Initial OIDC resource app
- copied/stripped down from https://git.dittberner.info/jan/hydra_oidc_poc
This commit is contained in:
parent
4b852dee3f
commit
3bb3b2db0c
24 changed files with 2083 additions and 3 deletions
4
.gitignore
vendored
4
.gitignore
vendored
|
@ -1,3 +1,5 @@
|
||||||
.idea/
|
.idea/
|
||||||
|
/sessions
|
||||||
|
/static
|
||||||
certs/
|
certs/
|
||||||
resource_app.toml
|
resource_app.toml
|
|
@ -68,7 +68,7 @@ enc-key = "<32 bytes of base64 encoded data>"
|
||||||
Now you can start the demo application:
|
Now you can start the demo application:
|
||||||
|
|
||||||
```
|
```
|
||||||
go run cmd/app/main.go
|
go run cmd/app.go
|
||||||
```
|
```
|
||||||
|
|
||||||
Visit https://app.cacert.localhost:4000/ in a Browser and you will be directed
|
Visit https://app.cacert.localhost:4000/ in a Browser and you will be directed
|
||||||
|
@ -106,4 +106,4 @@ goi18n merge active.*.toml translate.*.toml
|
||||||
|
|
||||||
to merge the messages back into the active translation files. To add a new
|
to merge the messages back into the active translation files. To add a new
|
||||||
language you need to add the language code to the languages configuration
|
language you need to add the language code to the languages configuration
|
||||||
option (default is defined in the configmap in cmd/app/main.go).
|
option (default is defined in the configmap in cmd/app.go).
|
||||||
|
|
20
active.de.toml
Normal file
20
active.de.toml
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
[ErrorTitle]
|
||||||
|
hash = "sha1-736aec25a98f5ec5b71400bb0163f891f509b566"
|
||||||
|
other = "Es ist ein Fehler aufgetreten"
|
||||||
|
|
||||||
|
[IndexGreeting]
|
||||||
|
hash = "sha1-d4a13058e497fa24143ea96d50d82b818455ef61"
|
||||||
|
other = "Hallo {{ .User }}"
|
||||||
|
|
||||||
|
[IndexIntroductionText]
|
||||||
|
hash = "sha1-c2c530e263fc9c38482338ed290aafb496794179"
|
||||||
|
other = "Das ist eine zugriffsgeschützte Resource"
|
||||||
|
|
||||||
|
[IndexTitle]
|
||||||
|
hash = "sha1-eccb2b889c068d3f25496c1dad3fb0f88d021bd9"
|
||||||
|
other = "Willkommen in der Demo-Anwendung"
|
||||||
|
|
||||||
|
[LogoutLabel]
|
||||||
|
description = "A label on a logout button or link"
|
||||||
|
hash = "sha1-8acfdeb9a8286f00c8e5dd48471cfdc994807579"
|
||||||
|
other = "Ausloggen"
|
8
active.en.toml
Normal file
8
active.en.toml
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
ErrorTitle = "An error has occurred"
|
||||||
|
IndexGreeting = "Hello {{ .User }}"
|
||||||
|
IndexIntroductionText = "This is an authorization protected resource"
|
||||||
|
IndexTitle = "Welcome to the Demo application"
|
||||||
|
|
||||||
|
[LogoutLabel]
|
||||||
|
description = "A label on a logout button or link"
|
||||||
|
other = "Logout"
|
175
cmd/app.go
Normal file
175
cmd/app.go
Normal file
|
@ -0,0 +1,175 @@
|
||||||
|
/*
|
||||||
|
Copyright 2020, 2021 Jan Dittberner
|
||||||
|
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package main
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"crypto/tls"
|
||||||
|
"crypto/x509"
|
||||||
|
"encoding/base64"
|
||||||
|
"fmt"
|
||||||
|
"io/ioutil"
|
||||||
|
"net/http"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"github.com/knadh/koanf/parsers/toml"
|
||||||
|
"github.com/knadh/koanf/providers/confmap"
|
||||||
|
log "github.com/sirupsen/logrus"
|
||||||
|
|
||||||
|
"git.cacert.org/oidc_demo_app/handlers"
|
||||||
|
"git.cacert.org/oidc_demo_app/services"
|
||||||
|
)
|
||||||
|
|
||||||
|
func main() {
|
||||||
|
logger := log.New()
|
||||||
|
config, err := services.ConfigureApplication(
|
||||||
|
logger,
|
||||||
|
"RESOURCE_APP",
|
||||||
|
map[string]interface{}{
|
||||||
|
"server.port": 4000,
|
||||||
|
"server.name": "app.cacert.localhost",
|
||||||
|
"server.key": "certs/app.cacert.localhost.key",
|
||||||
|
"server.certificate": "certs/app.cacert.localhost.crt.pem",
|
||||||
|
"oidc.server": "https://auth.cacert.localhost:4444/",
|
||||||
|
"session.path": "sessions/app",
|
||||||
|
"i18n.languages": []string{"en", "de"},
|
||||||
|
})
|
||||||
|
if err != nil {
|
||||||
|
log.Fatalf("error loading configuration: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
oidcServer := config.MustString("oidc.server")
|
||||||
|
oidcClientId := config.MustString("oidc.client-id")
|
||||||
|
oidcClientSecret := config.MustString("oidc.client-secret")
|
||||||
|
|
||||||
|
ctx := context.Background()
|
||||||
|
ctx = services.InitI18n(ctx, logger, config.Strings("i18n.languages"))
|
||||||
|
services.AddMessages(ctx)
|
||||||
|
|
||||||
|
sessionPath := config.MustString("session.path")
|
||||||
|
sessionAuthKey, err := base64.StdEncoding.DecodeString(config.String("session.auth-key"))
|
||||||
|
if err != nil {
|
||||||
|
log.Fatalf("could not decode session auth key: %s", err)
|
||||||
|
}
|
||||||
|
sessionEncKey, err := base64.StdEncoding.DecodeString(config.String("session.enc-key"))
|
||||||
|
if err != nil {
|
||||||
|
log.Fatalf("could not decode session encryption key: %s", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
generated := false
|
||||||
|
if len(sessionAuthKey) != 64 {
|
||||||
|
sessionAuthKey = services.GenerateKey(64)
|
||||||
|
generated = true
|
||||||
|
}
|
||||||
|
if len(sessionEncKey) != 32 {
|
||||||
|
sessionEncKey = services.GenerateKey(32)
|
||||||
|
generated = true
|
||||||
|
}
|
||||||
|
|
||||||
|
if generated {
|
||||||
|
_ = config.Load(confmap.Provider(map[string]interface{}{
|
||||||
|
"session.auth-key": sessionAuthKey,
|
||||||
|
"session.enc-key": sessionEncKey,
|
||||||
|
}, "."), nil)
|
||||||
|
tomlData, err := config.Marshal(toml.Parser())
|
||||||
|
if err != nil {
|
||||||
|
log.Fatalf("could not encode session config")
|
||||||
|
}
|
||||||
|
log.Infof("put the following in your resource_app.toml:\n%s", string(tomlData))
|
||||||
|
}
|
||||||
|
|
||||||
|
tlsClientConfig := &tls.Config{
|
||||||
|
MinVersion: tls.VersionTLS12,
|
||||||
|
}
|
||||||
|
if config.Exists("api-client.rootCAs") {
|
||||||
|
rootCAFile := config.MustString("api-client.rootCAs")
|
||||||
|
caCertPool := x509.NewCertPool()
|
||||||
|
pemBytes, err := ioutil.ReadFile(rootCAFile)
|
||||||
|
if err != nil {
|
||||||
|
log.Fatalf("could not read CA certificate file: %v", err)
|
||||||
|
}
|
||||||
|
caCertPool.AppendCertsFromPEM(pemBytes)
|
||||||
|
tlsClientConfig.RootCAs = caCertPool
|
||||||
|
}
|
||||||
|
|
||||||
|
apiTransport := &http.Transport{TLSClientConfig: tlsClientConfig}
|
||||||
|
apiClient := &http.Client{Transport: apiTransport}
|
||||||
|
|
||||||
|
if ctx, err = services.DiscoverOIDC(ctx, logger, &services.OidcParams{
|
||||||
|
OidcServer: oidcServer,
|
||||||
|
OidcClientId: oidcClientId,
|
||||||
|
OidcClientSecret: oidcClientSecret,
|
||||||
|
APIClient: apiClient,
|
||||||
|
}); err != nil {
|
||||||
|
log.Fatalf("OpenID Connect discovery failed: %s", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
services.InitSessionStore(logger, sessionPath, sessionAuthKey, sessionEncKey)
|
||||||
|
|
||||||
|
authMiddleware := handlers.Authenticate(ctx, logger, oidcClientId)
|
||||||
|
|
||||||
|
serverAddr := fmt.Sprintf("%s:%d", config.String("server.name"), config.Int("server.port"))
|
||||||
|
|
||||||
|
indexHandler, err := handlers.NewIndexHandler(ctx, serverAddr)
|
||||||
|
if err != nil {
|
||||||
|
logger.Fatalf("could not initialize index handler: %v", err)
|
||||||
|
}
|
||||||
|
callbackHandler := handlers.NewCallbackHandler(ctx, logger)
|
||||||
|
afterLogoutHandler := handlers.NewAfterLogoutHandler(logger)
|
||||||
|
staticFiles := http.FileServer(http.Dir("static"))
|
||||||
|
|
||||||
|
router := http.NewServeMux()
|
||||||
|
router.Handle("/", authMiddleware(indexHandler))
|
||||||
|
router.Handle("/callback", callbackHandler)
|
||||||
|
router.Handle("/after-logout", afterLogoutHandler)
|
||||||
|
router.Handle("/health", handlers.NewHealthHandler())
|
||||||
|
router.Handle("/images/", staticFiles)
|
||||||
|
router.Handle("/css/", staticFiles)
|
||||||
|
router.Handle("/js/", staticFiles)
|
||||||
|
|
||||||
|
nextRequestId := func() string {
|
||||||
|
return fmt.Sprintf("%d", time.Now().UnixNano())
|
||||||
|
}
|
||||||
|
|
||||||
|
tracing := handlers.Tracing(nextRequestId)
|
||||||
|
logging := handlers.Logging(logger)
|
||||||
|
hsts := handlers.EnableHSTS()
|
||||||
|
errorMiddleware, err := handlers.ErrorHandling(
|
||||||
|
ctx,
|
||||||
|
logger,
|
||||||
|
"templates",
|
||||||
|
)
|
||||||
|
if err != nil {
|
||||||
|
logger.Fatalf("could not initialize request error handling: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
tlsConfig := &tls.Config{
|
||||||
|
ServerName: config.String("server.name"),
|
||||||
|
MinVersion: tls.VersionTLS12,
|
||||||
|
}
|
||||||
|
server := &http.Server{
|
||||||
|
Addr: serverAddr,
|
||||||
|
Handler: tracing(logging(hsts(errorMiddleware(router)))),
|
||||||
|
ReadTimeout: 5 * time.Second,
|
||||||
|
WriteTimeout: 10 * time.Second,
|
||||||
|
IdleTimeout: 15 * time.Second,
|
||||||
|
TLSConfig: tlsConfig,
|
||||||
|
}
|
||||||
|
|
||||||
|
handlers.StartApplication(logger, ctx, server, config)
|
||||||
|
}
|
52
go.mod
52
go.mod
|
@ -1,3 +1,55 @@
|
||||||
module git.cacert.org/oidc_demo_app
|
module git.cacert.org/oidc_demo_app
|
||||||
|
|
||||||
go 1.17
|
go 1.17
|
||||||
|
|
||||||
|
require (
|
||||||
|
github.com/BurntSushi/toml v0.3.1
|
||||||
|
github.com/go-openapi/runtime v0.19.31
|
||||||
|
github.com/gorilla/sessions v1.2.1
|
||||||
|
github.com/knadh/koanf v1.2.3
|
||||||
|
github.com/lestrrat-go/jwx v1.2.6
|
||||||
|
github.com/nicksnyder/go-i18n/v2 v2.1.2
|
||||||
|
github.com/sirupsen/logrus v1.8.1
|
||||||
|
github.com/spf13/pflag v1.0.5
|
||||||
|
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be
|
||||||
|
golang.org/x/text v0.3.3
|
||||||
|
)
|
||||||
|
|
||||||
|
require (
|
||||||
|
github.com/PuerkitoBio/purell v1.1.1 // indirect
|
||||||
|
github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect
|
||||||
|
github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535 // indirect
|
||||||
|
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210816181553-5444fa50b93d // indirect
|
||||||
|
github.com/fsnotify/fsnotify v1.4.9 // indirect
|
||||||
|
github.com/go-openapi/analysis v0.19.10 // indirect
|
||||||
|
github.com/go-openapi/errors v0.19.6 // indirect
|
||||||
|
github.com/go-openapi/jsonpointer v0.19.3 // indirect
|
||||||
|
github.com/go-openapi/jsonreference v0.19.3 // indirect
|
||||||
|
github.com/go-openapi/loads v0.19.5 // indirect
|
||||||
|
github.com/go-openapi/spec v0.19.8 // indirect
|
||||||
|
github.com/go-openapi/strfmt v0.19.5 // indirect
|
||||||
|
github.com/go-openapi/swag v0.19.9 // indirect
|
||||||
|
github.com/go-openapi/validate v0.19.10 // indirect
|
||||||
|
github.com/go-stack/stack v1.8.0 // indirect
|
||||||
|
github.com/goccy/go-json v0.7.6 // indirect
|
||||||
|
github.com/golang/protobuf v1.3.1 // indirect
|
||||||
|
github.com/gorilla/securecookie v1.1.1 // indirect
|
||||||
|
github.com/lestrrat-go/backoff/v2 v2.0.8 // indirect
|
||||||
|
github.com/lestrrat-go/blackmagic v1.0.0 // indirect
|
||||||
|
github.com/lestrrat-go/httpcc v1.0.0 // indirect
|
||||||
|
github.com/lestrrat-go/iter v1.0.1 // indirect
|
||||||
|
github.com/lestrrat-go/option v1.0.0 // indirect
|
||||||
|
github.com/mailru/easyjson v0.7.1 // indirect
|
||||||
|
github.com/mitchellh/copystructure v1.2.0 // indirect
|
||||||
|
github.com/mitchellh/mapstructure v1.4.1 // indirect
|
||||||
|
github.com/mitchellh/reflectwalk v1.0.2 // indirect
|
||||||
|
github.com/opentracing/opentracing-go v1.2.0 // indirect
|
||||||
|
github.com/pelletier/go-toml v1.7.0 // indirect
|
||||||
|
github.com/pkg/errors v0.9.1 // indirect
|
||||||
|
go.mongodb.org/mongo-driver v1.3.4 // indirect
|
||||||
|
