Compare commits

..

10 Commits

Author SHA1 Message Date
15a47179f4 feat: add release message with docker pull command
All checks were successful
Cadoles/hydra-werther/pipeline/head This commit looks good
2023-12-06 15:21:30 +01:00
7edc889271 Merge pull request 'Construction et diffusion des paquets/image de conteneur via Jenkins' (#4) from jenkins-release into develop
All checks were successful
Cadoles/hydra-werther/pipeline/head This commit looks good
Reviewed-on: #4
2023-12-06 14:47:27 +01:00
b3a3e1987d feat: release docker and packages from jenkins
All checks were successful
Cadoles/hydra-werther/pipeline/head This commit looks good
Cadoles/hydra-werther/pipeline/pr-develop This commit looks good
2023-12-06 14:43:28 +01:00
d74f81224d chore: update templates metadata
All checks were successful
Cadoles/hydra-werther/pipeline/head This commit looks good
2023-12-06 12:02:29 +01:00
885d18ebb0 Merge pull request 'Possibilité d'ignorer les vérifications TLS sur les connexions au service Hydra depuis la configuration' (#3) from feat/ssl-ignore into develop
All checks were successful
Cadoles/hydra-werther/pipeline/head This commit looks good
Reviewed-on: #3
2023-12-06 11:55:57 +01:00
271d62dc27 feat: configurable ignore of tls verification for hydra connections
All checks were successful
Cadoles/hydra-werther/pipeline/pr-develop This commit looks good
2023-12-06 11:55:01 +01:00
592749eebf Merge pull request 'Délai de connexion au serveur LDAP configurable' (#2) from ldap-configurable-timeout into develop
All checks were successful
Cadoles/hydra-werther/pipeline/head This commit looks good
Reviewed-on: #2
2023-12-06 11:45:30 +01:00
24b66a12ef feat: add configurable ldap connection timeout
All checks were successful
Cadoles/hydra-werther/pipeline/head This commit looks good
Cadoles/hydra-werther/pipeline/pr-develop This commit looks good
2023-12-06 11:43:58 +01:00
194c1864c4 fix: configuration path in package
All checks were successful
Cadoles/hydra-werther/pipeline/head This commit looks good
2022-11-24 15:32:33 -06:00
b940aae071 chore: add nfpm based packing recipe
All checks were successful
Cadoles/hydra-werther/pipeline/head This commit looks good
2022-11-03 15:30:40 -06:00
13 changed files with 232 additions and 48 deletions

4
.gitignore vendored
View File

@ -1 +1,5 @@
/bin /bin
/dist
/tools
/.trivy
.mktools/

View File

@ -3,7 +3,7 @@
# This source code is licensed under the MIT license found in the # This source code is licensed under the MIT license found in the
# LICENSE file in the root directory of this source tree. # LICENSE file in the root directory of this source tree.
FROM golang:1.13-alpine AS build FROM golang:1.21-alpine AS build
ARG VERSION ARG VERSION
ARG GOPROXY ARG GOPROXY

29
Jenkinsfile vendored Normal file
View File

@ -0,0 +1,29 @@
@Library('cadoles') _
// Utilisation du pipeline "standard"
// Voir https://forge.cadoles.com/Cadoles/Jenkins/src/branch/master/doc/tutorials/standard-make-pipeline.md
standardMakePipeline([
'dockerfileExtension': '''
RUN apt-get update \
&& apt-get install -y zip jq
RUN wget https://go.dev/dl/go1.21.5.linux-amd64.tar.gz \
&& rm -rf /usr/local/go \
&& tar -C /usr/local -xzf go1.21.5.linux-amd64.tar.gz
ENV PATH="${PATH}:/usr/local/go/bin"
''',
'hooks': [
'pre-release': {
// Login into docker registry
sh '''
make .mktools
echo "$MKT_GITEA_RELEASE_PASSWORD" | docker login --username "$MKT_GITEA_RELEASE_USERNAME" --password-stdin reg.cadoles.com
'''
}
],
// Use credentials to push images to registry and pubish gitea release
'credentials': [
usernamePassword(credentialsId: 'kipp-credentials', usernameVariable: 'MKT_GITEA_RELEASE_USERNAME', passwordVariable: 'MKT_GITEA_RELEASE_PASSWORD')
]
])

