wip

.envrc

@@ -1,18 +1,18 @@
 # Can be debug,info,warning,error
-export POLYCULECONNECT_LOG_LEVEL=debug
+export LOG_LEVEL=debug
 
 # Can be net,unix
-export POLYCULECONNECT_SERVER_MODE=net
+export SERVER_MODE=net
-export POLYCULECONNECT_SERVER_HOST="0.0.0.0"
+export SERVER_HOST="0.0.0.0"
-export POLYCULECONNECT_SERVER_PORT="5000"
+export SERVER_PORT="5000"
-# POLYCULECONNECT_SERVER_SOCK_PATH = ""
+# SERVER_SOCK_PATH = ""
 
-export POLYCULECONNECT_STORAGE_TYPE="sqlite"
+export STORAGE_TYPE="sqlite"
-export POLYCULECONNECT_STORAGE_FILEPATH="./build/polyculeconnect.db"
+export STORAGE_FILEPATH="./build/polyculeconnect.db"
-# POLYCULECONNECT_STORAGE_HOST = "127.0.0.1"
+# STORAGE_HOST = "127.0.0.1"
-# POLYCULECONNECT_STORAGE_PORT = "5432"
+# STORAGE_PORT = "5432"
-# POLYCULECONNECT_STORAGE_DB = "polyculeconnect"
+# STORAGE_DB = "polyculeconnect"
-# POLYCULECONNECT_STORAGE_USER = "polyculeconnect"
+# STORAGE_USER = "polyculeconnect"
-# POLYCULECONNECT_STORAGE_PASSWORD = "polyculeconnect"
+# STORAGE_PASSWORD = "polyculeconnect"
-# POLYCULECONNECT_STORAGE_SSL_MODE = "disable"
+# STORAGE_SSL_MODE = "disable"
-# POLYCULECONNECT_STORAGE_SSL_CA_FILE = ""
+# STORAGE_SSL_CA_FILE = ""

.forgejo/workflows/docker-build-push-master.yml

@@ -1,21 +0,0 @@
-on:
-  push:
-    branches:
-      - "main"
-jobs:
-  docker-build-push:
-    runs-on: cth-ubuntu-latest
-    steps:
-      - name: set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-      - name: login to repository
-        uses: docker/login-action@v3
-        with:
-          registry: git.faercol.me
-          username: ${{ secrets.DOCKER_LOGIN }}
-          password: ${{ secrets.DOCKER_PASSWORD }}
-      - name: build and push image
-        uses: docker/build-push-action@v6
-        with:
-          push: true
-          tags: git.faercol.me/polyculeconnect/polyculeconnect:latest

.forgejo/workflows/docker-build-push-tag.yml

@@ -1,21 +0,0 @@
-on:
-  push:
-    tags:
-      - "**"
-jobs:
-  docker-build-push:
-    runs-on: cth-ubuntu-latest
-    steps:
-      - name: set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-      - name: login to repository
-        uses: docker/login-action@v3
-        with:
-          registry: git.faercol.me
-          username: ${{ secrets.DOCKER_LOGIN }}
-          password: ${{ secrets.DOCKER_PASSWORD }}
-      - name: build and push image
-        uses: docker/build-push-action@v6
-        with:
-          push: true
-          tags: git.faercol.me/polyculeconnect/polyculeconnect:${{ gitea.ref_name }}

.forgejo/workflows/docker-build.yml

@@ -1,16 +0,0 @@
-on:
-  push:
-    branches:
-      - "**"
-      - "!main"
-jobs:
-  docker-build-only:
-    runs-on: cth-ubuntu-latest
-    steps:
-      - name: set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-      - name: build image (build only)
-        uses: docker/build-push-action@v6
-        with:
-          push: false
-          tags: git.faercol.me/polyculeconnect/polyculeconnect

.forgejo/workflows/go-test.yml

@@ -1,17 +0,0 @@
-on:
-  push:
-    branches:
-      - "**"
-jobs:
-  go-test:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - name: Setup Go
-        uses: actions/setup-go@v5
-        with:
-          go-version: 1.22
-      - name: Run unit tests
-        run: make -C polyculeconnect test
-      - name: Build go package
-        run: make -C polyculeconnect build

.woodpecker/deploy.yml

@@ -0,0 +1,57 @@
+steps:
+  docker-build-only:
+    image: woodpeckerci/plugin-docker-buildx
+    privileged: true
+    settings:
+      repo: git.faercol.me/polyculeconnect/polyculeconnect
+      tags: latest
+      dry_run: true
+      platforms:
+        - linux/amd64
+        # - linux/arm64
+    when:
+      - event: pull_request
+      - event: push
+        branch:
+          exclude: [main]
+
+  docker-build-push:
+    image: woodpeckerci/plugin-docker-buildx
+    privileged: true
+    settings:
+      repo: git.faercol.me/polyculeconnect/polyculeconnect
+      registry: git.faercol.me
+      tags: latest
+      username:
+        from_secret: git_username
+      password:
+        from_secret: git_password
+      platforms:
+        - linux/amd64
+        # - linux/arm64
+    when:
+      - event: push
+        branch: main
+
+  docker-push-tag:
+    image: woodpeckerci/plugin-docker-buildx
+    privileged: true
+    settings:
+      registry: git.faercol.me
+      repo: git.faercol.me/polyculeconnect/polyculeconnect
+      auto_tag: true
+      platforms:
+        - linux/amd64
+        # - linux/arm64
+      username:
+        from_secret: git_username
+      password:
+        from_secret: git_password
+    when:
+      - event: tag
+
+depends_on:
+  - test
+
+when:
+  event: [push, tag]

.woodpecker/test.yml

@@ -0,0 +1,13 @@
+steps:
+  go-test:
+    image: golang
+    commands:
+      - make -C polyculeconnect test
+
+  go-build:
+    image: golang
+    commands:
+      - make -C polyculeconnect build
+
+when:
+  event: [push, tag]

