102 lines
2.9 KiB
Go
102 lines
2.9 KiB
Go
package main
|
|
|
|
import (
|
|
"context"
|
|
"crypto/tls"
|
|
"net/http"
|
|
|
|
"gitlab.com/wpetit/goweb/logger"
|
|
"gitlab.com/wpetit/goweb/template/html"
|
|
|
|
oidc "forge.cadoles.com/wpetit/goweb-oidc"
|
|
"forge.cadoles.com/wpetit/goweb-oidc/internal/config"
|
|
"github.com/gorilla/sessions"
|
|
"github.com/pkg/errors"
|
|
"gitlab.com/wpetit/goweb/service"
|
|
"gitlab.com/wpetit/goweb/service/build"
|
|
"gitlab.com/wpetit/goweb/service/session"
|
|
"gitlab.com/wpetit/goweb/service/template"
|
|
"gitlab.com/wpetit/goweb/session/gorilla"
|
|
)
|
|
|
|
func getServiceContainer(ctx context.Context, conf *config.Config) (*service.Container, error) {
|
|
// Initialize and configure service container
|
|
ctn := service.NewContainer()
|
|
|
|
ctn.Provide(build.ServiceName, build.ServiceProvider(ProjectVersion, GitRef, BuildDate))
|
|
|
|
keyPairs := make([][]byte, 0)
|
|
|
|
// Generate random cookie authentication key if none is set
|
|
if conf.HTTP.CookieAuthenticationKey == "" {
|
|
logger.Info(ctx, "could not find cookie authentication key. generating one...")
|
|
|
|
cookieAuthenticationKey, err := gorilla.GenerateRandomBytes(64)
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, "could not generate cookie authentication key")
|
|
}
|
|
|
|
conf.HTTP.CookieAuthenticationKey = string(cookieAuthenticationKey)
|
|
}
|
|
|
|
keyPairs = append(keyPairs, []byte(conf.HTTP.CookieAuthenticationKey))
|
|
|
|
// Use cookie encryption key if set
|
|
if conf.HTTP.CookieEncryptionKey != "" {
|
|
keyPairs = append(keyPairs, []byte(conf.HTTP.CookieEncryptionKey))
|
|
}
|
|
|
|
// Create and initialize HTTP session service provider
|
|
cookieStore := sessions.NewCookieStore(keyPairs...)
|
|
|
|
// Define default cookie options
|
|
cookieStore.Options = &sessions.Options{
|
|
Path: conf.HTTP.CookiePath,
|
|
HttpOnly: true,
|
|
MaxAge: conf.HTTP.CookieMaxAge,
|
|
SameSite: conf.HTTP.CookieSameSite,
|
|
}
|
|
|
|
ctn.Provide(
|
|
session.ServiceName,
|
|
gorilla.ServiceProvider("oidc-test", cookieStore),
|
|
)
|
|
|
|
// Create and expose template service provider
|
|
ctn.Provide(template.ServiceName, html.ServiceProvider(
|
|
conf.HTTP.TemplateDir,
|
|
))
|
|
|
|
// Create and expose config service provider
|
|
ctn.Provide(config.ServiceName, config.ServiceProvider(conf))
|
|
|
|
defaultHTTPTransport, ok := http.DefaultTransport.(*http.Transport)
|
|
if ok {
|
|
if defaultHTTPTransport.TLSClientConfig == nil {
|
|
defaultHTTPTransport.TLSClientConfig = &tls.Config{}
|
|
}
|
|
|
|
defaultHTTPTransport.TLSClientConfig.InsecureSkipVerify = conf.OIDC.InsecureSkipVerify
|
|
} else {
|
|
logger.Fatal(
|
|
ctx,
|
|
"could not configure default http client",
|
|
)
|
|
}
|
|
|
|
provider, err := oidc.NewProvider(ctx, conf.OIDC.IssuerURL, conf.OIDC.SkipIssuerVerification)
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, "could not create oidc provider")
|
|
}
|
|
|
|
ctn.Provide(oidc.ServiceName, oidc.ServiceProvider(
|
|
oidc.WithCredentials(conf.OIDC.ClientID, conf.OIDC.ClientSecret),
|
|
oidc.WithProvider(provider),
|
|
oidc.WithScopes(conf.OIDC.Scopes...),
|
|
oidc.WithAcrValues(conf.OIDC.AcrValues),
|
|
oidc.WithSkipIssuerCheck(conf.OIDC.SkipIssuerVerification),
|
|
))
|
|
|
|
return ctn, nil
|
|
}
|