golang.org/x/crypto v0.0.0-20201217014255-9d1352758620 // indirect
|
||||||
|
golang.org/x/net v0.0.0-20201021035429-f5854403a974 // indirect
|
||||||
|
golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f // indirect
|
||||||
|
google.golang.org/appengine v1.4.0 // indirect
|
||||||
|
gopkg.in/yaml.v2 v2.3.0 // indirect
|
||||||
|
)
|
||||||
|
|
387
go.sum
Normal file
387
go.sum
Normal file
|
@ -0,0 +1,387 @@
|
||||||
|
cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
|
||||||
|
github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ=
|
||||||
|
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
|
||||||
|
github.com/PuerkitoBio/purell v1.1.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
|
||||||
|
github.com/PuerkitoBio/purell v1.1.1 h1:WEQqlqaGbrPkxLJWfBwQmfEAE1Z7ONdDLqrN38tNFfI=
|
||||||
|
github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
|
||||||
|
github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 h1:d+Bc7a5rLufV/sSk/8dngufqelfh6jnri85riMAaF/M=
|
||||||
|
github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
|
||||||
|
github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
|
||||||
|
github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
|
||||||
|
github.com/asaskevich/govalidator v0.0.0-20180720115003-f9ffefc3facf/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
|
||||||
|
github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
|
||||||
|
github.com/asaskevich/govalidator v0.0.0-20200108200545-475eaeb16496/go.mod h1:oGkLhpf+kjZl6xBf758TQhh5XrAeiJv/7FRz/2spLIg=
|
||||||
|
github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535 h1:4daAzAu0S6Vi7/lbWECcX0j45yZReDZ56BQsrVBOEEY=
|
||||||
|
github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535/go.mod h1:oGkLhpf+kjZl6xBf758TQhh5XrAeiJv/7FRz/2spLIg=
|
||||||
|
github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
|
||||||
|
github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
|
||||||
|
github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
|
||||||
|
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||||
|
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
|
||||||
|
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||||
|
github.com/decred/dcrd/crypto/blake256 v1.0.0/go.mod h1:sQl2p6Y26YV+ZOcSTP6thNdn47hh8kt6rqSlvmrXFAc=
|
||||||
|
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210816181553-5444fa50b93d h1:1iy2qD6JEhHKKhUOA9IWs7mjco7lnw2qx8FsRI2wirE=
|
||||||
|
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210816181553-5444fa50b93d/go.mod h1:tmAIfUFEirG/Y8jhZ9M+h36obRZAk/1fcSpXwAVlfqE=
|
||||||
|
github.com/docker/go-units v0.3.3/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
|
||||||
|
github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
|
||||||
|
github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
|
||||||
|
github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M=
|
||||||
|
github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4=
|
||||||
|
github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
|
||||||
|
github.com/globalsign/mgo v0.0.0-20180905125535-1ca0a4f7cbcb/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q=
|
||||||
|
github.com/globalsign/mgo v0.0.0-20181015135952-eeefdecb41b8/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q=
|
||||||
|
github.com/go-ldap/ldap v3.0.2+incompatible/go.mod h1:qfd9rJvER9Q0/D/Sqn1DfHRoBp40uXYvFoEVrNEPqRc=
|
||||||
|
github.com/go-openapi/analysis v0.0.0-20180825180245-b006789cd277/go.mod h1:k70tL6pCuVxPJOHXQ+wIac1FUrvNkHolPie/cLEU6hI=
|
||||||
|
github.com/go-openapi/analysis v0.17.0/go.mod h1:IowGgpVeD0vNm45So8nr+IcQ3pxVtpRoBWb8PVZO0ik=
|
||||||
|
github.com/go-openapi/analysis v0.18.0/go.mod h1:IowGgpVeD0vNm45So8nr+IcQ3pxVtpRoBWb8PVZO0ik=
|
||||||
|
github.com/go-openapi/analysis v0.19.2/go.mod h1:3P1osvZa9jKjb8ed2TPng3f0i/UY9snX6gxi44djMjk=
|
||||||
|
github.com/go-openapi/analysis v0.19.4/go.mod h1:3P1osvZa9jKjb8ed2TPng3f0i/UY9snX6gxi44djMjk=
|
||||||
|
github.com/go-openapi/analysis v0.19.5/go.mod h1:hkEAkxagaIvIP7VTn8ygJNkd4kAYON2rCu0v0ObL0AU=
|
||||||
|
github.com/go-openapi/analysis v0.19.10 h1:5BHISBAXOc/aJK25irLZnx2D3s6WyYaY9D4gmuz9fdE=
|
||||||
|
github.com/go-openapi/analysis v0.19.10/go.mod h1:qmhS3VNFxBlquFJ0RGoDtylO9y4pgTAUNE9AEEMdlJQ=
|
||||||
|
github.com/go-openapi/errors v0.17.0/go.mod h1:LcZQpmvG4wyF5j4IhA73wkLFQg+QJXOQHVjmcZxhka0=
|
||||||
|
github.com/go-openapi/errors v0.18.0/go.mod h1:LcZQpmvG4wyF5j4IhA73wkLFQg+QJXOQHVjmcZxhka0=
|
||||||
|
github.com/go-openapi/errors v0.19.2/go.mod h1:qX0BLWsyaKfvhluLejVpVNwNRdXZhEbTA4kxxpKBC94=
|
||||||
|
github.com/go-openapi/errors v0.19.3/go.mod h1:qX0BLWsyaKfvhluLejVpVNwNRdXZhEbTA4kxxpKBC94=
|
||||||
|
github.com/go-openapi/errors v0.19.6 h1:xZMThgv5SQ7SMbWtKFkCf9bBdvR2iEyw9k3zGZONuys=
|
||||||
|
github.com/go-openapi/errors v0.19.6/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M=
|
||||||
|
github.com/go-openapi/jsonpointer v0.17.0/go.mod h1:cOnomiV+CVVwFLk0A/MExoFMjwdsUdVpsRhURCKh+3M=
|
||||||
|
github.com/go-openapi/jsonpointer v0.18.0/go.mod h1:cOnomiV+CVVwFLk0A/MExoFMjwdsUdVpsRhURCKh+3M=
|
||||||
|
github.com/go-openapi/jsonpointer v0.19.2/go.mod h1:3akKfEdA7DF1sugOqz1dVQHBcuDBPKZGEoHC/NkiQRg=
|
||||||
|
github.com/go-openapi/jsonpointer v0.19.3 h1:gihV7YNZK1iK6Tgwwsxo2rJbD1GTbdm72325Bq8FI3w=
|
||||||
|
github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
|
||||||
|
github.com/go-openapi/jsonreference v0.17.0/go.mod h1:g4xxGn04lDIRh0GJb5QlpE3HfopLOL6uZrK/VgnsK9I=
|
||||||
|
github.com/go-openapi/jsonreference v0.18.0/go.mod h1:g4xxGn04lDIRh0GJb5QlpE3HfopLOL6uZrK/VgnsK9I=
|
||||||
|
github.com/go-openapi/jsonreference v0.19.2/go.mod h1:jMjeRr2HHw6nAVajTXJ4eiUwohSTlpa0o73RUL1owJc=
|
||||||
|
github.com/go-openapi/jsonreference v0.19.3 h1:5cxNfTy0UVC3X8JL5ymxzyoUZmo8iZb+jeTWn7tUa8o=
|
||||||
|
github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8=
|
||||||
|
github.com/go-openapi/loads v0.17.0/go.mod h1:72tmFy5wsWx89uEVddd0RjRWPZm92WRLhf7AC+0+OOU=
|
||||||
|
github.com/go-openapi/loads v0.18.0/go.mod h1:72tmFy5wsWx89uEVddd0RjRWPZm92WRLhf7AC+0+OOU=
|
||||||
|
github.com/go-openapi/loads v0.19.0/go.mod h1:72tmFy5wsWx89uEVddd0RjRWPZm92WRLhf7AC+0+OOU=
|
||||||
|
github.com/go-openapi/loads v0.19.2/go.mod h1:QAskZPMX5V0C2gvfkGZzJlINuP7Hx/4+ix5jWFxsNPs=
|
||||||
|
github.com/go-openapi/loads v0.19.3/go.mod h1:YVfqhUCdahYwR3f3iiwQLhicVRvLlU/WO5WPaZvcvSI=
|
||||||
|
github.com/go-openapi/loads v0.19.5 h1:jZVYWawIQiA1NBnHla28ktg6hrcfTHsCE+3QLVRBIls=
|
||||||
|
github.com/go-openapi/loads v0.19.5/go.mod h1:dswLCAdonkRufe/gSUC3gN8nTSaB9uaS2es0x5/IbjY=
|
||||||
|
github.com/go-openapi/runtime v0.0.0-20180920151709-4f900dc2ade9/go.mod h1:6v9a6LTXWQCdL8k1AO3cvqx5OtZY/Y9wKTgaoP6YRfA=
|
||||||
|
github.com/go-openapi/runtime v0.19.0/go.mod h1:OwNfisksmmaZse4+gpV3Ne9AyMOlP1lt4sK4FXt0O64=
|
||||||
|
github.com/go-openapi/runtime v0.19.4/go.mod h1:X277bwSUBxVlCYR3r7xgZZGKVvBd/29gLDlFGtJ8NL4=
|
||||||
|
github.com/go-openapi/runtime v0.19.15/go.mod h1:dhGWCTKRXlAfGnQG0ONViOZpjfg0m2gUt9nTQPQZuoo=
|
||||||
|
github.com/go-openapi/runtime v0.19.31 h1:GX+MgBxN12s/tQiHNJpvHDIoZiEXAz6j6Rqg0oJcnpg=
|
||||||
|
github.com/go-openapi/runtime v0.19.31/go.mod h1:BvrQtn6iVb2QmiVXRsFAm6ZCAZBpbVKFfN6QWCp582M=
|
||||||
|
github.com/go-openapi/spec v0.17.0/go.mod h1:XkF/MOi14NmjsfZ8VtAKf8pIlbZzyoTvZsdfssdxcBI=
|
||||||
|
github.com/go-openapi/spec v0.18.0/go.mod h1:XkF/MOi14NmjsfZ8VtAKf8pIlbZzyoTvZsdfssdxcBI=
|
||||||
|
github.com/go-openapi/spec v0.19.2/go.mod h1:sCxk3jxKgioEJikev4fgkNmwS+3kuYdJtcsZsD5zxMY=
|
||||||
|
github.com/go-openapi/spec v0.19.3/go.mod h1:FpwSN1ksY1eteniUU7X0N/BgJ7a4WvBFVA8Lj9mJglo=
|
||||||
|
github.com/go-openapi/spec v0.19.6/go.mod h1:Hm2Jr4jv8G1ciIAo+frC/Ft+rR2kQDh8JHKHb3gWUSk=
|
||||||
|
github.com/go-openapi/spec v0.19.8 h1:qAdZLh1r6QF/hI/gTq+TJTvsQUodZsM7KLqkAJdiJNg=
|
||||||
|
github.com/go-openapi/spec v0.19.8/go.mod h1:Hm2Jr4jv8G1ciIAo+frC/Ft+rR2kQDh8JHKHb3gWUSk=
|
||||||
|
github.com/go-openapi/strfmt v0.17.0/go.mod h1:P82hnJI0CXkErkXi8IKjPbNBM6lV6+5pLP5l494TcyU=
|
||||||
|
github.com/go-openapi/strfmt v0.18.0/go.mod h1:P82hnJI0CXkErkXi8IKjPbNBM6lV6+5pLP5l494TcyU=
|
||||||
|
github.com/go-openapi/strfmt v0.19.0/go.mod h1:+uW+93UVvGGq2qGaZxdDeJqSAqBqBdl+ZPMF/cC8nDY=
|
||||||
|
github.com/go-openapi/strfmt v0.19.2/go.mod h1:0yX7dbo8mKIvc3XSKp7MNfxw4JytCfCD6+bY1AVL9LU=
|
||||||
|
github.com/go-openapi/strfmt v0.19.3/go.mod h1:0yX7dbo8mKIvc3XSKp7MNfxw4JytCfCD6+bY1AVL9LU=
|
||||||
|
github.com/go-openapi/strfmt v0.19.4/go.mod h1:eftuHTlB/dI8Uq8JJOyRlieZf+WkkxUuk0dgdHXr2Qk=
|
||||||
|
github.com/go-openapi/strfmt v0.19.5 h1:0utjKrw+BAh8s57XE9Xz8DUBsVvPmRUB6styvl9wWIM=
|
||||||
|
github.com/go-openapi/strfmt v0.19.5/go.mod h1:eftuHTlB/dI8Uq8JJOyRlieZf+WkkxUuk0dgdHXr2Qk=
|
||||||
|
github.com/go-openapi/swag v0.17.0/go.mod h1:AByQ+nYG6gQg71GINrmuDXCPWdL640yX49/kXLo40Tg=
|
||||||
|
github.com/go-openapi/swag v0.18.0/go.mod h1:AByQ+nYG6gQg71GINrmuDXCPWdL640yX49/kXLo40Tg=
|
||||||
|
github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
|
||||||
|
github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
|
||||||
|
github.com/go-openapi/swag v0.19.7/go.mod h1:ao+8BpOPyKdpQz3AOJfbeEVpLmWAvlT1IfTe5McPyhY=
|
||||||
|
github.com/go-openapi/swag v0.19.9 h1:1IxuqvBUU3S2Bi4YC7tlP9SJF1gVpCvqN0T2Qof4azE=
|
||||||
|
github.com/go-openapi/swag v0.19.9/go.mod h1:ao+8BpOPyKdpQz3AOJfbeEVpLmWAvlT1IfTe5McPyhY=
|
||||||
|
github.com/go-openapi/validate v0.18.0/go.mod h1:Uh4HdOzKt19xGIGm1qHf/ofbX1YQ4Y+MYsct2VUrAJ4=
|
||||||
|
github.com/go-openapi/validate v0.19.2/go.mod h1:1tRCw7m3jtI8eNWEEliiAqUIcBztB2KDnRCRMUi7GTA=
|
||||||
|
github.com/go-openapi/validate v0.19.3/go.mod h1:90Vh6jjkTn+OT1Eefm0ZixWNFjhtOH7vS9k0lo6zwJo=
|
||||||
|
github.com/go-openapi/validate v0.19.10 h1:tG3SZ5DC5KF4cyt7nqLVcQXGj5A7mpaYkAcNPlDK+Yk=
|
||||||
|
github.com/go-openapi/validate v0.19.10/go.mod h1:RKEZTUWDkxKQxN2jDT7ZnZi2bhZlbNMAuKvKB+IaGx8=
|
||||||
|
github.com/go-stack/stack v1.8.0 h1:5SgMzNM5HxrEjV0ww2lTmX6E2Izsfxas4+YHWRs3Lsk=
|
||||||
|
github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
|
||||||
|
github.com/go-test/deep v1.0.2-0.20181118220953-042da051cf31/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
|
||||||
|
github.com/gobuffalo/attrs v0.0.0-20190224210810-a9411de4debd/go.mod h1:4duuawTqi2wkkpB4ePgWMaai6/Kc6WEz83bhFwpHzj0=
|
||||||
|
github.com/gobuffalo/depgen v0.0.0-20190329151759-d478694a28d3/go.mod h1:3STtPUQYuzV0gBVOY3vy6CfMm/ljR4pABfrTeHNLHUY=
|
||||||
|
github.com/gobuffalo/depgen v0.1.0/go.mod h1:+ifsuy7fhi15RWncXQQKjWS9JPkdah5sZvtHc2RXGlg=
|
||||||
|
github.com/gobuffalo/envy v1.6.15/go.mod h1:n7DRkBerg/aorDM8kbduw5dN3oXGswK5liaSCx4T5NI=
|
||||||
|
github.com/gobuffalo/envy v1.7.0/go.mod h1:n7DRkBerg/aorDM8kbduw5dN3oXGswK5liaSCx4T5NI=
|
||||||
|
github.com/gobuffalo/flect v0.1.0/go.mod h1:d2ehjJqGOH/Kjqcoz+F7jHTBbmDb38yXA598Hb50EGs=
|
||||||
|
github.com/gobuffalo/flect v0.1.1/go.mod h1:8JCgGVbRjJhVgD6399mQr4fx5rRfGKVzFjbj6RE/9UI=
|
||||||
|
github.com/gobuffalo/flect v0.1.3/go.mod h1:8JCgGVbRjJhVgD6399mQr4fx5rRfGKVzFjbj6RE/9UI=
|
||||||
|
github.com/gobuffalo/genny v0.0.0-20190329151137-27723ad26ef9/go.mod h1:rWs4Z12d1Zbf19rlsn0nurr75KqhYp52EAGGxTbBhNk=
|
||||||
|
github.com/gobuffalo/genny v0.0.0-20190403191548-3ca520ef0d9e/go.mod h1:80lIj3kVJWwOrXWWMRzzdhW3DsrdjILVil/SFKBzF28=
|
||||||
|
github.com/gobuffalo/genny v0.1.0/go.mod h1:XidbUqzak3lHdS//TPu2OgiFB+51Ur5f7CSnXZ/JDvo=
|
||||||
|
github.com/gobuffalo/genny v0.1.1/go.mod h1:5TExbEyY48pfunL4QSXxlDOmdsD44RRq4mVZ0Ex28Xk=
|
||||||
|
github.com/gobuffalo/gitgen v0.0.0-20190315122116-cc086187d211/go.mod h1:vEHJk/E9DmhejeLeNt7UVvlSGv3ziL+djtTr3yyzcOw=
|
||||||
|
github.com/gobuffalo/gogen v0.0.0-20190315121717-8f38393713f5/go.mod h1:V9QVDIxsgKNZs6L2IYiGR8datgMhB577vzTDqypH360=
|
||||||
|
