package main import ( "context" "crypto/tls" "net/http" "gitlab.com/wpetit/goweb/logger" "gitlab.com/wpetit/goweb/template/html" oidc "forge.cadoles.com/wpetit/goweb-oidc" "forge.cadoles.com/wpetit/goweb-oidc/internal/config" "github.com/gorilla/sessions" "github.com/pkg/errors" "gitlab.com/wpetit/goweb/service" "gitlab.com/wpetit/goweb/service/build" "gitlab.com/wpetit/goweb/service/session" "gitlab.com/wpetit/goweb/service/template" "gitlab.com/wpetit/goweb/session/gorilla" ) func getServiceContainer(ctx context.Context, conf *config.Config) (*service.Container, error) { // Initialize and configure service container ctn := service.NewContainer() ctn.Provide(build.ServiceName, build.ServiceProvider(ProjectVersion, GitRef, BuildDate)) keyPairs := make([][]byte, 0) // Generate random cookie authentication key if none is set if conf.HTTP.CookieAuthenticationKey == "" { logger.Info(ctx, "could not find cookie authentication key. generating one...") cookieAuthenticationKey, err := gorilla.GenerateRandomBytes(64) if err != nil { return nil, errors.Wrap(err, "could not generate cookie authentication key") } conf.HTTP.CookieAuthenticationKey = string(cookieAuthenticationKey) } keyPairs = append(keyPairs, []byte(conf.HTTP.CookieAuthenticationKey)) // Use cookie encryption key if set if conf.HTTP.CookieEncryptionKey != "" { keyPairs = append(keyPairs, []byte(conf.HTTP.CookieEncryptionKey)) } // Create and initialize HTTP session service provider cookieStore := sessions.NewCookieStore(keyPairs...) // Define default cookie options cookieStore.Options = &sessions.Options{ Path: conf.HTTP.CookiePath, HttpOnly: true, MaxAge: conf.HTTP.CookieMaxAge, SameSite: conf.HTTP.CookieSameSite, } ctn.Provide( session.ServiceName, gorilla.ServiceProvider("oidc-test", cookieStore), ) // Create and expose template service provider ctn.Provide(template.ServiceName, html.ServiceProvider( conf.HTTP.TemplateDir, )) // Create and expose config service provider ctn.Provide(config.ServiceName, config.ServiceProvider(conf)) defaultHTTPTransport, ok := http.DefaultTransport.(*http.Transport) if ok { if defaultHTTPTransport.TLSClientConfig == nil { defaultHTTPTransport.TLSClientConfig = &tls.Config{} } defaultHTTPTransport.TLSClientConfig.InsecureSkipVerify = conf.OIDC.InsecureSkipVerify } else { logger.Fatal( ctx, "could not configure default http client", ) } provider, err := oidc.NewProvider(ctx, conf.OIDC.IssuerURL, conf.OIDC.SkipIssuerVerification) if err != nil { return nil, errors.Wrap(err, "could not create oidc provider") } ctn.Provide(oidc.ServiceName, oidc.ServiceProvider( oidc.WithCredentials(conf.OIDC.ClientID, conf.OIDC.ClientSecret), oidc.WithProvider(provider), oidc.WithScopes("email", "openid"), oidc.WithAcrValues(conf.OIDC.AcrValues), )) return ctn, nil }