oc-auth/main.go

package main

import (
	"context"
	"encoding/json"
	"oc-auth/conf"
	"oc-auth/infrastructure"
	auth_connectors "oc-auth/infrastructure/auth_connector"
	_ "oc-auth/routers"
	"strings"
	"time"

	oclib "cloud.o-forge.io/core/oc-lib"
	"cloud.o-forge.io/core/oc-lib/tools"
	beego "github.com/beego/beego/v2/server/web"
)

const appname = "oc-auth"

// @securityDefinitions.apikey Bearer
// @in header
// @name Authorization
// @description Type "Bearer" followed by a space and JWT token.
func main() {
	oclib.InitAPI(appname)
	// Load the right config file
	o := oclib.GetConfLoader(appname)

	conf.GetConfig().AdminRole = o.GetStringDefault("ADMIN_ROLE", "admin")
	conf.GetConfig().PublicKeyPath = o.GetStringDefault("PUBLIC_KEY_PATH", "./pem/public.pem")
	conf.GetConfig().PrivateKeyPath = o.GetStringDefault("PRIVATE_KEY_PATH", "./pem/private.pem")
	conf.GetConfig().ClientSecret = o.GetStringDefault("CLIENT_SECRET", "oc-auth-got-secret")
	conf.GetConfig().OAuth2ClientSecretName = o.GetStringDefault("OAUTH2_CLIENT_SECRET_NAME", "oc-oauth2-client-secret")
	conf.GetConfig().OAuth2ClientSecretNamespace = o.GetStringDefault("NAMESPACE", "default")
	conf.GetConfig().Auth = o.GetStringDefault("AUTH", "hydra")
	conf.GetConfig().AuthConnectorHost = o.GetStringDefault("AUTH_CONNECTOR_HOST", "localhost")
	conf.GetConfig().AuthConnectPublicHost = o.GetStringDefault("AUTH_CONNECTOR_PUBLIC_HOST", "localhost")
	conf.GetConfig().AuthConnectorPort = o.GetIntDefault("AUTH_CONNECTOR_PORT", 4444)
	conf.GetConfig().AuthConnectorAdminPort = o.GetStringDefault("AUTH_CONNECTOR_ADMIN_PORT", "4445/admin")
	conf.GetConfig().PermissionConnectorWriteHost = o.GetStringDefault("PERMISSION_CONNECTOR_WRITE_HOST", "keto")
	conf.GetConfig().PermissionConnectorReadHost = o.GetStringDefault("PERMISSION_CONNECTOR_READ_HOST", "keto")
	conf.GetConfig().PermissionConnectorPort = o.GetStringDefault("PERMISSION_CONNECTOR_PORT", "4466")
	conf.GetConfig().PermissionConnectorAdminPort = o.GetStringDefault("PERMISSION_CONNECTOR_ADMIN_PORT", "4467")

	conf.GetConfig().Origin = o.GetStringDefault("ADMIN_ORIGIN", "http://localhost:8000")
	conf.GetConfig().AdminOrigin = o.GetStringDefault("ADMIN_ORIGIN", "http://localhost:8001")

	conf.GetConfig().OAuthRedirectURI = o.GetStringDefault("OAUTH_REDIRECT_URI", "http://google.com")
	conf.GetConfig().OAdminAuthRedirectURI = o.GetStringDefault("ADMIN_OAUTH_REDIRECT_URI", "http://chatgpt.com")
	conf.GetConfig().Local = o.GetBoolDefault("LOCAL", true)

	// config LDAPauth
	conf.GetConfig().SourceMode = o.GetStringDefault("SOURCE_MODE", "ldap")
	conf.GetConfig().LDAPEndpoints = o.GetStringDefault("LDAP_ENDPOINTS", "ldap:389")
	conf.GetConfig().LDAPBindDN = o.GetStringDefault("LDAP_BINDDN", "cn=admin,dc=example,dc=com")
	conf.GetConfig().LDAPBindPW = o.GetStringDefault("LDAP_BINDPW", "password")
	conf.GetConfig().LDAPBaseDN = o.GetStringDefault("LDAP_BASEDN", "dc=example,dc=com")
	conf.GetConfig().LDAPUserBaseDN = o.GetStringDefault("LDAP_USER_BASEDN", "ou=users,dc=example,dc=com")
	conf.GetConfig().LDAPRoleBaseDN = o.GetStringDefault("LDAP_ROLE_BASEDN", "ou=AppRoles,dc=example,dc=com")
	go generateRole()
	go discovery()