github.com/gobuffalo/gogen v0.1.0/go.mod h1:8NTelM5qd8RZ15VjQTFkAW6qOMx5wBbW4dSCS3BY8gg=
|
||||||
|
github.com/gobuffalo/gogen v0.1.1/go.mod h1:y8iBtmHmGc4qa3urIyo1shvOD8JftTtfcKi+71xfDNE=
|
||||||
|
github.com/gobuffalo/logger v0.0.0-20190315122211-86e12af44bc2/go.mod h1:QdxcLw541hSGtBnhUc4gaNIXRjiDppFGaDqzbrBd3v8=
|
||||||
|
github.com/gobuffalo/mapi v1.0.1/go.mod h1:4VAGh89y6rVOvm5A8fKFxYG+wIW6LO1FMTG9hnKStFc=
|
||||||
|
github.com/gobuffalo/mapi v1.0.2/go.mod h1:4VAGh89y6rVOvm5A8fKFxYG+wIW6LO1FMTG9hnKStFc=
|
||||||
|
github.com/gobuffalo/packd v0.0.0-20190315124812-a385830c7fc0/go.mod h1:M2Juc+hhDXf/PnmBANFCqx4DM3wRbgDvnVWeG2RIxq4=
|
||||||
|
github.com/gobuffalo/packd v0.1.0/go.mod h1:M2Juc+hhDXf/PnmBANFCqx4DM3wRbgDvnVWeG2RIxq4=
|
||||||
|
github.com/gobuffalo/packr/v2 v2.0.9/go.mod h1:emmyGweYTm6Kdper+iywB6YK5YzuKchGtJQZ0Odn4pQ=
|
||||||
|
github.com/gobuffalo/packr/v2 v2.2.0/go.mod h1:CaAwI0GPIAv+5wKLtv8Afwl+Cm78K/I/VCm/3ptBN+0=
|
||||||
|
github.com/gobuffalo/syncx v0.0.0-20190224160051-33c29581e754/go.mod h1:HhnNqWY95UYwwW3uSASeV7vtgYkT2t16hJgV3AEPUpw=
|
||||||
|
github.com/goccy/go-json v0.7.6 h1:H0wq4jppBQ+9222sk5+hPLL25abZQiRuQ6YPnjO9c+A=
|
||||||
|
github.com/goccy/go-json v0.7.6/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
|
||||||
|
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
|
||||||
|
github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
|
||||||
|
github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
|
||||||
|
github.com/golang/protobuf v1.3.1 h1:YF8+flBXS5eO826T4nzqPrxfhQThhXl0YzfuUPu4SBg=
|
||||||
|
github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
|
||||||
|
github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
|
||||||
|
github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
|
||||||
|
github.com/google/go-cmp v0.3.0 h1:crn/baboCvb5fXaQ0IJ1SGTsTVrWpDsCWC8EGETZijY=
|
||||||
|
github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
|
||||||
|
github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
|
||||||
|
github.com/google/uuid v1.1.1 h1:Gkbcsh/GbpXz7lPftLA3P6TYMwjCLYm83jiFQZF/3gY=
|
||||||
|
github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
|
||||||
|
github.com/gorilla/securecookie v1.1.1 h1:miw7JPhV+b/lAHSXz4qd/nN9jRiAFV5FwjeKyCS8BvQ=
|
||||||
|
github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4=
|
||||||
|
github.com/gorilla/sessions v1.2.1 h1:DHd3rPN5lE3Ts3D8rKkQ8x/0kqfeNmBAaiSi+o7FsgI=
|
||||||
|
github.com/gorilla/sessions v1.2.1/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM=
|
||||||
|
github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
|
||||||
|
github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
|
||||||
|
github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
|
||||||
|
github.com/hashicorp/go-hclog v0.0.0-20180709165350-ff2cf002a8dd/go.mod h1:9bjs9uLqI8l75knNv3lV1kA55veR+WUPSiKIWcQHudI=
|
||||||
|
github.com/hashicorp/go-hclog v0.8.0/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
|
||||||
|
github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
|
||||||
|
github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
|
||||||
|
github.com/hashicorp/go-plugin v1.0.1/go.mod h1:++UyYGoz3o5w9ZzAdZxtQKrWWP+iqPBn3cQptSMzBuY=
|
||||||
|
github.com/hashicorp/go-retryablehttp v0.5.4/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs=
|
||||||
|
github.com/hashicorp/go-rootcerts v1.0.1/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8=
|
||||||
|
github.com/hashicorp/go-sockaddr v1.0.2/go.mod h1:rB4wwRAUzs07qva3c5SdrY/NEtAUjGlgmH/UkBUC97A=
|
||||||
|
github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
|
||||||
|
github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
|
||||||
|
github.com/hashicorp/go-version v1.1.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
|
||||||
|
github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
|
||||||
|
github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
|
||||||
|
github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
|
||||||
|
github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
|
||||||
|
github.com/hashicorp/vault/api v1.0.4/go.mod h1:gDcqh3WGcR1cpF5AJz/B1UFheUEneMoIospckxBxk6Q=
|
||||||
|
github.com/hashicorp/vault/sdk v0.1.13/go.mod h1:B+hVj7TpuQY1Y/GPbCpffmgd+tSEwvhkWnjtSYCaS2M=
|
||||||
|
github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM=
|
||||||
|
github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM=
|
||||||
|
github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
|
||||||
|
github.com/joho/godotenv v1.3.0 h1:Zjp+RcGpHhGlrMbJzXTrZZPrWj+1vfm90La1wgB6Bhc=
|
||||||
|
github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg=
|
||||||
|
github.com/karrick/godirwalk v1.8.0/go.mod h1:H5KPZjojv4lE+QYImBI8xVtrBRgYrIVsaRPx4tDPEn4=
|
||||||
|
github.com/karrick/godirwalk v1.10.3/go.mod h1:RoGL9dQei4vP9ilrpETWE8CLOZ1kiN0LhBygSwrAsHA=
|
||||||
|
github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00=
|
||||||
|
github.com/klauspost/compress v1.9.5/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A=
|
||||||
|
github.com/knadh/koanf v1.2.3 h1:2Rkr0YhhYk+4QEOm800Q3Pu0Wi87svTxM6uuEb4WhYw=
|
||||||
|
github.com/knadh/koanf v1.2.3/go.mod h1:xpPTwMhsA/aaQLAilyCCqfpEiY1gpa160AiCuWHJUjY=
|
||||||
|
github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
|
||||||
|
github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
|
||||||
|
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
|
||||||
|
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
|
||||||
|
github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA=
|
||||||
|
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
|
||||||
|
github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
|
||||||
|
github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
|
||||||
|
github.com/lestrrat-go/backoff/v2 v2.0.8 h1:oNb5E5isby2kiro9AgdHLv5N5tint1AnDVVf2E2un5A=
|
||||||
|
github.com/lestrrat-go/backoff/v2 v2.0.8/go.mod h1:rHP/q/r9aT27n24JQLa7JhSQZCKBBOiM/uP402WwN8Y=
|
||||||
|
github.com/lestrrat-go/blackmagic v1.0.0 h1:XzdxDbuQTz0RZZEmdU7cnQxUtFUzgCSPq8RCz4BxIi4=
|
||||||
|
github.com/lestrrat-go/blackmagic v1.0.0/go.mod h1:TNgH//0vYSs8VXDCfkZLgIrVTTXQELZffUV0tz3MtdQ=
|
||||||
|
github.com/lestrrat-go/codegen v1.0.1/go.mod h1:JhJw6OQAuPEfVKUCLItpaVLumDGWQznd1VaXrBk9TdM=
|
||||||
|
github.com/lestrrat-go/httpcc v1.0.0 h1:FszVC6cKfDvBKcJv646+lkh4GydQg2Z29scgUfkOpYc=
|
||||||
|
github.com/lestrrat-go/httpcc v1.0.0/go.mod h1:tGS/u00Vh5N6FHNkExqGGNId8e0Big+++0Gf8MBnAvE=
|
||||||
|
github.com/lestrrat-go/iter v1.0.1 h1:q8faalr2dY6o8bV45uwrxq12bRa1ezKrB6oM9FUgN4A=
|
||||||
|
github.com/lestrrat-go/iter v1.0.1/go.mod h1:zIdgO1mRKhn8l9vrZJZz9TUMMFbQbLeTsbqPDrJ/OJc=
|
||||||
|
github.com/lestrrat-go/jwx v1.2.6 h1:XAgfuHaOB7fDZ/6WhVgl8K89af768dU+3Nx4DlTbLIk=
|
||||||
|
github.com/lestrrat-go/jwx v1.2.6/go.mod h1:tJuGuAI3LC71IicTx82Mz1n3w9woAs2bYJZpkjJQ5aU=
|
||||||
|
github.com/lestrrat-go/option v1.0.0 h1:WqAWL8kh8VcSoD6xjSH34/1m8yxluXQbDeKNfvFeEO4=
|
||||||
|
github.com/lestrrat-go/option v1.0.0/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I=
|
||||||
|
github.com/mailru/easyjson v0.0.0-20180823135443-60711f1a8329/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
|
||||||
|
github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
|
||||||
|
github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
|
||||||
|
github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
|
||||||
|
github.com/mailru/easyjson v0.7.1 h1:mdxE1MF9o53iCb2Ghj1VfWvh7ZOwHpnVG/xwXrV90U8=
|
||||||
|
github.com/mailru/easyjson v0.7.1/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs=
|
||||||
|
github.com/markbates/oncer v0.0.0-20181203154359-bf2de49a0be2/go.mod h1:Ld9puTsIW75CHf65OeIOkyKbteujpZVXDpWK6YGZbxE=
|
||||||
|
github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kNSCBdG0=
|
||||||
|
github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
|
||||||
|
github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
|
||||||
|
github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
|
||||||
|
github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw=
|
||||||
|
github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw=
|
||||||
|
github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s=
|
||||||
|
github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
|
||||||
|
github.com/mitchellh/go-testing-interface v0.0.0-20171004221916-a61a99592b77/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
|
||||||
|
github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
|
||||||
|
github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo=
|
||||||
|
github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
|
||||||
|
github.com/mitchellh/mapstructure v1.3.2/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
|
||||||
|
github.com/mitchellh/mapstructure v1.4.1 h1:CpVNEelQCZBooIPDn+AR3NpivK/TIKU8bDxdASFVQag=
|
||||||
|
github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
|
||||||
|
github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
|
||||||
|
github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ=
|
||||||
|
github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
|
||||||
|
github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe/go.mod h1:wL8QJuTMNUDYhXwkmfOly8iTdp5TEcJFWZD2D7SIkUc=
|
||||||
|
github.com/nicksnyder/go-i18n/v2 v2.1.2 h1:QHYxcUJnGHBaq7XbvgunmZ2Pn0focXFqTD61CkH146c=
|
||||||
|
github.com/nicksnyder/go-i18n/v2 v2.1.2/go.mod h1:d++QJC9ZVf7pa48qrsRWhMJ5pSHIPmS3OLqK1niyLxs=
|
||||||
|
github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs=
|
||||||
|
github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
|
||||||
|
github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA=
|
||||||
|
github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs=
|
||||||
|
github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc=
|
||||||
|
github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
|
||||||
|
github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k=
|
||||||
|
github.com/pelletier/go-toml v1.4.0/go.mod h1:PN7xzY2wHTK0K9p34ErDQMlFxa51Fk0OUruD3k1mMwo=
|
||||||
|
github.com/pelletier/go-toml v1.7.0 h1:7utD74fnzVc/cpcyy8sjrlFr5vYpypUixARcHIMIGuI=
|
||||||
|
github.com/pelletier/go-toml v1.7.0/go.mod h1:vwGMzjaWMwyfHwgIBhI2YUM4fB6nL6lVAvS1LBMMhTE=
|
||||||
|
github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
|
||||||
|
github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
|
||||||
|
github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
|
||||||
|
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
|
||||||
|
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
|
||||||
|
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
|
||||||
|
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
|
||||||
|
github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
|
||||||
|
github.com/rhnvrm/simples3 v0.6.1/go.mod h1:Y+3vYm2V7Y4VijFoJHHTrja6OgPrJ2cBti8dPGkC3sA=
|
||||||
|
github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
|
||||||
|
github.com/rogpeppe/go-internal v1.2.2/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
|
||||||
|
github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
|
||||||
|
github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
|
||||||
|
github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc=
|
||||||
|
github.com/sirupsen/logrus v1.4.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
|
||||||
|
github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
|
||||||
|
github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
|
||||||
|
github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE=
|
||||||
|
github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
|
||||||
|
github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
