// GetOauthSecret gets the oauth secret from mongodb for a specified service. If it doesn't exist, an error gets logged. func GetOauthSecret(service string) (string, error) { session := db.GetSession() defer session.Close() config := globalconfig.NewManager() globalconfig.InitModels() secretModel, err := config.GetByKey(service + "-secret") if err != nil { log.Errorf("No Oauth secret found for %s. Please insert it into the collection globalconfig with key %s-secret", service, service) } return secretModel.Value, err }
// GetOauthClientID gets the oauth secret from mongodb for a specified service. If it doesn't exist, an error gets logged. func GetOauthClientID(service string) (string, error) { session := db.GetSession() defer session.Close() config := globalconfig.NewManager() globalconfig.InitModels() clientIDModel, err := config.GetByKey(service + "-clientid") log.Warn(clientIDModel.Value) if err != nil { log.Errorf("No Oauth client id found for %s. Please insert it into the collection globalconfig with key %s-clientid", service, service) } return clientIDModel.Value, err }
// GetCookieSecret gets the cookie secret from mongodb if it exists otherwise, generate a new one and save it func GetCookieSecret() string { session := db.GetSession() defer session.Close() config := globalconfig.NewManager() globalconfig.InitModels() cookie, err := config.GetByKey("cookieSecret") if err != nil { log.Debug("No cookie secret found, generating a new one") secret, err := generateCookieSecret(32) if err != nil { log.Panic("Cannot generate secret cookie") } cookie.Key = "cookieSecret" cookie.Value = secret err = config.Insert(cookie) // Key was inserted by another instance in the meantime if db.IsDup(err) { cookie, err = config.GetByKey("cookieSecret") if err != nil { log.Panic("Cannot retreive cookie secret") } } } log.Debug("Cookie secret: ", cookie.Value) return cookie.Value }
func main() { app := cli.NewApp() app.Name = "Identity server" app.Version = "0.1-Dev" log.SetFormatter(&log.TextFormatter{FullTimestamp: true}) var debugLogging, ignoreDevcert bool var bindAddress, dbConnectionString string var tlsCert, tlsKey string var twilioAccountSID, twilioAuthToken, twilioMessagingServiceSID string var smtpserver, smtpuser, smtppassword string var smtpport int app.Flags = []cli.Flag{ cli.BoolFlag{ Name: "debug, d", Usage: "Enable debug logging", Destination: &debugLogging, }, cli.StringFlag{ Name: "bind, b", Usage: "Bind address", Value: ":8443", Destination: &bindAddress, }, cli.StringFlag{ Name: "connectionstring, c", Usage: "Mongodb connection string", Value: "127.0.0.1:27017", Destination: &dbConnectionString, }, cli.StringFlag{ Name: "cert, s", Usage: "TLS certificate path", Value: "", Destination: &tlsCert, }, cli.StringFlag{ Name: "key, k", Usage: "TLS private key path", Value: "", Destination: &tlsKey, }, cli.BoolFlag{ Name: "ignore-devcert, i", Usage: "Ignore default devcert even if exists", Destination: &ignoreDevcert, }, cli.StringFlag{ Name: "twilio-AccountSID", Usage: "Twilio AccountSID", Destination: &twilioAccountSID, }, cli.StringFlag{ Name: "twilio-AuthToken", Usage: "Twilio AuthToken", Destination: &twilioAuthToken, }, cli.StringFlag{ Name: "twilio-MsgSvcSID", Usage: "Twilio MessagingServiceSID", Destination: &twilioMessagingServiceSID, }, cli.StringFlag{ Name: "smtp-server", Usage: "Host of smtp server", Destination: &smtpserver, }, cli.StringFlag{ Name: "smtp-user", Usage: "User to login smtp server", Destination: &smtpuser, }, cli.StringFlag{ Name: "smtp-password", Usage: "Password of smtp server", Destination: &smtppassword, }, cli.IntFlag{ Name: "smtp-port", Usage: "Port of smtp server", Destination: &smtpport, Value: 587, }, } app.Before = func(c *cli.Context) error { if debugLogging { log.SetLevel(log.DebugLevel) log.Debug("Debug logging enabled") log.Debug(app.Name, "-", app.Version) } return nil } app.Action = func(c *cli.Context) { // Connect to DB! go db.Connect(dbConnectionString) defer db.Close() cookieSecret := identityservice.GetCookieSecret() var smsService communication.SMSService var emailService communication.EmailService if twilioAccountSID != "" { smsService = &communication.TwilioSMSService{ AccountSID: twilioAccountSID, AuthToken: twilioAuthToken, MessagingServiceSID: twilioMessagingServiceSID, } } else { log.Warn("============================================================================") log.Warn("No valid Twilio Account provided, falling back to development implementation") log.Warn("============================================================================") smsService = &communication.DevSMSService{} } if smtpserver == "" { log.Warn("============================================================================") log.Warn("No valid SMTP server provided, falling back to development implementation") log.Warn("============================================================================") emailService = &communication.DevEmailService{} } else { emailService = communication.NewSMTPEmailService(smtpserver, smtpport, smtpuser, smtppassword) } sc := siteservice.NewService(cookieSecret, smsService, emailService) is := identityservice.NewService(smsService, emailService) config := globalconfig.NewManager() var jwtKey []byte var err error exists, err := config.Exists("jwtkey") if err == nil && exists { var jwtKeyConfig *globalconfig.GlobalConfig jwtKeyConfig, err = config.GetByKey("jwtkey") jwtKey = []byte(jwtKeyConfig.Value) } else { if err == nil { if _, e := os.Stat("devcert/jwt_key.pem"); e == nil { log.Warning("===============================================================================") log.Warning("This instance uses a development JWT signing key, don't do this in production !") log.Warning("===============================================================================") jwtKey, err = ioutil.ReadFile("devcert/jwt_key.pem") } } } if err != nil { log.Fatal("Unable to load a valid key for signing JWT's: ", err) } ecdsaKey, err := jwt.ParseECPrivateKeyFromPEM(jwtKey) if err != nil { log.Fatal("Unable to load a valid key for signing JWT's: ", err) } security.JWTPublicKey = ecdsaKey.PublicKey oauthsc, err := oauthservice.NewService(sc, is, ecdsaKey) if err != nil { log.Fatal("Unable to create the oauthservice: ", err) } r := routes.GetRouter(sc, is, oauthsc) server := https.PrepareHTTP(bindAddress, r) https.PrepareHTTPS(server, tlsCert, tlsKey, ignoreDevcert) // Go make magic over HTTPS log.Info("Listening (https) on ", bindAddress) log.Fatal(server.ListenAndServeTLS("", "")) } app.Run(os.Args) }