	beego.Run()
}

func generateRole() {
	logger := oclib.GetLogger()
	defer func() {
		if r := recover(); r != nil {
			logger.Error().Msgf("generateRole recovered from panic: %v", r)
		}
	}()
	if conf.GetConfig().SourceMode == "ldap" {
		for {
			ldap := auth_connectors.New()
			roles, err := ldap.GetRoles(context.Background())
			if err == nil {
				logger.Info().Msgf("Syncing %d LDAP role groups to Keto", len(roles))
				for _, role := range roles {
					for r, m := range role.Members {
						infrastructure.GetPermissionConnector("").CreateRole(r)
						for _, p := range m {
							infrastructure.GetPermissionConnector("").BindRole(r, p)
						}
					}
				}
				break
			} else {
				logger.Error().Msg("Failed to get LDAP roles, retrying in 10s: " + err.Error())
				time.Sleep(10 * time.Second)
				continue
			}
		}
	}
}

func discovery() {
	logger := oclib.GetLogger()
	defer func() {
		if r := recover(); r != nil {
			logger.Error().Msgf("discovery recovered from panic: %v", r)
		}
	}()
	for {
		api := tools.API{}
		conn := infrastructure.GetPermissionConnector("")
		logger.Info().Msg("Starting permission discovery")
		_, _, err := conn.CreateRole(conf.GetConfig().AdminRole)
		if err != nil {
			if !strings.Contains(err.Error(), "already exist") {
				logger.Error().Msg("Failed to create admin role, retrying in 10s: " + err.Error())
				time.Sleep(10 * time.Second)
				continue
			}
		}
		if _, _, err := conn.BindRole(conf.GetConfig().AdminRole, "admin"); err != nil {
			logger.Error().Msg("Failed to admin bind role: " + err.Error())
		}
		addPermissions := func(m tools.NATSResponse) {
			var resp map[string][]interface{}
			json.Unmarshal(m.Payload, &resp)
			for k, v := range resp {
				for _, p := range v {
					if _, _, err := conn.CreatePermission(k, p.(string), true); err != nil {
						logger.Error().Msg("Failed to admin create permission: " + err.Error())
					}
				}
			}
		}
		api.ListenRouter(addPermissions)
		b, _ := json.Marshal(map[string]interface{}{})
		tools.NewNATSCaller().SetNATSPub(tools.DISCOVERY, tools.NATSResponse{
			FromApp:  "oc-auth",
			Datatype: -1,
			User:     "root",
			Method:   tools.GET.EnumIndex(),
			Payload:  b,
		})
		break
	}
}
Initial commit 2024-07-26 13:46:05 +02:00			`package main`

			`import (`
workin oc-auth 2025-01-17 17:24:08 +01:00			`"context"`
ok 2026-02-02 10:09:45 +01:00			`"encoding/json"`
Initial commit 2024-07-26 13:46:05 +02:00			`"oc-auth/conf"`
Oc Auth x Hydra x LDAP : draft of claims enrich for traefik + draft of forwarding 2024-10-28 14:58:11 +01:00			`"oc-auth/infrastructure"`
workin oc-auth 2025-01-17 17:24:08 +01:00			`auth_connectors "oc-auth/infrastructure/auth_connector"`
Initial commit 2024-07-26 13:46:05 +02:00			`_ "oc-auth/routers"`
Complete and refine OAuth + Traeffik Restriction 2026-02-20 10:30:34 +01:00			`"strings"`
auth 2025-04-01 10:16:26 +02:00			`"time"`
Initial commit 2024-07-26 13:46:05 +02:00
Config and swagger upgrade 2024-09-27 09:20:59 +02:00			`oclib "cloud.o-forge.io/core/oc-lib"`
Oc Auth x Hydra x LDAP : draft of claims enrich for traefik + draft of forwarding 2024-10-28 14:58:11 +01:00			`"cloud.o-forge.io/core/oc-lib/tools"`
oc-auth 2026-02-10 09:39:13 +01:00			`beego "github.com/beego/beego/v2/server/web"`
Initial commit 2024-07-26 13:46:05 +02:00			`)`

