(args[0], backend.New(s))
|
||||
} else {
|
||||
listBackends(backend.New(s))
|
||||
}
|
||||
},
|
||||
}
|
||||
|
||||
func showBackend(backendId string, backendService backend.Service) {
|
||||
backendConfig, err := backendService.GetBackend(backendId)
|
||||
if err != nil {
|
||||
if errors.Is(err, storage.ErrNotFound) {
|
||||
utils.Failf("Backend with ID %s does not exist\n", backendId)
|
||||
}
|
||||
utils.Failf("Failed to get config for backend %s: %q\n", backendId, err.Error())
|
||||
}
|
||||
|
||||
fmt.Println("Backend config:")
|
||||
printProperty("ID", backendConfig.ID)
|
||||
printProperty("Name", backendConfig.Name)
|
||||
printProperty("Issuer", backendConfig.Issuer)
|
||||
printProperty("Client ID", backendConfig.ClientID)
|
||||
printProperty("Client secret", backendConfig.ClientSecret)
|
||||
printProperty("Redirect URI", backendConfig.RedirectURI)
|
||||
}
|
||||
|
||||
func listBackends(backendService backend.Service) {
|
||||
backends, err := backendService.ListBackends()
|
||||
if err != nil {
|
||||
utils.Failf("Failed to list backends: %q\n", err.Error())
|
||||
}
|
||||
|
||||
if len(backends) == 0 {
|
||||
fmt.Println("No backend configured")
|
||||
return
|
||||
}
|
||||
for _, b := range backends {
|
||||
fmt.Printf("\t - %s: (%s) - %s\n", b.ID, b.Name, b.Issuer)
|
||||
}
|
||||
}
|
||||
|
||||
func init() {
|
||||
backendCmd.AddCommand(backendShowCmd)
|
||||
}
|
|
@ -1,55 +0,0 @@
|
|||
package db
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"os/exec"
|
||||
"syscall"
|
||||
|
||||
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/cmd/utils"
|
||||
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/config"
|
||||
"github.com/spf13/cobra"
|
||||
)
|
||||
|
||||
// connectCmd represents the db connect command
|
||||
var connectCmd = &cobra.Command{
|
||||
Use: "connect",
|
||||
Short: "Connect to the database",
|
||||
Long: `Connect to the database.`,
|
||||
Run: func(cmd *cobra.Command, args []string) {
|
||||
conf := utils.InitConfig("")
|
||||
if err := connectToDB(conf); err != nil {
|
||||
utils.Failf("Failed to connect to DB: %s", err.Error())
|
||||
}
|
||||
},
|
||||
}
|
||||
|
||||
func connectSQLite(conf *config.StorageConfig) error {
|
||||
path, err := exec.LookPath("sqlite3")
|
||||
if err != nil {
|
||||
if errors.Is(err, exec.ErrNotFound) {
|
||||
return errors.New("sqlite3 not installed")
|
||||
}
|
||||
return fmt.Errorf("failed to find sqlite3 executable: %w", err)
|
||||
}
|
||||
|
||||
if err := syscall.Exec(path, []string{path, conf.File}, nil); err != nil {
|
||||
return fmt.Errorf("failed to run sqlite3 command: %w", err)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func connectToDB(conf *config.AppConfig) error {
|
||||
switch conf.StorageType {
|
||||
case string(config.Memory):
|
||||
return errors.New("no DB associated with memory storage")
|
||||
case string(config.SQLite):
|
||||
return connectSQLite(conf.StorageConfig)
|
||||
default:
|
||||
return fmt.Errorf("unsupported storage type %q", conf.StorageType)
|
||||
}
|
||||
}
|
||||
|
||||
func init() {
|
||||
dbCmd.AddCommand(connectCmd)
|
||||
}
|
|
@ -1,17 +0,0 @@
|
|||
package db
|
||||
|
||||
import (
|
||||
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/cmd"
|
||||
"github.com/spf13/cobra"
|
||||
)
|
||||
|
||||
// dbCmd represents the db command
|
||||
var dbCmd = &cobra.Command{
|
||||
Use: "db",
|
||||
Short: "Manage the database",
|
||||
Long: `Manage the database.`,
|
||||
}
|
||||
|
||||
func init() {
|
||||
cmd.RootCmd.AddCommand(dbCmd)
|
||||
}
|
|
@ -1,50 +0,0 @@
|
|||
package db
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"os"
|
||||
|
||||
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/cmd/utils"
|
||||
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/config"
|
||||
"github.com/spf13/cobra"
|
||||
)
|
||||
|
||||
// destroyCmd represents the db destroy command
|
||||
var destroyCmd = &cobra.Command{
|
||||
Use: "destroy",
|
||||
Short: "Completely delete the current database",
|
||||
Long: `Delete the current database.`,
|
||||
Run: func(cmd *cobra.Command, args []string) {
|
||||
conf := utils.InitConfig("")
|
||||
if err := deleteDB(conf); err != nil {
|
||||
utils.Failf("Failed to connect to DB: %s", err.Error())
|
||||
}
|
||||
fmt.Println("DB deleted")
|
||||
},
|
||||
}
|
||||
|
||||
func deleteSqliteDB(path string) error {
|
||||
if err := os.Remove(path); err != nil {
|
||||
if errors.Is(err, os.ErrNotExist) { // if the file has already been deleted we don't want to fail here
|
||||
return nil
|
||||
}
|
||||
return fmt.Errorf("failed to delete SQLite file: %w", err)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func deleteDB(conf *config.AppConfig) error {
|
||||
switch conf.StorageType {
|
||||
case string(config.Memory):
|
||||
return errors.New("no DB to delete in memory mode")
|
||||
case string(config.SQLite):
|
||||
return deleteSqliteDB(conf.StorageConfig.File)
|
||||
default:
|
||||
return fmt.Errorf("unsupported storage type %q", conf.StorageType)
|
||||
}
|
||||
}
|
||||
|
||||
func init() {
|
||||
dbCmd.AddCommand(destroyCmd)
|
||||
}
|
|
@ -1,28 +0,0 @@
|
|||
package cmd
|
||||
|
||||
import (
|
||||
"os"
|
||||
|
||||
"github.com/spf13/cobra"
|
||||
)
|
||||
|
||||
// RootCmd represents the base command when called without any subcommands
|
||||
var RootCmd = &cobra.Command{
|
||||
Use: "polyculeconnect",
|
||||
Short: "You're in their DMs, I'm in their SSO",
|
||||
Long: `PolyculeConnect is a SSO OpenIDConnect provider which allows multiple authentication backends,
|
||||
and enables authentication federation among several infrastructures.`,
|
||||
}
|
||||
|
||||
// Execute adds all child commands to the root command and sets flags appropriately.
|
||||
// This is called by main.main(). It only needs to happen once to the rootCmd.
|
||||
func Execute() {
|
||||
err := RootCmd.Execute()
|
||||
if err != nil {
|
||||
os.Exit(1)
|
||||
}
|
||||
}
|
||||
|
||||
func init() {
|
||||
RootCmd.Root().CompletionOptions.DisableDefaultCmd = true
|
||||
}
|
|
@ -1,117 +0,0 @@
|
|||
package serve
|
||||
|
||||
import (
|
||||
"context"
|
||||
"os"
|
||||
"os/signal"
|
||||
"time"
|
||||
|
||||
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/cmd"
|
||||
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/cmd/utils"
|
||||
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/connector"
|
||||
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/logger"
|
||||
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/server"
|
||||
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/services"
|
||||
dex_server "github.com/dexidp/dex/server"
|
||||
"github.com/prometheus/client_golang/prometheus"
|
||||
"github.com/spf13/cobra"
|
||||
)
|
||||
|
||||
var configPath string
|
||||
|
||||
const stopTimeout = 10 * time.Second
|
||||
|
||||
// serveCmd represents the serve command
|
||||
var serveCmd = &cobra.Command{
|
||||
Use: "serve",
|
||||
Short: "Start the web server",
|
||||
Long: `Start the PolyculeConnect web server using the configuration defined through environment
|
||||
variables`,
|
||||
Run: func(cmd *cobra.Command, args []string) {
|
||||
serve()
|
||||
},
|
||||
}
|
||||
|
||||
func serve() {
|
||||
mainCtx, cancel := context.WithCancel(context.Background())
|
||||
|
||||
conf := utils.InitConfig(configPath)
|
||||
logger.Init(conf.LogLevel)
|
||||
logger.L.Infof("Initialized logger with level %v", conf.LogLevel)
|
||||
|
||||
storageType := utils.InitStorage(conf)
|
||||
logger.L.Infof("Initialized storage backend %q", conf.StorageType)
|
||||
dexConf := dex_server.Config{
|
||||
Web: dex_server.WebConfig{
|
||||
Dir: conf.StaticDir,
|
||||
Theme: "default",
|
||||
},
|
||||
Storage: storageType,
|
||||
Issuer: conf.Issuer,
|
||||
SupportedResponseTypes: []string{"code"},
|
||||
SkipApprovalScreen: false,
|
||||
AllowedOrigins: []string{"*"},
|
||||
Logger: logger.L,
|
||||
PrometheusRegistry: prometheus.NewRegistry(),
|
||||
}
|
||||
|
||||
logger.L.Info("Initializing authentication backends")
|
||||
|
||||
dex_server.ConnectorsConfig[connector.TypeRefuseAll] = func() dex_server.ConnectorConfig { return new(connector.RefuseAllConfig) }
|
||||
connectors, err := dexConf.Storage.ListConnectors()
|
||||
if err != nil {
|
||||
logger.L.Fatalf("Failed to get existing connectors: %s", err.Error())
|
||||
}
|
||||
var connectorIDs []string
|
||||
for _, conn := range connectors {
|
||||
connectorIDs = append(connectorIDs, conn.ID)
|
||||
}
|
||||
|
||||
if err := services.AddDefaultBackend(storageType); err != nil {
|
||||
logger.L.Errorf("Failed to add connector for backend RefuseAll to stage: %s", err.Error())
|
||||
}
|
||||
|
||||
dexSrv, err := dex_server.NewServer(mainCtx, dexConf)
|
||||
if err != nil {
|
||||
logger.L.Fatalf("Failed to init dex server: %s", err.Error())
|
||||
}
|
||||
|
||||
logger.L.Info("Initializing server")
|
||||
s, err := server.New(conf, dexSrv, logger.L)
|
||||
if err != nil {
|
||||
logger.L.Fatalf("Failed to initialize server: %s", err.Error())
|
||||
}
|
||||
|
||||
go s.Run(mainCtx)
|
||||
|
||||
c := make(chan os.Signal, 1)
|
||||
signal.Notify(c, os.Interrupt)
|
||||
|
||||
logger.L.Info("Application successfully started")
|
||||
|
||||
logger.L.Debug("Waiting for stop signal")
|
||||
select {
|
||||
case <-s.Done():
|
||||
logger.L.Fatal("Unexpected exit from server")
|
||||
case <-c:
|
||||
logger.L.Info("Stopping main application")
|
||||
cancel()
|
||||
}
|
||||
|
||||
logger.L.Debugf("Waiting %v for all daemons to stop", stopTimeout)
|
||||
select {
|
||||
case <-time.After(stopTimeout):
|
||||
logger.L.Fatalf("Failed to stop all daemons in the expected time")
|
||||
case <-s.Done():
|
||||
logger.L.Info("web server successfully stopped")
|
||||
}
|
||||
|
||||
logger.L.Info("Application successfully stopped")
|
||||
os.Exit(0)
|
||||
|
||||
}
|
||||
|
||||
func init() {
|
||||
cmd.RootCmd.AddCommand(serveCmd)
|
||||
serveCmd.Flags().StringVarP(&configPath, "config", "c", "config.json", "Path to the JSON configuration file")
|
||||
}
|
|
@ -1,40 +0,0 @@
|
|||
package utils
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"os"
|
||||
|
||||
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/config"
|
||||
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/services"
|
||||
"github.com/dexidp/dex/storage"
|
||||
)
|
||||
|
||||
// Fail displays the given error to stderr and exits the program with a returncode 1
|
||||
func Fail(errMsg string) {
|
||||
fmt.Fprintln(os.Stderr, errMsg)
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
// Fail displays the given formatted error to stderr and exits the program with a returncode 1
|
||||
func Failf(msg string, args ...any) {
|
||||
fmt.Fprintf(os.Stderr, msg+"\n", args...)
