From e2ff98094b8196c8250ddddaa0da89e367a1e4b4 Mon Sep 17 00:00:00 2001 From: Arnaud Delcasse Date: Mon, 7 Nov 2022 01:35:06 +0100 Subject: [PATCH] Handle HTTP/HTTPS protocol depending on dev env or not --- Dockerfile | 29 +++++++++++++++++++ oidc-provider/endpoints_auth.go | 2 +- oidc-provider/endpoints_wellknown.go | 3 +- oidc-provider/oidc-provider.go | 7 +++++ oidc-provider/templates/parcoursmob/auth.html | 2 +- storage/etcd.go | 4 +++ 6 files changed, 44 insertions(+), 3 deletions(-) create mode 100644 Dockerfile diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..98c7cc1 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,29 @@ +FROM golang:alpine as builder + +ARG ACCESS_TOKEN_USR="nothing" +ARG ACCESS_TOKEN_PWD="nothing" + +RUN apk add --no-cache ca-certificates tzdata + +WORKDIR / + +# Create a netrc file using the credentials specified using --build-arg +RUN printf "machine git.coopgo.io\n\ + login ${ACCESS_TOKEN_USR}\n\ + password ${ACCESS_TOKEN_PWD}\n"\ + >> ~/.netrc +RUN chmod 600 ~/.netrc + +COPY . . + +RUN go mod download && CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o /server + +FROM scratch +COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ +COPY --from=builder /usr/share/zoneinfo /usr/share/zoneinfo +COPY --from=builder /server / +COPY --from=builder /oidc-provider/templates /oidc-provider/templates + +EXPOSE 8080 +EXPOSE 80 +ENTRYPOINT ["/server"] diff --git a/oidc-provider/endpoints_auth.go b/oidc-provider/endpoints_auth.go index 1330f53..5767832 100644 --- a/oidc-provider/endpoints_auth.go +++ b/oidc-provider/endpoints_auth.go @@ -50,7 +50,7 @@ func (op *OIDCHandler) AuthEndpoint(w http.ResponseWriter, r *http.Request) { sessionData := &openid.DefaultSession{ Claims: &jwt.IDTokenClaims{ - Issuer: fmt.Sprintf("http://%s/%s", r.Host, namespace), + Issuer: fmt.Sprintf("%s://%s/%s", op.Protocol, r.Host, namespace), Subject: account.ID, Audience: []string{}, ExpiresAt: time.Now().Add(time.Hour * 30), diff --git a/oidc-provider/endpoints_wellknown.go b/oidc-provider/endpoints_wellknown.go index b8bc413..48142fc 100644 --- a/oidc-provider/endpoints_wellknown.go +++ b/oidc-provider/endpoints_wellknown.go @@ -14,7 +14,8 @@ func (op *OIDCHandler) WellKnownOIDCEndpoint(w http.ResponseWriter, r *http.Requ var ( host = r.Host namespace = mux.Vars(r)["namespace"] - issuer = fmt.Sprintf("http://%s/%s", host, namespace) + protocol = op.Protocol + issuer = fmt.Sprintf("%s://%s/%s", protocol, host, namespace) ) response := map[string]any{ diff --git a/oidc-provider/oidc-provider.go b/oidc-provider/oidc-provider.go index 5f065a8..79cd6be 100644 --- a/oidc-provider/oidc-provider.go +++ b/oidc-provider/oidc-provider.go @@ -45,6 +45,7 @@ type OIDCHandler struct { NamespaceProviders map[string]fosite.OAuth2Provider config OIDCConfig handler handlers.MobilityAccountsHandler + Protocol string //HTTP (dev env) or HTTPS PrivateKey *rsa.PrivateKey } @@ -66,10 +67,16 @@ func NewOIDCHandler(h handlers.MobilityAccountsHandler, storage storage.Storage, providers[c.Namespace] = np } + protocol := "https" + if config.GetBool("dev_env") { + protocol = "http" + } + return &OIDCHandler{ config: oidc_config, handler: h, NamespaceProviders: providers, + Protocol: protocol, PrivateKey: privateKey, } } diff --git a/oidc-provider/templates/parcoursmob/auth.html b/oidc-provider/templates/parcoursmob/auth.html index 4f8000f..7af320b 100644 --- a/oidc-provider/templates/parcoursmob/auth.html +++ b/oidc-provider/templates/parcoursmob/auth.html @@ -2,7 +2,7 @@ PARCOURSMOB - Identification - +
diff --git a/storage/etcd.go b/storage/etcd.go index 3d2c036..a4b5329 100644 --- a/storage/etcd.go +++ b/storage/etcd.go @@ -20,10 +20,14 @@ func NewEtcdKVStore(cfg *viper.Viper) (EtcdKVStore, error) { var ( endpoints = cfg.GetStringSlice("storage.kv.etcd.endpoints") prefix = cfg.GetString("storage.kv.etcd.prefix") + username = cfg.GetString("storage.kv.etcd.username") + password = cfg.GetString("storage.kv.etcd.password") ) cli, err := clientv3.New(clientv3.Config{ Endpoints: endpoints, + Username: username, + Password: password, DialTimeout: 5 * time.Second, }) if err != nil {