Config and swagger upgrade 2024-09-27 09:20:59 +02:00			`const appname = "oc-auth"`
Initial commit 2024-07-26 13:46:05 +02:00
Oc Auth x Hydra x LDAP : draft of claims enrich for traefik + draft of forwarding 2024-10-28 14:58:11 +01:00			`// @securityDefinitions.apikey Bearer`
			`// @in header`
			`// @name Authorization`
			`// @description Type "Bearer" followed by a space and JWT token.`
Initial commit 2024-07-26 13:46:05 +02:00			`func main() {`
oc-auth 2026-02-10 09:39:13 +01:00			`oclib.InitAPI(appname)`
Config and swagger upgrade 2024-09-27 09:20:59 +02:00			`// Load the right config file`
security injection appname 2026-02-04 09:42:20 +01:00			`o := oclib.GetConfLoader(appname)`
Initial commit 2024-07-26 13:46:05 +02:00
after test 2024-11-05 10:11:39 +01:00			`conf.GetConfig().AdminRole = o.GetStringDefault("ADMIN_ROLE", "admin")`
BAHAMAS 2024-10-30 12:38:25 +01:00			`conf.GetConfig().PublicKeyPath = o.GetStringDefault("PUBLIC_KEY_PATH", "./pem/public.pem")`
			`conf.GetConfig().PrivateKeyPath = o.GetStringDefault("PRIVATE_KEY_PATH", "./pem/private.pem")`
Oc Auth x Hydra x LDAP : draft of claims enrich for traefik + draft of forwarding 2024-10-28 14:58:11 +01:00			`conf.GetConfig().ClientSecret = o.GetStringDefault("CLIENT_SECRET", "oc-auth-got-secret")`
Handling clientID/password from k8s secret 2025-01-22 15:23:18 +01:00			`conf.GetConfig().OAuth2ClientSecretName = o.GetStringDefault("OAUTH2_CLIENT_SECRET_NAME", "oc-oauth2-client-secret")`
			`conf.GetConfig().OAuth2ClientSecretNamespace = o.GetStringDefault("NAMESPACE", "default")`
Oc Auth x Hydra x LDAP : draft of claims enrich for traefik + draft of forwarding 2024-10-28 14:58:11 +01:00			`conf.GetConfig().Auth = o.GetStringDefault("AUTH", "hydra")`
			`conf.GetConfig().AuthConnectorHost = o.GetStringDefault("AUTH_CONNECTOR_HOST", "localhost")`
Handling clientID/password from k8s secret 2025-01-22 15:23:18 +01:00			`conf.GetConfig().AuthConnectPublicHost = o.GetStringDefault("AUTH_CONNECTOR_PUBLIC_HOST", "localhost")`
Oc Auth x Hydra x LDAP : draft of claims enrich for traefik + draft of forwarding 2024-10-28 14:58:11 +01:00			`conf.GetConfig().AuthConnectorPort = o.GetIntDefault("AUTH_CONNECTOR_PORT", 4444)`
deploy adjust 2025-06-16 09:11:21 +02:00			`conf.GetConfig().AuthConnectorAdminPort = o.GetStringDefault("AUTH_CONNECTOR_ADMIN_PORT", "4445/admin")`
auth 2025-04-01 10:16:26 +02:00			`conf.GetConfig().PermissionConnectorWriteHost = o.GetStringDefault("PERMISSION_CONNECTOR_WRITE_HOST", "keto")`
			`conf.GetConfig().PermissionConnectorReadHost = o.GetStringDefault("PERMISSION_CONNECTOR_READ_HOST", "keto")`
deploy adjust 2025-06-16 09:11:21 +02:00			`conf.GetConfig().PermissionConnectorPort = o.GetStringDefault("PERMISSION_CONNECTOR_PORT", "4466")`
			`conf.GetConfig().PermissionConnectorAdminPort = o.GetStringDefault("PERMISSION_CONNECTOR_ADMIN_PORT", "4467")`
Complete and refine OAuth + Traeffik Restriction 2026-02-20 10:30:34 +01:00
			`conf.GetConfig().Origin = o.GetStringDefault("ADMIN_ORIGIN", "http://localhost:8000")`
			`conf.GetConfig().AdminOrigin = o.GetStringDefault("ADMIN_ORIGIN", "http://localhost:8001")`

