/
rollecho.go
112 lines (93 loc) · 2.85 KB
/
rollecho.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
package main
import (
"encoding/json"
"flag"
"fmt"
az "github.com/xtraclabs/roll/authzwrapper"
"github.com/xtraclabs/roll/repos"
secretsrepo "github.com/xtraclabs/rollsecrets/repos"
"html/template"
"io/ioutil"
"log"
"net/http"
"net/url"
"os"
)
var jsonResponse accessTokenResponse
var templates = template.Must(template.ParseFiles("./echo.html"))
type accessTokenResponse struct {
AccessToken string `json:"access_token"`
TokenType string `json:"token_type"`
}
func echoServiceHandler() http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
switch r.Method {
case "POST":
defer r.Body.Close() //Check for resource leaks using lsof | grep xavi|wc -l
echoTxt := r.FormValue("echo")
log.Println("data to echo:", echoTxt)
w.Write([]byte(echoTxt))
default:
w.WriteHeader(http.StatusMethodNotAllowed)
}
}
}
func readWhitelistClientIDFromEnv() string {
return os.Getenv("ECHO_WHITELISTED_CLIENT_ID")
}
func oauthCallbackHandler() http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
params := r.URL.Query()
codes := params["code"]
resp, err := http.PostForm(os.Getenv("ROLL_ENDPOINT")+"/oauth2/token",
url.Values{"grant_type": {"authorization_code"},
"code": {codes[0]}, "client_id": {os.Getenv("ECHO_WHITELISTED_CLIENT_ID")},
"client_secret": {os.Getenv("CLIENT_SECRET")},
"redirect_uri": {os.Getenv("REDIRECT_URI")}})
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
defer resp.Body.Close()
body, err := ioutil.ReadAll(resp.Body)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
log.Println(fmt.Sprintf("response body: %v", string(body)))
err = json.Unmarshal(body, &jsonResponse)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
http.Redirect(w, r, "/echoclient", http.StatusFound)
w.Write([]byte("now what?"))
}
}
func echoClientHandler() http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
switch r.Method {
case "GET":
if err := templates.ExecuteTemplate(w, "echo.html", jsonResponse); err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
default:
http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
}
})
}
func main() {
var port = flag.Int("port", -1, "Port to listen on")
flag.Parse()
if *port == -1 {
fmt.Println("Must specify a -port argument")
return
}
var whitelisted = readWhitelistClientIDFromEnv()
mux := http.NewServeMux()
mux.Handle("/echoclient", echoClientHandler())
mux.Handle("/oauth2_callback", oauthCallbackHandler())
mux.Handle("/echosvc", az.Wrap(secretsrepo.NewVaultSecretsRepo(), repos.NewDynamoAdminRepo(), []string{whitelisted}, echoServiceHandler()))
http.ListenAndServe(fmt.Sprintf(":%d", *port), mux)
}