README.md

@@ -1,6 +1,6 @@
 # PolyculeConnect
 
-[![status-badge](https://git.faercol.me/PolyculeConnect/polycule-connect/badges/workflows/go-test.yml/badge.svg?branch=main)](https://ci-polycule-connect.chapoline.me/repos/1)
+[![status-badge](https://ci-polycule-connect.chapoline.me/api/badges/1/status.svg)](https://ci-polycule-connect.chapoline.me/repos/1)
 
 ![Project logo](./polyculeconnect/static/img/logo-text.png)
 

polyculeconnect/cmd/app/remove.go

@@ -13,8 +13,10 @@ import (
 var appRemoveCmd = &cobra.Command{
 	Use:   "remove <app_client_id>",
 	Short: "Remove an app",
-	Long:  `Remove the app with the given ID from the database.`,
+	Long: `Remove the app with the given ID from the database.
-	Args:  cobra.ExactArgs(1),
+
+If the app is not found in the database, no error is returned`,
+	Args: cobra.ExactArgs(1),
 	Run: func(cmd *cobra.Command, args []string) {
 		removeApp(args[0])
 	},

polyculeconnect/cmd/app/show.go

@@ -15,8 +15,8 @@ var appShowCmd = &cobra.Command{
 	Short: "Display installed apps",
 	Long: `Display the configuration for the apps.
 
-Optional parameters:
+Pass the commands without arguments to display the list of currently installed apps
-- app-id: id of the application to display. If empty, display the list of available apps instead`,
+Pass the optional 'id' argument to display the configuration for this specific app`,
 	Args: cobra.MaximumNArgs(1),
 	Run: func(cmd *cobra.Command, args []string) {
 		s := utils.InitStorage(utils.InitConfig(""))

polyculeconnect/cmd/backend/backend.go

@@ -9,8 +9,13 @@ import (
 
 var backendCmd = &cobra.Command{
 	Use:   "backend",
-	Short: "Handle authentication backends",
+	Short: "A brief description of your command",
-	Long:  `Add, Remove or Show currently installed authentication backends`,
+	Long: `A longer description that spans multiple lines and likely contains examples
+and usage of using your command. For example:
+
+Cobra is a CLI library for Go that empowers applications.
+This application is a tool to generate the needed files
+to quickly create a Cobra application.`,
 	Run: func(cmd *cobra.Command, args []string) {
 		fmt.Println("backend called")
 	},

polyculeconnect/cmd/backend/remove.go

@@ -13,8 +13,10 @@ import (
 var backendRemoveCmd = &cobra.Command{
 	Use:   "remove <backend_id>",
 	Short: "Remove a backend",
-	Long:  `Remove the backend with the given ID from the database.`,
+	Long: `Remove the backend with the given ID from the database.
-	Args:  cobra.ExactArgs(1),
+
+If the backend is not found in the database, no error is returned`,
+	Args: cobra.ExactArgs(1),
 	Run: func(cmd *cobra.Command, args []string) {
 		removeBackend(args[0])
 	},

polyculeconnect/cmd/backend/show.go

@@ -15,8 +15,8 @@ var backendShowCmd = &cobra.Command{
 	Short: "Display installed backends",
 	Long: `Display the configuration for the backends.
 
-Optional parameters:
+Pass the commands without arguments to display the list of currently installed backends
-- app-id: id of the backend to display. If empty, display the list of available backends instead`,
+Pass the optional 'id' argument to display the configuration for this specific backend`,
 	Args: cobra.MaximumNArgs(1),
 	Run: func(cmd *cobra.Command, args []string) {
 		s := utils.InitStorage(utils.InitConfig(""))

polyculeconnect/cmd/db/connect.go

@@ -52,4 +52,14 @@ func connectToDB(conf *config.AppConfig) error {
 
 func init() {
 	dbCmd.AddCommand(connectCmd)
+
+	// Here you will define your flags and configuration settings.
+
+	// Cobra supports Persistent Flags which will work for this command
+	// and all subcommands, e.g.:
+	// dbCmd.PersistentFlags().String("foo", "", "A help for foo")
+
+	// Cobra supports local flags which will only run when this command
+	// is called directly, e.g.:
+	// dbCmd.Flags().BoolP("toggle", "t", false, "Help message for toggle")
 }

polyculeconnect/cmd/db/db.go

@@ -14,4 +14,14 @@ var dbCmd = &cobra.Command{
 
 func init() {
 	cmd.RootCmd.AddCommand(dbCmd)
+
+	// Here you will define your flags and configuration settings.
+
+	// Cobra supports Persistent Flags which will work for this command
+	// and all subcommands, e.g.:
+	// dbCmd.PersistentFlags().String("foo", "", "A help for foo")
+
+	// Cobra supports local flags which will only run when this command
+	// is called directly, e.g.:
+	// dbCmd.Flags().BoolP("toggle", "t", false, "Help message for toggle")
 }

polyculeconnect/cmd/db/destroy.go

@@ -47,4 +47,14 @@ func deleteDB(conf *config.AppConfig) error {
 
 func init() {
 	dbCmd.AddCommand(destroyCmd)
+
+	// Here you will define your flags and configuration settings.
+
+	// Cobra supports Persistent Flags which will work for this command
+	// and all subcommands, e.g.:
+	// dbCmd.PersistentFlags().String("foo", "", "A help for foo")
+
+	// Cobra supports local flags which will only run when this command
+	// is called directly, e.g.:
+	// dbCmd.Flags().BoolP("toggle", "t", false, "Help message for toggle")
 }

polyculeconnect/cmd/root.go

@@ -12,6 +12,9 @@ var RootCmd = &cobra.Command{
 	Short: "You're in their DMs, I'm in their SSO",
 	Long: `PolyculeConnect is a SSO OpenIDConnect provider which allows multiple authentication backends,
 and enables authentication federation among several infrastructures.`,
+	// Uncomment the following line if your bare application
+	// has an action associated with it:
+	// Run: func(cmd *cobra.Command, args []string) { },
 }
 