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
// InitConfig inits the configuration, and fails the program if an error occurs
|
||||
func InitConfig(configPath string) *config.AppConfig {
|
||||
conf, err := config.New(configPath)
|
||||
if err != nil {
|
||||
Failf("Failed to load the configuration: %s", err.Error())
|
||||
}
|
||||
return conf
|
||||
}
|
||||
|
||||
// Initstorage inits the storage, and fails the program if an error occurs
|
||||
func InitStorage(config *config.AppConfig) storage.Storage {
|
||||
s, err := services.InitStorage(config)
|
||||
if err != nil {
|
||||
Failf("Failed to init the storage: %s", err.Error())
|
||||
}
|
||||
return s
|
||||
}
|
|
@ -8,20 +8,36 @@ import (
|
|||
"os"
|
||||
|
||||
"github.com/dexidp/dex/connector/oidc"
|
||||
"github.com/kelseyhightower/envconfig"
|
||||
"github.com/dexidp/dex/storage"
|
||||
"github.com/sirupsen/logrus"
|
||||
)
|
||||
|
||||
const (
|
||||
envConfigPrefix = "POLYCULECONNECT"
|
||||
DefaultConfigPath = "/etc/polyculeconnect.json"
|
||||
)
|
||||
type ListeningMode int64
|
||||
|
||||
type ListeningMode string
|
||||
func (lm ListeningMode) String() string {
|
||||
mapping := map[ListeningMode]string{
|
||||
ModeNet: "net",
|
||||
ModeUnix: "unix",
|
||||
}
|
||||
val := mapping[lm]
|
||||
return val
|
||||
}
|
||||
|
||||
func listeningModeFromString(rawVal string) (ListeningMode, error) {
|
||||
mapping := map[string]ListeningMode{
|
||||
"unix": ModeUnix,
|
||||
"net": ModeNet,
|
||||
}
|
||||
if typedVal, ok := mapping[rawVal]; !ok {
|
||||
return ModeNet, fmt.Errorf("invalid listening mode %s", rawVal)
|
||||
} else {
|
||||
return typedVal, nil
|
||||
}
|
||||
}
|
||||
|
||||
const (
|
||||
ModeUnix ListeningMode = "unix"
|
||||
ModeNet ListeningMode = "net"
|
||||
ModeUnix ListeningMode = iota
|
||||
ModeNet
|
||||
)
|
||||
|
||||
type BackendConfigType string
|
||||
|
@ -31,29 +47,6 @@ const (
|
|||
SQLite BackendConfigType = "sqlite"
|
||||
)
|
||||
|
||||
const (
|
||||
defaultLogLevel = logrus.InfoLevel
|
||||
|
||||
defaultServerMode = ModeNet
|
||||
defaultServerHost = "0.0.0.0"
|
||||
defaultServerPort = 5000
|
||||
defaultServerSocket = ""
|
||||
defaultServerStaticDir = "./"
|
||||
|
||||
defaultIssuer = "http://localhost:5000"
|
||||
|
||||
defaultStorageType = Memory
|
||||
defaultStorageFile = "./polyculeconnect.db"
|
||||
defaultStorageHost = "127.0.0.1"
|
||||
defaultStoragePort = 5432
|
||||
defaultStorageDB = "polyculeconnect"
|
||||
defaultStorageUser = "polyculeconnect"
|
||||
defaultStoragePassword = "polyculeconnect"
|
||||
defaultStorageSSLMode = "disable"
|
||||
defaultStorageSSLCaFile = ""
|
||||
)
|
||||
|
||||
// Deprecated: remove when we finally drop the JSON config
|
||||
type BackendConfig struct {
|
||||
Config *oidc.Config `json:"config"`
|
||||
Name string `json:"name"`
|
||||
|
@ -62,104 +55,51 @@ type BackendConfig struct {
|
|||
Local bool `json:"local"`
|
||||
}
|
||||
|
||||
type SSLStorageConfig struct {
|
||||
Mode string `json:"mode" envconfig:"STORAGE_SSL_MODE"`
|
||||
CaFile string `json:"ca_file" envconfig:"STORAGE_SSL_CA_FILE"`
|
||||
type OpenConnectConfig struct {
|
||||
ClientConfigs []*storage.Client `json:"clients"`
|
||||
BackendConfigs []*BackendConfig `json:"backends"`
|
||||
Issuer string `json:"issuer"`
|
||||
}
|
||||
|
||||
type StorageConfig struct {
|
||||
File string `envconfig:"STORAGE_PATH"`
|
||||
Host string `envconfig:"STORAGE_HOST"`
|
||||
Port int `envconfig:"STORAGE_PORT"`
|
||||
Database string `envconfig:"STORAGE_DATABASE"`
|
||||
User string `envconfig:"STORAGE_USER"`
|
||||
Password string `envconfig:"STORAGE_PASSWORD"`
|
||||
SSL SSLStorageConfig
|
||||
}
|
||||
|
||||
type logConfig struct {
|
||||
Level string `json:"level"`
|
||||
}
|
||||
|
||||
type serverConfig struct {
|
||||
Mode string `json:"mode"`
|
||||
Host string `json:"host"`
|
||||
Port int `json:"port"`
|
||||
Sock string `json:"sock"`
|
||||
}
|
||||
|
||||
type jsonStorageConfig struct {
|
||||
Type string `json:"type"`
|
||||
File string `json:"path"`
|
||||
File string `json:"file"`
|
||||
Host string `json:"host"`
|
||||
Port int `json:"port"`
|
||||
Database string `json:"database"`
|
||||
User string `json:"user"`
|
||||
Password string `json:"password"`
|
||||
SSL SSLStorageConfig `json:"ssl"`
|
||||
Ssl struct {
|
||||
Mode string `json:"mode"`
|
||||
CaFile string `json:"caFile"`
|
||||
} `json:"ssl"`
|
||||
}
|
||||
|
||||
type jsonConf struct {
|
||||
LogConfig logConfig `json:"log"`
|
||||
ServerConfig serverConfig `json:"server"`
|
||||
StorageConfig jsonStorageConfig `json:"storage"`
|
||||
}
|
||||
|
||||
func (c *jsonConf) initValues(ac *AppConfig) {
|
||||
c.LogConfig = logConfig{Level: ac.LogLevel.String()}
|
||||
c.ServerConfig = serverConfig{
|
||||
Mode: string(ac.ServerMode),
|
||||
Host: ac.Host,
|
||||
Port: ac.Port,
|
||||
Sock: ac.SockPath,
|
||||
}
|
||||
c.StorageConfig = jsonStorageConfig{
|
||||
Type: ac.StorageType,
|
||||
File: ac.StorageConfig.File,
|
||||
Host: ac.StorageConfig.Host,
|
||||
Port: ac.StorageConfig.Port,
|
||||
Database: ac.StorageConfig.Database,
|
||||
User: ac.StorageConfig.User,
|
||||
Password: ac.StorageConfig.Password,
|
||||
SSL: ac.StorageConfig.SSL,
|
||||
}
|
||||
Log struct {
|
||||
Level string `json:"level"`
|
||||
} `json:"log"`
|
||||
Server struct {
|
||||
Host string `json:"host"`
|
||||
Port int `json:"port"`
|
||||
Mode string `json:"mode"`
|
||||
SockPath string `json:"sock"`
|
||||
} `json:"server"`
|
||||
Storage struct {
|
||||
StorageType string `json:"type"`
|
||||
Config *StorageConfig `json:"config"`
|
||||
} `json:"storage"`
|
||||
OpenConnectConfig *OpenConnectConfig `json:"openconnect"`
|
||||
}
|
||||
|
||||
type AppConfig struct {
|
||||
LogLevel logrus.Level `envconfig:"LOG_LEVEL"`
|
||||
ServerMode ListeningMode `envconfig:"SERVER_MODE"`
|
||||
Host string `envconfig:"SERVER_HOST"`
|
||||
Port int `envconfig:"SERVER_PORT"`
|
||||
SockPath string `envconfig:"SERVER_SOCK"`
|
||||
StorageType string `envconfig:"STORAGE_TYPE"`
|
||||
LogLevel logrus.Level
|
||||
ServerMode ListeningMode
|
||||
Host string
|
||||
Port int
|
||||
SockPath string
|
||||
StorageType string
|
||||
StorageConfig *StorageConfig
|
||||
Issuer string
|
||||
StaticDir string
|
||||
}
|
||||
|
||||
func defaultConfig() AppConfig {
|
||||
return AppConfig{
|
||||
LogLevel: defaultLogLevel,
|
||||
ServerMode: defaultServerMode,
|
||||
Host: defaultServerHost,
|
||||
Port: defaultServerPort,
|
||||
SockPath: defaultServerSocket,
|
||||
StorageType: string(defaultStorageType),
|
||||
StorageConfig: &StorageConfig{
|
||||
File: defaultStorageFile,
|
||||
Host: defaultStorageHost,
|
||||
Port: defaultServerPort,
|
||||
Database: defaultStorageDB,
|
||||
User: defaultStorageUser,
|
||||
Password: defaultStoragePassword,
|
||||
SSL: SSLStorageConfig{
|
||||
Mode: defaultStorageSSLMode,
|
||||
CaFile: defaultStorageSSLCaFile,
|
||||
},
|
||||
},
|
||||
Issuer: defaultIssuer,
|
||||
StaticDir: defaultServerStaticDir,
|
||||
}
|
||||
OpenConnectConfig *OpenConnectConfig
|
||||
}
|
||||
|
||||
func parseLevel(lvlStr string) logrus.Level {
|
||||
|
@ -173,54 +113,46 @@ func parseLevel(lvlStr string) logrus.Level {
|
|||
|
||||
func (ac *AppConfig) UnmarshalJSON(data []byte) error {
|
||||
var jsonConf jsonConf
|
||||
jsonConf.initValues(ac)
|
||||
|
||||
if err := json.Unmarshal(data, &jsonConf); err != nil {
|
||||
return fmt.Errorf("failed to read JSON: %w", err)
|
||||
}
|
||||
ac.LogLevel = parseLevel(jsonConf.Log.Level)
|
||||
|
||||
ac.LogLevel = parseLevel(jsonConf.LogConfig.Level)
|
||||
lm, err := listeningModeFromString(jsonConf.Server.Mode)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to parse server listening mode: %w", err)
|
||||
}
|
||||
|
||||
ac.ServerMode = ListeningMode(jsonConf.ServerConfig.Mode)
|
||||
ac.Host = jsonConf.ServerConfig.Host
|
||||
ac.Port = jsonConf.ServerConfig.Port
|
||||
ac.SockPath = jsonConf.ServerConfig.Sock
|
||||
|
||||
ac.StorageType = jsonConf.StorageConfig.Type
|
||||
ac.StorageConfig.File = jsonConf.StorageConfig.File
|
||||
ac.StorageConfig.Host = jsonConf.StorageConfig.Host
|
||||
ac.StorageConfig.Port = jsonConf.StorageConfig.Port
|
||||
ac.StorageConfig.Database = jsonConf.StorageConfig.Database
|
||||
ac.StorageConfig.User = jsonConf.StorageConfig.User
|
||||
ac.StorageConfig.Password = jsonConf.StorageConfig.Password
|
||||
ac.StorageConfig.SSL = jsonConf.StorageConfig.SSL
|
