func TestMain(m *testing.M) {
c, db, err := dockertest.OpenPostgreSQLContainerConnection(15, time.Second)
if err != nil {
log.Fatalf("Could not connect to database: %s", err)
}
defer c.KillRemove()
accountStore := acpg.New(&hash.BCrypt{10}, db)
policyStore := ppg.New(db)
osinStore := opg.New(db)
connectionStore := cpg.New(db)
stateStore := oapg.New(db)
registry := provider.NewRegistry([]provider.Provider{&prov{}})
j := hjwt.New([]byte(hjwt.TestCertificates[0][1]), []byte(hjwt.TestCertificates[1][1]))
if err := connectionStore.CreateSchemas(); err != nil {
log.Fatalf("Could not set up schemas: %v", err)
} else if err := policyStore.CreateSchemas(); err != nil {
log.Fatalf("Could not set up schemas: %v", err)
} else if err := accountStore.CreateSchemas(); err != nil {
log.Fatalf("Could not set up schemas: %v", err)
} else if err := osinStore.CreateSchemas(); err != nil {
log.Fatalf("Could not set up schemas: %v", err)
} else if err := stateStore.CreateSchemas(); err != nil {
log.Fatalf("Could not set up schemas: %v", err)
}
handler = &Handler{
OAuthConfig: DefaultConfig(),
OAuthStore: osinStore,
JWT: j,
Accounts: accountStore,
Policies: policyStore,
Guard: new(guard.Guard),
Connections: connectionStore,
States: stateStore,
Providers: registry,
Issuer: "hydra",
Audience: "tests",
Middleware: host.New(policyStore, j),
}
pol := policy.DefaultPolicy{
ID: uuid.New(), Description: "",
Effect: policy.AllowAccess,
Subjects: []string{},
Permissions: []string{"authorize"},
Resources: []string{"/oauth2/authorize"},
Conditions: []policy.DefaultCondition{},
}
if err := osinStore.CreateClient(&osin.DefaultClient{clientID, "secret", "/callback", ""}); err != nil {
log.Fatalf("Could create client: %s", err)
} else if err := osinStore.CreateClient(&osin.DefaultClient{"working-client-2", "secret", "/callback", ""}); err != nil {
log.Fatalf("Could create client: %s", err)
} else if _, err := accountStore.Create(account.CreateAccountRequest{
ID: accID,
Username: "******",
Password: "******",
Data: "{}",
}); err != nil {
log.Fatalf("Could create account: %s", err)
} else if err := policyStore.Create(&pol); err != nil {
log.Fatalf("Could create client: %s", err)
} else if err := connectionStore.Create(&connection.DefaultConnection{
ID: uuid.New(),
Provider: "MockProvider",
LocalSubject: accID,
RemoteSubject: "remote-id",
}); err != nil {
log.Fatalf("Could create client: %s", err)
}
os.Exit(m.Run())
}
func (c *Core) Start(ctx *cli.Context) error {
c.Ctx.Start()
private, err := jwt.LoadCertificate(jwtPrivateKeyPath)
if err != nil {
return fmt.Errorf("Could not load private key: %s", err)
}
public, err := jwt.LoadCertificate(jwtPublicKeyPath)
if err != nil {
return fmt.Errorf("Could not load public key: %s", err)
}
j := jwt.New(private, public)
m := middleware.New(c.Ctx.Policies, j)
c.guard = new(guard.Guard)
c.accountHandler = accounts.NewHandler(c.Ctx.Accounts, m)
c.clientHandler = clients.NewHandler(c.Ctx.Osins, m)
c.connectionHandler = connections.NewHandler(c.Ctx.Connections, m)
c.providers = provider.NewRegistry(providers)
c.policyHandler = policies.NewHandler(c.Ctx.Policies, m, c.guard, j, c.Ctx.Osins)
c.oauthHandler = &oauth.Handler{
Accounts: c.Ctx.Accounts,
Policies: c.Ctx.Policies,
Guard: c.guard,
Connections: c.Ctx.Connections,
Providers: c.providers,
Issuer: c.issuer,
Audience: c.audience,
JWT: j,
OAuthConfig: oauth.DefaultConfig(),
OAuthStore: c.Ctx.Osins,
States: c.Ctx.States,
SignUpLocation: locations["signUp"],
SignInLocation: locations["signIn"],
Middleware: host.New(c.Ctx.Policies, j),
}
extractor := m.ExtractAuthentication
router := mux.NewRouter()
c.accountHandler.SetRoutes(router, extractor)
c.connectionHandler.SetRoutes(router, extractor)
c.clientHandler.SetRoutes(router, extractor)
c.oauthHandler.SetRoutes(router, extractor)
c.policyHandler.SetRoutes(router, extractor)
// TODO un-hack this, add database check, add error response
router.HandleFunc("/alive", func(w http.ResponseWriter, r *http.Request) {
pkg.WriteJSON(w, &struct {
Status string `json:"status"`
}{
Status: "alive",
})
})
if forceHTTP == "force" {
http.Handle("/", router)
log.Warn("You're using HTTP without TLS encryption. This is dangerously unsafe and you should not do this.")
if err := http.ListenAndServe(listenOn, nil); err != nil {
return fmt.Errorf("Could not serve HTTP server because %s", err)
}
return nil
}
http.Handle("/", router)
srv := &http.Server{Addr: listenOn}
http2.ConfigureServer(srv, &http2.Server{})
if err := srv.ListenAndServeTLS(tlsCertPath, tlsKeyPath); err != nil {
return fmt.Errorf("Could not serve HTTP/2 server because %s", err)
}
return nil
}