 // Execute adds all child commands to the root command and sets flags appropriately.
@@ -24,5 +27,16 @@ func Execute() {
 }
 
 func init() {
+	// Here you will define your flags and configuration settings.
+	// Cobra supports persistent flags, which, if defined here,
+	// will be global for your application.
+
+	// rootCmd.PersistentFlags().StringVar(&cfgFile, "config", "", "config file (default is $HOME/.polyculeconnect.yaml)")
+
+	// Cobra also supports local flags, which will only run
+	// when this action is called directly.
+	// rootCmd.Flags().BoolP("toggle", "t", false, "Help message for toggle")
+
+	// Disable the default `completion` command to generate the autocompletion files
 	RootCmd.Root().CompletionOptions.DisableDefaultCmd = true
 }

polyculeconnect/cmd/serve/serve.go

@@ -43,11 +43,11 @@ func serve() {
 	logger.L.Infof("Initialized storage backend %q", conf.StorageType)
 	dexConf := dex_server.Config{
 		Web: dex_server.WebConfig{
-			Dir:   conf.StaticDir,
+			Dir:   "./",
 			Theme: "default",
 		},
 		Storage:                storageType,
-		Issuer:                 conf.Issuer,
+		Issuer:                 conf.OpenConnectConfig.Issuer,
 		SupportedResponseTypes: []string{"code"},
 		SkipApprovalScreen:     false,
 		AllowedOrigins:         []string{"*"},
@@ -71,6 +71,20 @@ func serve() {
 		logger.L.Errorf("Failed to add connector for backend RefuseAll to stage: %s", err.Error())
 	}
 
+	for _, backend := range conf.OpenConnectConfig.BackendConfigs {
+		if err := services.CreateConnector(backend, &dexConf, connectorIDs); err != nil {
+			logger.L.Errorf("Failed to add connector for backend %q to stage: %s", backend.Name, err.Error())
+			continue
+		}
+	}
+
+	logger.L.Info("Initializing clients")
+	for _, client := range conf.OpenConnectConfig.ClientConfigs {
+		if err := dexConf.Storage.CreateClient(*client); err != nil {
+			logger.L.Errorf("Failed to add client to storage: %s", err.Error())
+		}
+	}
+
 	dexSrv, err := dex_server.NewServer(mainCtx, dexConf)
 	if err != nil {
 		logger.L.Fatalf("Failed to init dex server: %s", err.Error())
@@ -113,5 +127,15 @@ func serve() {
 
 func init() {
 	cmd.RootCmd.AddCommand(serveCmd)
+
+	// Here you will define your flags and configuration settings.
+
+	// Cobra supports Persistent Flags which will work for this command
+	// and all subcommands, e.g.:
+	// serveCmd.PersistentFlags().String("foo", "", "A help for foo")
+
+	// Cobra supports local flags which will only run when this command
+	// is called directly, e.g.:
+	// serveCmd.Flags().BoolP("toggle", "t", false, "Help message for toggle")
 	serveCmd.Flags().StringVarP(&configPath, "config", "c", "config.json", "Path to the JSON configuration file")
 }

polyculeconnect/config/config.go

@@ -8,13 +8,31 @@ import (
 	"os"
 
 	"github.com/dexidp/dex/connector/oidc"
-	"github.com/kelseyhightower/envconfig"
+	"github.com/dexidp/dex/storage"
 	"github.com/sirupsen/logrus"
 )
 
+type envVar string
+
 const (
-	envConfigPrefix   = "POLYCULECONNECT"
+	varLogLevel envVar = "LOG_LEVEL"
-	DefaultConfigPath = "/etc/polyculeconnect.json"
+
+	varServerMode   envVar = "SERVER_MODE"
+	varServerHost   envVar = "SERVER_HOST"
+	varServerPort   envVar = "SERVER_PORT"
+	varServerSocket envVar = "SERVER_SOCK_PATH"
+
+	varIssuer envVar = "ISSUER"
+
+	varStorageType      envVar = "STORAGE_TYPE"
+	varStorageFile      envVar = "STORAGE_FILEPATH"
+	varStorageHost      envVar = "STORAGE_HOST"
+	varStoragePort      envVar = "STORAGE_PORT"
+	varStorageDB        envVar = "STORAGE_DB"
+	varStorageUser      envVar = "STORAGE_USER"
+	varStoragePassword  envVar = "STORAGE_PASSWORD"
+	varStorageSSLMode   envVar = "STORAGE_SSL_MODE"
+	varStorageSSLCaFile envVar = "STORAGE_SSL_CA_FILE"
 )
 
 type ListeningMode string
@@ -34,11 +52,10 @@ const (
 const (
 	defaultLogLevel = logrus.InfoLevel
 
-	defaultServerMode      = ModeNet
+	defaultServerMode   = ModeNet
-	defaultServerHost      = "0.0.0.0"
+	defaultServerHost   = "0.0.0.0"
-	defaultServerPort      = 5000
+	defaultServerPort   = 5000
-	defaultServerSocket    = ""
+	defaultServerSocket = ""
-	defaultServerStaticDir = "./"
 
 	defaultIssuer = "http://localhost:5000"
 
@@ -62,104 +79,39 @@ type BackendConfig struct {
 	Local  bool              `json:"local"`
 }
 
