auth
This commit is contained in:
61
main.go
61
main.go
@@ -11,6 +11,7 @@ import (
|
||||
"os"
|
||||
"strconv"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
oclib "cloud.o-forge.io/core/oc-lib"
|
||||
peer "cloud.o-forge.io/core/oc-lib/models/peer"
|
||||
@@ -43,9 +44,11 @@ func main() {
|
||||
conf.GetConfig().AuthConnectPublicHost = o.GetStringDefault("AUTH_CONNECTOR_PUBLIC_HOST", "localhost")
|
||||
conf.GetConfig().AuthConnectorPort = o.GetIntDefault("AUTH_CONNECTOR_PORT", 4444)
|
||||
conf.GetConfig().AuthConnectorAdminPort = o.GetIntDefault("AUTH_CONNECTOR_ADMIN_PORT", 4445)
|
||||
conf.GetConfig().PermissionConnectorHost = o.GetStringDefault("PERMISSION_CONNECTOR_HOST", "keto")
|
||||
conf.GetConfig().PermissionConnectorWriteHost = o.GetStringDefault("PERMISSION_CONNECTOR_WRITE_HOST", "keto")
|
||||
conf.GetConfig().PermissionConnectorReadHost = o.GetStringDefault("PERMISSION_CONNECTOR_READ_HOST", "keto")
|
||||
conf.GetConfig().PermissionConnectorPort = o.GetIntDefault("PERMISSION_CONNECTOR_PORT", 4466)
|
||||
conf.GetConfig().PermissionConnectorAdminPort = o.GetIntDefault("PERMISSION_CONNECTOR_ADMIN_PORT", 4467)
|
||||
conf.GetConfig().Local = o.GetBoolDefault("LOCAL", true)
|
||||
|
||||
// config LDAP
|
||||
conf.GetConfig().SourceMode = o.GetStringDefault("SOURCE_MODE", "ldap")
|
||||
@@ -54,12 +57,10 @@ func main() {
|
||||
conf.GetConfig().LDAPBindPW = o.GetStringDefault("LDAP_BINDPW", "password")
|
||||
conf.GetConfig().LDAPBaseDN = o.GetStringDefault("LDAP_BASEDN", "dc=example,dc=com")
|
||||
conf.GetConfig().LDAPRoleBaseDN = o.GetStringDefault("LDAP_ROLE_BASEDN", "ou=AppRoles,dc=example,dc=com")
|
||||
err := generateSelfPeer()
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
generateRole()
|
||||
discovery()
|
||||
go generateSelfPeer()
|
||||
go generateRole()
|
||||
go discovery()
|
||||
beego.BConfig.Listen.HTTPPort = o.GetIntDefault("port", 8080)
|
||||
beego.InsertFilter("*", beego.BeforeRouter, cors.Allow(&cors.Options{
|
||||
AllowAllOrigins: true,
|
||||
AllowMethods: []string{"GET", "POST", "PUT", "DELETE", "OPTIONS"},
|
||||
@@ -80,22 +81,29 @@ func generateRole() {
|
||||
if conf.GetConfig().SourceMode == "ldap" {
|
||||
ldap := auth_connectors.New()
|
||||
roles, err := ldap.GetRoles(context.Background())
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
fmt.Println("ROLE", roles)
|
||||
for _, role := range roles {
|
||||
for r, m := range role.Members {
|
||||
infrastructure.GetPermissionConnector("").CreateRole(r)
|
||||
for _, p := range m {
|
||||
infrastructure.GetPermissionConnector("").BindRole(r, p)
|
||||
if err == nil {
|
||||
fmt.Println("ROLE", roles)
|
||||
for _, role := range roles {
|
||||
for r, m := range role.Members {
|
||||
infrastructure.GetPermissionConnector("").CreateRole(r)
|
||||
for _, p := range m {
|
||||
infrastructure.GetPermissionConnector("").BindRole(r, p)
|
||||
}
|
||||
}
|
||||
}
|
||||
} else {
|
||||
time.Sleep(10 * time.Second) // Pause execution for 10 seconds
|
||||
generateRole()
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func generateSelfPeer() error {
|
||||
defer func() {
|
||||
if r := recover(); r != nil {
|
||||
fmt.Println("Recovered in f", r)
|
||||
}
|
||||
}()
|
||||
// TODO check if files at private & public path are set
|
||||
// check if files at private & public path are set
|
||||
if _, err := os.Stat(conf.GetConfig().PrivateKeyPath); errors.Is(err, os.ErrNotExist) {
|
||||
@@ -127,21 +135,34 @@ func generateSelfPeer() error {
|
||||
AbstractObject: utils.AbstractObject{
|
||||
Name: o.GetStringDefault("NAME", "local"),
|
||||
},
|
||||
PublicKey: file,
|
||||
State: peer.SELF,
|
||||
PublicKey: file,
|
||||
State: peer.SELF,
|
||||
WalletAddress: "my-wallet",
|
||||
}
|
||||
data := oclib.NewRequest(oclib.LibDataEnum(oclib.PEER), "", "", []string{}, nil).StoreOne(peer.Serialize(peer))
|
||||
if data.Err != "" {
|
||||
time.Sleep(10 * time.Second) // Pause execution for 10 seconds
|
||||
generateSelfPeer()
|
||||
return errors.New(data.Err)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func discovery() {
|
||||
defer func() {
|
||||
if r := recover(); r != nil {
|
||||
fmt.Println("Recovered in f", r)
|
||||
}
|
||||
}()
|
||||
api := tools.API{}
|
||||
conn := infrastructure.GetPermissionConnector("")
|
||||
|
||||
conn.CreateRole(conf.GetConfig().AdminRole)
|
||||
fmt.Println("AdminRole", conn, conf.GetConfig().PermissionConnectorWriteHost)
|
||||
_, _, err := conn.CreateRole(conf.GetConfig().AdminRole)
|
||||
if err != nil {
|
||||
time.Sleep(10 * time.Second) // Pause execution for 10 seconds
|
||||
discovery()
|
||||
return
|
||||
}
|
||||
conn.BindRole(conf.GetConfig().AdminRole, "admin")
|
||||
addPermissions := func(m map[string]interface{}) {
|
||||
for k, v := range m {
|
||||
|
||||
Reference in New Issue
Block a user