			`conf.GetConfig().OAuthRedirectURI = o.GetStringDefault("OAUTH_REDIRECT_URI", "http://google.com")`
			`conf.GetConfig().OAdminAuthRedirectURI = o.GetStringDefault("ADMIN_OAUTH_REDIRECT_URI", "http://chatgpt.com")`
auth 2025-04-01 10:16:26 +02:00			`conf.GetConfig().Local = o.GetBoolDefault("LOCAL", true)`
Oc Auth x Hydra x LDAP : draft of claims enrich for traefik + draft of forwarding 2024-10-28 14:58:11 +01:00
Complete and refine OAuth + Traeffik Restriction 2026-02-20 10:30:34 +01:00			`// config LDAPauth`
workin oc-auth 2025-01-17 17:24:08 +01:00			`conf.GetConfig().SourceMode = o.GetStringDefault("SOURCE_MODE", "ldap")`
Oc Auth x Hydra x LDAP : draft of claims enrich for traefik + draft of forwarding 2024-10-28 14:58:11 +01:00			`conf.GetConfig().LDAPEndpoints = o.GetStringDefault("LDAP_ENDPOINTS", "ldap:389")`
			`conf.GetConfig().LDAPBindDN = o.GetStringDefault("LDAP_BINDDN", "cn=admin,dc=example,dc=com")`
			`conf.GetConfig().LDAPBindPW = o.GetStringDefault("LDAP_BINDPW", "password")`
			`conf.GetConfig().LDAPBaseDN = o.GetStringDefault("LDAP_BASEDN", "dc=example,dc=com")`
users 2026-02-04 10:47:40 +01:00			`conf.GetConfig().LDAPUserBaseDN = o.GetStringDefault("LDAP_USER_BASEDN", "ou=users,dc=example,dc=com")`
Oc Auth x Hydra x LDAP : draft of claims enrich for traefik + draft of forwarding 2024-10-28 14:58:11 +01:00			`conf.GetConfig().LDAPRoleBaseDN = o.GetStringDefault("LDAP_ROLE_BASEDN", "ou=AppRoles,dc=example,dc=com")`
auth 2025-04-01 10:16:26 +02:00			`go generateRole()`
			`go discovery()`
oc-auth 2026-02-10 09:39:13 +01:00
			`beego.Run()`
Oc Auth x Hydra x LDAP : draft of claims enrich for traefik + draft of forwarding 2024-10-28 14:58:11 +01:00			`}`
BAHAMAS 2024-10-30 12:38:25 +01:00
workin oc-auth 2025-01-17 17:24:08 +01:00			`func generateRole() {`
oc-auth OAUTH2 2026-02-19 14:56:15 +01:00			`logger := oclib.GetLogger()`
workin oc-auth 2025-01-17 17:24:08 +01:00			`defer func() {`
			`if r := recover(); r != nil {`
oc-auth OAUTH2 2026-02-19 14:56:15 +01:00			`logger.Error().Msgf("generateRole recovered from panic: %v", r)`
workin oc-auth 2025-01-17 17:24:08 +01:00			`}`
			`}()`
			`if conf.GetConfig().SourceMode == "ldap" {`
update 2025-11-20 16:31:10 +01:00			`for {`
			`ldap := auth_connectors.New()`
			`roles, err := ldap.GetRoles(context.Background())`
			`if err == nil {`
oc-auth OAUTH2 2026-02-19 14:56:15 +01:00			`logger.Info().Msgf("Syncing %d LDAP role groups to Keto", len(roles))`
update 2025-11-20 16:31:10 +01:00			`for _, role := range roles {`
			`for r, m := range role.Members {`
			`infrastructure.GetPermissionConnector("").CreateRole(r)`
			`for _, p := range m {`
			`infrastructure.GetPermissionConnector("").BindRole(r, p)`
			`}`
auth 2025-04-01 10:16:26 +02:00			`}`
workin oc-auth 2025-01-17 17:24:08 +01:00			`}`
update 2025-11-20 16:31:10 +01:00			`break`
			`} else {`
oc-auth OAUTH2 2026-02-19 14:56:15 +01:00			`logger.Error().Msg("Failed to get LDAP roles, retrying in 10s: " + err.Error())`
			`time.Sleep(10 * time.Second)`
update 2025-11-20 16:31:10 +01:00			`continue`
workin oc-auth 2025-01-17 17:24:08 +01:00			`}`
			`}`
			`}`
			`}`