-type SSLStorageConfig struct {
+// Deprecated: remove when we finally drop the JSON config
-	Mode   string `json:"mode" envconfig:"STORAGE_SSL_MODE"`
+type OpenConnectConfig struct {
-	CaFile string `json:"ca_file" envconfig:"STORAGE_SSL_CA_FILE"`
+	ClientConfigs  []*storage.Client `json:"clients"`
+	BackendConfigs []*BackendConfig  `json:"backends"`
+	Issuer         string            `json:"issuer"`
 }
 
 type StorageConfig struct {
-	File     string `envconfig:"STORAGE_PATH"`
+	File     string
-	Host     string `envconfig:"STORAGE_HOST"`
+	Host     string
-	Port     int    `envconfig:"STORAGE_PORT"`
+	Port     int
-	Database string `envconfig:"STORAGE_DATABASE"`
+	Database string
-	User     string `envconfig:"STORAGE_USER"`
+	User     string
-	Password string `envconfig:"STORAGE_PASSWORD"`
+	Password string
-	SSL      SSLStorageConfig
+	Ssl      struct {
-}
+		Mode   string
-
+		CaFile string
-type logConfig struct {
+	}
-	Level string `json:"level"`
-}
-
-type serverConfig struct {
-	Mode string `json:"mode"`
-	Host string `json:"host"`
-	Port int    `json:"port"`
-	Sock string `json:"sock"`
-}
-
-type jsonStorageConfig struct {
-	Type     string           `json:"type"`
-	File     string           `json:"path"`
-	Host     string           `json:"host" `
-	Port     int              `json:"port"`
-	Database string           `json:"database" `
-	User     string           `json:"user" `
-	Password string           `json:"password" `
-	SSL      SSLStorageConfig `json:"ssl"`
 }
 
 type jsonConf struct {
-	LogConfig     logConfig         `json:"log"`
+	OpenConnectConfig *OpenConnectConfig `json:"openconnect"`
-	ServerConfig  serverConfig      `json:"server"`
-	StorageConfig jsonStorageConfig `json:"storage"`
-}
-
-func (c *jsonConf) initValues(ac *AppConfig) {
-	c.LogConfig = logConfig{Level: ac.LogLevel.String()}
-	c.ServerConfig = serverConfig{
-		Mode: string(ac.ServerMode),
-		Host: ac.Host,
-		Port: ac.Port,
-		Sock: ac.SockPath,
-	}
-	c.StorageConfig = jsonStorageConfig{
-		Type:     ac.StorageType,
-		File:     ac.StorageConfig.File,
-		Host:     ac.StorageConfig.Host,
-		Port:     ac.StorageConfig.Port,
-		Database: ac.StorageConfig.Database,
-		User:     ac.StorageConfig.User,
-		Password: ac.StorageConfig.Password,
-		SSL:      ac.StorageConfig.SSL,
-	}
 }
 
 type AppConfig struct {
-	LogLevel      logrus.Level  `envconfig:"LOG_LEVEL"`
+	LogLevel          logrus.Level
-	ServerMode    ListeningMode `envconfig:"SERVER_MODE"`
+	ServerMode        ListeningMode
-	Host          string        `envconfig:"SERVER_HOST"`
+	Host              string
-	Port          int           `envconfig:"SERVER_PORT"`
+	Port              int
-	SockPath      string        `envconfig:"SERVER_SOCK"`
+	SockPath          string
-	StorageType   string        `envconfig:"STORAGE_TYPE"`
+	StorageType       string
-	StorageConfig *StorageConfig
+	StorageConfig     *StorageConfig
-	Issuer        string
+	OpenConnectConfig *OpenConnectConfig
-	StaticDir     string
-}
-
-func defaultConfig() AppConfig {
-	return AppConfig{
-		LogLevel:    defaultLogLevel,
-		ServerMode:  defaultServerMode,
-		Host:        defaultServerHost,
-		Port:        defaultServerPort,
-		SockPath:    defaultServerSocket,
-		StorageType: string(defaultStorageType),
-		StorageConfig: &StorageConfig{
-			File:     defaultStorageFile,
-			Host:     defaultStorageHost,
-			Port:     defaultServerPort,
-			Database: defaultStorageDB,
-			User:     defaultStorageUser,
-			Password: defaultStoragePassword,
-			SSL: SSLStorageConfig{
-				Mode:   defaultStorageSSLMode,
-				CaFile: defaultStorageSSLCaFile,
-			},
-		},
-		Issuer:    defaultIssuer,
-		StaticDir: defaultServerStaticDir,
-	}
 }
 
 func parseLevel(lvlStr string) logrus.Level {
@@ -173,36 +125,45 @@ func parseLevel(lvlStr string) logrus.Level {
 
 func (ac *AppConfig) UnmarshalJSON(data []byte) error {
 	var jsonConf jsonConf
-	jsonConf.initValues(ac)
-
 	if err := json.Unmarshal(data, &jsonConf); err != nil {
 		return fmt.Errorf("failed to read JSON: %w", err)
 	}
-
+	ac.OpenConnectConfig = jsonConf.OpenConnectConfig
-	ac.LogLevel = parseLevel(jsonConf.LogConfig.Level)
+	if ac.OpenConnectConfig == nil {
-
+		ac.OpenConnectConfig = &OpenConnectConfig{}
-	ac.ServerMode = ListeningMode(jsonConf.ServerConfig.Mode)
+	}
-	ac.Host = jsonConf.ServerConfig.Host
-	ac.Port = jsonConf.ServerConfig.Port
-	ac.SockPath = jsonConf.ServerConfig.Sock
-
-	ac.StorageType = jsonConf.StorageConfig.Type
-	ac.StorageConfig.File = jsonConf.StorageConfig.File
-	ac.StorageConfig.Host = jsonConf.StorageConfig.Host
-	ac.StorageConfig.Port = jsonConf.StorageConfig.Port
-	ac.StorageConfig.Database = jsonConf.StorageConfig.Database
-	ac.StorageConfig.User = jsonConf.StorageConfig.User
-	ac.StorageConfig.Password = jsonConf.StorageConfig.Password
-	ac.StorageConfig.SSL = jsonConf.StorageConfig.SSL
 	return nil
 }
 