||||
ac.ServerMode = lm
|
||||
ac.SockPath = jsonConf.Server.SockPath
|
||||
ac.Host = jsonConf.Server.Host
|
||||
ac.Port = jsonConf.Server.Port
|
||||
ac.OpenConnectConfig = jsonConf.OpenConnectConfig
|
||||
ac.StorageType = jsonConf.Storage.StorageType
|
||||
ac.StorageConfig = jsonConf.Storage.Config
|
||||
return nil
|
||||
}
|
||||
|
||||
func (ac *AppConfig) RedirectURI() string {
|
||||
return ac.Issuer + "/callback"
|
||||
var defaultConfig AppConfig = AppConfig{
|
||||
LogLevel: logrus.InfoLevel,
|
||||
ServerMode: ModeNet,
|
||||
Host: "0.0.0.0",
|
||||
Port: 5000,
|
||||
StorageType: "memory",
|
||||
}
|
||||
|
||||
func New(filepath string) (*AppConfig, error) {
|
||||
conf := defaultConfig()
|
||||
content, err := os.ReadFile(filepath)
|
||||
if err != nil {
|
||||
if !errors.Is(err, fs.ErrNotExist) {
|
||||
if errors.Is(err, fs.ErrNotExist) {
|
||||
conf := defaultConfig
|
||||
return &conf, nil
|
||||
}
|
||||
return nil, fmt.Errorf("failed to read config file %q: %w", filepath, err)
|
||||
}
|
||||
} else {
|
||||
var conf AppConfig
|
||||
if err := json.Unmarshal(content, &conf); err != nil {
|
||||
return nil, fmt.Errorf("failed to parse config file: %w", err)
|
||||
}
|
||||
}
|
||||
if err := envconfig.Process(envConfigPrefix, &conf); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if err := envconfig.Process(envConfigPrefix, conf.StorageConfig); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if err := envconfig.Process(envConfigPrefix, &conf.StorageConfig.SSL); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &conf, nil
|
||||
}
|
||||
|
|
|
@ -10,176 +10,128 @@ import (
|
|||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
||||
func initJson(t *testing.T, content string) string {
|
||||
tmpPath := t.TempDir()
|
||||
confPath := path.Join(tmpPath, "config.json")
|
||||
err := os.WriteFile(confPath, []byte(content), 0o644)
|
||||
require.NoError(t, err)
|
||||
return confPath
|
||||
}
|
||||
|
||||
func setEnv(t *testing.T, envVars map[string]string) {
|
||||
for key, val := range envVars {
|
||||
t.Setenv(key, val)
|
||||
}
|
||||
func TestListeningModeString(t *testing.T) {
|
||||
assert.Equal(t, "net", ModeNet.String(), "Unexpected string value")
|
||||
assert.Equal(t, "unix", ModeUnix.String(), "Unexpected string value")
|
||||
}
|
||||
|
||||
// Test returning a default config when providing a path that does not exist
|
||||
func TestDefault(t *testing.T) {
|
||||
t.Run("no file", func(t *testing.T) {
|
||||
conf, err := New("/this/path/does/not/exist")
|
||||
require.NoError(t, err)
|
||||
assert.Equal(t, defaultConfig(), *conf)
|
||||
})
|
||||
|
||||
t.Run("empty config", func(t *testing.T) {
|
||||
confPath := initJson(t, `{}`)
|
||||
conf, err := New(confPath)
|
||||
require.NoError(t, err)
|
||||
assert.Equal(t, defaultConfig(), *conf)
|
||||
})
|
||||
if assert.Nil(t, err, "Unexpected error") {
|
||||
assert.Equal(t, defaultConfig, *conf, "Unexpected config")
|
||||
}
|
||||
}
|
||||
|
||||
// Since we still use a JSON conf for the OIDC config, we still need to check this for now
|
||||
// But as soon as the config file is not necessary, this will probably disappear
|
||||
func TestInvalidJSON(t *testing.T) {
|
||||
confPath := initJson(t, "toto")
|
||||
errMsg := "failed to parse config file: invalid character 'o' in literal true (expecting 'r')"
|
||||
// Test creating a valid config (net mode)
|
||||
func TestOKNet(t *testing.T) {
|
||||
tmpPath := t.TempDir()
|
||||
content := `{
|
||||
"log": {
|
||||
"level": "error"
|
||||
},
|
||||
"server": {
|
||||
"mode": "net",
|
||||
"host": "127.0.0.1",
|
||||
"port": 8888
|
||||
}
|
||||
}`
|
||||
confPath := path.Join(tmpPath, "config.json")
|
||||
require.Nil(t, os.WriteFile(confPath, []byte(content), 0o644), "Failed to write config")
|
||||
|
||||
expectedConf := AppConfig{
|
||||
LogLevel: logrus.ErrorLevel,
|
||||
ServerMode: ModeNet,
|
||||
Host: "127.0.0.1",
|
||||
Port: 8888,
|
||||
}
|
||||
conf, err := New(confPath)
|
||||
if assert.Nil(t, err, "Unexpected error") {
|
||||
assert.Equal(t, expectedConf, *conf, "Unexpected config")
|
||||
}
|
||||
}
|
||||
|
||||
// Test creating a valid config (unix mode)
|
||||
func TestOKUnix(t *testing.T) {
|
||||
tmpPath := t.TempDir()
|
||||
content := `{
|
||||
"log": {
|
||||
"level": "error"
|
||||
},
|
||||
"server": {
|
||||
"mode": "unix",
|
||||
"sock": "/run/toto.sock"
|
||||
}
|
||||
}`
|
||||
confPath := path.Join(tmpPath, "config.json")
|
||||
require.Nil(t, os.WriteFile(confPath, []byte(content), 0o644), "Failed to write config")
|
||||
|
||||
expectedConf := AppConfig{
|
||||
LogLevel: logrus.ErrorLevel,
|
||||
ServerMode: ModeUnix,
|
||||
SockPath: "/run/toto.sock",
|
||||
}
|
||||
conf, err := New(confPath)
|
||||
if assert.Nil(t, err, "Unexpected error") {
|
||||
assert.Equal(t, expectedConf, *conf, "Unexpected config")
|
||||
}
|
||||
}
|
||||
|
||||
// Test creating a valid config, no log level provided, should be info
|
||||
func TestOKNoLogLevel(t *testing.T) {
|
||||
tmpPath := t.TempDir()
|
||||
content := `{
|
||||
"server": {
|
||||
"mode": "net",
|
||||
"host": "127.0.0.1",
|
||||
"port": 8888
|
||||
}
|
||||
}`
|
||||
confPath := path.Join(tmpPath, "config.json")
|
||||
require.Nil(t, os.WriteFile(confPath, []byte(content), 0o644), "Failed to write config")
|
||||
|
||||
expectedConf := AppConfig{
|
||||
LogLevel: logrus.InfoLevel,
|
||||
ServerMode: ModeNet,
|
||||
Host: "127.0.0.1",
|
||||
Port: 8888,
|
||||
}
|
||||
conf, err := New(confPath)
|
||||
if assert.Nil(t, err, "Unexpected error") {
|
||||
assert.Equal(t, expectedConf, *conf, "Unexpected config")
|
||||
}
|
||||
}
|
||||
|
||||
// Test giving an invalid server mode
|
||||
func TestErrMode(t *testing.T) {
|
||||
tmpPath := t.TempDir()
|
||||
content := `{
|
||||
"log": {
|
||||
"level": "error"
|
||||
},
|
||||
"server": {
|
||||
"mode": "toto",
|
||||
"sock": "/run/toto.sock"
|
||||
}
|
||||
}`
|
||||
confPath := path.Join(tmpPath, "config.json")
|
||||
require.Nil(t, os.WriteFile(confPath, []byte(content), 0o644), "Failed to write config")
|
||||
|
||||
_, err := New(confPath)
|
||||
assert.ErrorContains(t, err, errMsg)
|
||||
if assert.Error(t, err, "Unexpected nil error") {
|
||||
errMsg := "failed to parse config file: failed to parse server listening mode: invalid listening mode toto"
|
||||
assert.Equal(t, errMsg, err.Error(), "Unexpected error message")
|
||||
}
|
||||
}
|
||||
|
||||
func TestJSONConfig(t *testing.T) {
|
||||
confPath := initJson(t, `{
|
||||
"log": {"level":"info"},
|
||||
"server": {
|
||||
"mode": "net",
|
||||
"host": "0.0.0.0",
|
||||
"port": 1337
|
||||
func TestInvalidJSON(t *testing.T) {
|
||||
tmpPath := t.TempDir()
|
||||
content := "toto"
|
||||
confPath := path.Join(tmpPath, "config.json")
|
||||
require.Nil(t, os.WriteFile(confPath, []byte(content), 0o644), "Failed to write config")
|
||||
_, err := New(confPath)
|
||||
if assert.Error(t, err, "Unexpected nil error") {
|
||||
errMsg := "failed to parse config file: invalid character 'o' in literal true (expecting 'r')"
|
||||
assert.Equal(t, errMsg, err.Error(), "Unexpected error message")
|
||||
}
|
||||
}`)
|
||||
|
||||
conf, err := New(confPath)
|
||||
require.NoError(t, err)
|
||||
|
||||
assert.Equal(t, ModeNet, conf.ServerMode)
|
||||
assert.Equal(t, "0.0.0.0", conf.Host)
|
||||
assert.Equal(t, 1337, conf.Port)
|
||||
}
|
||||
|
||||
func TestJSONConfigOverriden(t *testing.T) {
|
||||
confPath := initJson(t, `{
|
||||
"log": {"level":"info"},
|
||||
"server": {
|
||||
"mode": "net",
|
||||
"host": "0.0.0.0",
|
||||
"port": 1337
|
||||
}
|
||||
}`)
|
||||
|
||||
envVars := map[string]string{
|
||||
string("POLYCULECONNECT_SERVER_MODE"): string(ModeUnix),
|
||||
string("POLYCULECONNECT_SERVER_SOCK"): "/run/polyculeconnect.sock",
|
||||
}
|
||||
setEnv(t, envVars)
|
||||
|
||||
conf, err := New(confPath)
|
||||
require.NoError(t, err)
|
||||
|
||||
assert.Equal(t, ModeUnix, conf.ServerMode)
|
||||
assert.Equal(t, "0.0.0.0", conf.Host)
|
||||
assert.Equal(t, 1337, conf.Port)
|
||||
assert.Equal(t, "/run/polyculeconnect.sock", conf.SockPath)
|
||||
}
|
||||
|
||||
func TestHostNetMode(t *testing.T) {
|
||||
envVars := map[string]string{
|
||||
string("POLYCULECONNECT_SERVER_MODE"): string(ModeNet),
|
||||
string("POLYCULECONNECT_SERVER_HOST"): "127.0.0.1",
|
||||
string("POLYCULECONNECT_SERVER_PORT"): "8888",
|
||||
}
|
||||
setEnv(t, envVars)
|
||||
|
||||
conf, err := New("")
|
||||