View File

@ -1,10 +1,86 @@
build: clean generate SHELL := /bin/bash
IMAGE_NAME := reg.cadoles.com/cadoles/hydra-werther
NFPM_VERSION ?= 2.20.0
NFPM_PACKAGERS ?= deb rpm
MKT_GITEA_RELEASE_ORG ?= Cadoles
MKT_GITEA_RELEASE_PROJECT ?= hydra-werther
MKT_GITEA_RELEASE_VERSION ?= $(MKT_PROJECT_VERSION)
define MKT_GITEA_RELEASE_BODY
## Docker usage
```
docker pull $(IMAGE_NAME):$(MKT_PROJECT_VERSION)
```
endef
export MKT_GITEA_RELEASE_BODY
build: build-bin build-image
build-bin: clean generate
CGO_ENABLED=0 misc/script/build CGO_ENABLED=0 misc/script/build
test: scan
generate: generate:
go generate ./... go generate ./...
clean: clean:
rm -rf bin rm -rf bin dist
.PHONY: build dist:
mkdir -p dist
package: clean build-bin $(foreach p,$(NFPM_PACKAGERS), package-$(p))
package-%: dist tools/nfpm/bin/nfpm
PACKAGE_VERSION=$(MKT_PROJECT_VERSION) \
tools/nfpm/bin/nfpm package \
--config misc/packaging/nfpm.yml \
--target ./dist \
--packager $*
tools/nfpm/bin/nfpm:
mkdir -p tools/nfpm/bin
curl -L --output tools/nfpm/nfpm_$(NFPM_VERSION)_Linux_x86_64.tar.gz https://github.com/goreleaser/nfpm/releases/download/v$(NFPM_VERSION)/nfpm_$(NFPM_VERSION)_Linux_x86_64.tar.gz \
&& tar -xzf tools/nfpm/nfpm_$(NFPM_VERSION)_Linux_x86_64.tar.gz -C tools/nfpm/bin \
&& chmod +x tools/nfpm/bin/nfpm \
&& rm -f tools/nfpm/nfpm_$(NFPM_VERSION)_Linux_x86_64.tar.gz
build-image:
docker build \
-t "${IMAGE_NAME}:latest" \
.
scan: build-image tools/trivy/bin/trivy
mkdir -p .trivy
tools/trivy/bin/trivy --cache-dir .trivy/.cache image --ignorefile .trivyignore.yaml $(TRIVY_ARGS) $(IMAGE_NAME):latest
tools/trivy/bin/trivy:
mkdir -p tools/trivy/bin
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b ./tools/trivy/bin v0.47.0
release: release-image release-gitea
release-gitea: .mktools package
@[ ! -z "$(MKT_PROJECT_VERSION)" ] || ( echo "Just downloaded mktools. Please re-run command."; exit 1 )
$(MAKE) MKT_GITEA_RELEASE_ATTACHMENTS="$$(find dist/* -type f -printf '%p ')" mkt-gitea-release
release-image: .mktools
@[ ! -z "$(MKT_PROJECT_VERSION)" ] || ( echo "Just downloaded mktools. Please re-run command."; exit 1 )
docker tag "${IMAGE_NAME}:latest" "${IMAGE_NAME}:$(MKT_PROJECT_VERSION)"
docker tag "${IMAGE_NAME}:latest" "${IMAGE_NAME}:$(MKT_PROJECT_SHORT_VERSION)"
docker tag "${IMAGE_NAME}:latest" "${IMAGE_NAME}:$(MKT_PROJECT_VERSION_CHANNEL)-latest"
docker push "${IMAGE_NAME}:$(MKT_PROJECT_VERSION)"
docker push "${IMAGE_NAME}:$(MKT_PROJECT_SHORT_VERSION)"
docker push "${IMAGE_NAME}:$(MKT_PROJECT_VERSION_CHANNEL)-latest"
.mktools:
rm -rf .mktools
curl -q https://forge.cadoles.com/Cadoles/mktools/raw/branch/master/install.sh | TASKS="version gitea" $(SHELL)
-include .mktools/*.mk