+func (ac *AppConfig) getConfFromEnv() {
+	ac.LogLevel = parseLevel(getStringFromEnv(varLogLevel, defaultLogLevel.String()))
+
+	ac.ServerMode = ListeningMode(getStringFromEnv(varServerMode, string(defaultServerMode)))
+	ac.Host = getStringFromEnv(varServerHost, defaultServerHost)
+	ac.Port = getIntFromEnv(varServerPort, defaultServerPort)
+	ac.SockPath = getStringFromEnv(varServerSocket, defaultServerSocket)
+
+	ac.StorageType = getStringFromEnv(varStorageType, string(defaultStorageType))
+	ac.StorageConfig.Database = getStringFromEnv(varStorageDB, defaultStorageDB)
+	ac.StorageConfig.File = getStringFromEnv(varStorageFile, defaultStorageFile)
+	ac.StorageConfig.Host = getStringFromEnv(varStorageHost, defaultStorageHost)
+	ac.StorageConfig.Port = getIntFromEnv(varStoragePort, defaultStoragePort)
+	ac.StorageConfig.User = getStringFromEnv(varStorageUser, defaultStorageUser)
+	ac.StorageConfig.Password = getStringFromEnv(varStoragePassword, defaultStoragePassword)
+	ac.StorageConfig.Ssl.CaFile = getStringFromEnv(varStorageSSLCaFile, defaultStorageSSLCaFile)
+	ac.StorageConfig.Ssl.Mode = getStringFromEnv(varStorageSSLMode, defaultStorageSSLMode)
+
+	ac.OpenConnectConfig.Issuer = getStringFromEnv(varIssuer, defaultIssuer)
+}
+
 func (ac *AppConfig) RedirectURI() string {
-	return ac.Issuer + "/callback"
+	return ac.OpenConnectConfig.Issuer + "/callback"
 }
 
 func New(filepath string) (*AppConfig, error) {
-	conf := defaultConfig()
+	var conf AppConfig
+	conf.StorageConfig = &StorageConfig{}
+	conf.OpenConnectConfig = &OpenConnectConfig{}
 	content, err := os.ReadFile(filepath)
 	if err != nil {
 		if !errors.Is(err, fs.ErrNotExist) {
@@ -213,14 +174,6 @@ func New(filepath string) (*AppConfig, error) {
 			return nil, fmt.Errorf("failed to parse config file: %w", err)
 		}
 	}
-	if err := envconfig.Process(envConfigPrefix, &conf); err != nil {
+	conf.getConfFromEnv()
-		return nil, err
-	}
-	if err := envconfig.Process(envConfigPrefix, conf.StorageConfig); err != nil {
-		return nil, err
-	}
-	if err := envconfig.Process(envConfigPrefix, &conf.StorageConfig.SSL); err != nil {
-		return nil, err
-	}
 	return &conf, nil
 }

polyculeconnect/config/config_test.go

@@ -10,6 +10,30 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
+var defaultConfig = AppConfig{
+	LogLevel:    defaultLogLevel,
+	ServerMode:  defaultServerMode,
+	Host:        defaultServerHost,
+	Port:        defaultServerPort,
+	SockPath:    defaultServerSocket,
+	StorageType: string(defaultStorageType),
+	StorageConfig: &StorageConfig{
+		File:     defaultStorageFile,
+		Host:     defaultStorageHost,
+		Port:     defaultStoragePort,
+		Database: defaultStorageDB,
+		User:     defaultStorageUser,
+		Password: defaultStoragePassword,
+		Ssl: struct {
+			Mode   string
+			CaFile string
+		}{Mode: defaultStorageSSLMode, CaFile: defaultStorageSSLCaFile},
+	},
+	OpenConnectConfig: &OpenConnectConfig{
+		Issuer: defaultIssuer,
+	},
+}
+
 func initJson(t *testing.T, content string) string {
 	tmpPath := t.TempDir()
 	confPath := path.Join(tmpPath, "config.json")
@@ -28,14 +52,14 @@ func TestDefault(t *testing.T) {
 	t.Run("no file", func(t *testing.T) {
 		conf, err := New("/this/path/does/not/exist")
 		require.NoError(t, err)
-		assert.Equal(t, defaultConfig(), *conf)
+		assert.Equal(t, defaultConfig, *conf)
 	})
 
 	t.Run("empty config", func(t *testing.T) {
 		confPath := initJson(t, `{}`)
 		conf, err := New(confPath)
 		require.NoError(t, err)
-		assert.Equal(t, defaultConfig(), *conf)
+		assert.Equal(t, defaultConfig, *conf)
 	})
 }
 
@@ -48,54 +72,11 @@ func TestInvalidJSON(t *testing.T) {
 	assert.ErrorContains(t, err, errMsg)
 }
 