require.NoError(t, err)
|
||||
|
||||
assert.Equal(t, ModeNet, conf.ServerMode)
|
||||
assert.Equal(t, "127.0.0.1", conf.Host)
|
||||
assert.Equal(t, 8888, conf.Port)
|
||||
}
|
||||
|
||||
func TestHostSocketMode(t *testing.T) {
|
||||
envVars := map[string]string{
|
||||
string("POLYCULECONNECT_SERVER_MODE"): string(ModeUnix),
|
||||
string("POLYCULECONNECT_SERVER_SOCK"): "/run/polyculeconnect.sock",
|
||||
}
|
||||
setEnv(t, envVars)
|
||||
|
||||
conf, err := New("")
|
||||
require.NoError(t, err)
|
||||
|
||||
assert.Equal(t, ModeUnix, conf.ServerMode)
|
||||
assert.Equal(t, "/run/polyculeconnect.sock", conf.SockPath)
|
||||
}
|
||||
|
||||
func TestLogLevel(t *testing.T) {
|
||||
envVars := map[string]string{
|
||||
string("POLYCULECONNECT_LOG_LEVEL"): "error",
|
||||
}
|
||||
setEnv(t, envVars)
|
||||
|
||||
conf, err := New("")
|
||||
require.NoError(t, err)
|
||||
|
||||
assert.Equal(t, logrus.ErrorLevel, conf.LogLevel)
|
||||
}
|
||||
|
||||
func TestSqliteConfig(t *testing.T) {
|
||||
envVars := map[string]string{
|
||||
string("POLYCULECONNECT_STORAGE_TYPE"): "sqlite",
|
||||
string("POLYCULECONNECT_STORAGE_PATH"): "/data/polyculeconnect.db",
|
||||
}
|
||||
setEnv(t, envVars)
|
||||
|
||||
conf, err := New("")
|
||||
require.NoError(t, err)
|
||||
|
||||
assert.Equal(t, string(SQLite), conf.StorageType)
|
||||
assert.Equal(t, "/data/polyculeconnect.db", conf.StorageConfig.File)
|
||||
}
|
||||
|
||||
func TestSqliteConfigJSON(t *testing.T) {
|
||||
confPath := initJson(t, `{
|
||||
"log": {"level":"info"},
|
||||
"storage": {
|
||||
"type": "sqlite",
|
||||
"path": "/data/polyculeconnect.db"
|
||||
}
|
||||
}`)
|
||||
|
||||
conf, err := New(confPath)
|
||||
require.NoError(t, err)
|
||||
|
||||
assert.Equal(t, string(SQLite), conf.StorageType)
|
||||
assert.Equal(t, "/data/polyculeconnect.db", conf.StorageConfig.File)
|
||||
}
|
||||
|
||||
func TestSqliteConfigJSONOverriden(t *testing.T) {
|
||||
confPath := initJson(t, `{
|
||||
"log": {"level":"info"},
|
||||
"storage": {
|
||||
"type": "sqlite",
|
||||
"path": "/data/polyculeconnect.db"
|
||||
}
|
||||
}`)
|
||||
|
||||
envVars := map[string]string{
|
||||
string("POLYCULECONNECT_STORAGE_PATH"): "/tmp/polyculeconnect.db",
|
||||
}
|
||||
setEnv(t, envVars)
|
||||
|
||||
conf, err := New(confPath)
|
||||
require.NoError(t, err)
|
||||
|
||||
assert.Equal(t, string(SQLite), conf.StorageType)
|
||||
assert.Equal(t, "/tmp/polyculeconnect.db", conf.StorageConfig.File)
|
||||
}
|
||||
|
|
|
@ -6,18 +6,8 @@ import (
|
|||
|
||||
"github.com/dexidp/dex/connector"
|
||||
"github.com/dexidp/dex/pkg/log"
|
||||
"github.com/dexidp/dex/storage"
|
||||
)
|
||||
|
||||
const TypeRefuseAll = "refuseAll"
|
||||
|
||||
var RefuseAllConnectorConfig storage.Connector = storage.Connector{
|
||||
ID: "null",
|
||||
Name: "RefuseAll",
|
||||
Type: TypeRefuseAll,
|
||||
Config: nil,
|
||||
}
|
||||
|
||||
type RefuseAllConfig struct{}
|
||||
|
||||
func (c *RefuseAllConfig) Open(id string, logger log.Logger) (connector.Connector, error) {
|
||||
|
|
|
@ -15,31 +15,22 @@ import (
|
|||
const StaticRoute = "/static/"
|
||||
|
||||
type StaticController struct {
|
||||
baseDir string
|
||||
}
|
||||
|
||||
func NewStaticController(baseDir string) *StaticController {
|
||||
return &StaticController{
|
||||
baseDir: baseDir,
|
||||
}
|
||||
}
|
||||
|
||||
func (sc *StaticController) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
||||
fs := http.FileServer(http.Dir(sc.baseDir + "/static"))
|
||||
fs := http.FileServer(http.Dir("./static"))
|
||||
http.StripPrefix(StaticRoute, fs).ServeHTTP(w, r)
|
||||
}
|
||||
|
||||
type IndexController struct {
|
||||
l *logrus.Logger
|
||||
downstreamConstroller http.Handler
|
||||
baseDir string
|
||||
}
|
||||
|
||||
func NewIndexController(l *logrus.Logger, downstream http.Handler, baseDir string) *IndexController {
|
||||
func NewIndexController(l *logrus.Logger, downstream http.Handler) *IndexController {
|
||||
return &IndexController{
|
||||
l: l,
|
||||
downstreamConstroller: downstream,
|
||||
baseDir: baseDir,
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -48,9 +39,9 @@ func (ic IndexController) serveUI(w http.ResponseWriter, r *http.Request) (int,
|
|||
"issuer": func() string { return "toto" },
|
||||
}
|
||||
|
||||
lp := filepath.Join(ic.baseDir, "templates", "index.html")
|
||||
hdrTpl := filepath.Join(ic.baseDir, "templates", "header.html")
|
||||
footTpl := filepath.Join(ic.baseDir, "templates", "footer.html")
|
||||
lp := filepath.Join("templates", "index.html")
|
||||
hdrTpl := filepath.Join("templates", "header.html")
|
||||
footTpl := filepath.Join("templates", "footer.html")
|
||||
tmpl, err := template.New("index.html").Funcs(funcs).ParseFiles(hdrTpl, footTpl, lp)
|
||||
if err != nil {
|
||||
return http.StatusInternalServerError, -1, fmt.Errorf("failed to init template: %w", err)
|
||||
|
|
|
@ -4,10 +4,8 @@ go 1.20
|
|||
|
||||
require (
|
||||
github.com/dexidp/dex v0.0.0-20231014000322-089f374d4f3e
|
||||
github.com/kelseyhightower/envconfig v1.4.0
|
||||
github.com/prometheus/client_golang v1.17.0
|
||||
github.com/sirupsen/logrus v1.9.3
|
||||
github.com/spf13/cobra v1.7.0
|
||||
github.com/stretchr/testify v1.8.4
|
||||
)
|
||||
|
||||
|
@ -40,7 +38,6 @@ require (
|
|||
github.com/gorilla/mux v1.8.0 // indirect
|
||||
github.com/huandu/xstrings v1.3.3 // indirect
|
||||
github.com/imdario/mergo v0.3.11 // indirect
|
||||
github.com/inconshreveable/mousetrap v1.1.0 // indirect
|
||||
github.com/jonboulle/clockwork v0.2.2 // indirect
|
||||
github.com/lib/pq v1.10.9 // indirect
|
||||
github.com/mattermost/xml-roundtrip-validator v0.1.0 // indirect
|
||||
|
@ -56,7 +53,6 @@ require (
|
|||
github.com/russellhaering/goxmldsig v1.4.0 // indirect
|
||||
github.com/shopspring/decimal v1.2.0 // indirect
|
||||
github.com/spf13/cast v1.4.1 // indirect
|
||||
github.com/spf13/pflag v1.0.5 // indirect
|
||||
go.opencensus.io v0.24.0 // indirect
|
||||
golang.org/x/crypto v0.14.0 // indirect
|
||||
golang.org/x/exp v0.0.0-20221004215720-b9f4876ce741 // indirect
|
||||
|
|
|
@ -28,7 +28,6 @@ github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDk
|
|||
github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
|
||||
github.com/coreos/go-oidc/v3 v3.6.0 h1:AKVxfYw1Gmkn/w96z0DbT/B/xFnzTd3MkZvWLjF4n/o=
|
||||
github.com/coreos/go-oidc/v3 v3.6.0/go.mod h1:ZpHUsHBucTUj6WOkrP4E20UPynbLZzhTQ1XKCXkxyPc=
|
||||
github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
|
||||
github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
|
||||
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
|
||||
|
@ -98,12 +97,8 @@ github.com/huandu/xstrings v1.3.3 h1:/Gcsuc1x8JVbJ9/rlye4xZnVAbEkGauT8lbebqcQws4
|
|||
github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
|
||||
github.com/imdario/mergo v0.3.11 h1:3tnifQM4i+fbajXKBHXWEH+KvNHqojZ778UH75j3bGA=
|
||||
github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
|
||||
github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
|
||||
github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
|
||||
github.com/jonboulle/clockwork v0.2.2 h1:UOGuzwb1PwsrDAObMuhUnj0p5ULPj8V/xJ7Kx9qUBdQ=
|
||||
github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8=
|
||||
github.com/kelseyhightower/envconfig v1.4.0 h1:Im6hONhd3pLkfDFsbRgu68RDNkGF1r3dvMUtDTo2cv8=
|
||||
github.com/kelseyhightower/envconfig v1.4.0/go.mod h1:cccZRl6mQpaq41TPp5QxidR+Sa3axMbJDNb//FQX6Gg=
|
||||
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
|
||||
github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
|
||||
github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
|
||||
|
@ -145,7 +140,6 @@ github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6po
|
|||
github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
|
||||
github.com/russellhaering/goxmldsig v1.4.0 h1:8UcDh/xGyQiyrW+Fq5t8f+l2DLB1+zlhYzkPUJ7Qhys=
|
||||
github.com/russellhaering/goxmldsig v1.4.0/go.mod h1:gM4MDENBQf7M+V824SGfyIUVFWydB7n0KkEubVJl+Tw=
|
||||
github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
|
||||
github.com/shopspring/decimal v1.2.0 h1:abSATXmQEYyShuxI4/vyW3tV1MrKAJzCZ/0zLUXYbsQ=
|
||||
github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
|
||||
github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
|
||||
|
@ -153,10 +147,6 @@ github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVs
|
|||
github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