View File

@ -14,6 +14,8 @@ import (
"net/url" "net/url"
"os" "os"
"crypto/tls"
"github.com/i-core/rlog" "github.com/i-core/rlog"
"github.com/i-core/routegroup" "github.com/i-core/routegroup"
"github.com/i-core/werther/internal/identp" "github.com/i-core/werther/internal/identp"
@ -30,11 +32,12 @@ var version = ""
// Config is a server's configuration. // Config is a server's configuration.
type Config struct { type Config struct {
DevMode bool `envconfig:"dev_mode" default:"false" desc:"a development mode"` DevMode bool `envconfig:"dev_mode" default:"false" desc:"Enable development mode"`
Listen string `default:":8080" desc:"a host and port to listen on (<host>:<port>)"` Listen string `default:":8080" desc:"a host and port to listen on (<host>:<port>)"`
Identp identp.Config InsecureSkipVerify bool `envconfig:"insecure_skip_verify" default:"false" desc:"Disable TLS verification on Hydra connection"`
LDAP ldapclient.Config Identp identp.Config
Web web.Config LDAP ldapclient.Config
Web web.Config
} }
func main() { func main() {
@ -80,6 +83,11 @@ func main() {
os.Exit(1) os.Exit(1)
} }
if cnf.InsecureSkipVerify {
log.Warn("All ssl verifications are disabled !")
http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
}
ldap := ldapclient.New(cnf.LDAP) ldap := ldapclient.New(cnf.LDAP)
router := routegroup.NewRouter(nosurf.NewPure, rlog.NewMiddleware(log)) router := routegroup.NewRouter(nosurf.NewPure, rlog.NewMiddleware(log))

View File

@ -117,3 +117,15 @@ WERTHER_LDAP_ROLE_BASEDN=ou=groups,dc=myorg,dc=com
# [type] String # [type] String
# [default] / # [default] /
# [required] # [required]
#WERTHER_LDAP_CONNECTION_TIMEOUT=
# [description] LDAP server connection timeout
# [type] Duration
# [default] 60s
# [required]
# WERTHER_INSECURE_SKIP_VERIFY=
# [description] Disable TLS verification on Hydra connection
# [type] True or False
# [default] false
# [required]