-func TestJSONConfig(t *testing.T) {
-	confPath := initJson(t, `{
-	"log": {"level":"info"},
-	"server": {
-		"mode": "net",
-		"host": "0.0.0.0",
-		"port": 1337
-	}
-}`)
-
-	conf, err := New(confPath)
-	require.NoError(t, err)
-
-	assert.Equal(t, ModeNet, conf.ServerMode)
-	assert.Equal(t, "0.0.0.0", conf.Host)
-	assert.Equal(t, 1337, conf.Port)
-}
-
-func TestJSONConfigOverriden(t *testing.T) {
-	confPath := initJson(t, `{
-	"log": {"level":"info"},
-	"server": {
-		"mode": "net",
-		"host": "0.0.0.0",
-		"port": 1337
-	}
-}`)
-
-	envVars := map[string]string{
-		string("POLYCULECONNECT_SERVER_MODE"): string(ModeUnix),
-		string("POLYCULECONNECT_SERVER_SOCK"): "/run/polyculeconnect.sock",
-	}
-	setEnv(t, envVars)
-
-	conf, err := New(confPath)
-	require.NoError(t, err)
-
-	assert.Equal(t, ModeUnix, conf.ServerMode)
-	assert.Equal(t, "0.0.0.0", conf.Host)
-	assert.Equal(t, 1337, conf.Port)
-	assert.Equal(t, "/run/polyculeconnect.sock", conf.SockPath)
-}
-
 func TestHostNetMode(t *testing.T) {
 	envVars := map[string]string{
-		string("POLYCULECONNECT_SERVER_MODE"): string(ModeNet),
+		string(varServerMode): string(ModeNet),
-		string("POLYCULECONNECT_SERVER_HOST"): "127.0.0.1",
+		string(varServerHost): "127.0.0.1",
-		string("POLYCULECONNECT_SERVER_PORT"): "8888",
+		string(varServerPort): "8888",
 	}
 	setEnv(t, envVars)
 
@@ -109,8 +90,8 @@ func TestHostNetMode(t *testing.T) {
 
 func TestHostSocketMode(t *testing.T) {
 	envVars := map[string]string{
-		string("POLYCULECONNECT_SERVER_MODE"): string(ModeUnix),
+		string(varServerMode):   string(ModeUnix),
-		string("POLYCULECONNECT_SERVER_SOCK"): "/run/polyculeconnect.sock",
+		string(varServerSocket): "/run/polyculeconnect.sock",
 	}
 	setEnv(t, envVars)
 
@@ -123,7 +104,7 @@ func TestHostSocketMode(t *testing.T) {
 
 func TestLogLevel(t *testing.T) {
 	envVars := map[string]string{
-		string("POLYCULECONNECT_LOG_LEVEL"): "error",
+		string(varLogLevel): "error",
 	}
 	setEnv(t, envVars)
 
@@ -133,10 +114,22 @@ func TestLogLevel(t *testing.T) {
 	assert.Equal(t, logrus.ErrorLevel, conf.LogLevel)
 }
 
+func TestLogLevelInvalidValue(t *testing.T) {
+	envVars := map[string]string{
+		string(varLogLevel): "toto",
+	}
+	setEnv(t, envVars)
+
+	conf, err := New("")
+	require.NoError(t, err)
+
+	assert.Equal(t, logrus.InfoLevel, conf.LogLevel) // if invalid, no error should occur, but info level should be used
+}
+
 func TestSqliteConfig(t *testing.T) {
 	envVars := map[string]string{
-		string("POLYCULECONNECT_STORAGE_TYPE"): "sqlite",
+		string(varStorageType): "sqlite",
-		string("POLYCULECONNECT_STORAGE_PATH"): "/data/polyculeconnect.db",
+		string(varStorageFile): "/data/polyculeconnect.db",
 	}
 	setEnv(t, envVars)
 
@@ -146,40 +139,3 @@ func TestSqliteConfig(t *testing.T) {
 	assert.Equal(t, string(SQLite), conf.StorageType)
 	assert.Equal(t, "/data/polyculeconnect.db", conf.StorageConfig.File)
 }
-
-func TestSqliteConfigJSON(t *testing.T) {
-	confPath := initJson(t, `{
-		"log": {"level":"info"},
-		"storage": {
-			"type": "sqlite",
-			"path": "/data/polyculeconnect.db"
-		}
-	}`)
-
-	conf, err := New(confPath)
-	require.NoError(t, err)
-
-	assert.Equal(t, string(SQLite), conf.StorageType)
-	assert.Equal(t, "/data/polyculeconnect.db", conf.StorageConfig.File)
-}
-
-func TestSqliteConfigJSONOverriden(t *testing.T) {
-	confPath := initJson(t, `{
-		"log": {"level":"info"},
-		"storage": {
-			"type": "sqlite",
-			"path": "/data/polyculeconnect.db"
-		}
-	}`)
-
-	envVars := map[string]string{
-		string("POLYCULECONNECT_STORAGE_PATH"): "/tmp/polyculeconnect.db",
-	}
-	setEnv(t, envVars)
-
-	conf, err := New(confPath)
-	require.NoError(t, err)
-
-	assert.Equal(t, string(SQLite), conf.StorageType)
-	assert.Equal(t, "/tmp/polyculeconnect.db", conf.StorageConfig.File)
-}

polyculeconnect/config/envvar.go

@@ -0,0 +1,26 @@
+package config
+
+import (
+	"os"
+	"strconv"
+)
+
+func getStringFromEnv(key envVar, defaultValue string) string {
+	val, ok := os.LookupEnv(string(key))
+	if !ok {
+		return defaultValue
+	}
+	return val
+}
+
+func getIntFromEnv(key envVar, defaultValue int) int {
+	rawVal, ok := os.LookupEnv(string(key))
+	if !ok {
+		return defaultValue
+	}
+	val, err := strconv.Atoi(rawVal)
+	if err != nil {
+		return defaultValue
+	}
+	return val
+}

