|
|
|
|
@ -91,34 +91,11 @@ func main() {
|
|
|
|
|
logger.WithError(err).Fatal("could not add messages for i18n")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
adminURL, err := url.Parse(config.MustString("admin.url"))
|
|
|
|
|
clientTransport, err := configureAdminClient(config)
|
|
|
|
|
if err != nil {
|
|
|
|
|
logger.WithError(err).Fatal("error parsing admin URL")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
tlsClientConfig := &tls.Config{MinVersion: tls.VersionTLS12}
|
|
|
|
|
|
|
|
|
|
if config.Exists("api-client.rootCAs") {
|
|
|
|
|
rootCAFile := config.MustString("api-client.rootCAs")
|
|
|
|
|
caCertPool := x509.NewCertPool()
|
|
|
|
|
|
|
|
|
|
pemBytes, err := os.ReadFile(rootCAFile)
|
|
|
|
|
if err != nil {
|
|
|
|
|
log.Fatalf("could not read CA certificate file: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
caCertPool.AppendCertsFromPEM(pemBytes)
|
|
|
|
|
tlsClientConfig.RootCAs = caCertPool
|
|
|
|
|
logger.WithError(err).Fatal("could not configure Hydra admin client")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
tlsClientTransport := &http.Transport{TLSClientConfig: tlsClientConfig}
|
|
|
|
|
httpClient := &http.Client{Transport: tlsClientTransport}
|
|
|
|
|
clientTransport := client.NewWithClient(
|
|
|
|
|
adminURL.Host,
|
|
|
|
|
adminURL.Path,
|
|
|
|
|
[]string{adminURL.Scheme},
|
|
|
|
|
httpClient,
|
|
|
|
|
)
|
|
|
|
|
adminClient := hydra.New(clientTransport, nil)
|
|
|
|
|
|
|
|
|
|
loginHandler := handlers.NewLoginHandler(logger, bundle, catalog, adminClient.Admin)
|
|
|
|
|
@ -168,6 +145,39 @@ func main() {
|
|
|
|
|
startServer(context.Background(), handlerChain, logger, config)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func configureAdminClient(config *koanf.Koanf) (*client.Runtime, error) {
|
|
|
|
|
adminURL, err := url.Parse(config.MustString("admin.url"))
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, fmt.Errorf("error parsing admin URL: %w", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
tlsClientConfig := &tls.Config{MinVersion: tls.VersionTLS12}
|
|
|
|
|
|
|
|
|
|
if config.Exists("api-client.rootCAs") {
|
|
|
|
|
rootCAFile := config.MustString("api-client.rootCAs")
|
|
|
|
|
caCertPool := x509.NewCertPool()
|
|
|
|
|
|
|
|
|
|
pemBytes, err := os.ReadFile(rootCAFile)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, fmt.Errorf("could not read CA certificate file: %w", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
caCertPool.AppendCertsFromPEM(pemBytes)
|
|
|
|
|
tlsClientConfig.RootCAs = caCertPool
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
tlsClientTransport := &http.Transport{TLSClientConfig: tlsClientConfig}
|
|
|
|
|
httpClient := &http.Client{Transport: tlsClientTransport}
|
|
|
|
|
clientTransport := client.NewWithClient(
|
|
|
|
|
adminURL.Host,
|
|
|
|
|
adminURL.Path,
|
|
|
|
|
[]string{adminURL.Scheme},
|
|
|
|
|
httpClient,
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
return clientTransport, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func startServer(ctx context.Context, handlerChain http.Handler, logger *log.Logger, config *koanf.Koanf) {
|
|
|
|
|
clientCertificateCAFile := config.MustString("security.client.ca-file")
|
|
|
|
|
serverBindAddress := config.String("server.bind_address")
|
|
|
|
|
|