23
go.mod
View File

@ -1,11 +1,8 @@
module github.com/i-core/werther module github.com/i-core/werther
require ( require (
github.com/OneOfOne/xxhash v1.2.2 // indirect
github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883 github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883
github.com/cespare/xxhash v1.0.0 // indirect
github.com/coocood/freecache v1.0.1 github.com/coocood/freecache v1.0.1
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/elazarl/go-bindata-assetfs v1.0.0 github.com/elazarl/go-bindata-assetfs v1.0.0
github.com/go-ldap/ldap/v3 v3.2.3 github.com/go-ldap/ldap/v3 v3.2.3
github.com/i-core/rlog v1.0.0 github.com/i-core/rlog v1.0.0
@ -14,10 +11,24 @@ require (
github.com/kelseyhightower/envconfig v1.3.0 github.com/kelseyhightower/envconfig v1.3.0
github.com/kevinburke/go-bindata v3.13.0+incompatible github.com/kevinburke/go-bindata v3.13.0+incompatible
github.com/pkg/errors v0.8.1 github.com/pkg/errors v0.8.1
github.com/sergi/go-diff v1.0.0 // indirect
github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72 // indirect
go.uber.org/zap v1.10.0 go.uber.org/zap v1.10.0
golang.org/x/text v0.3.2 golang.org/x/text v0.3.2
) )
go 1.13 require (
github.com/Azure/go-ntlmssp v0.0.0-20200615164410-66371956d46c // indirect
github.com/OneOfOne/xxhash v1.2.2 // indirect
github.com/cespare/xxhash v1.0.0 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/go-asn1-ber/asn1-ber v1.5.1 // indirect
github.com/gofrs/uuid v3.2.0+incompatible // indirect
github.com/julienschmidt/httprouter v1.2.0 // indirect
github.com/justinas/alice v0.0.0-20171023064455-03f45bd4b7da // indirect
github.com/sergi/go-diff v1.0.0 // indirect
github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72 // indirect
go.uber.org/atomic v1.4.0 // indirect
go.uber.org/multierr v1.1.0 // indirect
golang.org/x/crypto v0.0.0-20200604202706-70a84ac30bf9 // indirect
)
go 1.21

View File

@ -26,6 +26,8 @@ var (
ErrChallengeNotFound = errors.New("challenge not found") ErrChallengeNotFound = errors.New("challenge not found")
// ErrChallengeExpired is an error that happens when a challenge is already used. // ErrChallengeExpired is an error that happens when a challenge is already used.
ErrChallengeExpired = errors.New("challenge expired") ErrChallengeExpired = errors.New("challenge expired")
//ErrServiceUnavailable is an error that happens when the hydra admin service is unavailable
ErrServiceUnavailable = errors.New("hydra service unavailable")
) )
type reqType string type reqType string
@ -52,6 +54,7 @@ func initiateRequest(typ reqType, hydraURL string, fakeTLSTermination bool, chal
if err != nil { if err != nil {
return nil, err return nil, err
} }
u, err := parseURL(hydraURL) u, err := parseURL(hydraURL)
if err != nil { if err != nil {
return nil, err return nil, err
@ -145,6 +148,8 @@ func checkResponse(resp *http.Response) error {
return ErrChallengeNotFound return ErrChallengeNotFound
case 409: case 409:
return ErrChallengeExpired return ErrChallengeExpired
case 503:
return ErrServiceUnavailable
default: default:
var rs struct { var rs struct {
Message string `json:"error"` Message string `json:"error"`

View File

@ -11,6 +11,7 @@ package identp
import ( import (
"context" "context"
"fmt"
"net/http" "net/http"
"net/url" "net/url"
"strings" "strings"
@ -127,7 +128,8 @@ func newLoginStartHandler(rproc oa2LoginReqProcessor, tmplRenderer TemplateRende
return return
} }
log.Infow("Failed to initiate an OAuth2 login request", zap.Error(err), "challenge", challenge) log.Infow("Failed to initiate an OAuth2 login request", zap.Error(err), "challenge", challenge)
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) errMsg := fmt.Sprintf("%s - %s - %s", http.StatusText(http.StatusInternalServerError), err, errors.Cause(err))
http.Error(w, errMsg, http.StatusInternalServerError)
return return
} }
log.Infow("A login request is initiated", "challenge", challenge, "username", ri.Subject) log.Infow("A login request is initiated", "challenge", challenge, "username", ri.Subject)