|
||||||
|
github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
|
||||||
|
github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
|
||||||
|
github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
|
||||||
|
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
|
||||||
|
github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
|
||||||
|
github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
|
||||||
|
github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
|
||||||
|
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
|
||||||
|
github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
|
||||||
|
github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
|
||||||
|
github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
|
||||||
|
github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
|
||||||
|
github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
|
||||||
|
github.com/tidwall/pretty v1.0.0 h1:HsD+QiTn7sK6flMKIvNmpqz1qrpP3Ps6jOKIKMooyg4=
|
||||||
|
github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=
|
||||||
|
github.com/xdg/scram v0.0.0-20180814205039-7eeb5667e42c/go.mod h1:lB8K/P019DLNhemzwFU4jHLhdvlE6uDZjXFejJXr49I=
|
||||||
|
github.com/xdg/stringprep v0.0.0-20180714160509-73f8eece6fdc/go.mod h1:Jhud4/sHMO4oL310DaZAKk9ZaJ08SJfe+sJh0HrGL1Y=
|
||||||
|
github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
|
||||||
|
go.mongodb.org/mongo-driver v1.0.3/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM=
|
||||||
|
go.mongodb.org/mongo-driver v1.1.1/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM=
|
||||||
|
go.mongodb.org/mongo-driver v1.3.0/go.mod h1:MSWZXKOynuguX+JSvwP8i+58jYCXxbia8HS3gZBapIE=
|
||||||
|
go.mongodb.org/mongo-driver v1.3.4 h1:zs/dKNwX0gYUtzwrN9lLiR15hCO0nDwQj5xXx+vjCdE=
|
||||||
|
go.mongodb.org/mongo-driver v1.3.4/go.mod h1:MSWZXKOynuguX+JSvwP8i+58jYCXxbia8HS3gZBapIE=
|
||||||
|
golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
|
||||||
|
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
|
||||||
|
golang.org/x/crypto v0.0.0-20190320223903-b7391e95e576/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
|
||||||
|
golang.org/x/crypto v0.0.0-20190422162423-af44ce270edf/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE=
|
||||||
|
golang.org/x/crypto v0.0.0-20190530122614-20be4c3c3ed5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
|
||||||
|
golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
|
||||||
|
golang.org/x/crypto v0.0.0-20190617133340-57b3e21c3d56/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
|
||||||
|
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
|
||||||
|
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
|
||||||
|
golang.org/x/crypto v0.0.0-20201217014255-9d1352758620 h1:3wPMTskHO3+O6jqTEXyFcsnuxMQOqYSaHsDxcbUXpqA=
|
||||||
|
golang.org/x/crypto v0.0.0-20201217014255-9d1352758620/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
|
||||||
|
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
|
||||||
|
golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
|
||||||
|
golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
|
||||||
|
golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
|
||||||
|
golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
|
||||||
|
golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
|
||||||
|
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||||
|
golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||||
|
golang.org/x/net v0.0.0-20181005035420-146acd28ed58/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||||
|
golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||||
|
golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
|
||||||
|
golang.org/x/net v0.0.0-20190320064053-1272bf9dcd53/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
|
||||||
|
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
|
||||||
|
golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
|
||||||
|
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
|
||||||
|
golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
|
||||||
|
golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
|
||||||
|
golang.org/x/net v0.0.0-20200602114024-627f9648deb9/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
|
||||||
|
golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
|
||||||
|
golang.org/x/net v0.0.0-20201021035429-f5854403a974 h1:IX6qOQeG5uLjB/hjjwjedwfjND0hgjPMMyO1RoIXQNI=
|
||||||
|
golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
|
||||||
|
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be h1:vEDujvNQGv4jgYKudGeI/+DAX4Jffq6hpD55MmoEvKs=
|
||||||
|
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
|
||||||
|
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||||
|
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||||
|
golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||||
|
golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||||
|
golang.org/x/sync v0.0.0-20190412183630-56d357773e84/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||||
|
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||||
|
golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||||
|
golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||||
|
golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||||
|
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||||
|
golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||||
|
golang.org/x/sys v0.0.0-20190129075346-302c3dd5f1cc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||||
|
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||||
|
golang.org/x/sys v0.0.0-20190321052220-f7bb7a8bee54/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||||
|
golang.org/x/sys v0.0.0-20190403152447-81d4e9dc473e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||||
|
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||||
|
golang.org/x/sys v0.0.0-20190419153524-e8e3143a4f4a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||||
|
golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||||
|
golang.org/x/sys v0.0.0-20190531175056-4c3a928424d2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||||
|
golang.org/x/sys v0.0.0-20190616124812-15dcb6c0061f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||||
|
golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||||
|
golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||||
|
golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||||
|
golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||||
|
golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f h1:+Nyd8tzPX9R7BWHguqsrbFdRx3WQ/1ib8I44HXV5yTA=
|
||||||
|
golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||||
|
golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
|
||||||
|
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||||
|
golang.org/x/text v0.3.1-0.20181227161524-e6919f6577db/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
|
||||||
|
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
|
||||||
|
golang.org/x/text v0.3.3 h1:cokOdA+Jmi5PJGXLlLllQSgYigAEfHXJAERHVMaCc2k=
|
||||||
|
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
|
||||||
|
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
|
||||||
|
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
||||||
|
golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
||||||
|
golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
||||||
|
golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
|
||||||
|
golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
|
||||||
|
golang.org/x/tools v0.0.0-20190329151228-23e29df326fe/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
|
||||||
|
golang.org/x/tools v0.0.0-20190416151739-9c9e1878f421/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
|
||||||
|
golang.org/x/tools v0.0.0-20190420181800-aa740d480789/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
|
||||||
|
golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
|
||||||
|
golang.org/x/tools v0.0.0-20190531172133-b3315ee88b7d/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
|
||||||
|
golang.org/x/tools v0.0.0-20190614205625-5aca471b1d59/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
|
||||||
|
golang.org/x/tools v0.0.0-20190617190820-da514acc4774/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
|
||||||
|
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
|
||||||
|
golang.org/x/tools v0.0.0-20200918232735-d647fc253266/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU=
|
||||||
|
golang.org/x/tools v0.0.0-20210114065538-d78b04bdf963/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
|
||||||
|
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||||
|
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||||
|
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||||
|
google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
|
||||||
|
google.golang.org/appengine v1.4.0 h1:/wp5JvzpHIxhs/dumFmF7BXTf3Z+dd4uXta4kVyO508=
|
||||||
|
google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
|
||||||
|
google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
|
||||||
|
google.golang.org/genproto v0.0.0-20190404172233-64821d5d2107/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
|
||||||
|
google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
|
||||||
|
google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
|
||||||
|
google.golang.org/grpc v1.22.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
|
||||||
|
gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d/go.mod h1:cuepJuh7vyXfUyUwEgHQXw849cJrilpS5NeIjOWESAw=
|
||||||
|
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
||||||
|
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
||||||
|
gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f h1:BLraFXnmrev5lT+xlilqcH8XK9/i0At2xKjWk4p6zsU=
|
||||||
|
gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
||||||
|
gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
|
||||||
|
gopkg.in/square/go-jose.v2 v2.3.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
|
||||||
|
gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
|
||||||
|
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
|
||||||
|
gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
|
||||||
|
gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
|
||||||
|
gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU=
|
||||||
|
gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
|
||||||
|
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
|
||||||
|
gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
|
||||||
|
gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776 h1:tQIYjPdBoyREyB9XMu+nnTclpTYkz2zFM+lzLJFO4gQ=
|
||||||
|
gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
|
||||||
|
honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
|
||||||
|
honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
|
50
handlers/after_logout.go
Normal file
50
handlers/after_logout.go
Normal file
|
@ -0,0 +1,50 @@
|
||||||
|
/*
|
||||||
|
Copyright 2020, 2021 Jan Dittberner
|
||||||
|
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package handlers
|
||||||
|
|
||||||
|
import (
|
||||||
|
"net/http"
|
||||||
|
|
||||||
|
"github.com/sirupsen/logrus"
|
||||||
|
|
||||||
|
"git.cacert.org/oidc_demo_app/services"
|
||||||
|
)
|
||||||
|
|
||||||
|
type afterLogoutHandler struct {
|
||||||
|
logger *logrus.Logger
|
||||||
|
}
|
||||||
|
|
||||||
|
func (h *afterLogoutHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
||||||
|
session, err := services.GetSessionStore().Get(r, sessionName)
|
||||||
|
if err != nil {
|
||||||
|
h.logger.Errorf("could not get session: %v", err)
|
||||||
|
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
