예제 #1
0
// GetOauthSecret gets the oauth secret from mongodb for a specified service. If it doesn't exist, an error gets logged.
func GetOauthSecret(service string) (string, error) {
	session := db.GetSession()
	defer session.Close()

	config := globalconfig.NewManager()
	globalconfig.InitModels()
	secretModel, err := config.GetByKey(service + "-secret")
	if err != nil {
		log.Errorf("No Oauth secret found for %s. Please insert it into the collection globalconfig with key %s-secret",
			service, service)
	}
	return secretModel.Value, err
}
예제 #2
0
// GetOauthClientID gets the oauth secret from mongodb for a specified service. If it doesn't exist, an error gets logged.
func GetOauthClientID(service string) (string, error) {
	session := db.GetSession()
	defer session.Close()

	config := globalconfig.NewManager()
	globalconfig.InitModels()

	clientIDModel, err := config.GetByKey(service + "-clientid")
	log.Warn(clientIDModel.Value)
	if err != nil {
		log.Errorf("No Oauth client id found for %s. Please insert it into the collection globalconfig with key %s-clientid",
			service, service)
	}
	return clientIDModel.Value, err
}
예제 #3
0
// GetCookieSecret gets the cookie secret from mongodb if it exists otherwise, generate a new one and save it
func GetCookieSecret() string {
	session := db.GetSession()
	defer session.Close()

	config := globalconfig.NewManager()
	globalconfig.InitModels()

	cookie, err := config.GetByKey("cookieSecret")
	if err != nil {
		log.Debug("No cookie secret found, generating a new one")

		secret, err := generateCookieSecret(32)

		if err != nil {
			log.Panic("Cannot generate secret cookie")
		}

		cookie.Key = "cookieSecret"
		cookie.Value = secret

		err = config.Insert(cookie)

		// Key was inserted by another instance in the meantime
		if db.IsDup(err) {
			cookie, err = config.GetByKey("cookieSecret")

			if err != nil {
				log.Panic("Cannot retreive cookie secret")
			}
		}
	}

	log.Debug("Cookie secret: ", cookie.Value)

	return cookie.Value
}
예제 #4
0
func main() {

	app := cli.NewApp()
	app.Name = "Identity server"
	app.Version = "0.1-Dev"

	log.SetFormatter(&log.TextFormatter{FullTimestamp: true})

	var debugLogging, ignoreDevcert bool
	var bindAddress, dbConnectionString string
	var tlsCert, tlsKey string
	var twilioAccountSID, twilioAuthToken, twilioMessagingServiceSID string
	var smtpserver, smtpuser, smtppassword string
	var smtpport int

	app.Flags = []cli.Flag{
		cli.BoolFlag{
			Name:        "debug, d",
			Usage:       "Enable debug logging",
			Destination: &debugLogging,
		},
		cli.StringFlag{
			Name:        "bind, b",
			Usage:       "Bind address",
			Value:       ":8443",
			Destination: &bindAddress,
		},
		cli.StringFlag{
			Name:        "connectionstring, c",
			Usage:       "Mongodb connection string",
			Value:       "127.0.0.1:27017",
			Destination: &dbConnectionString,
		},
		cli.StringFlag{
			Name:        "cert, s",
			Usage:       "TLS certificate path",
			Value:       "",
			Destination: &tlsCert,
		},
		cli.StringFlag{
			Name:        "key, k",
			Usage:       "TLS private key path",
			Value:       "",
			Destination: &tlsKey,
		},
		cli.BoolFlag{
			Name:        "ignore-devcert, i",
			Usage:       "Ignore default devcert even if exists",
			Destination: &ignoreDevcert,
		},
		cli.StringFlag{
			Name:        "twilio-AccountSID",
			Usage:       "Twilio AccountSID",
			Destination: &twilioAccountSID,
		},
		cli.StringFlag{
			Name:        "twilio-AuthToken",
			Usage:       "Twilio AuthToken",
			Destination: &twilioAuthToken,
		},
		cli.StringFlag{
			Name:        "twilio-MsgSvcSID",
			Usage:       "Twilio MessagingServiceSID",
			Destination: &twilioMessagingServiceSID,
		},
		cli.StringFlag{
			Name:        "smtp-server",
			Usage:       "Host of smtp server",
			Destination: &smtpserver,
		},
		cli.StringFlag{
			Name:        "smtp-user",
			Usage:       "User to login smtp server",
			Destination: &smtpuser,
		},
		cli.StringFlag{
			Name:        "smtp-password",
			Usage:       "Password of smtp server",
			Destination: &smtppassword,
		},
		cli.IntFlag{
			Name:        "smtp-port",
			Usage:       "Port of smtp server",
			Destination: &smtpport,
			Value:       587,
		},
	}