View File

@ -48,19 +48,20 @@ type connector interface {
// Config is a LDAP configuration. // Config is a LDAP configuration.
type Config struct { type Config struct {
Endpoints []string `envconfig:"endpoints" required:"true" desc:"a LDAP's server URLs as \"<address>:<port>\""` Endpoints []string `envconfig:"endpoints" required:"true" desc:"a LDAP's server URLs as \"<address>:<port>\""`
BindDN string `envconfig:"binddn" desc:"a LDAP bind DN"` BindDN string `envconfig:"binddn" desc:"a LDAP bind DN"`
BindPass string `envconfig:"bindpw" json:"-" desc:"a LDAP bind password"` BindPass string `envconfig:"bindpw" json:"-" desc:"a LDAP bind password"`
BaseDN string `envconfig:"basedn" required:"true" desc:"a LDAP base DN for searching users"` BaseDN string `envconfig:"basedn" required:"true" desc:"a LDAP base DN for searching users"`
UserSearchQuery string `envconfig:"user_search_query" desc:"the user search query" default:"(&(|(objectClass=organizationalPerson)(objectClass=inetOrgPerson))(|(uid=%[1]s)(mail=%[1]s)(userPrincipalName=%[1]s)(sAMAccountName=%[1]s)))"` UserSearchQuery string `envconfig:"user_search_query" desc:"the user search query" default:"(&(|(objectClass=organizationalPerson)(objectClass=inetOrgPerson))(|(uid=%[1]s)(mail=%[1]s)(userPrincipalName=%[1]s)(sAMAccountName=%[1]s)))"`
AttrClaims map[string]string `envconfig:"attr_claims" default:"name:name,sn:family_name,givenName:given_name,mail:email" desc:"a mapping of LDAP attributes to OpenID connect claims"` AttrClaims map[string]string `envconfig:"attr_claims" default:"name:name,sn:family_name,givenName:given_name,mail:email" desc:"a mapping of LDAP attributes to OpenID connect claims"`
RoleBaseDN string `envconfig:"role_basedn" required:"true" desc:"a LDAP base DN for searching roles"` RoleBaseDN string `envconfig:"role_basedn" required:"true" desc:"a LDAP base DN for searching roles"`
RoleSearchQuery string `envconfig:"role_search_query" desc:"the role search query" default:"(|(&(|(objectClass=group)(objectClass=groupOfNames))(member=%[1]s))(&(objectClass=groupOfUniqueNames)(uniqueMember=%[1]s)))"` RoleSearchQuery string `envconfig:"role_search_query" desc:"the role search query" default:"(|(&(|(objectClass=group)(objectClass=groupOfNames))(member=%[1]s))(&(objectClass=groupOfUniqueNames)(uniqueMember=%[1]s)))"`
RoleAttr string `envconfig:"role_attr" default:"description" desc:"a LDAP group's attribute that contains a role's name"` RoleAttr string `envconfig:"role_attr" default:"description" desc:"a LDAP group's attribute that contains a role's name"`
RoleClaim string `envconfig:"role_claim" default:"https://github.com/i-core/werther/claims/roles" desc:"a name of an OpenID Connect claim that contains user roles"` RoleClaim string `envconfig:"role_claim" default:"https://github.com/i-core/werther/claims/roles" desc:"a name of an OpenID Connect claim that contains user roles"`
CacheSize int `envconfig:"cache_size" default:"512" desc:"a user info cache's size in KiB"` CacheSize int `envconfig:"cache_size" default:"512" desc:"a user info cache's size in KiB"`
CacheTTL time.Duration `envconfig:"cache_ttl" default:"30m" desc:"a user info cache TTL"` CacheTTL time.Duration `envconfig:"cache_ttl" default:"30m" desc:"a user info cache TTL"`
IsTLS bool `envconfig:"is_tls" default:"false" desc:"should LDAP connection be established via TLS"` IsTLS bool `envconfig:"is_tls" default:"false" desc:"should LDAP connection be established via TLS"`
ConnectionTimeout time.Duration `envconfig:"connection_timeout" default:"60s" desc:"LDAP server connection timeout"`
} }
// Client is a LDAP client (compatible with Active Directory). // Client is a LDAP client (compatible with Active Directory).
@ -75,11 +76,12 @@ func New(cnf Config) *Client {
return &Client{ return &Client{
Config: cnf, Config: cnf,
connector: &ldapConnector{ connector: &ldapConnector{
BaseDN: cnf.BaseDN, BaseDN: cnf.BaseDN,
UserSearchQuery: cnf.UserSearchQuery, UserSearchQuery: cnf.UserSearchQuery,
RoleBaseDN: cnf.RoleBaseDN, RoleBaseDN: cnf.RoleBaseDN,
IsTLS: cnf.IsTLS, IsTLS: cnf.IsTLS,
RoleSearchQuery: cnf.RoleSearchQuery, RoleSearchQuery: cnf.RoleSearchQuery,
ConnectionTimeout: cnf.ConnectionTimeout,
}, },
cache: freecache.NewCache(cnf.CacheSize * 1024), cache: freecache.NewCache(cnf.CacheSize * 1024),
} }
@ -291,15 +293,16 @@ func (cli *Client) findBasicUserDetails(cn conn, username string, attrs []string
} }
type ldapConnector struct { type ldapConnector struct {
BaseDN string BaseDN string
RoleBaseDN string RoleBaseDN string
IsTLS bool IsTLS bool
UserSearchQuery string UserSearchQuery string
RoleSearchQuery string RoleSearchQuery string
ConnectionTimeout time.Duration
} }
func (c *ldapConnector) Connect(ctx context.Context, addr string) (conn, error) { func (c *ldapConnector) Connect(ctx context.Context, addr string) (conn, error) {
d := net.Dialer{Timeout: ldap.DefaultTimeout} d := net.Dialer{Timeout: c.ConnectionTimeout}
tcpcn, err := d.DialContext(ctx, "tcp", addr) tcpcn, err := d.DialContext(ctx, "tcp", addr)
if err != nil { if err != nil {
return nil, err return nil, err

