func (ws *WebServer) Setup() error {
var err error
log.Debugf("Configuring WebServer...")
if err := ws.Database.Connect(); err != nil {
log.Errorf("Failed to connect to %s database at %s: %s", ws.Database.Driver, ws.Database.DSN, err)
return err
}
if ws.Auth.OAuth.Provider != "" {
log.Debugf("Configuring OAuth Session store")
maxSessionAge := ws.Auth.OAuth.Sessions.MaxAge
authKey := securecookie.GenerateRandomKey(64)
encKey := securecookie.GenerateRandomKey(32)
switch ws.Auth.OAuth.Sessions.Type {
case "sqlite3":
log.Debugf("Using sqlite3 as a session store")
store, err := sqlitestore.NewSqliteStore(ws.Auth.OAuth.Sessions.DSN, "http_sessions", "/", maxSessionAge, authKey, encKey)
if err != nil {
log.Errorf("Error setting up sessions database: %s", err)
return err
}
gothic.Store = store
case "postgres":
log.Debugf("Using postgres as a session store")
gothic.Store = pgstore.NewPGStore(ws.Auth.OAuth.Sessions.DSN, authKey, encKey)
gothic.Store.(*pgstore.PGStore).Options.MaxAge = maxSessionAge
case "mock":
log.Debugf("Using mocked session store")
// does nothing, to avoid being accidentally used in prod
default:
log.Errorf("Invalid DB Backend for OAuth sessions database")
return err
}
gob.Register(map[string]interface{}{})
switch ws.Auth.OAuth.Provider {
case "github":
log.Debugf("Using github as the oauth provider")
goth.UseProviders(github.New(ws.Auth.OAuth.Key, ws.Auth.OAuth.Secret, fmt.Sprintf("%s/v1/auth/github/callback", ws.Auth.OAuth.BaseURL), "read:org"))
OAuthVerifier = &GithubVerifier{Orgs: ws.Auth.OAuth.Authorization.Orgs}
case "cloudfoundry":
log.Debugf("Using cloudfoundry as the oauth provider")
goth.UseProviders(cloudfoundry.New(ws.Auth.OAuth.ProviderURL, ws.Auth.OAuth.Key, ws.Auth.OAuth.Secret, fmt.Sprintf("%s/v1/auth/cloudfoundry/callback", ws.Auth.OAuth.BaseURL), "openid,scim.read"))
OAuthVerifier = &UAAVerifier{Groups: ws.Auth.OAuth.Authorization.Orgs, UAA: ws.Auth.OAuth.ProviderURL}
p, err := goth.GetProvider("cloudfoundry")
if err != nil {
return err
}
p.(*cloudfoundry.Provider).Client = ws.Auth.OAuth.Client
case "faux":
log.Debugf("Using mocked session store")
// does nothing, to avoid being accidentally used in prod
default:
log.Errorf("Invalid OAuth provider specified.")
return err
}
gothic.GetProviderName = func(req *http.Request) (string, error) {
return ws.Auth.OAuth.Provider, nil
}
gothic.SetState = func(req *http.Request) string {
sess, _ := gothic.Store.Get(req, gothic.SessionName)
sess.Values["state"] = uuid.New()
return sess.Values["state"].(string)
}
}
protectedAPIs, err := ws.ProtectedAPIs()
if err != nil {
log.Errorf("Could not set up HTTP routes: " + err.Error())
return err
}
if ws.Auth.OAuth.Provider != "" {
log.Debugf("Enabling OAuth handlers for HTTP requests")
UserAuthenticator = OAuthenticator{
Cfg: ws.Auth.OAuth,
}
} else {
log.Debugf("Enabling Basic Auth handlers for HTTP requests")
UserAuthenticator = BasicAuthenticator{
Cfg: ws.Auth.Basic,
}
}
http.Handle("/", ws.UnauthenticatedResources(Authenticate(ws.Auth.Tokens, protectedAPIs)))
return nil
}
func provider() *cloudfoundry.Provider {
return cloudfoundry.New("https://cf.example.com/", os.Getenv("UAA_CLIENT_ID"), os.Getenv("UAA_CLIENT_SECRET"), "/foo")
}