|
||||
github.com/spf13/cast v1.4.1 h1:s0hze+J0196ZfEMTs80N7UlFt0BDuQ7Q+JDnHiMWKdA=
|
||||
github.com/spf13/cast v1.4.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
|
||||
github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I=
|
||||
github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0=
|
||||
github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
|
||||
github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
|
||||
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
|
||||
github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
|
||||
github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
|
||||
|
|
|
@ -1,13 +1,185 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/cmd"
|
||||
_ "git.faercol.me/faercol/polyculeconnect/polyculeconnect/cmd/app"
|
||||
_ "git.faercol.me/faercol/polyculeconnect/polyculeconnect/cmd/backend"
|
||||
_ "git.faercol.me/faercol/polyculeconnect/polyculeconnect/cmd/db"
|
||||
_ "git.faercol.me/faercol/polyculeconnect/polyculeconnect/cmd/serve"
|
||||
"context"
|
||||
"encoding/json"
|
||||
"flag"
|
||||
"fmt"
|
||||
"os"
|
||||
"os/signal"
|
||||
"time"
|
||||
|
||||
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/config"
|
||||
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/connector"
|
||||
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/logger"
|
||||
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/server"
|
||||
"github.com/dexidp/dex/connector/oidc"
|
||||
dex_server "github.com/dexidp/dex/server"
|
||||
"github.com/dexidp/dex/storage"
|
||||
"github.com/dexidp/dex/storage/memory"
|
||||
"github.com/dexidp/dex/storage/sql"
|
||||
"github.com/prometheus/client_golang/prometheus"
|
||||
)
|
||||
|
||||
func main() {
|
||||
cmd.Execute()
|
||||
const stopTimeout = 10 * time.Second
|
||||
|
||||
type cliArgs struct {
|
||||
configPath string
|
||||
}
|
||||
|
||||
func parseArgs() *cliArgs {
|
||||
configPath := flag.String("config", "", "Path to the JSON configuration file")
|
||||
|
||||
flag.Parse()
|
||||
|
||||
return &cliArgs{
|
||||
configPath: *configPath,
|
||||
}
|
||||
}
|
||||
|
||||
func initStorage(conf *config.AppConfig) (storage.Storage, error) {
|
||||
var storageType storage.Storage
|
||||
var err error
|
||||
switch conf.StorageType {
|
||||
case "memory":
|
||||
storageType = memory.New(logger.L)
|
||||
case "sqlite":
|
||||
sqlconfig := sql.SQLite3{
|
||||
File: conf.StorageConfig.File,
|
||||
}
|
||||
storageType, err = sqlconfig.Open(logger.L)
|
||||
if err != nil {
|
||||
logger.L.Fatalf("Failed to initialize sqlite backend: %s", err.Error())
|
||||
}
|
||||
default:
|
||||
return storageType, fmt.Errorf("unsupported storage backend type: %s", conf.StorageType)
|
||||
}
|
||||
return storageType, nil
|
||||
}
|
||||
|
||||
func createConnector(backend *config.BackendConfig, dexConf *dex_server.Config, connectorIDs []string) error {
|
||||
for _, id := range connectorIDs {
|
||||
if id == backend.ID {
|
||||
return nil
|
||||
}
|
||||
}
|
||||
|
||||
backendConfJson, err := json.Marshal(backend.Config)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to serialize oidc config for backend %q: %s", backend.Name, err.Error())
|
||||
}
|
||||
return dexConf.Storage.CreateConnector(storage.Connector{
|
||||
ID: backend.ID,
|
||||
Name: backend.Name,
|
||||
Type: string(backend.Type),
|
||||
Config: backendConfJson,
|
||||
})
|
||||
}
|
||||
|
||||
func main() {
|
||||
args := parseArgs()
|
||||
|
||||
mainCtx, cancel := context.WithCancel(context.Background())
|
||||
|
||||
conf, err := config.New(args.configPath)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
||||
logger.Init(conf.LogLevel)
|
||||
logger.L.Infof("Initialized logger with level %v", conf.LogLevel)
|
||||
|
||||
storageType, err := initStorage(conf)
|
||||
if err != nil {
|
||||
logger.L.Fatalf("Failed to initialize storage backend: %s", err.Error())
|
||||
}
|
||||
logger.L.Infof("Initialized storage backend %q", conf.StorageType)
|
||||
dexConf := dex_server.Config{
|
||||
Web: dex_server.WebConfig{
|
||||
Dir: "./",
|
||||
Theme: "default",
|
||||
},
|
||||
Storage: storageType,
|
||||
Issuer: conf.OpenConnectConfig.Issuer,
|
||||
SupportedResponseTypes: []string{"code"},
|
||||
SkipApprovalScreen: false,
|
||||
AllowedOrigins: []string{"*"},
|
||||
Logger: logger.L,
|
||||
PrometheusRegistry: prometheus.NewRegistry(),
|
||||
}
|
||||
|
||||
logger.L.Info("Initializing authentication backends")
|
||||
|
||||
dex_server.ConnectorsConfig["refuseAll"] = func() dex_server.ConnectorConfig { return new(connector.RefuseAllConfig) }
|
||||
connectors, err := dexConf.Storage.ListConnectors()
|
||||
if err != nil {
|
||||
logger.L.Fatalf("Failed to get existing connectors: %s", err.Error())
|
||||
}
|
||||
var connectorIDs []string
|
||||
for _, conn := range connectors {
|
||||
connectorIDs = append(connectorIDs, conn.ID)
|
||||
}
|
||||
|
||||
backend := config.BackendConfig{
|
||||
Config: &oidc.Config{},
|
||||
Name: "RefuseAll",
|
||||
ID: "null",
|
||||
Type: "refuseAll",
|
||||
}
|
||||
|
||||
if err := createConnector(&backend, &dexConf, connectorIDs); err != nil {
|
||||
logger.L.Errorf("Failed to add connector for backend RefuseAll to stage: %s", err.Error())
|
||||
}
|
||||
|
||||
for _, backend := range conf.OpenConnectConfig.BackendConfigs {
|
||||
if err := createConnector(backend, &dexConf, connectorIDs); err != nil {
|
||||
logger.L.Errorf("Failed to add connector for backend %q to stage: %s", backend.Name, err.Error())
|
||||
continue
|
||||
}
|
||||
}
|
||||
|
||||
logger.L.Info("Initializing clients")
|
||||
for _, client := range conf.OpenConnectConfig.ClientConfigs {
|
||||
if err := dexConf.Storage.CreateClient(*client); err != nil {
|
||||
logger.L.Errorf("Failed to add client to storage: %s", err.Error())
|
||||
}
|
||||
}
|
||||
|
||||
dexSrv, err := dex_server.NewServer(mainCtx, dexConf)
|
||||
if err != nil {
|
||||
logger.L.Fatalf("Failed to init dex server: %s", err.Error())
|
||||
}
|
||||
|
||||
logger.L.Info("Initializing server")
|
||||
s, err := server.New(conf, dexSrv, logger.L)
|
||||
if err != nil {
|
||||
logger.L.Fatalf("Failed to initialize server: %s", err.Error())
|
||||
}
|
||||
|
||||
go s.Run(mainCtx)
|
||||
|
||||
c := make(chan os.Signal, 1)
|
||||
signal.Notify(c, os.Interrupt)
|
||||
|
||||
logger.L.Info("Application successfully started")
|
||||
|
||||
logger.L.Debug("Waiting for stop signal")
|
||||
select {
|
||||
case <-s.Done():
|
||||
logger.L.Fatal("Unexpected exit from server")
|
||||
case <-c:
|
||||
logger.L.Info("Stopping main application")
|
||||
cancel()
|
||||
}
|
||||
|
||||
logger.L.Debugf("Waiting %v for all daemons to stop", stopTimeout)
|
||||
select {
|
||||
case <-time.After(stopTimeout):
|
||||
logger.L.Fatalf("Failed to stop all daemons in the expected time")
|
||||
case <-s.Done():
|
||||
logger.L.Info("web server successfully stopped")
|
||||
}
|
||||
|
||||
logger.L.Info("Application successfully stopped")
|
||||
os.Exit(0)
|
||||
}
|
||||
|
|
|
@ -64,8 +64,8 @@ func New(appConf *config.AppConfig, dexSrv *dex_server.Server, logger *logrus.Lo
|
|||
}
|
||||
|
||||
controllers := map[string]http.Handler{
|
||||
ui.StaticRoute: middlewares.WithLogger(ui.NewStaticController(appConf.StaticDir), logger),
|
||||
"/": middlewares.WithLogger(ui.NewIndexController(logger, dexSrv, appConf.StaticDir), logger),
|
||||
ui.StaticRoute: middlewares.WithLogger(&ui.StaticController{}, logger),
|
||||
"/": middlewares.WithLogger(ui.NewIndexController(logger, dexSrv), logger),
|
||||
}
|
||||
|
||||
m := http.NewServeMux()
|
||||
|
|
|
@ -1,34 +0,0 @@
|
|||
package app
|
||||
|
||||
import "github.com/dexidp/dex/storage"
|
||||
|
||||
type Service interface {
|
||||
ListApps() ([]storage.Client, error)
|
||||
GetApp(id string) (storage.Client, error)
|
||||
AddApp(config storage.Client) error
|
||||
RemoveApp(id string) error
|
||||
}
|
||||
|
||||
type concreteAppService struct {
|
||||
s storage.Storage
|
||||
}
|
||||
|
||||
func (cas *concreteAppService) ListApps() ([]storage.Client, error) {
|
||||
return cas.s.ListClients()
|
||||
}
|
||||
|
||||
func (cas *concreteAppService) GetApp(id string) (storage.Client, error) {
|
||||
return cas.s.GetClient(id)
|
||||
}
|
||||
|
||||
func (cas *concreteAppService) AddApp(config storage.Client) error {
|
||||
return cas.s.CreateClient(config)
|
||||
}
|
||||
|
||||
func (cas *concreteAppService) RemoveApp(id string) error {
|
