2022-05-09 19:09:24 +00:00
|
|
|
/*
|
|
|
|
Copyright 2017-2022 CAcert Inc.
|
|
|
|
SPDX-License-Identifier: Apache-2.0
|
|
|
|
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
you may not use this file except in compliance with the License.
|
|
|
|
You may obtain a copy of the License at
|
|
|
|
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
See the License for the specific language governing permissions and
|
|
|
|
limitations under the License.
|
|
|
|
*/
|
|
|
|
|
|
|
|
package main
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
|
|
|
"encoding/base64"
|
|
|
|
"errors"
|
|
|
|
"fmt"
|
|
|
|
"io/ioutil"
|
2022-05-15 18:10:49 +00:00
|
|
|
"time"
|
2022-05-09 19:09:24 +00:00
|
|
|
|
|
|
|
"github.com/gorilla/sessions"
|
|
|
|
"gopkg.in/yaml.v2"
|
|
|
|
)
|
|
|
|
|
|
|
|
const (
|
|
|
|
cookieSecretMinLen = 32
|
|
|
|
csrfKeyLength = 32
|
2022-05-15 18:10:49 +00:00
|
|
|
httpIdleTimeout = 5 * time.Second
|
|
|
|
httpReadHeaderTimeout = 10 * time.Second
|
|
|
|
httpReadTimeout = 10 * time.Second
|
|
|
|
httpWriteTimeout = 60 * time.Second
|
2022-05-09 19:09:24 +00:00
|
|
|
sessionCookieName = "votesession"
|
|
|
|
)
|
|
|
|
|
2022-05-15 18:10:49 +00:00
|
|
|
type mailConfig struct {
|
|
|
|
SMTPHost string `yaml:"host"`
|
|
|
|
SMTPPort int `yaml:"port"`
|
2022-05-09 19:09:24 +00:00
|
|
|
NotificationSenderAddress string `yaml:"notification_sender_address"`
|
2022-05-21 11:51:17 +00:00
|
|
|
NoticeMailAddress string `yaml:"notice_mail_address"`
|
|
|
|
VoteNoticeMailAddress string `yaml:"vote_notice_mail_address"`
|
2022-05-15 18:10:49 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
type httpTimeoutConfig struct {
|
|
|
|
Idle time.Duration `yaml:"idle,omitempty"`
|
|
|
|
Read time.Duration `yaml:"read,omitempty"`
|
|
|
|
ReadHeader time.Duration `yaml:"read_header,omitempty"`
|
|
|
|
Write time.Duration `yaml:"write,omitempty"`
|
|
|
|
}
|
|
|
|
|
|
|
|
type Config struct {
|
2022-05-21 11:51:17 +00:00
|
|
|
DatabaseFile string `yaml:"database_file"`
|
|
|
|
ClientCACertificates string `yaml:"client_ca_certificates"`
|
|
|
|
ServerCert string `yaml:"server_certificate"`
|
|
|
|
ServerKey string `yaml:"server_key"`
|
|
|
|
CookieSecret string `yaml:"cookie_secret"`
|
|
|
|
CsrfKey string `yaml:"csrf_key"`
|
|
|
|
BaseURL string `yaml:"base_url"`
|
|
|
|
HTTPAddress string `yaml:"http_address,omitempty"`
|
|
|
|
HTTPSAddress string `yaml:"https_address,omitempty"`
|
|
|
|
MailConfig *mailConfig `yaml:"mail_server"`
|
|
|
|
Timeouts *httpTimeoutConfig `yaml:"timeouts,omitempty"`
|
2022-05-09 19:09:24 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
type configKey int
|
|
|
|
|
|
|
|
const (
|
|
|
|
ctxConfig configKey = iota
|
|
|
|
ctxCookieStore
|
|
|
|
)
|
|
|
|
|
|
|
|
func parseConfig(ctx context.Context, configFile string) (context.Context, error) {
|
|
|
|
source, err := ioutil.ReadFile(configFile)
|
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("could not read configuration file %s: %w", configFile, err)
|
|
|
|
}
|
|
|
|
|
|
|
|
config := &Config{
|
|
|
|
HTTPAddress: "127.0.0.1:8000",
|
2022-05-22 09:02:37 +00:00
|
|
|
HTTPSAddress: "127.0.0.1:8443",
|
2022-05-21 11:51:17 +00:00
|
|
|
Timeouts: &httpTimeoutConfig{
|
2022-05-15 18:10:49 +00:00
|
|
|
Idle: httpIdleTimeout,
|
|
|
|
ReadHeader: httpReadHeaderTimeout,
|
|
|
|
Read: httpReadTimeout,
|
|
|
|
Write: httpWriteTimeout,
|
|
|
|
},
|
2022-05-09 19:09:24 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if err := yaml.Unmarshal(source, config); err != nil {
|
|
|
|
return nil, fmt.Errorf("could not parse configuration: %w", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
cookieSecret, err := base64.StdEncoding.DecodeString(config.CookieSecret)
|
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("could not decode cookie secret: %w", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
if len(cookieSecret) < cookieSecretMinLen {
|
|
|
|
return nil, fmt.Errorf("cookie secret is less than the minimum require %d bytes long", cookieSecretMinLen)
|
|
|
|
}
|
|
|
|
|
|
|
|
csrfKey, err := base64.StdEncoding.DecodeString(config.CsrfKey)
|
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("could not decode CSRF key: %w", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
if len(csrfKey) != csrfKeyLength {
|
|
|
|
return nil, fmt.Errorf("CSRF key must be exactly %d bytes long but is %d bytes long", csrfKeyLength, len(csrfKey))
|
|
|
|
}
|
|
|
|
|
|
|
|
cookieStore := sessions.NewCookieStore(cookieSecret)
|
|
|
|
cookieStore.Options.Secure = true
|
|
|
|
|
|
|
|
ctx = context.WithValue(ctx, ctxConfig, config)
|
|
|
|
ctx = context.WithValue(ctx, ctxCookieStore, cookieStore)
|
|
|
|
|
|
|
|
return ctx, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func GetConfig(ctx context.Context) (*Config, error) {
|
|
|
|
config, ok := ctx.Value(ctxConfig).(*Config)
|
|
|
|
if !ok {
|
|
|
|
return nil, errors.New("invalid value type for config in context")
|
|
|
|
}
|
|
|
|
|
|
|
|
return config, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func GetCookieStore(ctx context.Context) (*sessions.CookieStore, error) {
|
|
|
|
cookieStore, ok := ctx.Value(ctxConfig).(*sessions.CookieStore)
|
|
|
|
if !ok {
|
|
|
|
return nil, errors.New("invalid value type for cookie store in context")
|
|
|
|
}
|
|
|
|
|
|
|
|
return cookieStore, nil
|
|
|
|
}
|