session.Options.MaxAge = -1
|
||||||
|
if err = session.Save(r, w); err != nil {
|
||||||
|
h.logger.Errorf("could not save session: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
w.Header().Set("Location", "/")
|
||||||
|
w.WriteHeader(http.StatusFound)
|
||||||
|
}
|
||||||
|
|
||||||
|
func NewAfterLogoutHandler(logger *logrus.Logger) *afterLogoutHandler {
|
||||||
|
return &afterLogoutHandler{logger: logger}
|
||||||
|
}
|
96
handlers/common.go
Normal file
96
handlers/common.go
Normal file
|
@ -0,0 +1,96 @@
|
||||||
|
/*
|
||||||
|
Copyright 2020, 2021 Jan Dittberner
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package handlers
|
||||||
|
|
||||||
|
import (
|
||||||
|
"bytes"
|
||||||
|
"context"
|
||||||
|
"encoding/base64"
|
||||||
|
"encoding/json"
|
||||||
|
"net/http"
|
||||||
|
"net/url"
|
||||||
|
|
||||||
|
"github.com/lestrrat-go/jwx/jwk"
|
||||||
|
"github.com/lestrrat-go/jwx/jwt"
|
||||||
|
"github.com/lestrrat-go/jwx/jwt/openid"
|
||||||
|
log "github.com/sirupsen/logrus"
|
||||||
|
|
||||||
|
"git.cacert.org/oidc_demo_app/models"
|
||||||
|
"git.cacert.org/oidc_demo_app/services"
|
||||||
|
)
|
||||||
|
|
||||||
|
const sessionName = "resource_session"
|
||||||
|
|
||||||
|
func Authenticate(ctx context.Context, logger *log.Logger, clientId string) func(http.Handler) http.Handler {
|
||||||
|
return func(next http.Handler) http.Handler {
|
||||||
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||||
|
session, err := services.GetSessionStore().Get(r, sessionName)
|
||||||
|
if err != nil {
|
||||||
|
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
if _, ok := session.Values[sessionKeyIdToken]; ok {
|
||||||
|
next.ServeHTTP(w, r)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
session.Values[sessionRedirectTarget] = r.URL.String()
|
||||||
|
if err = session.Save(r, w); err != nil {
|
||||||
|
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
var authUrl *url.URL
|
||||||
|
if authUrl, err = url.Parse(services.GetOAuth2Config(ctx).Endpoint.AuthURL); err != nil {
|
||||||
|
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
queryValues := authUrl.Query()
|
||||||
|
queryValues.Set("client_id", clientId)
|
||||||
|
queryValues.Set("response_type", "code")
|
||||||
|
queryValues.Set("scope", "openid offline_access profile email")
|
||||||
|
queryValues.Set("state", base64.URLEncoding.EncodeToString(services.GenerateKey(8)))
|
||||||
|
queryValues.Set("claims", getRequestedClaims(logger))
|
||||||
|
authUrl.RawQuery = queryValues.Encode()
|
||||||
|
|
||||||
|
w.Header().Set("Location", authUrl.String())
|
||||||
|
w.WriteHeader(http.StatusFound)
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func getRequestedClaims(logger *log.Logger) string {
|
||||||
|
claims := make(models.OIDCClaimsRequest)
|
||||||
|
claims["userinfo"] = make(models.ClaimElement)
|
||||||
|
essentialItem := make(models.IndividualClaimRequest)
|
||||||
|
essentialItem["essential"] = true
|
||||||
|
claims["userinfo"]["https://cacert.localhost/groups"] = &essentialItem
|
||||||
|
|
||||||
|
target := make([]byte, 0)
|
||||||
|
buf := bytes.NewBuffer(target)
|
||||||
|
enc := json.NewEncoder(buf)
|
||||||
|
if err := enc.Encode(claims); err != nil {
|
||||||
|
logger.Warnf("could not encode claims request parameter: %v", err)
|
||||||
|
}
|
||||||
|
return buf.String()
|
||||||
|
}
|
||||||
|
|
||||||
|
func ParseIdToken(token string, keySet jwk.Set) (openid.Token, error) {
|
||||||
|
if parsedIdToken, err := jwt.ParseString(token, jwt.WithKeySet(keySet), jwt.WithToken(openid.New())); err != nil {
|
||||||
|
return nil, err
|
||||||
|
} else {
|
||||||
|
return parsedIdToken.(openid.Token), nil
|
||||||
|
}
|
||||||
|
}
|
153
handlers/errors.go
Normal file
153
handlers/errors.go
Normal file
|
@ -0,0 +1,153 @@
|
||||||
|
/*
|
||||||
|
Copyright 2020, 2021 Jan Dittberner
|
||||||
|
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package handlers
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"html/template"
|
||||||
|
"net/http"
|
||||||
|
"path"
|
||||||
|
|
||||||
|
"git.cacert.org/oidc_demo_app/services"
|
||||||
|
"github.com/nicksnyder/go-i18n/v2/i18n"
|
||||||
|
log "github.com/sirupsen/logrus"
|
||||||
|
)
|
||||||
|
|
||||||
|
type errorKey int
|
||||||
|
|
||||||
|
const (
|
||||||
|
errorBucketKey errorKey = iota
|
||||||
|
)
|
||||||
|
|
||||||
|
type ErrorDetails struct {
|
||||||
|
ErrorMessage string
|
||||||
|
ErrorDetails []string
|
||||||
|
ErrorCode string
|
||||||
|
Error error
|
||||||
|
}
|
||||||
|
|
||||||
|
type ErrorBucket struct {
|
||||||
|
errorDetails *ErrorDetails
|
||||||
|
templates *template.Template
|
||||||
|
logger *log.Logger
|
||||||
|
bundle *i18n.Bundle
|
||||||
|
messageCatalog *services.MessageCatalog
|
||||||
|
}
|
||||||
|
|
||||||
|
func (b *ErrorBucket) serveHTTP(w http.ResponseWriter, r *http.Request) {
|
||||||
|
if b.errorDetails != nil {
|
||||||
|
accept := r.Header.Get("Accept-Language")
|
||||||
|
localizer := i18n.NewLocalizer(b.bundle, accept)
|
||||||
|
err := b.templates.Lookup("base").Execute(w, map[string]interface{}{
|
||||||
|
"Title": b.messageCatalog.LookupMessage(
|
||||||
|
"ErrorTitle",
|
||||||
|
nil,
|
||||||
|
localizer,
|
||||||
|
),
|
||||||
|
"details": b.errorDetails,
|
||||||
|
})
|
||||||
|
if err != nil {
|
||||||
|
log.Errorf("error rendering error template: %v", err)
|
||||||
|
http.Error(
|
||||||
|
w,
|
||||||
|
http.StatusText(http.StatusInternalServerError),
|
||||||
|
http.StatusInternalServerError,
|
||||||
|
)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func GetErrorBucket(r *http.Request) *ErrorBucket {
|
||||||
|
return r.Context().Value(errorBucketKey).(*ErrorBucket)
|
||||||
|
}
|
||||||
|
|
||||||
|
// call this from your application's handler
|
||||||
|
func (b *ErrorBucket) AddError(details *ErrorDetails) {
|
||||||
|
b.errorDetails = details
|
||||||
|
}
|
||||||
|
|
||||||
|
type errorResponseWriter struct {
|
||||||
|
http.ResponseWriter
|
||||||
|
ctx context.Context
|
||||||
|
statusCode int
|
||||||
|
}
|
||||||
|
|
||||||
|
func (w *errorResponseWriter) WriteHeader(code int) {
|
||||||
|
w.statusCode = code
|
||||||
|
if code >= 400 {
|
||||||
|
w.Header().Set("Content-Type", "text/html; charset=utf-8")
|
||||||
|
errorBucket := w.ctx.Value(errorBucketKey).(*ErrorBucket)
|
||||||
|
if errorBucket != nil && errorBucket.errorDetails == nil {
|
||||||
|
errorBucket.AddError(&ErrorDetails{
|
||||||
|
ErrorMessage: http.StatusText(code),
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
w.ResponseWriter.WriteHeader(code)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (w *errorResponseWriter) Write(content []byte) (int, error) {
|
||||||
|
if w.statusCode > 400 {
|
||||||
|
errorBucket := w.ctx.Value(errorBucketKey).(*ErrorBucket)
|
||||||
|
if errorBucket != nil {
|
||||||
|
if errorBucket.errorDetails.ErrorDetails == nil {
|
||||||
|
errorBucket.errorDetails.ErrorDetails = make([]string, 0)
|
||||||
|
}
|
||||||
|
errorBucket.errorDetails.ErrorDetails = append(
|
||||||
|
errorBucket.errorDetails.ErrorDetails, string(content),
|
||||||
|
)
|
||||||
|
return len(content), nil
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return w.ResponseWriter.Write(content)
|
||||||
|
}
|
||||||
|
|
||||||
|
func ErrorHandling(
|
||||||
|
handlerContext context.Context,
|
||||||
|
logger *log.Logger,
|
||||||
|
templateBaseDir string,
|
||||||
|
) (func(http.Handler) http.Handler, error) {
|
||||||
|
errorTemplates, err := template.ParseFiles(
|
||||||
|
path.Join(templateBaseDir, "base.gohtml"),
|
||||||
|
path.Join(templateBaseDir, "errors.gohtml"),
|
||||||
|
)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
return func(next http.Handler) http.Handler {
|
||||||
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||||
|
errorBucket := &ErrorBucket{
|
||||||
|
templates: errorTemplates,
|
||||||
|
logger: logger,
|
||||||
|
bundle: services.GetI18nBundle(handlerContext),
|
||||||
|
messageCatalog: services.GetMessageCatalog(handlerContext),
|
||||||
|
}
|
||||||
|
ctx := context.WithValue(r.Context(), errorBucketKey, errorBucket)
|
||||||
|
interCeptingResponseWriter := &errorResponseWriter{
|
||||||
|
w,
|
||||||
|
ctx,
|
||||||
|
http.StatusOK,
|
||||||
|
}
|
||||||
|
next.ServeHTTP(
|
||||||
|
interCeptingResponseWriter,
|
||||||
|
r.WithContext(ctx),
|
||||||
|
)
|
||||||
|
errorBucket.serveHTTP(w, r)
|
||||||
|
})
|
||||||
|
}, nil
|
||||||
|
}
|
113
handlers/index.go
Normal file
113
handlers/index.go
Normal file
|
@ -0,0 +1,113 @@
|
||||||
|
/*
|
||||||
|
Copyright 2020, 2021 Jan Dittberner
|
||||||
|
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package handlers
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"fmt"
|
||||||
|
"html/template"
|
||||||
|
"net/http"
|
||||||
|
"net/url"
|
||||||
|
|
||||||
|
"github.com/lestrrat-go/jwx/jwk"
|
||||||
|
"github.com/nicksnyder/go-i18n/v2/i18n"
|
||||||
|
|
||||||
|
"git.cacert.org/oidc_demo_app/services"
|
||||||
|
)
|
||||||
|
|
||||||
|
type indexHandler struct {
|
||||||
|
bundle *i18n.Bundle
|
||||||
|
indexTemplate *template.Template
|
||||||
|
keySet jwk.Set
|
||||||
|
logoutUrl string
|
||||||
|
messageCatalog *services.MessageCatalog
|
||||||
|
serverAddr string
|
||||||
|
}
|
||||||
|
|
||||||
|
func (h *indexHandler) ServeHTTP(writer http.ResponseWriter, request *http.Request) {
|
||||||
|
if request.Method != http.MethodGet {
|
||||||
|
http.Error(writer, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
if request.URL.Path != "/" {
|
||||||
|
http.NotFound(writer, request)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
accept := request.Header.Get("Accept-Language")
|
||||||
|
localizer := i18n.NewLocalizer(h.bundle, accept)
|
||||||
|
writer.WriteHeader(http.StatusOK)
|
||||||
|
|
||||||
|
session, err := services.GetSessionStore().Get(request, sessionName)
|
||||||
|
if err != nil {
|
||||||
|
http.Error(writer, err.Error(), http.StatusInternalServerError)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
logoutUrl, err := url.Parse(h.logoutUrl)
|
||||||
|
if err != nil {
|
||||||
|
http.Error(writer, err.Error(), http.StatusInternalServerError)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
var idToken string
|
||||||
|
var ok bool
|
||||||
|
if idToken, ok = session.Values[sessionKeyIdToken].(string); ok {
|
||||||
|
logoutUrl.RawQuery = url.Values{
|
||||||
|
"id_token_hint": []string{idToken},
|
||||||
|
"post_logout_redirect_uri": []string{fmt.Sprintf("https://%s/after-logout", h.serverAddr)},
|
||||||
|
}.Encode()
|
||||||
|
} else {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
oidcToken, err := ParseIdToken(idToken, h.keySet)
|
||||||
|
if err != nil {
|
||||||
|
http.Error(writer, err.Error(), http.StatusInternalServerError)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
writer.Header().Add("Content-Type", "text/html")
|
||||||
|
err = h.indexTemplate.Lookup("base").Execute(writer, map[string]interface{}{
|
||||||
|
"Title": h.messageCatalog.LookupMessage("IndexTitle", nil, localizer),
|
||||||
|
"Greeting": h.messageCatalog.LookupMessage("IndexGreeting", map[string]interface{}{
|
||||||
|
"User": oidcToken.Name(),
|
||||||
|
}, localizer),
|
||||||
|
"IntroductionText": h.messageCatalog.LookupMessage("IndexIntroductionText", nil, localizer),
|
||||||
|
"LogoutLabel": h.messageCatalog.LookupMessage("LogoutLabel", nil, localizer),
|
||||||
|
"LogoutURL": logoutUrl.String(),
|
||||||
|
})
|
||||||
|
if err != nil {
|
||||||
|
http.Error(writer, err.Error(), http.StatusInternalServerError)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func NewIndexHandler(ctx context.Context, serverAddr string) (*indexHandler, error) {
|
||||||
|
indexTemplate, err := template.ParseFiles(
|
||||||
|
"templates/base.gohtml", "templates/index.gohtml")