||||
return cas.s.DeleteClient(id)
|
||||
}
|
||||
|
||||
func New(s storage.Storage) Service {
|
||||
return &concreteAppService{s}
|
||||
}
|
|
@ -1 +0,0 @@
|
|||
package app_test
|
|
@ -1,123 +0,0 @@
|
|||
package backend
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"fmt"
|
||||
|
||||
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/connector"
|
||||
"github.com/dexidp/dex/connector/oidc"
|
||||
"github.com/dexidp/dex/storage"
|
||||
)
|
||||
|
||||
var ErrUnsupportedType = errors.New("unsupported connector type")
|
||||
|
||||
type BackendConfig struct {
|
||||
ID string
|
||||
Name string
|
||||
Issuer string
|
||||
ClientID string
|
||||
ClientSecret string
|
||||
RedirectURI string
|
||||
}
|
||||
|
||||
func (bc *BackendConfig) OIDC() oidc.Config {
|
||||
return oidc.Config{
|
||||
Issuer: bc.Issuer,
|
||||
ClientID: bc.ClientID,
|
||||
ClientSecret: bc.ClientSecret,
|
||||
RedirectURI: bc.RedirectURI,
|
||||
}
|
||||
}
|
||||
|
||||
func (bc *BackendConfig) Storage() (storage.Connector, error) {
|
||||
oidcJSON, err := json.Marshal(bc.OIDC())
|
||||
if err != nil {
|
||||
return storage.Connector{}, fmt.Errorf("failed to serialize oidc config: %w", err)
|
||||
}
|
||||
|
||||
return storage.Connector{
|
||||
ID: bc.ID,
|
||||
Type: "oidc",
|
||||
Name: bc.Name,
|
||||
Config: oidcJSON,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (bc *BackendConfig) FromConnector(connector storage.Connector) error {
|
||||
var oidc oidc.Config
|
||||
if connector.Type != "oidc" {
|
||||
return ErrUnsupportedType
|
||||
}
|
||||
if err := json.Unmarshal(connector.Config, &oidc); err != nil {
|
||||
return fmt.Errorf("invalid OIDC config: %w", err)
|
||||
}
|
||||
bc.ID = connector.ID
|
||||
bc.Name = connector.Name
|
||||
bc.ClientID = oidc.ClientID
|
||||
bc.ClientSecret = oidc.ClientSecret
|
||||
bc.Issuer = oidc.Issuer
|
||||
bc.RedirectURI = oidc.RedirectURI
|
||||
return nil
|
||||
}
|
||||
|
||||
type Service interface {
|
||||
ListBackends() ([]BackendConfig, error)
|
||||
GetBackend(id string) (BackendConfig, error)
|
||||
AddBackend(config BackendConfig) error
|
||||
RemoveBackend(id string) error
|
||||
}
|
||||
|
||||
type concreteBackendService struct {
|
||||
s storage.Storage
|
||||
}
|
||||
|
||||
func (cbs *concreteBackendService) ListBackends() ([]BackendConfig, error) {
|
||||
connectors, err := cbs.s.ListConnectors()
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to get connectors from storage: %w", err)
|
||||
}
|
||||
var res []BackendConfig
|
||||
for _, c := range connectors {
|
||||
|
||||
// We know that this type is special, we don't want to use it at all here
|
||||
if c.Type == connector.TypeRefuseAll {
|
||||
continue
|
||||
}
|
||||
|
||||
var b BackendConfig
|
||||
if err := b.FromConnector(c); err != nil {
|
||||
return res, err
|
||||
}
|
||||
res = append(res, b)
|
||||
}
|
||||
return res, nil
|
||||
}
|
||||
|
||||
func (cbs *concreteBackendService) GetBackend(connectorID string) (BackendConfig, error) {
|
||||
c, err := cbs.s.GetConnector(connectorID)
|
||||
if err != nil {
|
||||
return BackendConfig{}, fmt.Errorf("failed to get connector from storage: %w", err)
|
||||
}
|
||||
var res BackendConfig
|
||||
if err := res.FromConnector(c); err != nil {
|
||||
return BackendConfig{}, err
|
||||
}
|
||||
return res, nil
|
||||
}
|
||||
|
||||
func (cbs *concreteBackendService) AddBackend(config BackendConfig) error {
|
||||
storageConf, err := config.Storage()
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to create storage configuration: %w", err)
|
||||
}
|
||||
return cbs.s.CreateConnector(storageConf)
|
||||
}
|
||||
|
||||
func (cbs *concreteBackendService) RemoveBackend(connectorID string) error {
|
||||
return cbs.s.DeleteConnector(connectorID)
|
||||
}
|
||||
|
||||
func New(s storage.Storage) Service {
|
||||
return &concreteBackendService{s}
|
||||
}
|
|
@ -1,215 +0,0 @@
|
|||
package backend_test
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"testing"
|
||||
|
||||
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/connector"
|
||||
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/services/backend"
|
||||
"github.com/dexidp/dex/storage"
|
||||
"github.com/dexidp/dex/storage/memory"
|
||||
logt "github.com/sirupsen/logrus/hooks/test"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
||||
const (
|
||||
testDomain string = "https://test.domain.com"
|
||||
testClientID string = "this_is_an_id"
|
||||
testClientSecret string = "this_is_a_secret"
|
||||
testRedirectURI string = "http://127.0.0.1:5000/callback"
|
||||
testConnectorName string = "Test connector"
|
||||
)
|
||||
|
||||
func generateConnector(id string) storage.Connector {
|
||||
confJson := fmt.Sprintf(`{
|
||||
"issuer": "%s",
|
||||
"clientID": "%s",
|
||||
"clientSecret": "%s",
|
||||
"redirectURI": "%s"
|
||||
}`, testDomain, testClientID, testClientSecret, testRedirectURI)
|
||||
storageConfig := storage.Connector{
|
||||
ID: id,
|
||||
Name: testConnectorName,
|
||||
Type: "oidc",
|
||||
Config: []byte(confJson),
|
||||
}
|
||||
return storageConfig
|
||||
}
|
||||
|
||||
func generateConfig(id string) backend.BackendConfig {
|
||||
return backend.BackendConfig{
|
||||
ID: id,
|
||||
Name: testConnectorName,
|
||||
Issuer: testDomain,
|
||||
ClientID: testClientID,
|
||||
ClientSecret: testClientSecret,
|
||||
RedirectURI: testRedirectURI,
|
||||
}
|
||||
}
|
||||
|
||||
func checkStrInMap(t *testing.T, vals map[string]interface{}, key, expected string) {
|
||||
rawVal, ok := vals[key]
|
||||
require.Truef(t, ok, "missing key %s", key)
|
||||
strVal, ok := rawVal.(string)
|
||||
require.Truef(t, ok, "invalid string format %v", rawVal)
|
||||
assert.Equal(t, expected, strVal, "unexpected value")
|
||||
}
|
||||
|
||||
func initStorage(t *testing.T) storage.Storage {
|
||||
logger, _ := logt.NewNullLogger()
|
||||
s := memory.New(logger)
|
||||
|
||||
require.NoError(t, s.CreateConnector(connector.RefuseAllConnectorConfig))
|
||||
require.NoError(t, s.CreateConnector(generateConnector("test0")))
|
||||
require.NoError(t, s.CreateConnector(generateConnector("test1")))
|
||||
|
||||
return s
|
||||
}
|
||||
|
||||
func TestBackendConfigFromConnector(t *testing.T) {
|
||||
connector := generateConnector("test")
|
||||
var bc backend.BackendConfig
|
||||
require.NoError(t, bc.FromConnector(connector))
|
||||
|
||||
assert.Equal(t, testDomain, bc.Issuer)
|
||||
assert.Equal(t, testClientID, bc.ClientID)
|
||||
assert.Equal(t, testClientSecret, bc.ClientSecret)
|
||||
assert.Equal(t, testRedirectURI, bc.RedirectURI)
|
||||
assert.Equal(t, testConnectorName, bc.Name)
|
||||
assert.Equal(t, "test", bc.ID)
|
||||
}
|
||||
|
||||
func TestBackendConfigInvalidType(t *testing.T) {
|
||||
connector := generateConnector("test")
|
||||
connector.Type = "test"
|
||||
var bc backend.BackendConfig
|
||||
assert.ErrorIs(t, bc.FromConnector(connector), backend.ErrUnsupportedType)
|
||||
}
|
||||
|
||||
func TestBackendConfigInvalidOIDCConfig(t *testing.T) {
|
||||
connector := generateConnector("test")
|
||||
connector.Config = []byte("toto")
|
||||
var bc backend.BackendConfig
|
||||
assert.ErrorContains(t, bc.FromConnector(connector), "invalid OIDC config")
|
||||
}
|
||||
|
||||
func TestOIDCConfigFromBackendConfig(t *testing.T) {
|
||||
conf := generateConfig("test")
|
||||
oidcConf := conf.OIDC()
|
||||
|
||||
assert.Equal(t, testDomain, oidcConf.Issuer)
|
||||
assert.Equal(t, testClientID, oidcConf.ClientID)
|
||||
assert.Equal(t, testClientSecret, oidcConf.ClientSecret)
|
||||
assert.Equal(t, testRedirectURI, oidcConf.RedirectURI)
|
||||
}
|
||||
|
||||
func TestConnectorConfigFromBackendConfig(t *testing.T) {
|
||||
conf := generateConfig("test")
|
||||
con, err := conf.Storage()
|
||||
require.NoError(t, err)
|
||||
|
||||
// The OIDC config is stored as JSON data, we just want the raw keys here
|
||||
var oidcConf map[string]interface{}
|
||||
require.NoError(t, json.Unmarshal(con.Config, &oidcConf))
|
||||
|
||||
assert.Equal(t, "oidc", con.Type)
|
||||
assert.Equal(t, "test", con.ID)
|
||||
assert.Equal(t, testConnectorName, con.Name)
|
||||
checkStrInMap(t, oidcConf, "issuer", testDomain)
|
||||
checkStrInMap(t, oidcConf, "clientID", testClientID)
|
||||
checkStrInMap(t, oidcConf, "clientSecret", testClientSecret)
|
||||
checkStrInMap(t, oidcConf, "redirectURI", testRedirectURI)
|
||||
}
|
||||
|
||||
func TestListBackendsEmpty(t *testing.T) {
|
||||
