// GetOauthSecret gets the oauth secret from mongodb for a specified service. If it doesn't exist, an error gets logged.
func GetOauthSecret(service string) (string, error) {
session := db.GetSession()
defer session.Close()
config := globalconfig.NewManager()
globalconfig.InitModels()
secretModel, err := config.GetByKey(service + "-secret")
if err != nil {
log.Errorf("No Oauth secret found for %s. Please insert it into the collection globalconfig with key %s-secret",
service, service)
}
return secretModel.Value, err
}
// GetOauthClientID gets the oauth secret from mongodb for a specified service. If it doesn't exist, an error gets logged.
func GetOauthClientID(service string) (string, error) {
session := db.GetSession()
defer session.Close()
config := globalconfig.NewManager()
globalconfig.InitModels()
clientIDModel, err := config.GetByKey(service + "-clientid")
log.Warn(clientIDModel.Value)
if err != nil {
log.Errorf("No Oauth client id found for %s. Please insert it into the collection globalconfig with key %s-clientid",
service, service)
}
return clientIDModel.Value, err
}
// GetCookieSecret gets the cookie secret from mongodb if it exists otherwise, generate a new one and save it
func GetCookieSecret() string {
session := db.GetSession()
defer session.Close()
config := globalconfig.NewManager()
globalconfig.InitModels()
cookie, err := config.GetByKey("cookieSecret")
if err != nil {
log.Debug("No cookie secret found, generating a new one")
secret, err := generateCookieSecret(32)
if err != nil {
log.Panic("Cannot generate secret cookie")
}
cookie.Key = "cookieSecret"
cookie.Value = secret
err = config.Insert(cookie)
// Key was inserted by another instance in the meantime
if db.IsDup(err) {
cookie, err = config.GetByKey("cookieSecret")
if err != nil {
log.Panic("Cannot retreive cookie secret")
}
}
}
log.Debug("Cookie secret: ", cookie.Value)
return cookie.Value
}
func main() {
app := cli.NewApp()
app.Name = "Identity server"
app.Version = "0.1-Dev"
log.SetFormatter(&log.TextFormatter{FullTimestamp: true})
var debugLogging, ignoreDevcert bool
var bindAddress, dbConnectionString string
var tlsCert, tlsKey string
var twilioAccountSID, twilioAuthToken, twilioMessagingServiceSID string
var smtpserver, smtpuser, smtppassword string
var smtpport int
app.Flags = []cli.Flag{
cli.BoolFlag{
Name: "debug, d",
Usage: "Enable debug logging",
Destination: &debugLogging,
},
cli.StringFlag{
Name: "bind, b",
Usage: "Bind address",
Value: ":8443",
Destination: &bindAddress,
},
cli.StringFlag{
Name: "connectionstring, c",
Usage: "Mongodb connection string",
Value: "127.0.0.1:27017",
Destination: &dbConnectionString,
},
cli.StringFlag{
Name: "cert, s",
Usage: "TLS certificate path",
Value: "",
Destination: &tlsCert,
},
cli.StringFlag{
Name: "key, k",
Usage: "TLS private key path",
Value: "",
Destination: &tlsKey,
},
cli.BoolFlag{
Name: "ignore-devcert, i",
Usage: "Ignore default devcert even if exists",
Destination: &ignoreDevcert,
},
cli.StringFlag{
Name: "twilio-AccountSID",
Usage: "Twilio AccountSID",
Destination: &twilioAccountSID,
},
cli.StringFlag{
Name: "twilio-AuthToken",
Usage: "Twilio AuthToken",
Destination: &twilioAuthToken,
},
cli.StringFlag{
Name: "twilio-MsgSvcSID",
Usage: "Twilio MessagingServiceSID",
Destination: &twilioMessagingServiceSID,
},
cli.StringFlag{
Name: "smtp-server",
Usage: "Host of smtp server",
Destination: &smtpserver,
},
cli.StringFlag{
Name: "smtp-user",
Usage: "User to login smtp server",
Destination: &smtpuser,
},
cli.StringFlag{
Name: "smtp-password",
Usage: "Password of smtp server",
Destination: &smtppassword,
},
cli.IntFlag{
Name: "smtp-port",
Usage: "Port of smtp server",
Destination: &smtpport,
Value: 587,
},
}
app.Before = func(c *cli.Context) error {
if debugLogging {
log.SetLevel(log.DebugLevel)
log.Debug("Debug logging enabled")
log.Debug(app.Name, "-", app.Version)
}
return nil
}
app.Action = func(c *cli.Context) {
// Connect to DB!
go db.Connect(dbConnectionString)
defer db.Close()
cookieSecret := identityservice.GetCookieSecret()
var smsService communication.SMSService
var emailService communication.EmailService
if twilioAccountSID != "" {
smsService = &communication.TwilioSMSService{
AccountSID: twilioAccountSID,
AuthToken: twilioAuthToken,
MessagingServiceSID: twilioMessagingServiceSID,
}
} else {
log.Warn("============================================================================")
log.Warn("No valid Twilio Account provided, falling back to development implementation")
log.Warn("============================================================================")
smsService = &communication.DevSMSService{}
}
if smtpserver == "" {
log.Warn("============================================================================")
log.Warn("No valid SMTP server provided, falling back to development implementation")
log.Warn("============================================================================")
emailService = &communication.DevEmailService{}
} else {
emailService = communication.NewSMTPEmailService(smtpserver, smtpport, smtpuser, smtppassword)
}
sc := siteservice.NewService(cookieSecret, smsService, emailService)
is := identityservice.NewService(smsService, emailService)
config := globalconfig.NewManager()
var jwtKey []byte
var err error
exists, err := config.Exists("jwtkey")
if err == nil && exists {
var jwtKeyConfig *globalconfig.GlobalConfig
jwtKeyConfig, err = config.GetByKey("jwtkey")
jwtKey = []byte(jwtKeyConfig.Value)
} else {
if err == nil {
if _, e := os.Stat("devcert/jwt_key.pem"); e == nil {
log.Warning("===============================================================================")
log.Warning("This instance uses a development JWT signing key, don't do this in production !")
log.Warning("===============================================================================")
jwtKey, err = ioutil.ReadFile("devcert/jwt_key.pem")
}
}
}
if err != nil {
log.Fatal("Unable to load a valid key for signing JWT's: ", err)
}
ecdsaKey, err := jwt.ParseECPrivateKeyFromPEM(jwtKey)
if err != nil {
log.Fatal("Unable to load a valid key for signing JWT's: ", err)
}
security.JWTPublicKey = ecdsaKey.PublicKey
oauthsc, err := oauthservice.NewService(sc, is, ecdsaKey)
if err != nil {
log.Fatal("Unable to create the oauthservice: ", err)
}
r := routes.GetRouter(sc, is, oauthsc)
server := https.PrepareHTTP(bindAddress, r)
https.PrepareHTTPS(server, tlsCert, tlsKey, ignoreDevcert)
// Go make magic over HTTPS
log.Info("Listening (https) on ", bindAddress)
log.Fatal(server.ListenAndServeTLS("", ""))
}
app.Run(os.Args)
}
