|
|
|
|
@ -27,6 +27,7 @@ import (
|
|
|
|
|
"net/http"
|
|
|
|
|
"time"
|
|
|
|
|
|
|
|
|
|
"github.com/knadh/koanf"
|
|
|
|
|
"github.com/knadh/koanf/parsers/toml"
|
|
|
|
|
"github.com/knadh/koanf/providers/confmap"
|
|
|
|
|
log "github.com/sirupsen/logrus"
|
|
|
|
|
@ -61,38 +62,6 @@ func main() {
|
|
|
|
|
ctx = services.InitI18n(ctx, logger, config.Strings("i18n.languages"))
|
|
|
|
|
services.AddMessages(ctx)
|
|
|
|
|
|
|
|
|
|
sessionPath := config.MustString("session.path")
|
|
|
|
|
sessionAuthKey, err := base64.StdEncoding.DecodeString(config.String("session.auth-key"))
|
|
|
|
|
if err != nil {
|
|
|
|
|
log.Fatalf("could not decode session auth key: %s", err)
|
|
|
|
|
}
|
|
|
|
|
sessionEncKey, err := base64.StdEncoding.DecodeString(config.String("session.enc-key"))
|
|
|
|
|
if err != nil {
|
|
|
|
|
log.Fatalf("could not decode session encryption key: %s", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
generated := false
|
|
|
|
|
if len(sessionAuthKey) != 64 {
|
|
|
|
|
sessionAuthKey = services.GenerateKey(64)
|
|
|
|
|
generated = true
|
|
|
|
|
}
|
|
|
|
|
if len(sessionEncKey) != 32 {
|
|
|
|
|
sessionEncKey = services.GenerateKey(32)
|
|
|
|
|
generated = true
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if generated {
|
|
|
|
|
_ = config.Load(confmap.Provider(map[string]interface{}{
|
|
|
|
|
"session.auth-key": sessionAuthKey,
|
|
|
|
|
"session.enc-key": sessionEncKey,
|
|
|
|
|
}, "."), nil)
|
|
|
|
|
tomlData, err := config.Marshal(toml.Parser())
|
|
|
|
|
if err != nil {
|
|
|
|
|
log.Fatalf("could not encode session config")
|
|
|
|
|
}
|
|
|
|
|
log.Infof("put the following in your resource_app.toml:\n%s", string(tomlData))
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
tlsClientConfig := &tls.Config{
|
|
|
|
|
MinVersion: tls.VersionTLS12,
|
|
|
|
|
}
|
|
|
|
|
@ -119,6 +88,7 @@ func main() {
|
|
|
|
|
log.Fatalf("OpenID Connect discovery failed: %s", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
sessionPath, sessionAuthKey, sessionEncKey := configureSessionParameters(config, err)
|
|
|
|
|
services.InitSessionStore(logger, sessionPath, sessionAuthKey, sessionEncKey)
|
|
|
|
|
|
|
|
|
|
authMiddleware := handlers.Authenticate(ctx, logger, oidcClientId)
|
|
|
|
|
@ -173,3 +143,38 @@ func main() {
|
|
|
|
|
|
|
|
|
|
handlers.StartApplication(logger, ctx, server, config)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func configureSessionParameters(config *koanf.Koanf, err error) (string, []byte, []byte) {
|
|
|
|
|
sessionPath := config.MustString("session.path")
|
|
|
|
|
sessionAuthKey, err := base64.StdEncoding.DecodeString(config.String("session.auth-key"))
|
|
|
|
|
if err != nil {
|
|
|
|
|
log.Fatalf("could not decode session auth key: %s", err)
|
|
|
|
|
}
|
|
|
|
|
sessionEncKey, err := base64.StdEncoding.DecodeString(config.String("session.enc-key"))
|
|
|
|
|
if err != nil {
|
|
|
|
|
log.Fatalf("could not decode session encryption key: %s", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
generated := false
|
|
|
|
|
if len(sessionAuthKey) != 64 {
|
|
|
|
|
sessionAuthKey = services.GenerateKey(64)
|
|
|
|
|
generated = true
|
|
|
|
|
}
|
|
|
|
|
if len(sessionEncKey) != 32 {
|
|
|
|
|
sessionEncKey = services.GenerateKey(32)
|
|
|
|
|
generated = true
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if generated {
|
|
|
|
|
_ = config.Load(confmap.Provider(map[string]interface{}{
|
|
|
|
|
"session.auth-key": sessionAuthKey,
|
|
|
|
|
"session.enc-key": sessionEncKey,
|
|
|
|
|
}, "."), nil)
|
|
|
|
|
tomlData, err := config.Marshal(toml.Parser())
|
|
|
|
|
if err != nil {
|
|
|
|
|
log.Fatalf("could not encode session config")
|
|
|
|
|
}
|
|
|
|
|
log.Infof("put the following in your resource_app.toml:\n%s", string(tomlData))
|
|
|
|
|
}
|
|
|
|
|
return sessionPath, sessionAuthKey, sessionEncKey
|
|
|
|
|
}
|
|
|
|
|
|
