2024-07-26 13:46:05 +02:00
|
|
|
package main
|
|
|
|
|
|
|
|
import (
|
2024-10-30 12:38:25 +01:00
|
|
|
"errors"
|
2024-10-28 14:58:11 +01:00
|
|
|
"fmt"
|
2024-07-26 13:46:05 +02:00
|
|
|
"oc-auth/conf"
|
2024-10-28 14:58:11 +01:00
|
|
|
"oc-auth/infrastructure"
|
2024-07-26 13:46:05 +02:00
|
|
|
_ "oc-auth/routers"
|
2024-10-30 12:38:25 +01:00
|
|
|
"os"
|
|
|
|
"strconv"
|
|
|
|
"strings"
|
2024-07-26 13:46:05 +02:00
|
|
|
|
2024-09-27 09:20:59 +02:00
|
|
|
oclib "cloud.o-forge.io/core/oc-lib"
|
2024-10-30 12:38:25 +01:00
|
|
|
peer "cloud.o-forge.io/core/oc-lib/models/peer"
|
|
|
|
"cloud.o-forge.io/core/oc-lib/models/utils"
|
2024-10-28 14:58:11 +01:00
|
|
|
"cloud.o-forge.io/core/oc-lib/tools"
|
2024-07-26 13:46:05 +02:00
|
|
|
beego "github.com/beego/beego/v2/server/web"
|
|
|
|
)
|
|
|
|
|
2024-09-27 09:20:59 +02:00
|
|
|
const appname = "oc-auth"
|
2024-07-26 13:46:05 +02:00
|
|
|
|
2024-10-28 14:58:11 +01:00
|
|
|
// @securityDefinitions.apikey Bearer
|
|
|
|
// @in header
|
|
|
|
// @name Authorization
|
|
|
|
// @description Type "Bearer" followed by a space and JWT token.
|
2024-07-26 13:46:05 +02:00
|
|
|
func main() {
|
2024-09-27 09:20:59 +02:00
|
|
|
// Init the oc-lib
|
|
|
|
oclib.Init(appname)
|
|
|
|
// Load the right config file
|
|
|
|
o := oclib.GetConfLoader()
|
2024-07-26 13:46:05 +02:00
|
|
|
|
2024-11-05 10:11:39 +01:00
|
|
|
conf.GetConfig().AdminRole = o.GetStringDefault("ADMIN_ROLE", "admin")
|
2024-10-30 12:38:25 +01:00
|
|
|
conf.GetConfig().PublicKeyPath = o.GetStringDefault("PUBLIC_KEY_PATH", "./pem/public.pem")
|
|
|
|
conf.GetConfig().PrivateKeyPath = o.GetStringDefault("PRIVATE_KEY_PATH", "./pem/private.pem")
|
2024-10-28 14:58:11 +01:00
|
|
|
conf.GetConfig().ClientSecret = o.GetStringDefault("CLIENT_SECRET", "oc-auth-got-secret")
|
|
|
|
|
|
|
|
conf.GetConfig().Auth = o.GetStringDefault("AUTH", "hydra")
|
|
|
|
conf.GetConfig().AuthConnectorHost = o.GetStringDefault("AUTH_CONNECTOR_HOST", "localhost")
|
|
|
|
conf.GetConfig().AuthConnectorPort = o.GetIntDefault("AUTH_CONNECTOR_PORT", 4444)
|
|
|
|
conf.GetConfig().AuthConnectorAdminPort = o.GetIntDefault("AUTH_CONNECTOR_ADMIN_PORT", 4445)
|
|
|
|
conf.GetConfig().PermissionConnectorHost = o.GetStringDefault("PERMISSION_CONNECTOR_HOST", "keto")
|
|
|
|
conf.GetConfig().PermissionConnectorPort = o.GetIntDefault("PERMISSION_CONNECTOR_PORT", 4466)
|
|
|
|
conf.GetConfig().PermissionConnectorAdminPort = o.GetIntDefault("PERMISSION_CONNECTOR_ADMIN_PORT", 4467)
|
|
|
|
|
|
|
|
// config LDAP
|
|
|
|
conf.GetConfig().LDAPEndpoints = o.GetStringDefault("LDAP_ENDPOINTS", "ldap:389")
|
|
|
|
conf.GetConfig().LDAPBindDN = o.GetStringDefault("LDAP_BINDDN", "cn=admin,dc=example,dc=com")
|
|
|
|
conf.GetConfig().LDAPBindPW = o.GetStringDefault("LDAP_BINDPW", "password")
|
|
|
|
