126 lines
3.6 KiB
Go
126 lines
3.6 KiB
Go
|
/*
|
||
|
Copyright 2017-2022 CAcert Inc.
|
||
|
SPDX-License-Identifier: Apache-2.0
|
||
|
|
||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||
|
you may not use this file except in compliance with the License.
|
||
|
You may obtain a copy of the License at
|
||
|
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||
|
|
||
|
Unless required by applicable law or agreed to in writing, software
|
||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||
|
See the License for the specific language governing permissions and
|
||
|
limitations under the License.
|
||
|
*/
|
||
|
|
||
|
package main
|
||
|
|
||
|
import (
|
||
|
"context"
|
||
|
"encoding/base64"
|
||
|
"errors"
|
||
|
"fmt"
|
||
|
"io/ioutil"
|
||
|
|
||
|
"github.com/gorilla/sessions"
|
||
|
"gopkg.in/yaml.v2"
|
||
|
)
|
||
|
|
||
|
const (
|
||
|
cookieSecretMinLen = 32
|
||
|
csrfKeyLength = 32
|
||
|
httpIdleTimeout = 5
|
||
|
httpReadHeaderTimeout = 10
|
||
|
httpReadTimeout = 10
|
||
|
httpWriteTimeout = 60
|
||
|
sessionCookieName = "votesession"
|
||
|
)
|
||
|
|
||
|
type Config struct {
|
||
|
NoticeMailAddress string `yaml:"notice_mail_address"`
|
||
|
VoteNoticeMailAddress string `yaml:"vote_notice_mail_address"`
|
||
|
NotificationSenderAddress string `yaml:"notification_sender_address"`
|
||
|
DatabaseFile string `yaml:"database_file"`
|
||
|
ClientCACertificates string `yaml:"client_ca_certificates"`
|
||
|
ServerCert string `yaml:"server_certificate"`
|
||
|
ServerKey string `yaml:"server_key"`
|
||
|
CookieSecret string `yaml:"cookie_secret"`
|
||
|
CsrfKey string `yaml:"csrf_key"`
|
||
|
BaseURL string `yaml:"base_url"`
|
||
|
HTTPAddress string `yaml:"http_address,omitempty"`
|
||
|
HTTPSAddress string `yaml:"https_address,omitempty"`
|
||
|
MailServer struct {
|
||
|
Host string `yaml:"host"`
|
||
|
Port int `yaml:"port"`
|
||
|
} `yaml:"mail_server"`
|
||
|
}
|
||
|
|
||
|
type configKey int
|
||
|
|
||
|
const (
|
||
|
ctxConfig configKey = iota
|
||
|
ctxCookieStore
|
||
|
)
|
||
|
|
||
|
func parseConfig(ctx context.Context, configFile string) (context.Context, error) {
|
||
|
source, err := ioutil.ReadFile(configFile)
|
||
|
if err != nil {
|
||
|
return nil, fmt.Errorf("could not read configuration file %s: %w", configFile, err)
|
||
|
}
|
||
|
|
||
|
config := &Config{
|
||
|
HTTPAddress: "127.0.0.1:8000",
|
||
|
HTTPSAddress: "127.0.0.1:8433",
|
||
|
}
|
||
|
|
||
|
if err := yaml.Unmarshal(source, config); err != nil {
|
||
|
return nil, fmt.Errorf("could not parse configuration: %w", err)
|
||
|
}
|
||
|
|
||
|
cookieSecret, err := base64.StdEncoding.DecodeString(config.CookieSecret)
|
||
|
if err != nil {
|
||
|
return nil, fmt.Errorf("could not decode cookie secret: %w", err)
|
||
|
}
|
||
|
|
||
|
if len(cookieSecret) < cookieSecretMinLen {
|
||
|
return nil, fmt.Errorf("cookie secret is less than the minimum require %d bytes long", cookieSecretMinLen)
|
||
|
}
|
||
|
|
||
|
csrfKey, err := base64.StdEncoding.DecodeString(config.CsrfKey)
|
||
|
if err != nil {
|
||
|
return nil, fmt.Errorf("could not decode CSRF key: %w", err)
|
||
|
}
|
||
|
|
||
|
if len(csrfKey) != csrfKeyLength {
|
||
|
return nil, fmt.Errorf("CSRF key must be exactly %d bytes long but is %d bytes long", csrfKeyLength, len(csrfKey))
|
||
|
}
|
||
|
|
||
|
cookieStore := sessions.NewCookieStore(cookieSecret)
|
||
|
cookieStore.Options.Secure = true
|
||
|
|
||
|
ctx = context.WithValue(ctx, ctxConfig, config)
|
||
|
ctx = context.WithValue(ctx, ctxCookieStore, cookieStore)
|
||
|
|
||
|
return ctx, nil
|
||
|
}
|
||
|
|
||
|
func GetConfig(ctx context.Context) (*Config, error) {
|
||
|
config, ok := ctx.Value(ctxConfig).(*Config)
|
||
|
if !ok {
|
||
|
return nil, errors.New("invalid value type for config in context")
|
||
|
}
|
||
|
|
||
|
return config, nil
|
||
|
}
|
||
|
|
||
|
func GetCookieStore(ctx context.Context) (*sessions.CookieStore, error) {
|
||
|
cookieStore, ok := ctx.Value(ctxConfig).(*sessions.CookieStore)
|
||
|
if !ok {
|
||
|
return nil, errors.New("invalid value type for cookie store in context")
|
||
|
}
|
||
|
|
||
|
return cookieStore, nil
|
||
|
}
|