func SetupStores() {
var key []byte
if config.Constants.CookieStoreSecret != "" {
var err error
key, err = base64.StdEncoding.DecodeString(string(config.Constants.CookieStoreSecret))
if err != nil {
logrus.Fatal(err)
}
} else {
logrus.Warning("Using an insecure cookie encryption key")
}
if SessionStore == nil {
sessionStoreMutex.Lock()
if len(key) == 0 {
SessionStore = pgstore.NewPGStore(database.DBUrl.String(), []byte("secret"))
} else {
SessionStore = pgstore.NewPGStore(database.DBUrl.String(), key)
}
SessionStore.Options.HttpOnly = true
sessionStoreMutex.Unlock()
}
}
func SetupStores() {
if SessionStore == nil {
sessionStoreMutex.Lock()
if SessionStore == nil {
SessionStore = pgstore.NewPGStore(database.DbUrl, []byte(config.Constants.SessionName))
SessionStore.Options.HttpOnly = true
}
sessionStoreMutex.Unlock()
}
}
func (ws *WebServer) Setup() error {
var err error
log.Debugf("Configuring WebServer...")
if err := ws.Database.Connect(); err != nil {
log.Errorf("Failed to connect to %s database at %s: %s", ws.Database.Driver, ws.Database.DSN, err)
return err
}
if ws.Auth.OAuth.Provider != "" {
log.Debugf("Configuring OAuth Session store")
maxSessionAge := ws.Auth.OAuth.Sessions.MaxAge
authKey := securecookie.GenerateRandomKey(64)
encKey := securecookie.GenerateRandomKey(32)
switch ws.Auth.OAuth.Sessions.Type {
case "sqlite3":
log.Debugf("Using sqlite3 as a session store")
store, err := sqlitestore.NewSqliteStore(ws.Auth.OAuth.Sessions.DSN, "http_sessions", "/", maxSessionAge, authKey, encKey)
if err != nil {
log.Errorf("Error setting up sessions database: %s", err)
return err
}
gothic.Store = store
case "postgres":
log.Debugf("Using postgres as a session store")
gothic.Store = pgstore.NewPGStore(ws.Auth.OAuth.Sessions.DSN, authKey, encKey)
gothic.Store.(*pgstore.PGStore).Options.MaxAge = maxSessionAge
case "mock":
log.Debugf("Using mocked session store")
// does nothing, to avoid being accidentally used in prod
default:
log.Errorf("Invalid DB Backend for OAuth sessions database")
return err
}
gob.Register(map[string]interface{}{})
switch ws.Auth.OAuth.Provider {
case "github":
log.Debugf("Using github as the oauth provider")
goth.UseProviders(github.New(ws.Auth.OAuth.Key, ws.Auth.OAuth.Secret, fmt.Sprintf("%s/v1/auth/github/callback", ws.Auth.OAuth.BaseURL), "read:org"))
OAuthVerifier = &GithubVerifier{Orgs: ws.Auth.OAuth.Authorization.Orgs}
case "cloudfoundry":
log.Debugf("Using cloudfoundry as the oauth provider")
goth.UseProviders(cloudfoundry.New(ws.Auth.OAuth.ProviderURL, ws.Auth.OAuth.Key, ws.Auth.OAuth.Secret, fmt.Sprintf("%s/v1/auth/cloudfoundry/callback", ws.Auth.OAuth.BaseURL), "openid,scim.read"))
OAuthVerifier = &UAAVerifier{Groups: ws.Auth.OAuth.Authorization.Orgs, UAA: ws.Auth.OAuth.ProviderURL}
p, err := goth.GetProvider("cloudfoundry")
if err != nil {
return err
}
p.(*cloudfoundry.Provider).Client = ws.Auth.OAuth.Client
case "faux":
log.Debugf("Using mocked session store")
// does nothing, to avoid being accidentally used in prod
default:
log.Errorf("Invalid OAuth provider specified.")
return err
}
gothic.GetProviderName = func(req *http.Request) (string, error) {
return ws.Auth.OAuth.Provider, nil
}
gothic.SetState = func(req *http.Request) string {
sess, _ := gothic.Store.Get(req, gothic.SessionName)
sess.Values["state"] = uuid.New()
return sess.Values["state"].(string)
}
}
protectedAPIs, err := ws.ProtectedAPIs()
if err != nil {
log.Errorf("Could not set up HTTP routes: " + err.Error())
return err
}
if ws.Auth.OAuth.Provider != "" {
log.Debugf("Enabling OAuth handlers for HTTP requests")
UserAuthenticator = OAuthenticator{
Cfg: ws.Auth.OAuth,
}
} else {
log.Debugf("Enabling Basic Auth handlers for HTTP requests")
UserAuthenticator = BasicAuthenticator{
Cfg: ws.Auth.Basic,
}
}
http.Handle("/", ws.UnauthenticatedResources(Authenticate(ws.Auth.Tokens, protectedAPIs)))
return nil
}
func SetupStores() {
SessionStore = pgstore.NewPGStore(database.DbUrl, []byte(config.Constants.SessionName))
SessionStore.(*pgstore.PGStore).Options.HttpOnly = true
}