View File

@ -89,7 +89,7 @@ func loginTmpl() (*asset, error) {
return nil, err return nil, err
} }
info := bindataFileInfo{name: "login.tmpl", size: 1376, mode: os.FileMode(0664), modTime: time.Unix(1598432745, 0)} info := bindataFileInfo{name: "login.tmpl", size: 1376, mode: os.FileMode(0644), modTime: time.Unix(1632751659, 0)}
a := &asset{bytes: bytes, info: info, digest: [32]uint8{0x96, 0x82, 0x4c, 0x6a, 0xc3, 0x92, 0x44, 0x14, 0x82, 0xe7, 0x9a, 0xa8, 0xc8, 0x81, 0x35, 0x91, 0x53, 0xa8, 0x9, 0xe5, 0x8, 0xd5, 0xf, 0x5c, 0x48, 0x31, 0xde, 0xbf, 0xb7, 0x65, 0x23, 0xa9}} a := &asset{bytes: bytes, info: info, digest: [32]uint8{0x96, 0x82, 0x4c, 0x6a, 0xc3, 0x92, 0x44, 0x14, 0x82, 0xe7, 0x9a, 0xa8, 0xc8, 0x81, 0x35, 0x91, 0x53, 0xa8, 0x9, 0xe5, 0x8, 0xd5, 0xf, 0x5c, 0x48, 0x31, 0xde, 0xbf, 0xb7, 0x65, 0x23, 0xa9}}
return a, nil return a, nil
} }
@ -109,7 +109,7 @@ func staticFontsRobotoLightTtf() (*asset, error) {
return nil, err return nil, err
} }
info := bindataFileInfo{name: "static/fonts/Roboto-Light.ttf", size: 170012, mode: os.FileMode(0644), modTime: time.Unix(1574945279, 0)} info := bindataFileInfo{name: "static/fonts/Roboto-Light.ttf", size: 170012, mode: os.FileMode(0644), modTime: time.Unix(1631861563, 0)}
a := &asset{bytes: bytes, info: info, digest: [32]uint8{0xdb, 0x2, 0x9, 0x6a, 0x91, 0xc2, 0xa, 0xb6, 0x2d, 0x45, 0x90, 0x1, 0xa1, 0x5, 0x9b, 0xc8, 0xd7, 0x8c, 0xaa, 0x35, 0xd6, 0x37, 0xdc, 0x91, 0x49, 0x4c, 0x44, 0x40, 0x81, 0x5a, 0x6a, 0xc1}} a := &asset{bytes: bytes, info: info, digest: [32]uint8{0xdb, 0x2, 0x9, 0x6a, 0x91, 0xc2, 0xa, 0xb6, 0x2d, 0x45, 0x90, 0x1, 0xa1, 0x5, 0x9b, 0xc8, 0xd7, 0x8c, 0xaa, 0x35, 0xd6, 0x37, 0xdc, 0x91, 0x49, 0x4c, 0x44, 0x40, 0x81, 0x5a, 0x6a, 0xc1}}
return a, nil return a, nil
} }