logger, _ := logt.NewNullLogger()
|
||||
s := memory.New(logger)
|
||||
|
||||
// add the default refuse all connector, it should not be visible in the list
|
||||
require.NoError(t, s.CreateConnector(connector.RefuseAllConnectorConfig))
|
||||
srv := backend.New(s)
|
||||
|
||||
backends, err := srv.ListBackends() // empty list, and no error
|
||||
require.NoError(t, err)
|
||||
require.Len(t, backends, 0)
|
||||
}
|
||||
|
||||
func TestListBackendsNotEmpty(t *testing.T) {
|
||||
s := initStorage(t)
|
||||
srv := backend.New(s)
|
||||
|
||||
backends, err := srv.ListBackends() // empty list, and no error
|
||||
expectedIds := []string{"test0", "test1"}
|
||||
require.NoError(t, err)
|
||||
assert.Len(t, backends, 2)
|
||||
for _, c := range backends {
|
||||
assert.Contains(t, expectedIds, c.ID)
|
||||
}
|
||||
}
|
||||
|
||||
func TestGetBackend(t *testing.T) {
|
||||
s := initStorage(t)
|
||||
srv := backend.New(s)
|
||||
|
||||
t.Run("OK", func(t *testing.T) {
|
||||
conf, err := srv.GetBackend("test0")
|
||||
require.NoError(t, err)
|
||||
assert.Equal(t, testDomain, conf.Issuer)
|
||||
assert.Equal(t, testClientID, conf.ClientID)
|
||||
assert.Equal(t, testClientSecret, conf.ClientSecret)
|
||||
assert.Equal(t, testRedirectURI, conf.RedirectURI)
|
||||
assert.Equal(t, testConnectorName, conf.Name)
|
||||
assert.Equal(t, "test0", conf.ID)
|
||||
})
|
||||
|
||||
t.Run("Not exist", func(t *testing.T) {
|
||||
_, err := srv.GetBackend("toto")
|
||||
assert.ErrorIs(t, err, storage.ErrNotFound)
|
||||
})
|
||||
|
||||
t.Run("Invalid type", func(t *testing.T) {
|
||||
_, err := srv.GetBackend("null") // null has a RefuseAll type, which is unsupported here
|
||||
assert.ErrorIs(t, err, backend.ErrUnsupportedType)
|
||||
})
|
||||
}
|
||||
|
||||
func TestAddBackend(t *testing.T) {
|
||||
s := initStorage(t)
|
||||
srv := backend.New(s)
|
||||
|
||||
t.Run("OK", func(t *testing.T) {
|
||||
conf := generateConfig("test_add")
|
||||
require.NoError(t, srv.AddBackend(conf))
|
||||
|
||||
var parsedConf backend.BackendConfig
|
||||
storageConf, err := s.GetConnector("test_add")
|
||||
require.NoError(t, err)
|
||||
require.NoError(t, parsedConf.FromConnector(storageConf))
|
||||
assert.Equal(t, conf, parsedConf)
|
||||
})
|
||||
|
||||
t.Run("Already exists", func(t *testing.T) {
|
||||
require.ErrorIs(t, srv.AddBackend(generateConfig("test0")), storage.ErrAlreadyExists)
|
||||
})
|
||||
}
|
||||
|
||||
func TestRemoveBackend(t *testing.T) {
|
||||
s := initStorage(t)
|
||||
srv := backend.New(s)
|
||||
|
||||
t.Run("OK", func(t *testing.T) {
|
||||
require.NoError(t, srv.AddBackend(generateConfig("to_remove")))
|
||||
_, err := s.GetConnector("to_remove")
|
||||
require.NoError(t, err) // no error means it's present
|
||||
|
||||
require.NoError(t, srv.RemoveBackend("to_remove"))
|
||||
_, err = s.GetConnector("to_remove")
|
||||
assert.ErrorIs(t, err, storage.ErrNotFound) // means it's been deleted
|
||||
})
|
||||
|
||||
t.Run("No present", func(t *testing.T) {
|
||||
require.ErrorIs(t, srv.RemoveBackend("toto"), storage.ErrNotFound)
|
||||
})
|
||||
}
|
|
@ -1,29 +0,0 @@
|
|||
package services
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
|
||||
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/config"
|
||||
dex_server "github.com/dexidp/dex/server"
|
||||
"github.com/dexidp/dex/storage"
|
||||
)
|
||||
|
||||
func CreateConnector(backend *config.BackendConfig, dexConf *dex_server.Config, connectorIDs []string) error {
|
||||
for _, id := range connectorIDs {
|
||||
if id == backend.ID {
|
||||
return nil
|
||||
}
|
||||
}
|
||||
|
||||
backendConfJson, err := json.Marshal(backend.Config)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to serialize oidc config for backend %q: %s", backend.Name, err.Error())
|
||||
}
|
||||
return dexConf.Storage.CreateConnector(storage.Connector{
|
||||
ID: backend.ID,
|
||||
Name: backend.Name,
|
||||
Type: string(backend.Type),
|
||||
Config: backendConfJson,
|
||||
})
|
||||
}
|
|
@ -1,34 +0,0 @@
|
|||
package services
|
||||
|
||||
import (
|
||||
"crypto/rand"
|
||||
"encoding/hex"
|
||||
"fmt"
|
||||
)
|
||||
|
||||
// size in bytes of the client ids and secrets
|
||||
const IDSecretSize = 32
|
||||
|
||||
func GenerateRandomHex(size int) (string, error) {
|
||||
raw := make([]byte, size)
|
||||
n, err := rand.Read(raw)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("failed to read from random generator: %w", err)
|
||||
}
|
||||
if n != size {
|
||||
return "", fmt.Errorf("failed to read from random generator (%d/%d)", n, size)
|
||||
}
|
||||
return hex.EncodeToString(raw), nil
|
||||
}
|
||||
|
||||
func GenerateClientIDSecret() (string, string, error) {
|
||||
clientID, err := GenerateRandomHex(IDSecretSize)
|
||||
if err != nil {
|
||||
return "", "", fmt.Errorf("failed to generate client id: %w", err)
|
||||
}
|
||||
clientSecret, err := GenerateRandomHex(IDSecretSize)
|
||||
if err != nil {
|
||||
return "", "", fmt.Errorf("failed to generate client secret: %w", err)
|
||||
}
|
||||
return clientID, clientSecret, nil
|
||||
}
|
|
@ -1,40 +0,0 @@
|
|||
package services
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
|
||||
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/config"
|
||||
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/connector"
|
||||
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/logger"
|
||||
"github.com/dexidp/dex/storage"
|
||||
"github.com/dexidp/dex/storage/memory"
|
||||
"github.com/dexidp/dex/storage/sql"
|
||||
)
|
||||
|
||||
func InitStorage(conf *config.AppConfig) (storage.Storage, error) {
|
||||
var storageType storage.Storage
|
||||
var err error
|
||||
switch conf.StorageType {
|
||||
case "memory":
|
||||
storageType = memory.New(logger.L)
|
||||
case "sqlite":
|
||||
sqlconfig := sql.SQLite3{
|
||||
File: conf.StorageConfig.File,
|
||||
}
|
||||
storageType, err = sqlconfig.Open(logger.L)
|
||||
if err != nil {
|
||||
logger.L.Fatalf("Failed to initialize sqlite backend: %s", err.Error())
|
||||
}
|
||||
default:
|
||||
return storageType, fmt.Errorf("unsupported storage backend type: %s", conf.StorageType)
|
||||
}
|
||||
return storageType, nil
|
||||
}
|
||||
|
||||
func AddDefaultBackend(s storage.Storage) error {
|
||||
if err := s.CreateConnector(connector.RefuseAllConnectorConfig); err != nil && !errors.Is(err, storage.ErrAlreadyExists) {
|
||||
return fmt.Errorf("failed to add default backend: %w", err)
|
||||
}
|
||||
return nil
|
||||
}
|
|
@ -1,5 +0,0 @@
|
|||
let approvalForm = document.getElementById("approvalform");
|
||||
|
||||
approvalForm.addEventListener("submit", (e) => {
|
||||
handleSuccess();
|
||||
});
|
|
@ -1,17 +0,0 @@
|
|||
const STATE_SUCCESS = "SUCCESS";
|
||||
const STATE_IN_PROGRESS = "IN PROGRESS"
|
||||
const STATE_EMPTY = "NO STATE"
|
||||
|
||||
const stateKey = "appState"
|
||||
|
||||
function getState() {
|
||||
state = localStorage.getItem(stateKey);
|
||||
if (state === null) {
|
||||
return STATE_EMPTY;
|
||||
}
|
||||
return state;
|
||||
}
|
||||
|
||||
function setState(value) {
|
||||
localStorage.setItem(stateKey, value);
|
||||
}
|
|
@ -1,6 +0,0 @@
|
|||
let backButton = document.getElementById("error-back");
|
||||
|
||||
backButton.addEventListener("click", (e) => {
|
||||
e.preventDefault();
|
||||
goBackToLogin();
|
||||
});
|
|
@ -1,11 +0,0 @@
|
|||
let connectorForm = document.getElementById("connectorform");
|
||||
|
||||
connectorForm.addEventListener("submit", (e) => {
|
||||
e.preventDefault();
|
||||
let connectorName = document.getElementById("cname").value;
|
||||
let rememberMe = document.getElementById("remember-me").checked;
|
||||
if (rememberMe === true) {
|
||||
localStorage.setItem(connectorNameKey, connectorName);
|
||||
}
|
||||
chooseConnector(connectorName);
|
||||
});
|
|
@ -1,47 +1,11 @@
|
|||
const connectorNameKey = "connectorName";
|
||||
const connectorIDParam = "connector_id";
|
||||
let connectorForm = document.getElementById("connectorform");
|
||||
|
||||
const urlParams = new URLSearchParams(window.location.search);
|
||||
connectorForm.addEventListener("submit", (e) => {
|
||||
e.preventDefault();
|
||||
|
||||
function chooseConnector(connectorName) {
|
||||
let nextURL = new URL(window.location.href);
|
||||
nextURL.searchParams.append(connectorIDParam, connectorName);
|
||||
setState(STATE_IN_PROGRESS);
|
||||
let connectorName = document.getElementById("cname").value;
|
||||
