feat: can ignore tls verification fro hydra connection from config

2023-07-26 10:33:54 +02:00 · 2023-07-26 10:33:54 +02:00 · 235044d845
parent 592749eebf
commit 235044d845
4 changed files with 28 additions and 7 deletions
--- a/cmd/werther/main.go
+++ b/cmd/werther/main.go
@ -14,6 +14,8 @@ import (
 	"net/url"
 	"os"
 	"crypto/tls"
 	"github.com/i-core/rlog"
 	"github.com/i-core/routegroup"
 	"github.com/i-core/werther/internal/identp"
@ -30,11 +32,12 @@ var version = ""
 // Config is a server's configuration.
 type Config struct {
-	DevMode bool   `envconfig:"dev_mode" default:"false" desc:"a development mode"`
+	DevMode            bool   `envconfig:"dev_mode" default:"false" desc:"Enable development mode"`
-	Listen  string `default:":8080" desc:"a host and port to listen on (<host>:<port>)"`
+	Listen             string `default:":8080" desc:"a host and port to listen on (<host>:<port>)"`
-	Identp  identp.Config
+	InsecureSkipVerify bool   `envconfig:"insecure_skip_verify" default:"false" desc:"Disable TLS verification on Hydra connection"`
-	LDAP    ldapclient.Config
+	Identp             identp.Config
-	Web     web.Config
+	LDAP               ldapclient.Config
 	Web                web.Config
 }
 func main() {
@ -80,6 +83,11 @@ func main() {
 		os.Exit(1)
 	}
 	if cnf.InsecureSkipVerify {
 		log.Warn("All ssl verifications are disabled !")
 		http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
 	}
 	ldap := ldapclient.New(cnf.LDAP)
 	router := routegroup.NewRouter(nosurf.NewPure, rlog.NewMiddleware(log))
--- a/conf/hydra-werther.conf
+++ b/conf/hydra-werther.conf
@ -123,3 +123,9 @@ WERTHER_LDAP_ROLE_BASEDN=ou=groups,dc=myorg,dc=com
  # [type]        Duration
  # [default]     60s
  # [required]
 # WERTHER_INSECURE_SKIP_VERIFY=
 #   [description] Disable TLS verification on Hydra connection
 #   [type]        True or False
 #   [default]     false
 #   [required]
--- a/internal/hydra/hydra.go
+++ b/internal/hydra/hydra.go
@ -26,6 +26,8 @@ var (
 	ErrChallengeNotFound = errors.New("challenge not found")
 	// ErrChallengeExpired is an error that happens when a challenge is already used.
 	ErrChallengeExpired = errors.New("challenge expired")
 	//ErrServiceUnavailable is an error that happens when the hydra admin service is not available
 	ErrServiceUnavailable = errors.New("Hydra service is Unavailable")
 )
 type reqType string
@ -52,6 +54,7 @@ func initiateRequest(typ reqType, hydraURL string, fakeTLSTermination bool, chal
 	if err != nil {
 		return nil, err
 	}
 	u, err := parseURL(hydraURL)
 	if err != nil {
 		return nil, err
@ -145,6 +148,8 @@ func checkResponse(resp *http.Response) error {
 		return ErrChallengeNotFound
 	case 409:
 		return ErrChallengeExpired
 	case 503:
 		return ErrServiceUnavailable
 	default:
 		var rs struct {
 			Message string `json:"error"`
--- a/internal/identp/identp.go
+++ b/internal/identp/identp.go
@ -11,6 +11,7 @@ package identp
 import (
 	"context"
 	"fmt"
 	"net/http"
 	"net/url"
 	"strings"
@ -127,7 +128,8 @@ func newLoginStartHandler(rproc oa2LoginReqProcessor, tmplRenderer TemplateRende
 				return
 			}
 			log.Infow("Failed to initiate an OAuth2 login request", zap.Error(err), "challenge", challenge)
-			http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+			errMsg := fmt.Sprintf("%s - %s - %s", http.StatusText(http.StatusInternalServerError), err, errors.Cause(err))
 			http.Error(w, errMsg, http.StatusInternalServerError)
 			return
 		}
 		log.Infow("A login request is initiated", "challenge", challenge, "username", ri.Subject)