goweb-oidc/cmd/server/container.go

package main

import (
	"context"
	"crypto/tls"
	"net/http"

	"gitlab.com/wpetit/goweb/logger"
	"gitlab.com/wpetit/goweb/template/html"

	oidc "forge.cadoles.com/cadoles/goweb-oidc"
	"forge.cadoles.com/cadoles/goweb-oidc/internal/config"
	"github.com/gorilla/sessions"
	"github.com/pkg/errors"
	"gitlab.com/wpetit/goweb/service"
	"gitlab.com/wpetit/goweb/service/build"
	"gitlab.com/wpetit/goweb/service/session"
	"gitlab.com/wpetit/goweb/service/template"
	"gitlab.com/wpetit/goweb/session/gorilla"
)

func getServiceContainer(ctx context.Context, conf *config.Config) (*service.Container, error) {
	// Initialize and configure service container
	ctn := service.NewContainer()

	ctn.Provide(build.ServiceName, build.ServiceProvider(ProjectVersion, GitRef, BuildDate))

	keyPairs := make([][]byte, 0)

	// Generate random cookie authentication key if none is set
	if conf.HTTP.CookieAuthenticationKey == "" {
		logger.Info(ctx, "could not find cookie authentication key. generating one...")

		cookieAuthenticationKey, err := gorilla.GenerateRandomBytes(64)
		if err != nil {
			return nil, errors.Wrap(err, "could not generate cookie authentication key")
		}

		conf.HTTP.CookieAuthenticationKey = string(cookieAuthenticationKey)
	}

	keyPairs = append(keyPairs, []byte(conf.HTTP.CookieAuthenticationKey))

	// Use cookie encryption key if set
	if conf.HTTP.CookieEncryptionKey != "" {
		keyPairs = append(keyPairs, []byte(conf.HTTP.CookieEncryptionKey))
	}

	// Create and initialize HTTP session service provider
	cookieStore := sessions.NewCookieStore(keyPairs...)

	// Define default cookie options
	cookieStore.Options = &sessions.Options{
		Path:     conf.HTTP.CookiePath,
		HttpOnly: true,
		MaxAge:   conf.HTTP.CookieMaxAge,
		SameSite: conf.HTTP.CookieSameSite,
	}

	ctn.Provide(
		session.ServiceName,
		gorilla.ServiceProvider("oidc-test", cookieStore),
	)

	// Create and expose template service provider
	ctn.Provide(template.ServiceName, html.ServiceProvider(
		conf.HTTP.TemplateDir,
	))

	// Create and expose config service provider
	ctn.Provide(config.ServiceName, config.ServiceProvider(conf))

	defaultHTTPTransport, ok := http.DefaultTransport.(*http.Transport)
	if ok {
		if defaultHTTPTransport.TLSClientConfig == nil {
			defaultHTTPTransport.TLSClientConfig = &tls.Config{}
		}

		defaultHTTPTransport.TLSClientConfig.InsecureSkipVerify = conf.OIDC.InsecureSkipVerify
	} else {
		logger.Fatal(
			ctx,
			"could not configure default http client",
		)
	}

	provider, err := oidc.NewProvider(ctx, conf.OIDC.IssuerURL, conf.OIDC.SkipIssuerVerification)
	if err != nil {
		return nil, errors.Wrap(err, "could not create oidc provider")
	}

	ctn.Provide(oidc.ServiceName, oidc.ServiceProvider(
		oidc.WithCredentials(conf.OIDC.ClientID, conf.OIDC.ClientSecret),
		oidc.WithProvider(provider),
		oidc.WithScopes(conf.OIDC.Scopes...),
		oidc.WithAcrValues(conf.OIDC.AcrValues),
		oidc.WithSkipIssuerCheck(conf.OIDC.SkipIssuerVerification),
	))

	return ctn, nil
}
Initial commit 2020-05-20 10:43:12 +02:00			`package main`

			`import (`
			`"context"`
Allow tls certificates skipping 2022-07-21 14:58:53 +02:00			`"crypto/tls"`
			`"net/http"`
Initial commit 2020-05-20 10:43:12 +02:00
Use structured logging for demo app 2020-05-22 16:03:59 +02:00			`"gitlab.com/wpetit/goweb/logger"`
Initial commit 2020-05-20 10:43:12 +02:00			`"gitlab.com/wpetit/goweb/template/html"`

feat: move module to forge.cadoles.com/cadoles.goweb-oidc 2023-12-06 16:02:40 +01:00			`oidc "forge.cadoles.com/cadoles/goweb-oidc"`
			`"forge.cadoles.com/cadoles/goweb-oidc/internal/config"`
Initial commit 2020-05-20 10:43:12 +02:00			`"github.com/gorilla/sessions"`
			`"github.com/pkg/errors"`
			`"gitlab.com/wpetit/goweb/service"`
			`"gitlab.com/wpetit/goweb/service/build"`
			`"gitlab.com/wpetit/goweb/service/session"`
			`"gitlab.com/wpetit/goweb/service/template"`
			`"gitlab.com/wpetit/goweb/session/gorilla"`
			`)`