	app.Before = func(c *cli.Context) error {
		if debugLogging {
			log.SetLevel(log.DebugLevel)
			log.Debug("Debug logging enabled")
			log.Debug(app.Name, "-", app.Version)
		}
		return nil
	}

	app.Action = func(c *cli.Context) {
		// Connect to DB!
		go db.Connect(dbConnectionString)
		defer db.Close()

		cookieSecret := identityservice.GetCookieSecret()
		var smsService communication.SMSService
		var emailService communication.EmailService
		if twilioAccountSID != "" {
			smsService = &communication.TwilioSMSService{
				AccountSID:          twilioAccountSID,
				AuthToken:           twilioAuthToken,
				MessagingServiceSID: twilioMessagingServiceSID,
			}
		} else {
			log.Warn("============================================================================")
			log.Warn("No valid Twilio Account provided, falling back to development implementation")
			log.Warn("============================================================================")
			smsService = &communication.DevSMSService{}
		}

		if smtpserver == "" {
			log.Warn("============================================================================")
			log.Warn("No valid SMTP server provided, falling back to development implementation")
			log.Warn("============================================================================")
			emailService = &communication.DevEmailService{}

		} else {
			emailService = communication.NewSMTPEmailService(smtpserver, smtpport, smtpuser, smtppassword)
		}

		sc := siteservice.NewService(cookieSecret, smsService, emailService)
		is := identityservice.NewService(smsService, emailService)

		config := globalconfig.NewManager()

		var jwtKey []byte
		var err error
		exists, err := config.Exists("jwtkey")
		if err == nil && exists {
			var jwtKeyConfig *globalconfig.GlobalConfig
			jwtKeyConfig, err = config.GetByKey("jwtkey")
			jwtKey = []byte(jwtKeyConfig.Value)
		} else {
			if err == nil {
				if _, e := os.Stat("devcert/jwt_key.pem"); e == nil {
					log.Warning("===============================================================================")
					log.Warning("This instance uses a development JWT signing key, don't do this in production !")
					log.Warning("===============================================================================")

					jwtKey, err = ioutil.ReadFile("devcert/jwt_key.pem")
				}
			}
		}
		if err != nil {
			log.Fatal("Unable to load a valid key for signing JWT's: ", err)
		}
		ecdsaKey, err := jwt.ParseECPrivateKeyFromPEM(jwtKey)
		if err != nil {
			log.Fatal("Unable to load a valid key for signing JWT's: ", err)
		}
		security.JWTPublicKey = ecdsaKey.PublicKey
		oauthsc, err := oauthservice.NewService(sc, is, ecdsaKey)
		if err != nil {
			log.Fatal("Unable to create the oauthservice: ", err)
		}

		r := routes.GetRouter(sc, is, oauthsc)

		server := https.PrepareHTTP(bindAddress, r)
		https.PrepareHTTPS(server, tlsCert, tlsKey, ignoreDevcert)

		// Go make magic over HTTPS
		log.Info("Listening (https) on ", bindAddress)
		log.Fatal(server.ListenAndServeTLS("", ""))
	}

	app.Run(os.Args)
}