nextURL.searchParams.append("connector_id", connectorName)
|
||||
|
||||
window.location.href = nextURL;
|
||||
}
|
||||
|
||||
// Clean the cache in case previous authentication didn't succeed
|
||||
// in order not to get stuck in a login loop
|
||||
function handleFailedState() {
|
||||
if (getState() !== STATE_SUCCESS) {
|
||||
localStorage.removeItem(connectorNameKey);
|
||||
}
|
||||
}
|
||||
|
||||
// Add the connector name to local storage in case the auth succeeded
|
||||
// and the remember-me box was checked
|
||||
function handleSuccess(connectorName) {
|
||||
setState(STATE_SUCCESS);
|
||||
if (localStorage.getItem(rememberMeKey)) {
|
||||
localStorage.removeItem(rememberMeKey);
|
||||
localStorage.setItem(connectorNameKey, connectorName);
|
||||
}
|
||||
}
|
||||
|
||||
function handleLoginPage() {
|
||||
handleFailedState();
|
||||
let connectorName = localStorage.getItem(connectorNameKey);
|
||||
if (getState() === STATE_SUCCESS && connectorName != null) {
|
||||
chooseConnector(connectorName);
|
||||
}
|
||||
}
|
||||
|
||||
function goBackToLogin() {
|
||||
let nextURL = new URL(window.location.href);
|
||||
nextURL.searchParams.delete(connectorIDParam);
|
||||
window.location.href = nextURL;
|
||||
}
|
||||
|
||||
if (window.location.pathname === "/auth" && !urlParams.has(connectorIDParam)) {
|
||||
handleLoginPage();
|
||||
}
|
||||
});
|
||||
|
|
|
@ -1,107 +0,0 @@
|
|||
:root {
|
||||
--crust: #dce0e8;
|
||||
--mantle: #e6e9ef;
|
||||
--base: #eff1f5;
|
||||
--surface-0: #ccd0da;
|
||||
--surface-1: #bcc0cc;
|
||||
--surface-2: #acb0be;
|
||||
--overlay-0: #9ca0b0;
|
||||
--overlay-1: #8c8fa1;
|
||||
--overlay-2: #7c7f93;
|
||||
--subtext-0: #6c6f85;
|
||||
--subtext-1: #5c5f77;
|
||||
--text: #4c4f69;
|
||||
|
||||
--logo-purple: #340c46;
|
||||
--logo-yellow: #fcbf00;
|
||||
--logo-pink: #e50051;
|
||||
--logo-blue: #009fe3;
|
||||
}
|
||||
|
||||
body {
|
||||
background-color: var(--base);
|
||||
color: var(--text);
|
||||
margin: 0;
|
||||
}
|
||||
|
||||
.site-header {
|
||||
width: 100%;
|
||||
display: flex;
|
||||
padding: 10px;
|
||||
margin-bottom: 40px;
|
||||
|
||||
.site-logo img {
|
||||
height: 100px;
|
||||
}
|
||||
}
|
||||
|
||||
.container {
|
||||
background-color: var(--mantle);
|
||||
display: grid;
|
||||
grid-template-columns: 1;
|
||||
row-gap: 20px;
|
||||
padding: 15px 50px;
|
||||
max-width: 50%;
|
||||
width: fit-content;
|
||||
margin: auto;
|
||||
border: 1px solid var(--surface-0);
|
||||
border-radius: 5px;
|
||||
}
|
||||
|
||||
.container-content {
|
||||
margin-bottom: 10px;
|
||||
margin-top: 10px;
|
||||
}
|
||||
|
||||
.form-elements {
|
||||
display: grid;
|
||||
grid-template-columns: 1;
|
||||
row-gap: 10px;
|
||||
margin-bottom: 15px;
|
||||
padding: 0 10px;
|
||||
}
|
||||
|
||||
.form-buttons {
|
||||
display: flex;
|
||||
justify-content: space-between;
|
||||
}
|
||||
|
||||
.form-input {
|
||||
width: 100%;
|
||||
padding: 5px;
|
||||
box-sizing: border-box;
|
||||
}
|
||||
|
||||
.form-input::placeholder {
|
||||
color: var(--subtext-1);
|
||||
}
|
||||
|
||||
.form-checkbox {
|
||||
cursor: pointer;
|
||||
}
|
||||
|
||||
.form-checkbox-label {
|
||||
color: var(--subtext-0);
|
||||
font-size: small;
|
||||
}
|
||||
|
||||
.button {
|
||||
border: none;
|
||||
color: var(--mantle);
|
||||
padding: 5px 20px;
|
||||
border-radius: 3px;
|
||||
text-align: center;
|
||||
vertical-align: middle;
|
||||
text-decoration: none;
|
||||
display: inline-block;
|
||||
font-size: medium;
|
||||
cursor: pointer;
|
||||
}
|
||||
|
||||
.button-accept {
|
||||
background-color: var(--logo-blue);
|
||||
}
|
||||
|
||||
.button-cancel {
|
||||
background-color: var(--logo-pink);
|
||||
}
|
|
@ -1,37 +1,43 @@
|
|||
{{ template "header.html" . }}
|
||||
|
||||
<script src="/static/scripts/approval.js" defer></script>
|
||||
<div class="theme-panel">
|
||||
<h2 class="theme-heading">Grant Access</h2>
|
||||
|
||||
<div class="container">
|
||||
<div class="container-content">
|
||||
<hr class="dex-separator">
|
||||
<div>
|
||||
{{ if .Scopes }}
|
||||
<div>{{ .Client }} would like to:</div>
|
||||
<ul>
|
||||
<div class="dex-subtle-text">{{ .Client }} would like to:</div>
|
||||
<ul class="dex-list">
|
||||
{{ range $scope := .Scopes }}
|
||||
<li>{{ $scope }}</li>
|
||||
{{ end }}
|
||||
</ul>
|
||||
{{ else }}
|
||||
<div>{{ .Client }} has not requested any personal information</div>
|
||||
<div class="dex-subtle-text">{{ .Client }} has not requested any personal information</div>
|
||||
{{ end }}
|
||||
</div>
|
||||
<hr class="dex-separator">
|
||||
|
||||
<div class="form-buttons" id="approvalform">
|
||||
<form method="post" class="container-form">
|
||||
<div>
|
||||
<div class="theme-form-row">
|
||||
<form method="post">
|
||||
<input type="hidden" name="req" value="{{ .AuthReqID }}" />
|
||||
<input type="hidden" name="approval" value="approve">
|
||||
<button type="submit" class="button button-accept">
|
||||
<span>Grant Access</span>
|
||||
<button type="submit" class="dex-btn theme-btn--success">
|
||||
<span class="dex-btn-text">Grant Access</span>
|
||||
</button>
|
||||
</form>
|
||||
<form method="post" class="container-form">
|
||||
</div>
|
||||
<div class="theme-form-row">
|
||||
<form method="post">
|
||||
<input type="hidden" name="req" value="{{ .AuthReqID }}" />
|
||||
<input type="hidden" name="approval" value="rejected">
|
||||
<button type="submit" class="button button-cancel">
|
||||
<span>Cancel</span>
|
||||
<button type="submit" class="dex-btn theme-btn-provider">
|
||||
<span class="dex-btn-text">Cancel</span>
|
||||
</button>
|
||||
</form>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
</div>
|
||||
|
||||
|
|
|
@ -1,13 +1,8 @@
|
|||
{{ template "header.html" . }}
|
||||
|
||||
<script src="/static/scripts/error.js" defer></script>
|
||||
|
||||
<div class="container">
|
||||
<div class="container-content">
|
||||
<button id="error-back" class="button button-cancel">Back</button>
|
||||
<h2>{{ .ErrType }}</h2>
|
||||
<div class="theme-panel">
|
||||
<h2 class="theme-heading">{{ .ErrType }}</h2>
|
||||
<p>{{ .ErrMsg }}</p>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
{{ template "footer.html" . }}
|
|
@ -7,8 +7,6 @@
|
|||
<title>PolyculeConnect</title>
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
|
||||
<link rel="stylesheet" href="/static/style/index.css">
|
||||
|
||||
<link rel="apple-touch-icon" sizes="180x180" href="/static/icons/apple-touch-icon.png">
|
||||
<link rel="icon" type="image/png" sizes="32x32" href="/static/icons/favicon-32x32.png">
|
||||
<link rel="icon" type="image/png" sizes="16x16" href="/static/icons/favicon-16x16.png">
|
||||
|
@ -16,16 +14,6 @@
|
|||
<link rel="mask-icon" href="/static/icons/safari-pinned-tab.svg" color="#5bbad5">
|
||||
<meta name="msapplication-TileColor" content="#9f00a7">
|
||||
<meta name="theme-color" content="#ffffff">
|
||||
<script src="/static/scripts/appstate.js"></script>
|
||||
<script src="/static/scripts/index.js"></script>
|
||||
|
||||
</head>
|
||||
|
||||
<body>
|
||||
|
||||
<div class="site-header">
|
||||
<div class="site-logo">
|
||||
<img src="/static/img/logo-text.png" alt="PolyculeConnect website logo">
|
||||
</div>
|
||||
|
||||
</div>
|
|
@ -1,27 +1,13 @@
|
|||
{{ template "header.html" . }}
|
||||
|
||||
<script src="/static/scripts/form.js" defer></script>
|
||||
<script src="/static/scripts/index.js" defer></script>
|
||||
|
||||
<div class="container">
|
||||
<div class="container-content">
|
||||
Enter the service to use for login.
|
||||
</div>
|
||||
|
||||
<div class="container-content">
|
||||
<form action="" id="connectorform" class="container-form">
|
||||
<div class="form-elements">
|
||||
<input type="text" id="cname" name="connector_id" placeholder="Service name" required
|
||||
class="form-input">
|
||||
<div>
|
||||
<input type="checkbox" id="remember-me" name="remember_me" class="form-checkbox">
|
||||
<label for="remember-me" class="form-checkbox-label">Remember my choice</label>
|
||||
</div>
|
||||
</div>
|
||||
<div class="form-buttons">
|
||||
<input type="submit" class="button button-accept" value="Continue">
|
||||
</div>
|
||||
<form action="" id="connectorform">
|
||||
<label for="cname">Connector name</label>
|
||||
<input type="text" id="cname" name="connector_id">
|
||||
<input type="submit">
|
||||
</form>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
{{ template "footer.html" . }}
|
Loading…
Reference in a new issue