oc-auth OAUTH2
This commit is contained in:
86
main.go
86
main.go
@@ -3,24 +3,15 @@ package main
|
||||
import (
|
||||
"context"
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"fmt"
|
||||
"oc-auth/conf"
|
||||
"oc-auth/infrastructure"
|
||||
auth_connectors "oc-auth/infrastructure/auth_connector"
|
||||
_ "oc-auth/routers"
|
||||
"os"
|
||||
"runtime/debug"
|
||||
"strconv"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
oclib "cloud.o-forge.io/core/oc-lib"
|
||||
peer "cloud.o-forge.io/core/oc-lib/models/peer"
|
||||
"cloud.o-forge.io/core/oc-lib/models/utils"
|
||||
"cloud.o-forge.io/core/oc-lib/tools"
|
||||
beego "github.com/beego/beego/v2/server/web"
|
||||
"github.com/i-core/rlog"
|
||||
)
|
||||
|
||||
const appname = "oc-auth"
|
||||
@@ -59,7 +50,6 @@ func main() {
|
||||
conf.GetConfig().LDAPBaseDN = o.GetStringDefault("LDAP_BASEDN", "dc=example,dc=com")
|
||||
conf.GetConfig().LDAPUserBaseDN = o.GetStringDefault("LDAP_USER_BASEDN", "ou=users,dc=example,dc=com")
|
||||
conf.GetConfig().LDAPRoleBaseDN = o.GetStringDefault("LDAP_ROLE_BASEDN", "ou=AppRoles,dc=example,dc=com")
|
||||
go generateSelfPeer()
|
||||
go generateRole()
|
||||
go discovery()
|
||||
|
||||
@@ -67,18 +57,18 @@ func main() {
|
||||
}
|
||||
|
||||
func generateRole() {
|
||||
logger := oclib.GetLogger()
|
||||
defer func() {
|
||||
if r := recover(); r != nil {
|
||||
fmt.Println("generateRole Recovered in f", r, debug.Stack())
|
||||
logger.Error().Msgf("generateRole recovered from panic: %v", r)
|
||||
}
|
||||
}()
|
||||
// if from ldap, create roles from ldap
|
||||
if conf.GetConfig().SourceMode == "ldap" {
|
||||
for {
|
||||
ldap := auth_connectors.New()
|
||||
roles, err := ldap.GetRoles(context.Background())
|
||||
if err == nil {
|
||||
fmt.Println("ROLE", roles)
|
||||
logger.Info().Msgf("Syncing %d LDAP role groups to Keto", len(roles))
|
||||
for _, role := range roles {
|
||||
for r, m := range role.Members {
|
||||
infrastructure.GetPermissionConnector("").CreateRole(r)
|
||||
@@ -89,85 +79,29 @@ func generateRole() {
|
||||
}
|
||||
break
|
||||
} else {
|
||||
time.Sleep(10 * time.Second) // Pause execution for 10 seconds
|
||||
logger.Error().Msg("Failed to get LDAP roles, retrying in 10s: " + err.Error())
|
||||
time.Sleep(10 * time.Second)
|
||||
continue
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func generateSelfPeer() error {
|
||||
defer func() {
|
||||
if r := recover(); r != nil {
|
||||
fmt.Println("generateSelfPeer Recovered in f", r, debug.Stack())
|
||||
}
|
||||
}()
|
||||
log := rlog.FromContext(context.Background()).Sugar()
|
||||
for {
|
||||
// TODO check if files at private & public path are set
|
||||
// check if files at private & public path are set
|
||||
if _, err := os.Stat(conf.GetConfig().PrivateKeyPath); errors.Is(err, os.ErrNotExist) {
|
||||
return errors.New("private key path does not exist")
|
||||
}
|
||||
if _, err := os.Stat(conf.GetConfig().PublicKeyPath); errors.Is(err, os.ErrNotExist) {
|
||||
return errors.New("public key path does not exist")
|
||||
}
|
||||
// check if peer already exists
|
||||
p := oclib.NewRequest(oclib.LibDataEnum(oclib.PEER), "", "", []string{}, nil).Search(nil, strconv.Itoa(peer.SELF.EnumIndex()), false)
|
||||
file := ""
|
||||
f, err := os.ReadFile(conf.GetConfig().PublicKeyPath)
|
||||
if err != nil {
|
||||
time.Sleep(10 * time.Second)
|
||||
log.Error(err)
|
||||
continue
|
||||
}
|
||||
file = string(f)
|
||||
if len(p.Data) > 0 {
|
||||
// check public key with the one in the database
|
||||
// compare the public key from file with the one in the database
|
||||
if !strings.Contains(file, p.Data[0].(*peer.Peer).PublicKey) {
|
||||
return errors.New("public key is different from the one in the database")
|
||||
}
|
||||
return nil
|
||||
}
|
||||
// create a new peer
|
||||
o := oclib.GetConfLoader(appname)
|
||||
peer := &peer.Peer{
|
||||
APIUrl: o.GetStringDefault("HOSTNAME", "http://localhost"),
|
||||
NATSAddress: oclib.GetConfig().NATSUrl,
|
||||
AbstractObject: utils.AbstractObject{
|
||||
Name: o.GetStringDefault("NAME", "local"),
|
||||
},
|
||||
PublicKey: file,
|
||||
Relation: peer.SELF,
|
||||
State: peer.ONLINE,
|
||||
WalletAddress: "my-wallet",
|
||||
}
|
||||
data := oclib.NewRequest(oclib.LibDataEnum(oclib.PEER), "", "", []string{}, nil).StoreOne(peer.Serialize(peer))
|
||||
if data.Err != "" {
|
||||
time.Sleep(10 * time.Second) // Pause execution for 10 seconds
|
||||
log.Error(err)
|
||||
continue
|
||||
}
|
||||
break
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func discovery() {
|
||||
logger := oclib.GetLogger()
|
||||
defer func() {
|
||||
if r := recover(); r != nil {
|
||||
fmt.Println("discovery Recovered in f", r, debug.Stack())
|
||||
logger.Error().Msgf("discovery recovered from panic: %v", r)
|
||||
}
|
||||
}()
|
||||
for {
|
||||
api := tools.API{}
|
||||
conn := infrastructure.GetPermissionConnector("")
|
||||
fmt.Println("AdminRole", conn, conf.GetConfig().PermissionConnectorWriteHost)
|
||||
logger.Info().Msg("Starting permission discovery")
|
||||
_, _, err := conn.CreateRole(conf.GetConfig().AdminRole)
|
||||
if err != nil {
|
||||
time.Sleep(10 * time.Second) // Pause execution for 10 seconds
|
||||
logger.Error().Msg("Failed to create admin role, retrying in 10s: " + err.Error())
|
||||
time.Sleep(10 * time.Second)
|
||||
continue
|
||||
}
|
||||
conn.BindRole(conf.GetConfig().AdminRole, "admin")
|
||||
|
||||
Reference in New Issue
Block a user