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
return &indexHandler{
|
||||||
|
bundle: services.GetI18nBundle(ctx),
|
||||||
|
indexTemplate: indexTemplate,
|
||||||
|
keySet: services.GetJwkSet(ctx),
|
||||||
|
logoutUrl: services.GetOidcConfig(ctx).EndSessionEndpoint,
|
||||||
|
messageCatalog: services.GetMessageCatalog(ctx),
|
||||||
|
serverAddr: serverAddr,
|
||||||
|
}, nil
|
||||||
|
}
|
100
handlers/observability.go
Normal file
100
handlers/observability.go
Normal file
|
@ -0,0 +1,100 @@
|
||||||
|
/*
|
||||||
|
Copyright 2020, 2021 Jan Dittberner
|
||||||
|
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package handlers
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"net/http"
|
||||||
|
"sync/atomic"
|
||||||
|
|
||||||
|
log "github.com/sirupsen/logrus"
|
||||||
|
)
|
||||||
|
|
||||||
|
type key int
|
||||||
|
|
||||||
|
const (
|
||||||
|
requestIdKey key = iota
|
||||||
|
)
|
||||||
|
|
||||||
|
type statusCodeInterceptor struct {
|
||||||
|
http.ResponseWriter
|
||||||
|
code int
|
||||||
|
count int
|
||||||
|
}
|
||||||
|
|
||||||
|
func (sci *statusCodeInterceptor) WriteHeader(code int) {
|
||||||
|
sci.code = code
|
||||||
|
sci.ResponseWriter.WriteHeader(code)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (sci *statusCodeInterceptor) Write(content []byte) (int, error) {
|
||||||
|
count, err := sci.ResponseWriter.Write(content)
|
||||||
|
sci.count += count
|
||||||
|
return count, err
|
||||||
|
}
|
||||||
|
|
||||||
|
func Logging(logger *log.Logger) func(http.Handler) http.Handler {
|
||||||
|
return func(next http.Handler) http.Handler {
|
||||||
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||||
|
interceptor := &statusCodeInterceptor{w, http.StatusOK, 0}
|
||||||
|
defer func() {
|
||||||
|
requestId, ok := r.Context().Value(requestIdKey).(string)
|
||||||
|
if !ok {
|
||||||
|
requestId = "unknown"
|
||||||
|
}
|
||||||
|
logger.Infof(
|
||||||
|
"%s %s \"%s %s\" %d %d \"%s\"",
|
||||||
|
requestId,
|
||||||
|
r.RemoteAddr,
|
||||||
|
r.Method,
|
||||||
|
r.URL.Path,
|
||||||
|
interceptor.code,
|
||||||
|
interceptor.count,
|
||||||
|
r.UserAgent(),
|
||||||
|
)
|
||||||
|
}()
|
||||||
|
next.ServeHTTP(interceptor, r)
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func Tracing(nextRequestId func() string) func(http.Handler) http.Handler {
|
||||||
|
return func(next http.Handler) http.Handler {
|
||||||
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||||
|
requestId := r.Header.Get("X-Request-Id")
|
||||||
|
if requestId == "" {
|
||||||
|
requestId = nextRequestId()
|
||||||
|
}
|
||||||
|
ctx := context.WithValue(r.Context(), requestIdKey, requestId)
|
||||||
|
w.Header().Set("X-Request-Id", requestId)
|
||||||
|
next.ServeHTTP(w, r.WithContext(ctx))
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
var Healthy int32
|
||||||
|
|
||||||
|
func NewHealthHandler() http.Handler {
|
||||||
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||||
|
if atomic.LoadInt32(&Healthy) == 1 {
|
||||||
|
w.WriteHeader(http.StatusNoContent)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
w.WriteHeader(http.StatusServiceUnavailable)
|
||||||
|
})
|
||||||
|
}
|
137
handlers/oidc_callback.go
Normal file
137
handlers/oidc_callback.go
Normal file
|
@ -0,0 +1,137 @@
|
||||||
|
/*
|
||||||
|
Copyright 2020, 2021 Jan Dittberner
|
||||||
|
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package handlers
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"net/http"
|
||||||
|
|
||||||
|
"github.com/go-openapi/runtime/client"
|
||||||
|
"github.com/lestrrat-go/jwx/jwk"
|
||||||
|
log "github.com/sirupsen/logrus"
|
||||||
|
"golang.org/x/oauth2"
|
||||||
|
|
||||||
|
"git.cacert.org/oidc_demo_app/services"
|
||||||
|
)
|
||||||
|
|
||||||
|
const (
|
||||||
|
sessionKeyAccessToken = iota
|
||||||
|
sessionKeyRefreshToken
|
||||||
|
sessionKeyIdToken
|
||||||
|
sessionRedirectTarget
|
||||||
|
)
|
||||||
|
|
||||||
|
type oidcCallbackHandler struct {
|
||||||
|
keySet jwk.Set
|
||||||
|
logger *log.Logger
|
||||||
|
oauth2Config *oauth2.Config
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *oidcCallbackHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
||||||
|
if r.Method != http.MethodGet {
|
||||||
|
w.WriteHeader(http.StatusMethodNotAllowed)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
if r.URL.Path != "/callback" {
|
||||||
|
http.NotFound(w, r)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
errorText := r.URL.Query().Get("error")
|
||||||
|
errorDescription := r.URL.Query().Get("error_description")
|
||||||
|
if errorText != "" {
|
||||||
|
errorDetails := &ErrorDetails{
|
||||||
|
ErrorMessage: errorText,
|
||||||
|
}
|
||||||
|
if errorDescription != "" {
|
||||||
|
errorDetails.ErrorDetails = []string{errorDescription}
|
||||||
|
}
|
||||||
|
GetErrorBucket(r).AddError(errorDetails)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
code := r.URL.Query().Get("code")
|
||||||
|
|
||||||
|
ctx := context.Background()
|
||||||
|
httpClient, err := client.TLSClient(client.TLSClientOptions{InsecureSkipVerify: true})
|
||||||
|
ctx = context.WithValue(ctx, oauth2.HTTPClient, httpClient)
|
||||||
|
|
||||||
|
tok, err := c.oauth2Config.Exchange(ctx, code)
|
||||||
|
if err != nil {
|
||||||
|
c.logger.Error(err)
|
||||||
|
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
session, err := services.GetSessionStore().Get(r, "resource_session")
|
||||||
|
if err != nil {
|
||||||
|
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
session.Values[sessionKeyAccessToken] = tok.AccessToken
|
||||||
|
session.Values[sessionKeyRefreshToken] = tok.RefreshToken
|
||||||
|
|
||||||
|
idToken := tok.Extra("id_token").(string)
|
||||||
|
session.Values[sessionKeyIdToken] = idToken
|
||||||
|
|
||||||
|
if oidcToken, err := ParseIdToken(idToken, c.keySet); err != nil {
|
||||||
|
c.logger.Error(err)
|
||||||
|
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||||
|
return
|
||||||
|
} else {
|
||||||
|
c.logger.Debugf(`
|
||||||
|
ID Token
|
||||||
|
========
|
||||||
|
|
||||||
|
Subject: %s
|
||||||
|
Audience: %s
|
||||||
|
Issued at: %s
|
||||||
|
Issued by: %s
|
||||||
|
Not valid before: %s
|
||||||
|
Not valid after: %s
|
||||||
|
|
||||||
|
`,
|
||||||
|
oidcToken.Subject(),
|
||||||
|
oidcToken.Audience(),
|
||||||
|
oidcToken.IssuedAt(),
|
||||||
|
oidcToken.Issuer(),
|
||||||
|
oidcToken.NotBefore(),
|
||||||
|
oidcToken.Expiration(),
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
if err = session.Save(r, w); err != nil {
|
||||||
|
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||||
|
}
|
||||||
|
if redirectTarget, ok := session.Values[sessionRedirectTarget]; ok {
|
||||||
|
w.Header().Set("Location", redirectTarget.(string))
|
||||||
|
} else {
|
||||||
|
w.Header().Set("Location", "/")
|
||||||
|
}
|
||||||
|
|
||||||
|
w.WriteHeader(http.StatusFound)
|
||||||
|
}
|
||||||
|
|
||||||
|
func NewCallbackHandler(ctx context.Context, logger *log.Logger) *oidcCallbackHandler {
|
||||||
|
return &oidcCallbackHandler{
|
||||||
|
keySet: services.GetJwkSet(ctx),
|
||||||
|
logger: logger,
|
||||||
|
oauth2Config: services.GetOAuth2Config(ctx),
|
||||||
|
}
|
||||||
|
}
|
33
handlers/security.go
Normal file
33
handlers/security.go
Normal file
|
@ -0,0 +1,33 @@
|
||||||
|
/*
|
||||||
|
Copyright 2020, 2021 Jan Dittberner
|
||||||
|
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package handlers
|
||||||
|
|
||||||
|
import (
|
||||||
|
"fmt"
|
||||||
|
"net/http"
|
||||||
|
"time"
|
||||||
|
)
|
||||||
|
|
||||||
|
func EnableHSTS() func(http.Handler) http.Handler {
|
||||||
|
return func(next http.Handler) http.Handler {
|
||||||
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||||
|
w.Header().Set("Strict-Transport-Security", fmt.Sprintf("max-age=%d", int((time.Hour*24*180).Seconds())))
|
||||||
|
next.ServeHTTP(w, r)
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
62
handlers/startup.go
Normal file
62
handlers/startup.go
Normal file
|
@ -0,0 +1,62 @@
|
||||||
|
/*
|
||||||
|
Copyright 2020, 2021 Jan Dittberner
|
||||||
|
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package handlers
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"net/http"
|
||||||
|
"os"
|
||||||
|
"os/signal"
|
||||||
|
"sync/atomic"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"github.com/knadh/koanf"
|
||||||
|
"github.com/sirupsen/logrus"
|
||||||
|
)
|
||||||
|
|
||||||
|
func StartApplication(logger *logrus.Logger, ctx context.Context, server *http.Server, config *koanf.Koanf) {
|
||||||
|
done := make(chan bool)
|
||||||
|
quit := make(chan os.Signal, 1)
|
||||||
|
signal.Notify(quit, os.Interrupt)
|
||||||
|
|
||||||
|
go func() {
|
||||||
|
<-quit
|
||||||
|
logger.Infoln("Server is shutting down...")
|
||||||
|
atomic.StoreInt32(&Healthy, 0)
|
||||||
|
|
||||||
|
ctx, cancel := context.WithTimeout(ctx, 30*time.Second)
|
||||||
|
defer cancel()
|
||||||
|
|
||||||
|
server.SetKeepAlivesEnabled(false)
|
||||||
|
if err := server.Shutdown(ctx); err != nil {
|
||||||
|
logger.Fatalf("Could not gracefully shutdown the server: %v\n", err)
|
||||||
|
}
|
||||||
|
close(done)
|
||||||
|
}()
|
||||||
|
|
||||||
|
logger.Infof("Server is ready to handle requests at https://%s/", server.Addr)
|
||||||
|
atomic.StoreInt32(&Healthy, 1)
|
||||||
|
if err := server.ListenAndServeTLS(
|
||||||
|
config.String("server.certificate"), config.String("server.key"),
|
||||||
|
); err != nil && err != http.ErrServerClosed {
|
||||||
|
logger.Fatalf("Could not listen on %s: %v\n", server.Addr, err)
|
||||||
|
}
|
||||||
|
|
||||||
|
<-done
|
||||||
|
logger.Infoln("Server stopped")
|
||||||
|
}
|
183
models/oidc.go
Normal file
183
models/oidc.go
Normal file
|
@ -0,0 +1,183 @@
|
||||||
|
/*
|
||||||
|
Copyright 2020, 2021 Jan Dittberner
|
||||||
|
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
/*
|
||||||
|
This package contains data models.
|
||||||
|
*/
|
||||||
|
package models
|
||||||
|
|
||||||
|
// An individual claim request.
|
||||||
|
//
|
||||||
|
// Specification
|
||||||
|
//
|
||||||
|
// https://openid.net/specs/openid-connect-core-1_0.html#IndividualClaimsRequests
|
||||||
|
type IndividualClaimRequest map[string]interface{}
|
||||||
|
|
||||||
|
// ClaimElement represents a claim element
|
||||||
|
type ClaimElement map[string]*IndividualClaimRequest
|
||||||
|
|
||||||
|
// OIDCClaimsRequest the claims request parameter sent with the authorization request.
|
||||||
|
//
|
||||||
|
// Specification
|
||||||
|
//
|
||||||
|
// https://openid.net/specs/openid-connect-core-1_0.html#ClaimsParameter
|
||||||
|
type OIDCClaimsRequest map[string]ClaimElement
|
||||||
|
|
||||||
|
// GetUserInfo extracts the userinfo claim element from the request.
|
||||||
|
//
|
||||||
|
// Specification
|
||||||
|
//
|
||||||
|
// https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims
|
||||||
|
//
|
||||||
|
// Requests that the listed individual Claims be returned from the UserInfo
|
||||||
|
// Endpoint. If present, the listed Claims are being requested to be added to
|
||||||
|
// any Claims that are being requested using scope values. If not present, the
|
||||||
|
// Claims being requested from the UserInfo Endpoint are only those requested
|
||||||
|
// using scope values.
|
||||||
|
//
|
||||||
|
// When the userinfo member is used, the request MUST also use a response_type
|
||||||
|
// value that results in an Access Token being issued to the Client for use at
|
||||||
|
// the UserInfo Endpoint.
|
||||||
|
func (r OIDCClaimsRequest) GetUserInfo() *ClaimElement {
|
||||||
|
if userInfo, ok := r["userinfo"]; ok {
|
||||||
|
return &userInfo
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// GetIDToken extracts the id_token claim element from the request.