Use structured logging for demo app 2020-05-22 16:03:59 +02:00			`func getServiceContainer(ctx context.Context, conf config.Config) (service.Container, error) {`
Initial commit 2020-05-20 10:43:12 +02:00			`// Initialize and configure service container`
			`ctn := service.NewContainer()`

			`ctn.Provide(build.ServiceName, build.ServiceProvider(ProjectVersion, GitRef, BuildDate))`

Decorates errors and remove sentry dependency 2022-07-19 10:24:49 +02:00			`keyPairs := make([][]byte, 0)`

Initial commit 2020-05-20 10:43:12 +02:00			`// Generate random cookie authentication key if none is set`
			`if conf.HTTP.CookieAuthenticationKey == "" {`
Use structured logging for demo app 2020-05-22 16:03:59 +02:00			`logger.Info(ctx, "could not find cookie authentication key. generating one...")`
Initial commit 2020-05-20 10:43:12 +02:00
			`cookieAuthenticationKey, err := gorilla.GenerateRandomBytes(64)`
			`if err != nil {`
			`return nil, errors.Wrap(err, "could not generate cookie authentication key")`
			`}`

			`conf.HTTP.CookieAuthenticationKey = string(cookieAuthenticationKey)`
			`}`

Decorates errors and remove sentry dependency 2022-07-19 10:24:49 +02:00			`keyPairs = append(keyPairs, []byte(conf.HTTP.CookieAuthenticationKey))`
Initial commit 2020-05-20 10:43:12 +02:00
Decorates errors and remove sentry dependency 2022-07-19 10:24:49 +02:00			`// Use cookie encryption key if set`
			`if conf.HTTP.CookieEncryptionKey != "" {`
			`keyPairs = append(keyPairs, []byte(conf.HTTP.CookieEncryptionKey))`
Initial commit 2020-05-20 10:43:12 +02:00			`}`

			`// Create and initialize HTTP session service provider`
Decorates errors and remove sentry dependency 2022-07-19 10:24:49 +02:00			`cookieStore := sessions.NewCookieStore(keyPairs...)`
Initial commit 2020-05-20 10:43:12 +02:00
			`// Define default cookie options`
			`cookieStore.Options = &sessions.Options{`
Decorates errors and remove sentry dependency 2022-07-19 10:24:49 +02:00			`Path: conf.HTTP.CookiePath,`
Initial commit 2020-05-20 10:43:12 +02:00			`HttpOnly: true,`
			`MaxAge: conf.HTTP.CookieMaxAge,`
Decorates errors and remove sentry dependency 2022-07-19 10:24:49 +02:00			`SameSite: conf.HTTP.CookieSameSite,`
Initial commit 2020-05-20 10:43:12 +02:00			`}`

			`ctn.Provide(`
			`session.ServiceName,`
			`gorilla.ServiceProvider("oidc-test", cookieStore),`
			`)`

			`// Create and expose template service provider`
			`ctn.Provide(template.ServiceName, html.ServiceProvider(`
			`conf.HTTP.TemplateDir,`
			`))`

Use go-chi v5 2022-08-10 11:11:22 +02:00			`// Create and expose config service provider`
			`ctn.Provide(config.ServiceName, config.ServiceProvider(conf))`

Allow tls certificates skipping 2022-07-21 14:58:53 +02:00			`defaultHTTPTransport, ok := http.DefaultTransport.(*http.Transport)`
			`if ok {`
			`if defaultHTTPTransport.TLSClientConfig == nil {`
			`defaultHTTPTransport.TLSClientConfig = &tls.Config{}`
			`}`

			`defaultHTTPTransport.TLSClientConfig.InsecureSkipVerify = conf.OIDC.InsecureSkipVerify`
			`} else {`
			`logger.Fatal(`
			`ctx,`
			`"could not configure default http client",`
			`)`
			`}`

feat: use github.com/coreos/go-oidc/v3 2023-11-02 18:21:54 +01:00			`provider, err := oidc.NewProvider(ctx, conf.OIDC.IssuerURL, conf.OIDC.SkipIssuerVerification)`
Initial commit 2020-05-20 10:43:12 +02:00			`if err != nil {`
			`return nil, errors.Wrap(err, "could not create oidc provider")`
			`}`

			`ctn.Provide(oidc.ServiceName, oidc.ServiceProvider(`
			`oidc.WithCredentials(conf.OIDC.ClientID, conf.OIDC.ClientSecret),`
			`oidc.WithProvider(provider),`
feat: configurable scopes and issuer check skipping 2023-11-06 15:57:27 +01:00			`oidc.WithScopes(conf.OIDC.Scopes...),`
feat: use github.com/coreos/go-oidc/v3 2023-11-02 18:21:54 +01:00			`oidc.WithAcrValues(conf.OIDC.AcrValues),`
feat: configurable scopes and issuer check skipping 2023-11-06 15:57:27 +01:00			`oidc.WithSkipIssuerCheck(conf.OIDC.SkipIssuerVerification),`
Initial commit 2020-05-20 10:43:12 +02:00			`))`

			`return ctn, nil`
			`}`