BAHAMAS 2024-10-30 12:38:25 +01:00			`func discovery() {`
oc-auth OAUTH2 2026-02-19 14:56:15 +01:00			`logger := oclib.GetLogger()`
auth 2025-04-01 10:16:26 +02:00			`defer func() {`
			`if r := recover(); r != nil {`
oc-auth OAUTH2 2026-02-19 14:56:15 +01:00			`logger.Error().Msgf("discovery recovered from panic: %v", r)`
auth 2025-04-01 10:16:26 +02:00			`}`
			`}()`
update 2025-11-20 16:31:10 +01:00			`for {`
			`api := tools.API{}`
			`conn := infrastructure.GetPermissionConnector("")`
oc-auth OAUTH2 2026-02-19 14:56:15 +01:00			`logger.Info().Msg("Starting permission discovery")`
update 2025-11-20 16:31:10 +01:00			`_, _, err := conn.CreateRole(conf.GetConfig().AdminRole)`
			`if err != nil {`
Complete and refine OAuth + Traeffik Restriction 2026-02-20 10:30:34 +01:00			`if !strings.Contains(err.Error(), "already exist") {`
			`logger.Error().Msg("Failed to create admin role, retrying in 10s: " + err.Error())`
			`time.Sleep(10 * time.Second)`
			`continue`
			`}`
			`}`
			`if _, _, err := conn.BindRole(conf.GetConfig().AdminRole, "admin"); err != nil {`
			`logger.Error().Msg("Failed to admin bind role: " + err.Error())`
update 2025-11-20 16:31:10 +01:00			`}`
ok 2026-02-02 10:09:45 +01:00			`addPermissions := func(m tools.NATSResponse) {`
			`var resp map[string][]interface{}`
			`json.Unmarshal(m.Payload, &resp)`
			`for k, v := range resp {`
			`for _, p := range v {`
Complete and refine OAuth + Traeffik Restriction 2026-02-20 10:30:34 +01:00			`if _, _, err := conn.CreatePermission(k, p.(string), true); err != nil {`
			`logger.Error().Msg("Failed to admin create permission: " + err.Error())`
			`}`
update 2025-11-20 16:31:10 +01:00			`}`
Oc Auth x Hydra x LDAP : draft of claims enrich for traefik + draft of forwarding 2024-10-28 14:58:11 +01:00			`}`
			`}`
update 2025-11-20 16:31:10 +01:00			`api.ListenRouter(addPermissions)`
ok 2026-02-02 10:09:45 +01:00			`b, _ := json.Marshal(map[string]interface{}{})`
			`tools.NewNATSCaller().SetNATSPub(tools.DISCOVERY, tools.NATSResponse{`
			`FromApp: "oc-auth",`
			`Datatype: -1,`
			`User: "root",`
			`Method: tools.GET.EnumIndex(),`
			`Payload: b,`
			`})`
update 2025-11-20 16:31:10 +01:00			`break`
Oc Auth x Hydra x LDAP : draft of claims enrich for traefik + draft of forwarding 2024-10-28 14:58:11 +01:00			`}`
Initial commit 2024-07-26 13:46:05 +02:00			`}`