|
||||||
|
//
|
||||||
|
// Specification
|
||||||
|
//
|
||||||
|
// https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims
|
||||||
|
//
|
||||||
|
// Requests that the listed individual Claims be returned in the ID Token. If
|
||||||
|
// present, the listed Claims are being requested to be added to the default
|
||||||
|
// Claims in the ID Token. If not present, the default ID Token Claims are
|
||||||
|
// requested, as per the ID Token definition in Section 2 and per the
|
||||||
|
// additional per-flow ID Token requirements in Sections 3.1.3.6, 3.2.2.10,
|
||||||
|
// 3.3.2.11, and 3.3.3.6.
|
||||||
|
func (r OIDCClaimsRequest) GetIDToken() *ClaimElement {
|
||||||
|
if idToken, ok := r["id_token"]; ok {
|
||||||
|
return &idToken
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// Checks whether the individual claim is an essential claim.
|
||||||
|
//
|
||||||
|
// Specification
|
||||||
|
//
|
||||||
|
// https://openid.net/specs/openid-connect-core-1_0.html#IndividualClaimsRequests
|
||||||
|
//
|
||||||
|
// Indicates whether the Claim being requested is an Essential Claim. If the
|
||||||
|
// value is true, this indicates that the Claim is an Essential Claim. For
|
||||||
|
// instance, the Claim request:
|
||||||
|
//
|
||||||
|
// "auth_time": {"essential": true}
|
||||||
|
//
|
||||||
|
// can be used to specify that it is Essential to return an auth_time Claim
|
||||||
|
// Value. If the value is false, it indicates that it is a Voluntary Claim.
|
||||||
|
// The default is false.
|
||||||
|
//
|
||||||
|
// By requesting Claims as Essential Claims, the RP indicates to the End-User
|
||||||
|
// that releasing these Claims will ensure a smooth authorization for the
|
||||||
|
// specific task requested by the End-User.
|
||||||
|
//
|
||||||
|
// Note that even if the Claims are not available because the End-User did not
|
||||||
|
// authorize their release or they are not present, the Authorization Server
|
||||||
|
// MUST NOT generate an error when Claims are not returned, whether they are
|
||||||
|
// Essential or Voluntary, unless otherwise specified in the description of
|
||||||
|
// the specific claim.
|
||||||
|
func (i IndividualClaimRequest) IsEssential() bool {
|
||||||
|
if essential, ok := i["essential"]; ok {
|
||||||
|
return essential.(bool)
|
||||||
|
}
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
|
// Returns the wanted value for an individual claim request.
|
||||||
|
//
|
||||||
|
// Specification
|
||||||
|
//
|
||||||
|
// https://openid.net/specs/openid-connect-core-1_0.html#IndividualClaimsRequests
|
||||||
|
//
|
||||||
|
// Requests that the Claim be returned with a particular value. For instance
|
||||||
|
// the Claim request:
|
||||||
|
//
|
||||||
|
// "sub": {"value": "248289761001"}
|
||||||
|
//
|
||||||
|
// can be used to specify that the request apply to the End-User with Subject
|
||||||
|
// Identifier 248289761001. The value of the value member MUST be a valid
|
||||||
|
// value for the Claim being requested. Definitions of individual Claims can
|
||||||
|
// include requirements on how and whether the value qualifier is to be used
|
||||||
|
// when requesting that Claim.
|
||||||
|
func (i IndividualClaimRequest) WantedValue() *string {
|
||||||
|
if value, ok := i["value"]; ok {
|
||||||
|
valueString := value.(string)
|
||||||
|
return &valueString
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// Get the allowed values for an individual claim request that specifies
|
||||||
|
// a values field.
|
||||||
|
//
|
||||||
|
// Specification
|
||||||
|
//
|
||||||
|
// https://openid.net/specs/openid-connect-core-1_0.html#IndividualClaimsRequests
|
||||||
|
//
|
||||||
|
// Requests that the Claim be returned with one of a set of values, with the
|
||||||
|
// values appearing in order of preference. For instance the Claim request:
|
||||||
|
//
|
||||||
|
// "acr": {"essential": true,
|
||||||
|
// "values": ["urn:mace:incommon:iap:silver",
|
||||||
|
// "urn:mace:incommon:iap:bronze"]}
|
||||||
|
//
|
||||||
|
// specifies that it is Essential that the acr Claim be returned with either
|
||||||
|
// the value urn:mace:incommon:iap:silver or urn:mace:incommon:iap:bronze.
|
||||||
|
// The values in the values member array MUST be valid values for the Claim
|
||||||
|
// being requested. Definitions of individual Claims can include requirements
|
||||||
|
// on how and whether the values qualifier is to be used when requesting that
|
||||||
|
// Claim.
|
||||||
|
func (i IndividualClaimRequest) AllowedValues() []string {
|
||||||
|
if values, ok := i["values"]; ok {
|
||||||
|
return values.([]string)
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// OpenIDConfiguration contains the parts of the OpenID discovery information
|
||||||
|
// that are relevant for us.
|
||||||
|
//
|
||||||
|
// Specifications
|
||||||
|
//
|
||||||
|
// https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata
|
||||||
|
//
|
||||||
|
// https://openid.net/specs/openid-connect-rpinitiated-1_0.html#OPMetadata
|
||||||
|
type OpenIDConfiguration struct {
|
||||||
|
Issuer string `json:"issuer"`
|
||||||
|
AuthorizationEndpoint string `json:"authorization_endpoint"`
|
||||||
|
TokenEndpoint string `json:"token_endpoint"`
|
||||||
|
UserInfoEndpoint string `json:"userinfo_endpoint"`
|
||||||
|
JwksUri string `json:"jwks_uri"`
|
||||||
|
RegistrationEndpoint string `json:"registration_endpoint"`
|
||||||
|
ScopesSupported []string `json:"scopes_supported"`
|
||||||
|
EndSessionEndpoint string `json:"end_session_endpoint"`
|
||||||
|
ClaimTypesSupported []string `json:"claim_types_supported"`
|
||||||
|
ClaimsSupported []string `json:"claims_supported"`
|
||||||
|
}
|
82
services/configuration.go
Normal file
82
services/configuration.go
Normal file
|
@ -0,0 +1,82 @@
|
||||||
|
/*
|
||||||
|
Copyright 2020, 2021 Jan Dittberner
|
||||||
|
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package services
|
||||||
|
|
||||||
|
import (
|
||||||
|
"fmt"
|
||||||
|
"os"
|
||||||
|
"strings"
|
||||||
|
|
||||||
|
"github.com/knadh/koanf"
|
||||||
|
"github.com/knadh/koanf/parsers/toml"
|
||||||
|
"github.com/knadh/koanf/providers/confmap"
|
||||||
|
"github.com/knadh/koanf/providers/env"
|
||||||
|
"github.com/knadh/koanf/providers/file"
|
||||||
|
"github.com/knadh/koanf/providers/posflag"
|
||||||
|
"github.com/sirupsen/logrus"
|
||||||
|
"github.com/spf13/pflag"
|
||||||
|
)
|
||||||
|
|
||||||
|
func ConfigureApplication(
|
||||||
|
logger *logrus.Logger,
|
||||||
|
appName string,
|
||||||
|
defaultConfig map[string]interface{},
|
||||||
|
) (*koanf.Koanf, error) {
|
||||||
|
f := pflag.NewFlagSet("config", pflag.ContinueOnError)
|
||||||
|
f.Usage = func() {
|
||||||
|
fmt.Println(f.FlagUsages())
|
||||||
|
os.Exit(0)
|
||||||
|
}
|
||||||
|
f.StringSlice(
|
||||||
|
"conf",
|
||||||
|
[]string{fmt.Sprintf("%s.toml", strings.ToLower(appName))},
|
||||||
|
"path to one or more .toml files",
|
||||||
|
)
|
||||||
|
var err error
|
||||||
|
|
||||||
|
if err = f.Parse(os.Args[1:]); err != nil {
|
||||||
|
logger.Fatal(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
config := koanf.New(".")
|
||||||
|
|
||||||
|
_ = config.Load(confmap.Provider(defaultConfig, "."), nil)
|
||||||
|
cFiles, _ := f.GetStringSlice("conf")
|
||||||
|
for _, c := range cFiles {
|
||||||
|
if err := config.Load(file.Provider(c), toml.Parser()); err != nil {
|
||||||
|
logger.Fatalf("error loading config file: %s", err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if err := config.Load(posflag.Provider(f, ".", config), nil); err != nil {
|
||||||
|
logger.Fatalf("error loading configuration: %s", err)
|
||||||
|
}
|
||||||
|
if err := config.Load(
|
||||||
|
file.Provider("resource_app.toml"),
|
||||||
|
toml.Parser(),
|
||||||
|
); err != nil && !os.IsNotExist(err) {
|
||||||
|
logrus.Fatalf("error loading config: %v", err)
|
||||||
|
}
|
||||||
|
prefix := fmt.Sprintf("%s_", strings.ToUpper(appName))
|
||||||
|
if err := config.Load(env.Provider(prefix, ".", func(s string) string {
|
||||||
|
return strings.Replace(strings.ToLower(
|
||||||
|
strings.TrimPrefix(s, prefix)), "_", ".", -1)
|
||||||
|
}), nil); err != nil {
|
||||||
|
logrus.Fatalf("error loading config: %v", err)
|
||||||
|
}
|
||||||
|
return config, err
|
||||||
|
}
|
156
services/i18n.go
Normal file
156
services/i18n.go
Normal file
|
@ -0,0 +1,156 @@
|
||||||
|
/*
|
||||||
|
Copyright 2020, 2021 Jan Dittberner
|
||||||
|
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package services
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"fmt"
|
||||||
|
|
||||||
|
"github.com/nicksnyder/go-i18n/v2/i18n"
|
||||||
|
"golang.org/x/text/language"
|
||||||
|
|
||||||
|
"github.com/BurntSushi/toml"
|
||||||
|
log "github.com/sirupsen/logrus"
|
||||||
|
)
|
||||||
|
|
||||||
|
func AddMessages(ctx context.Context) {
|
||||||
|
messages := make(map[string]*i18n.Message)
|
||||||
|
messages["IndexGreeting"] = &i18n.Message{
|
||||||
|
ID: "IndexGreeting",
|
||||||
|
Other: "Hello {{ .User }}",
|
||||||
|
}
|
||||||
|
messages["IndexTitle"] = &i18n.Message{
|
||||||
|
ID: "IndexTitle",
|
||||||
|
Other: "Welcome to the Demo application",
|
||||||
|
}
|
||||||
|
messages["LogoutLabel"] = &i18n.Message{
|
||||||
|
ID: "LogoutLabel",
|
||||||
|
Description: "A label on a logout button or link",
|
||||||
|
Other: "Logout",
|
||||||
|
}
|
||||||
|
messages["IndexIntroductionText"] = &i18n.Message{
|
||||||
|
ID: "IndexIntroductionText",
|
||||||
|
Other: "This is an authorization protected resource",
|
||||||
|
}
|
||||||
|
GetMessageCatalog(ctx).AddMessages(messages)
|
||||||
|
}
|
||||||
|
|
||||||
|
type contextKey int
|
||||||
|
|
||||||
|
const (
|
||||||
|
ctxI18nBundle contextKey = iota
|
||||||
|
ctxI18nCatalog
|
||||||
|
)
|
||||||
|
|
||||||
|
type MessageCatalog struct {
|
||||||
|
messages map[string]*i18n.Message
|
||||||
|
logger *log.Logger
|
||||||
|
}
|
||||||
|
|
||||||
|
func (m *MessageCatalog) AddMessages(messages map[string]*i18n.Message) {
|
||||||
|
for key, value := range messages {
|
||||||
|
m.messages[key] = value
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (m *MessageCatalog) LookupErrorMessage(tag string, field string, value interface{}, localizer *i18n.Localizer) string {
|
||||||
|
var message *i18n.Message
|
||||||
|
message, ok := m.messages[fmt.Sprintf("%s-%s", field, tag)]
|
||||||
|
if !ok {
|
||||||
|
m.logger.Infof("no specific error message %s-%s", field, tag)
|
||||||
|
message, ok = m.messages[tag]
|
||||||
|
if !ok {
|
||||||
|
m.logger.Infof("no specific error message %s", tag)
|
||||||
|
message, ok = m.messages["unknown"]
|
||||||
|
if !ok {
|
||||||
|
m.logger.Warnf("no default translation found")
|
||||||
|
return tag
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
translation, err := localizer.Localize(&i18n.LocalizeConfig{
|
||||||
|
DefaultMessage: message,
|
||||||
|
TemplateData: map[string]interface{}{
|
||||||
|
"Value": value,
|
||||||
|
},
|
||||||
|
})
|
||||||
|
if err != nil {
|
||||||
|
m.logger.Error(err)
|
||||||
|
return tag
|
||||||
|
}
|
||||||
|
return translation
|
||||||
|
}
|
||||||
|
|
||||||
|
func (m *MessageCatalog) LookupMessage(id string, templateData map[string]interface{}, localizer *i18n.Localizer) string {
|
||||||
|
if message, ok := m.messages[id]; ok {
|
||||||
|
translation, err := localizer.Localize(&i18n.LocalizeConfig{
|
||||||
|
DefaultMessage: message,
|
||||||
|
TemplateData: templateData,
|
||||||
|
})
|
||||||
|
if err != nil {
|
||||||
|
switch err.(type) {
|
||||||
|
case *i18n.MessageNotFoundErr:
|
||||||
|
m.logger.Warnf("message %s not found: %v", id, err)
|
||||||
|
if translation != "" {
|
||||||
|
return translation
|
||||||
|
}
|
||||||
|
break
|
||||||
|
default:
|
||||||
|
m.logger.Error(err)
|
||||||
|
}
|
||||||
|
return id
|
||||||
|
}
|
||||||
|
return translation
|
||||||
|
} else {
|
||||||
|
m.logger.Warnf("no translation found for %s", id)
|
||||||
|
return id
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func InitI18n(ctx context.Context, logger *log.Logger, languages []string) context.Context {
|
||||||
|
bundle := i18n.NewBundle(language.English)
|
||||||
|
bundle.RegisterUnmarshalFunc("toml", toml.Unmarshal)
|
||||||
|
for _, lang := range languages {
|
||||||
|
_, err := bundle.LoadMessageFile(fmt.Sprintf("active.%s.toml", lang))
|
||||||
|
if err != nil {
|
||||||
|
logger.Warnln("message bundle de.toml not found")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
catalog := initMessageCatalog(logger)
|
||||||
|
ctx = context.WithValue(ctx, ctxI18nBundle, bundle)
|
||||||
|
ctx = context.WithValue(ctx, ctxI18nCatalog, catalog)
|
||||||
|
return ctx
|
||||||
|
}
|
||||||
|
|
||||||
|
func initMessageCatalog(logger *log.Logger) *MessageCatalog {
|
||||||
|
messages := make(map[string]*i18n.Message)
|
||||||
|
messages["ErrorTitle"] = &i18n.Message{
|
||||||
|
ID: "ErrorTitle",
|
||||||
|
Other: "An error has occurred",
|
||||||
|
}
|
||||||
|
return &MessageCatalog{messages: messages, logger: logger}
|
||||||
|
}
|
||||||
|
|
||||||
|
func GetI18nBundle(ctx context.Context) *i18n.Bundle {
|
||||||
|
return ctx.Value(ctxI18nBundle).(*i18n.Bundle)
|
||||||
|
}
|
||||||
|
|
||||||
|
func GetMessageCatalog(ctx context.Context) *MessageCatalog {
|
||||||
|
return ctx.Value(ctxI18nCatalog).(*MessageCatalog)
|
||||||
|
}
|
131
services/oidc.go
Normal file
131
services/oidc.go
Normal file
|
@ -0,0 +1,131 @@
|
||||||
|
/*
|
||||||
|
Copyright 2020, 2021 Jan Dittberner
|
||||||
|
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package services
|
||||||
|
|
||||||
|
import (
|
||||||
|
"bytes"
|
||||||
|
"context"
|
||||||
|
"encoding/json"
|
||||||
|
"net/http"
|
||||||
|
"net/url"
|
||||||
|
|
||||||
|
"git.cacert.org/oidc_demo_app/models"
|
||||||
|
"github.com/lestrrat-go/jwx/jwk"
|
||||||
|
log "github.com/sirupsen/logrus"
|
||||||
|
"golang.org/x/oauth2"
|
||||||
|
)
|
||||||
|
|
||||||
|
type oidcContextKey int
|
||||||
|
|
||||||
|
// context keys
|
||||||
|
const (
|
||||||
|
ctxOidcConfig oidcContextKey = iota
|
||||||
|
ctxOAuth2Config
|
||||||
|
ctxOidcJwks
|
||||||
|
)
|
||||||
|
|
||||||
|
// Parameters for DiscoverOIDC
|
||||||
|
type OidcParams struct {
|
||||||
|
OidcServer string
|
||||||
|
OidcClientId string
|
||||||
|
OidcClientSecret string
|
||||||
|
APIClient *http.Client
|
||||||
|
}
|
||||||
|
|
||||||
|
// Discover OpenID Connect parameters from the discovery endpoint and the
|
||||||
|
// JSON Web Key Set from the discovered jwksUri.