polyculeconnect/controller/ui/approval.go

@@ -0,0 +1,67 @@
+package ui
+
+import (
+	"net/http"
+
+	"git.faercol.me/faercol/polyculeconnect/polyculeconnect/services/approval"
+	"github.com/sirupsen/logrus"
+)
+
+const (
+	ApprovalRoute = "/approval"
+	rememberKey   = "remember"
+)
+
+type ApprovalController struct {
+	l                    *logrus.Logger
+	downstreamController http.Handler
+	srv                  approval.ApprovalService
+}
+
+func NewApprovalController(l *logrus.Logger, downstream http.Handler, srv approval.ApprovalService) *ApprovalController {
+	return &ApprovalController{
+		l:                    l,
+		downstreamController: downstream,
+		srv:                  srv,
+	}
+}
+
+func (ac *ApprovalController) handleGetApproval(r *http.Request) {
+	ac.l.Debug("Checking if approval is remembered")
+
+	remembered, err := ac.srv.IsRemembered(r.Context(), approval.Claim{Email: "kilgore@kilgore.trout", ClientID: "9854d42da9cd91369a293758d514178c73d2b9774971d8965945ab2b81e83e69"})
+	if err != nil {
+		ac.l.Errorf("Failed to check if approval is remembered: %s", err.Error())
+		return
+	}
+
+	if remembered {
+		ac.l.Info("Approval is remembered, skipping approval page")
+		return
+	} else {
+		ac.l.Info("Approval is not remembered, continuing")
+	}
+}
+
+func (ac *ApprovalController) handlePostApproval(r *http.Request) {
+	ac.l.Debug("Handling POST approval request")
+	if err := r.ParseForm(); err != nil {
+		ac.l.Errorf("Failed to parse request form: %s", err.Error())
+		return
+	}
+
+	if remember := r.Form.Get(rememberKey); remember == "on" {
+		if err := ac.srv.Remember(r.Context(), approval.Claim{Email: "kilgore@kilgore.trout", ClientID: "9854d42da9cd91369a293758d514178c73d2b9774971d8965945ab2b81e83e69"}); err != nil {
+			ac.l.Errorf("Failed to remember approval request: %s", err.Error())
+		}
+	}
+}
+
+func (ac *ApprovalController) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	if r.Method == http.MethodPost {
+		ac.handlePostApproval(r)
+	} else if r.Method == http.MethodGet {
+		ac.handleGetApproval(r)
+	}
+	ac.downstreamController.ServeHTTP(w, r)
+}

polyculeconnect/controller/ui/static.go

@@ -15,31 +15,22 @@ import (
 const StaticRoute = "/static/"
 
 type StaticController struct {
-	baseDir string
-}
-
-func NewStaticController(baseDir string) *StaticController {
-	return &StaticController{
-		baseDir: baseDir,
-	}
 }
 
 func (sc *StaticController) ServeHTTP(w http.ResponseWriter, r *http.Request) {
-	fs := http.FileServer(http.Dir(sc.baseDir + "/static"))
+	fs := http.FileServer(http.Dir("./static"))
 	http.StripPrefix(StaticRoute, fs).ServeHTTP(w, r)
 }
 
 type IndexController struct {
 	l                     *logrus.Logger
 	downstreamConstroller http.Handler
-	baseDir               string
 }
 
-func NewIndexController(l *logrus.Logger, downstream http.Handler, baseDir string) *IndexController {
+func NewIndexController(l *logrus.Logger, downstream http.Handler) *IndexController {
 	return &IndexController{
 		l:                     l,
 		downstreamConstroller: downstream,
-		baseDir:               baseDir,
 	}
 }
 
@@ -48,9 +39,9 @@ func (ic IndexController) serveUI(w http.ResponseWriter, r *http.Request) (int,
 		"issuer": func() string { return "toto" },
 	}
 
-	lp := filepath.Join(ic.baseDir, "templates", "index.html")
+	lp := filepath.Join("templates", "index.html")
-	hdrTpl := filepath.Join(ic.baseDir, "templates", "header.html")
+	hdrTpl := filepath.Join("templates", "header.html")
-	footTpl := filepath.Join(ic.baseDir, "templates", "footer.html")
+	footTpl := filepath.Join("templates", "footer.html")
 	tmpl, err := template.New("index.html").Funcs(funcs).ParseFiles(hdrTpl, footTpl, lp)
 	if err != nil {
 		return http.StatusInternalServerError, -1, fmt.Errorf("failed to init template: %w", err)

polyculeconnect/go.mod

@@ -4,7 +4,6 @@ go 1.20
 
 require (
 	github.com/dexidp/dex v0.0.0-20231014000322-089f374d4f3e
-	github.com/kelseyhightower/envconfig v1.4.0
 	github.com/prometheus/client_golang v1.17.0
 	github.com/sirupsen/logrus v1.9.3
 	github.com/spf13/cobra v1.7.0

polyculeconnect/go.sum

@@ -102,8 +102,6 @@ github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2
 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
 github.com/jonboulle/clockwork v0.2.2 h1:UOGuzwb1PwsrDAObMuhUnj0p5ULPj8V/xJ7Kx9qUBdQ=
 github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8=
-github.com/kelseyhightower/envconfig v1.4.0 h1:Im6hONhd3pLkfDFsbRgu68RDNkGF1r3dvMUtDTo2cv8=
-github.com/kelseyhightower/envconfig v1.4.0/go.mod h1:cccZRl6mQpaq41TPp5QxidR+Sa3axMbJDNb//FQX6Gg=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=

polyculeconnect/server/server.go

@@ -11,6 +11,7 @@ import (
 	"git.faercol.me/faercol/polyculeconnect/polyculeconnect/config"
 	"git.faercol.me/faercol/polyculeconnect/polyculeconnect/controller/ui"
 	"git.faercol.me/faercol/polyculeconnect/polyculeconnect/middlewares"
+	"git.faercol.me/faercol/polyculeconnect/polyculeconnect/services/approval"
 	dex_server "github.com/dexidp/dex/server"
 	"github.com/sirupsen/logrus"
 )
@@ -63,9 +64,12 @@ func New(appConf *config.AppConfig, dexSrv *dex_server.Server, logger *logrus.Lo
 		panic(fmt.Errorf("unexpected listening mode %v", appConf.ServerMode))
 	}
 
