Oc Auth x Hydra x LDAP : draft of claims enrich for traefik + draft of forwarding

2024-10-28 14:58:11 +01:00
parent 05c4aab72a
commit 7198c40d30
37 changed files with 4181 additions and 610 deletions
--- a/main.go
+++ b/main.go
@@ -1,41 +1,60 @@
 package main

 import (
+	"fmt"
 	"oc-auth/conf"
+	"oc-auth/infrastructure"
 	_ "oc-auth/routers"

 	oclib "cloud.o-forge.io/core/oc-lib"
+	"cloud.o-forge.io/core/oc-lib/tools"
 	beego "github.com/beego/beego/v2/server/web"
 )

 const appname = "oc-auth"

+// @securityDefinitions.apikey Bearer
+// @in header
+// @name Authorization
+// @description Type "Bearer" followed by a space and JWT token.
 func main() {
 	// Init the oc-lib
 	oclib.Init(appname)
-
 	// Load the right config file
 	o := oclib.GetConfLoader()

-	conf.GetConfig().NatsUrl = o.GetStringDefault("natsurl", "http://localhost:4080")
-	conf.GetConfig().NatsLogin = o.GetStringDefault("natslogin", "admin")
-	conf.GetConfig().NatsPassword = o.GetStringDefault("natspassword", "admin")
-	conf.GetConfig().OidcUrl = o.GetStringDefault("oidcurl", "admin")
+	conf.GetConfig().PVKPath = o.GetStringDefault("PVK_PATH", "./pvk.pem")
+	conf.GetConfig().ClientSecret = o.GetStringDefault("CLIENT_SECRET", "oc-auth-got-secret")

-	// feed the library with the loaded config
-	oclib.SetConfig(
-		o.GetStringDefault("MONGO_URL", "mongodb://127.0.0.1:27017"),
-		o.GetStringDefault("MONGO_DATABASE", "DC_myDC"),
-		"",
-		o.GetStringDefault("lokiurl", ""),
-		o.GetStringDefault("loglevel", "info"),
-	)
-	// Beego init
-	beego.BConfig.AppName = appname
-	beego.BConfig.Listen.HTTPPort = o.GetIntDefault("port", 8080)
-	beego.BConfig.WebConfig.DirectoryIndex = true
-	beego.BConfig.WebConfig.StaticDir["/swagger"] = "swagger"
+	conf.GetConfig().Auth = o.GetStringDefault("AUTH", "hydra")
+	conf.GetConfig().AuthConnectorHost = o.GetStringDefault("AUTH_CONNECTOR_HOST", "localhost")
+	conf.GetConfig().AuthConnectorPort = o.GetIntDefault("AUTH_CONNECTOR_PORT", 4444)
+	conf.GetConfig().AuthConnectorAdminPort = o.GetIntDefault("AUTH_CONNECTOR_ADMIN_PORT", 4445)
+	conf.GetConfig().PermissionConnectorHost = o.GetStringDefault("PERMISSION_CONNECTOR_HOST", "keto")
+	conf.GetConfig().PermissionConnectorPort = o.GetIntDefault("PERMISSION_CONNECTOR_PORT", 4466)
+	conf.GetConfig().PermissionConnectorAdminPort = o.GetIntDefault("PERMISSION_CONNECTOR_ADMIN_PORT", 4467)

+	// config LDAP
+	conf.GetConfig().LDAPEndpoints = o.GetStringDefault("LDAP_ENDPOINTS", "ldap:389")
+	conf.GetConfig().LDAPBindDN = o.GetStringDefault("LDAP_BINDDN", "cn=admin,dc=example,dc=com")
+	conf.GetConfig().LDAPBindPW = o.GetStringDefault("LDAP_BINDPW", "password")
+	conf.GetConfig().LDAPBaseDN = o.GetStringDefault("LDAP_BASEDN", "dc=example,dc=com")
+	conf.GetConfig().LDAPRoleBaseDN = o.GetStringDefault("LDAP_ROLE_BASEDN", "ou=AppRoles,dc=example,dc=com")
+
+	Discovery()
 	beego.Run()
-
+}
+func Discovery() {
+	fmt.Println("Discovered")
+	api := tools.API{}
+	addPermissions := func(m map[string]interface{}) {
+		conn := infrastructure.GetPermissionConnector()
+		for k, v := range m {
+			for _, p := range v.([]interface{}) {
+				conn.CreatePermission(k, p.(string), true)
+			}
+		}
+	}
+	api.ListenRouter(addPermissions)
+	tools.NewNATSCaller().SetNATSPub("api", tools.DISCOVERY, map[string]interface{}{})
 }