|
||||||
|
//
|
||||||
|
// The subset of values specified by models.OpenIDConfiguration is stored in
|
||||||
|
// the given context and can be retrieved from the context by GetOidcConfig.
|
||||||
|
//
|
||||||
|
// OAuth2 specific values are stored in another context object and can be
|
||||||
|
// retrieved by GetOAuth2Config.
|
||||||
|
//
|
||||||
|
// The JSON Web Key Set can be retrieved by GetJwkSet.
|
||||||
|
func DiscoverOIDC(ctx context.Context, logger *log.Logger, params *OidcParams) (context.Context, error) {
|
||||||
|
var discoveryUrl *url.URL
|
||||||
|
|
||||||
|
discoveryUrl, err := url.Parse(params.OidcServer)
|
||||||
|
if err != nil {
|
||||||
|
logger.Fatalf("could not parse oidc.server parameter value %s: %s", params.OidcServer, err)
|
||||||
|
} else {
|
||||||
|
discoveryUrl.Path = "/.well-known/openid-configuration"
|
||||||
|
}
|
||||||
|
|
||||||
|
var body []byte
|
||||||
|
var req *http.Request
|
||||||
|
req, err = http.NewRequest(http.MethodGet, discoveryUrl.String(), bytes.NewBuffer(body))
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
req.Header = map[string][]string{
|
||||||
|
"Accept": {"application/json"},
|
||||||
|
}
|
||||||
|
|
||||||
|
resp, err := params.APIClient.Do(req)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
dec := json.NewDecoder(resp.Body)
|
||||||
|
discoveryResponse := &models.OpenIDConfiguration{}
|
||||||
|
err = dec.Decode(discoveryResponse)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
ctx = context.WithValue(ctx, ctxOidcConfig, discoveryResponse)
|
||||||
|
|
||||||
|
oauth2Config := &oauth2.Config{
|
||||||
|
ClientID: params.OidcClientId,
|
||||||
|
ClientSecret: params.OidcClientSecret,
|
||||||
|
Endpoint: oauth2.Endpoint{
|
||||||
|
AuthURL: discoveryResponse.AuthorizationEndpoint,
|
||||||
|
TokenURL: discoveryResponse.TokenEndpoint,
|
||||||
|
},
|
||||||
|
Scopes: []string{"openid", "offline"},
|
||||||
|
}
|
||||||
|
ctx = context.WithValue(ctx, ctxOAuth2Config, oauth2Config)
|
||||||
|
keySet, err := jwk.Fetch(ctx, discoveryResponse.JwksUri, jwk.WithHTTPClient(params.APIClient))
|
||||||
|
if err != nil {
|
||||||
|
log.Fatalf("could not fetch JWKs: %s", err)
|
||||||
|
}
|
||||||
|
ctx = context.WithValue(ctx, ctxOidcJwks, keySet)
|
||||||
|
|
||||||
|
return ctx, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// Get the OpenID configuration from the context.
|
||||||
|
//
|
||||||
|
// DiscoverOIDC needs to be called before this is available.
|
||||||
|
func GetOidcConfig(ctx context.Context) *models.OpenIDConfiguration {
|
||||||
|
return ctx.Value(ctxOidcConfig).(*models.OpenIDConfiguration)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Get the OAuth 2 configuration configuration from the context.
|
||||||
|
//
|
||||||
|
// DiscoverOIDC needs to be called before this is available.
|
||||||
|
func GetOAuth2Config(ctx context.Context) *oauth2.Config {
|
||||||
|
return ctx.Value(ctxOAuth2Config).(*oauth2.Config)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Get the JSON Web Key set from the context.
|
||||||
|
//
|
||||||
|
// DiscoverOIDC needs to be called before this is available.
|
||||||
|
func GetJwkSet(ctx context.Context) jwk.Set {
|
||||||
|
return ctx.Value(ctxOidcJwks).(jwk.Set)
|
||||||
|
}
|
36
services/security.go
Normal file
36
services/security.go
Normal file
|
@ -0,0 +1,36 @@
|
||||||
|
/*
|
||||||
|
Copyright 2020, 2021 Jan Dittberner
|
||||||
|
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package services
|
||||||
|
|
||||||
|
import (
|
||||||
|
"crypto/rand"
|
||||||
|
|
||||||
|
log "github.com/sirupsen/logrus"
|
||||||
|
)
|
||||||
|
|
||||||
|
func GenerateKey(length int) []byte {
|
||||||
|
key := make([]byte, length)
|
||||||
|
read, err := rand.Read(key)
|
||||||
|
if err != nil {
|
||||||
|
log.Fatalf("could not generate key: %s", err)
|
||||||
|
}
|
||||||
|
if read != length {
|
||||||
|
log.Fatalf("read %d bytes, expected %d bytes", read, length)
|
||||||
|
}
|
||||||
|
return key
|
||||||
|
}
|
42
services/session.go
Normal file
42
services/session.go
Normal file
|
@ -0,0 +1,42 @@
|
||||||
|
/*
|
||||||
|
Copyright 2020, 2021 Jan Dittberner
|
||||||
|
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package services
|
||||||
|
|
||||||
|
import (
|
||||||
|
"os"
|
||||||
|
|
||||||
|
"github.com/gorilla/sessions"
|
||||||
|
log "github.com/sirupsen/logrus"
|
||||||
|
)
|
||||||
|
|
||||||
|
var store *sessions.FilesystemStore
|
||||||
|
|
||||||
|
func InitSessionStore(logger *log.Logger, sessionPath string, keys ...[]byte) {
|
||||||
|
store = sessions.NewFilesystemStore(sessionPath, keys...)
|
||||||
|
if _, err := os.Stat(sessionPath); err != nil {
|
||||||
|
if os.IsNotExist(err) {
|
||||||
|
if err = os.MkdirAll(sessionPath, 0700); err != nil {
|
||||||
|
logger.Fatalf("could not create session store directory: %s", err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func GetSessionStore() *sessions.FilesystemStore {
|
||||||
|
return store
|
||||||
|
}
|
41
templates/base.gohtml
Normal file
41
templates/base.gohtml
Normal file
|
@ -0,0 +1,41 @@
|
||||||
|
{{ define "base" }}
|
||||||
|
<!DOCTYPE html>
|
||||||
|
<html lang="en">
|
||||||
|
<head>
|
||||||
|
<meta charset="utf-8">
|
||||||
|
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
|
||||||
|
<!-- generics -->
|
||||||
|
<link rel="icon" href="/images/favicon-32.png" sizes="32x32">
|
||||||
|
<link rel="icon" href="/images/favicon-57.png" sizes="57x57">
|
||||||
|
<link rel="icon" href="/images/favicon-76.png" sizes="76x76">
|
||||||
|
<link rel="icon" href="/images/favicon-96.png" sizes="96x96">
|
||||||
|
<link rel="icon" href="/images/favicon-128.png" sizes="128x128">
|
||||||
|
<link rel="icon" href="/images/favicon-192.png" sizes="192x192">
|
||||||
|
<link rel="icon" href="/images/favicon-228.png" sizes="228x228">
|
||||||
|
<link rel="icon" href="/images/favicon.ico">
|
||||||
|
|
||||||
|
<!-- Android -->
|
||||||
|
<link rel="shortcut icon" sizes="196x196" href="/images/favicon-196.png">
|
||||||
|
|
||||||
|
<!-- iOS -->
|
||||||
|
<link rel="apple-touch-icon" href="/images/favicon-120.png" sizes="120x120">
|
||||||
|
<link rel="apple-touch-icon" href="/images/favicon-152.png" sizes="152x152">
|
||||||
|
<link rel="apple-touch-icon" href="/images/favicon-180.png" sizes="180x180">
|
||||||
|
|
||||||
|
<link rel="stylesheet" href="/css/cacert.bundle.css">
|
||||||
|
<meta name="theme-color" content="#11568c">
|
||||||
|
<title>{{ .Title }}</title>
|
||||||
|
</head>
|
||||||
|
<body class="resource-app d-flex flex-column h-100">
|
||||||
|
<main role="main" class="flex-shrink-0">
|
||||||
|
{{ template "content" . }}
|
||||||
|
</main>
|
||||||
|
<footer class="footer mt-auto py-3">
|
||||||
|
<div class="container">
|
||||||
|
<span class="text-muted small">© 2020 <a href="https://www.cacert.org/">CAcert</a></span>
|
||||||
|
</div>
|
||||||
|
</footer>
|
||||||
|
<script type="text/javascript" src="/js/cacert.bundle.js"></script>
|
||||||
|
</body>
|
||||||
|
</html>
|
||||||
|
{{ end }}
|
13
templates/errors.gohtml
Normal file
13
templates/errors.gohtml
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
{{ define "content" }}
|
||||||
|
<div class="container text-center error-message">
|
||||||
|
<img src="/images/CAcert-logo.svg" width="300" height="68" alt="CAcert" class="mb-4">
|
||||||
|
<h1>{{ .Title }}</h1>
|
||||||
|
<h2>{{ if .details.ErrorCode }}
|
||||||
|
<strong>{{ .details.ErrorCode }}</strong> {{ end }}{{ .details.ErrorMessage }}</h2>
|
||||||
|
{{ if .details.ErrorDetails }}
|
||||||
|
{{ range .details.ErrorDetails }}
|
||||||
|
<p>{{ . }}</p>
|
||||||
|
{{ end }}
|
||||||
|
{{ end }}
|
||||||
|
</div>
|
||||||
|
{{ end }}
|
8
templates/index.gohtml
Normal file
8
templates/index.gohtml
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
{{ define "content" }}
|
||||||
|
<div class="container">
|
||||||
|
<img src="/images/CAcert-logo.svg" width="300" height="68" alt="CAcert" class="mb-4">
|
||||||
|
<h1>{{ .Greeting }}</h1>
|
||||||
|
<p>{{ .IntroductionText }}</p>
|
||||||
|
<a class="btn btn-outline-primary" href="{{ .LogoutURL }}">{{ .LogoutLabel }}</a>
|
||||||
|
</div>
|
||||||
|
{{ end }}
|
Loading…
Reference in a new issue