oc-auth/main.go

package main

import (
	"errors"
	"fmt"
	"oc-auth/conf"
	"oc-auth/infrastructure"
	_ "oc-auth/routers"
	"os"
	"strconv"
	"strings"

	oclib "cloud.o-forge.io/core/oc-lib"
	peer "cloud.o-forge.io/core/oc-lib/models/peer"
	"cloud.o-forge.io/core/oc-lib/models/utils"
	"cloud.o-forge.io/core/oc-lib/tools"
	beego "github.com/beego/beego/v2/server/web"
)

const appname = "oc-auth"

// @securityDefinitions.apikey Bearer
// @in header
// @name Authorization
// @description Type "Bearer" followed by a space and JWT token.
func main() {
	// Init the oc-lib
	oclib.Init(appname)
	// Load the right config file
	o := oclib.GetConfLoader()

	conf.GetConfig().AdminRole = o.GetStringDefault("ADMIN_ROLE", "admin")
	conf.GetConfig().PublicKeyPath = o.GetStringDefault("PUBLIC_KEY_PATH", "./pem/public.pem")
	conf.GetConfig().PrivateKeyPath = o.GetStringDefault("PRIVATE_KEY_PATH", "./pem/private.pem")
	conf.GetConfig().ClientSecret = o.GetStringDefault("CLIENT_SECRET", "oc-auth-got-secret")

	conf.GetConfig().Auth = o.GetStringDefault("AUTH", "hydra")
	conf.GetConfig().AuthConnectorHost = o.GetStringDefault("AUTH_CONNECTOR_HOST", "localhost")
	conf.GetConfig().AuthConnectorPort = o.GetIntDefault("AUTH_CONNECTOR_PORT", 4444)
	conf.GetConfig().AuthConnectorAdminPort = o.GetIntDefault("AUTH_CONNECTOR_ADMIN_PORT", 4445)
	conf.GetConfig().PermissionConnectorHost = o.GetStringDefault("PERMISSION_CONNECTOR_HOST", "keto")
	conf.GetConfig().PermissionConnectorPort = o.GetIntDefault("PERMISSION_CONNECTOR_PORT", 4466)
	conf.GetConfig().PermissionConnectorAdminPort = o.GetIntDefault("PERMISSION_CONNECTOR_ADMIN_PORT", 4467)

	// config LDAP
	conf.GetConfig().LDAPEndpoints = o.GetStringDefault("LDAP_ENDPOINTS", "ldap:389")
	conf.GetConfig().LDAPBindDN = o.GetStringDefault("LDAP_BINDDN", "cn=admin,dc=example,dc=com")
	conf.GetConfig().LDAPBindPW = o.GetStringDefault("LDAP_BINDPW", "password")
	conf.GetConfig().LDAPBaseDN = o.GetStringDefault("LDAP_BASEDN", "dc=example,dc=com")
	conf.GetConfig().LDAPRoleBaseDN = o.GetStringDefault("LDAP_ROLE_BASEDN", "ou=AppRoles,dc=example,dc=com")
	err := generateSelfPeer()
	if err != nil {
		panic(err)
	}
	discovery()
	beego.Run()
}

func generateSelfPeer() error {
	// TODO check if files at private & public path are set
	// check if files at private & public path are set
	if _, err := os.Stat(conf.GetConfig().PrivateKeyPath); errors.Is(err, os.ErrNotExist) {
		return errors.New("private key path does not exist")
	}
	if _, err := os.Stat(conf.GetConfig().PublicKeyPath); errors.Is(err, os.ErrNotExist) {
		return errors.New("public key path does not exist")
	}
	// check if peer already exists
	p := oclib.Search(nil, strconv.Itoa(peer.SELF.EnumIndex()), oclib.LibDataEnum(oclib.PEER))
	if len(p.Data) > 0 {
		// check public key with the one in the database
		f, err := os.ReadFile(conf.GetConfig().PublicKeyPath)
		if err != nil {
			return err
		}
		// compare the public key from file with the one in the database
		if !strings.Contains(string(f), p.Data[0].(*peer.Peer).PublicKey) {
			return errors.New("public key is different from the one in the database")
		}
		return nil
	}
	// create a new peer
	o := oclib.GetConfLoader()
	peer := &peer.Peer{
		Url: o.GetStringDefault("HOSTNAME", "http://localhost"),
		AbstractObject: utils.AbstractObject{
			Name: o.GetStringDefault("NAME", "local"),
		},
		PublicKey: conf.GetConfig().PublicKeyPath,
		State:     peer.SELF,
	}
	data := oclib.StoreOne(oclib.LibDataEnum(oclib.PEER), peer.Serialize())
	if data.Err != "" {
		return errors.New(data.Err)
	}
	return nil
}

func discovery() {
	fmt.Println("Discovered")
	api := tools.API{}
	conn := infrastructure.GetPermissionConnector()

	conn.CreateRole(conf.GetConfig().AdminRole)
	conn.BindRole(conf.GetConfig().AdminRole, "admin")
	addPermissions := func(m map[string]interface{}) {
		for k, v := range m {
			for _, p := range v.([]interface{}) {
				conn.CreatePermission(k, p.(string), true)
			}
		}
	}
	api.ListenRouter(addPermissions)
	tools.NewNATSCaller().SetNATSPub("api", tools.DISCOVERY, map[string]interface{}{})
}