conf.GetConfig().LDAPBaseDN = o.GetStringDefault("LDAP_BASEDN", "dc=example,dc=com")
|
|
|
|
conf.GetConfig().LDAPRoleBaseDN = o.GetStringDefault("LDAP_ROLE_BASEDN", "ou=AppRoles,dc=example,dc=com")
|
2024-10-30 12:38:25 +01:00
|
|
|
err := generateSelfPeer()
|
|
|
|
if err != nil {
|
|
|
|
panic(err)
|
|
|
|
}
|
|
|
|
discovery()
|
2024-07-26 13:46:05 +02:00
|
|
|
beego.Run()
|
2024-10-28 14:58:11 +01:00
|
|
|
}
|
2024-10-30 12:38:25 +01:00
|
|
|
|
|
|
|
func generateSelfPeer() error {
|
|
|
|
// TODO check if files at private & public path are set
|
|
|
|
// check if files at private & public path are set
|
|
|
|
if _, err := os.Stat(conf.GetConfig().PrivateKeyPath); errors.Is(err, os.ErrNotExist) {
|
|
|
|
return errors.New("private key path does not exist")
|
|
|
|
}
|
|
|
|
if _, err := os.Stat(conf.GetConfig().PublicKeyPath); errors.Is(err, os.ErrNotExist) {
|
|
|
|
return errors.New("public key path does not exist")
|
|
|
|
}
|
|
|
|
// check if peer already exists
|
|
|
|
p := oclib.Search(nil, strconv.Itoa(peer.SELF.EnumIndex()), oclib.LibDataEnum(oclib.PEER))
|
|
|
|
if len(p.Data) > 0 {
|
|
|
|
// check public key with the one in the database
|
|
|
|
f, err := os.ReadFile(conf.GetConfig().PublicKeyPath)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
// compare the public key from file with the one in the database
|
|
|
|
if !strings.Contains(string(f), p.Data[0].(*peer.Peer).PublicKey) {
|
|
|
|
return errors.New("public key is different from the one in the database")
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
// create a new peer
|
|
|
|
o := oclib.GetConfLoader()
|
|
|
|
peer := &peer.Peer{
|
|
|
|
Url: o.GetStringDefault("HOSTNAME", "http://localhost"),
|
|
|
|
AbstractObject: utils.AbstractObject{
|
|
|
|
Name: o.GetStringDefault("NAME", "local"),
|
|
|
|
},
|
|
|
|
PublicKey: conf.GetConfig().PublicKeyPath,
|
|
|
|
State: peer.SELF,
|
|
|
|
}
|
|
|
|
data := oclib.StoreOne(oclib.LibDataEnum(oclib.PEER), peer.Serialize())
|
|
|
|
if data.Err != "" {
|
|
|
|
return errors.New(data.Err)
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func discovery() {
|
2024-10-28 14:58:11 +01:00
|
|
|
fmt.Println("Discovered")
|
|
|
|
api := tools.API{}
|
2024-10-30 16:18:21 +01:00
|
|
|
conn := infrastructure.GetPermissionConnector()
|
2024-11-05 10:11:39 +01:00
|
|
|
|
|
|
|
conn.CreateRole(conf.GetConfig().AdminRole)
|
|
|
|
conn.BindRole(conf.GetConfig().AdminRole, "admin")
|
2024-10-28 14:58:11 +01:00
|
|
|
addPermissions := func(m map[string]interface{}) {
|
|
|
|
for k, v := range m {
|
|
|
|
for _, p := range v.([]interface{}) {
|
|
|
|
conn.CreatePermission(k, p.(string), true)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
api.ListenRouter(addPermissions)
|
|
|
|
tools.NewNATSCaller().SetNATSPub("api", tools.DISCOVERY, map[string]interface{}{})
|
2024-07-26 13:46:05 +02:00
|
|
|
}
|