+	approvalSrv := approval.New(appConf)
+
 	controllers := map[string]http.Handler{
-		ui.StaticRoute: middlewares.WithLogger(ui.NewStaticController(appConf.StaticDir), logger),
+		ui.StaticRoute: middlewares.WithLogger(&ui.StaticController{}, logger),
-		"/":            middlewares.WithLogger(ui.NewIndexController(logger, dexSrv, appConf.StaticDir), logger),
+		"/approval":    middlewares.WithLogger(ui.NewApprovalController(logger, dexSrv, approvalSrv), logger),
+		"/":            middlewares.WithLogger(ui.NewIndexController(logger, dexSrv), logger),
 	}
 
 	m := http.NewServeMux()

polyculeconnect/services/approval/approval.go

@@ -0,0 +1,81 @@
+package approval
+
+import (
+	"context"
+	"database/sql"
+	"errors"
+	"fmt"
+	"time"
+
+	"git.faercol.me/faercol/polyculeconnect/polyculeconnect/config"
+	"git.faercol.me/faercol/polyculeconnect/polyculeconnect/services/db"
+)
+
+const (
+	insertRememberApproval = `INSERT INTO stored_approvals (email, client_id, expiry) VALUES (?, ?, ?)`
+	getApproval            = `SELECT expiry FROM stored_approvalts WHERE email = ? AND client_id = ?`
+	dbTimeout              = 30 * time.Second
+	approvalExpiration     = 30 * 24 * time.Hour
+)
+
+type Claim struct {
+	Email    string
+	ClientID string
+}
+
+type ApprovalService interface {
+	Remember(ctx context.Context, claim Claim) error
+	IsRemembered(ctx context.Context, claim Claim) (bool, error)
+}
+
+type concreteApprovalService struct {
+	conf *config.AppConfig
+}
+
+func (cas *concreteApprovalService) Remember(ctx context.Context, claim Claim) error {
+	db, err := db.Connect(cas.conf)
+	if err != nil {
+		return fmt.Errorf("failed to connect to db: %w", err)
+	}
+
+	queryCtx, cancel := context.WithTimeout(ctx, dbTimeout)
+	defer cancel()
+
+	tx, err := db.BeginTx(queryCtx, nil)
+	if err != nil {
+		return fmt.Errorf("failed to begin transaction: %w", err)
+	}
+
+	expiry := time.Now().UTC().Add(approvalExpiration)
+	_, err = tx.Exec(insertRememberApproval, claim.Email, claim.ClientID, expiry)
+	if err != nil {
+		return fmt.Errorf("failed to insert approval in DB: %w", err)
+	}
+
+	if err := tx.Commit(); err != nil {
+		return fmt.Errorf("failed to commit transaction: %w", err)
+	}
+	return nil
+}
+
+func (cas *concreteApprovalService) IsRemembered(ctx context.Context, claim Claim) (bool, error) {
+	db, err := db.Connect(cas.conf)
+	if err != nil {
+		return false, fmt.Errorf("failed to connect to db: %w", err)
+	}
+
+	row := db.QueryRow(getApproval, claim.Email, claim.ClientID)
+	var expiry time.Time
+	if err := row.Scan(&expiry); err != nil {
+		if errors.Is(err, sql.ErrNoRows) {
+			return false, nil
+		}
+		return false, fmt.Errorf("failed to run query: %w", err)
+	}
+
+	return time.Now().UTC().Before(expiry), nil
+}
+
+func New(conf *config.AppConfig) ApprovalService {
+	return &concreteApprovalService{conf: conf}
+}

polyculeconnect/services/db/db.go

@@ -0,0 +1,27 @@
+package db
+
+import (
+	"database/sql"
+	"errors"
+	"fmt"
+
+	"git.faercol.me/faercol/polyculeconnect/polyculeconnect/config"
+)
+
+type concreteDBService struct {
+}
+
+func connectSQLite(path string) (*sql.DB, error) {
+	return sql.Open("sqlite3", path)
+}
+
+func Connect(conf *config.AppConfig) (*sql.DB, error) {
+	switch conf.StorageType {
+	case string(config.Memory):
+		return nil, errors.New("no db for memory mode")
+	case string(config.SQLite):
+		return connectSQLite(conf.StorageConfig.File)
+	default:
+		return nil, fmt.Errorf("unsupported storage mode %q", conf.StorageType)
+	}
+}

polyculeconnect/static/scripts/approval.js

@@ -1,5 +1,10 @@
-let approvalForm = document.getElementById("approvalform");
+function submitApproval(approve) {
+  if (approve) {
+    document.getElementById("approval").value = "approve";
+  } else {
+    document.getElementById("approval").value = "rejected";
+  }
 
-approvalForm.addEventListener("submit", (e) => {
   handleSuccess();
-});
+  document.getElementById("approvalform").submit();
+}

polyculeconnect/templates/approval.html

@@ -16,18 +16,19 @@
         {{ end }}
     </div>
 
-    <div class="form-buttons" id="approvalform">
+
-        <form method="post" class="container-form">
+    <div class="form-buttons">
+        <form method="post" class="container-form" id="approvalform">
+            <div>
+                <input type="checkbox" id="rememberme" name="remember" class="form-checkbox">
+                <label for="remember-me" class="form-checkbox-label">Remember my choice</label>
+            </div>
             <input type="hidden" name="req" value="{{ .AuthReqID }}" />
-            <input type="hidden" name="approval" value="approve">
+            <input id="approval" type="hidden" name="approval" value="approve">
-            <button type="submit" class="button button-accept">
+            <button onclick="submitApproval(true)" class="button button-accept">
                 <span>Grant Access</span>
             </button>
-        </form>
+            <button onclick="submitApproval(false)" class="button button-cancel">
-        <form method="post" class="container-form">
-            <input type="hidden" name="req" value="{{ .AuthReqID }}" />
-            <input type="hidden" name="approval" value="rejected">
-            <button type="submit" class="button button-cancel">
                 <span>Cancel</span>
             </button>
         </form>