@ -129,7 +129,7 @@ func staticFontsRobotoLightWoff() (*asset, error) {
return nil, err return nil, err
} }
info := bindataFileInfo{name: "static/fonts/Roboto-Light.woff", size: 93468, mode: os.FileMode(0644), modTime: time.Unix(1574945279, 0)} info := bindataFileInfo{name: "static/fonts/Roboto-Light.woff", size: 93468, mode: os.FileMode(0644), modTime: time.Unix(1631861563, 0)}
a := &asset{bytes: bytes, info: info, digest: [32]uint8{0x77, 0xad, 0xe0, 0x48, 0xda, 0x36, 0xf1, 0x3, 0xa5, 0x20, 0x45, 0x5a, 0xcb, 0xd2, 0xf, 0x26, 0xbd, 0x45, 0xd6, 0xf1, 0xc4, 0x21, 0x5, 0x4a, 0x5d, 0x92, 0x6f, 0x55, 0x65, 0x25, 0x16, 0x35}} a := &asset{bytes: bytes, info: info, digest: [32]uint8{0x77, 0xad, 0xe0, 0x48, 0xda, 0x36, 0xf1, 0x3, 0xa5, 0x20, 0x45, 0x5a, 0xcb, 0xd2, 0xf, 0x26, 0xbd, 0x45, 0xd6, 0xf1, 0xc4, 0x21, 0x5, 0x4a, 0x5d, 0x92, 0x6f, 0x55, 0x65, 0x25, 0x16, 0x35}}
return a, nil return a, nil
} }
@ -149,7 +149,7 @@ func staticFontsRobotoLightWoff2() (*asset, error) {
return nil, err return nil, err
} }
info := bindataFileInfo{name: "static/fonts/Roboto-Light.woff2", size: 64272, mode: os.FileMode(0644), modTime: time.Unix(1574945279, 0)} info := bindataFileInfo{name: "static/fonts/Roboto-Light.woff2", size: 64272, mode: os.FileMode(0644), modTime: time.Unix(1631861563, 0)}
a := &asset{bytes: bytes, info: info, digest: [32]uint8{0x1a, 0x87, 0xc0, 0x97, 0xd1, 0xa3, 0x42, 0xec, 0x1b, 0x1a, 0x40, 0x6, 0x6d, 0x4d, 0xbe, 0x9d, 0x6f, 0x14, 0x49, 0x2d, 0x78, 0x80, 0x5d, 0xe2, 0xa1, 0xb5, 0x7d, 0xaf, 0x8b, 0x28, 0xd6, 0x40}} a := &asset{bytes: bytes, info: info, digest: [32]uint8{0x1a, 0x87, 0xc0, 0x97, 0xd1, 0xa3, 0x42, 0xec, 0x1b, 0x1a, 0x40, 0x6, 0x6d, 0x4d, 0xbe, 0x9d, 0x6f, 0x14, 0x49, 0x2d, 0x78, 0x80, 0x5d, 0xe2, 0xa1, 0xb5, 0x7d, 0xaf, 0x8b, 0x28, 0xd6, 0x40}}
return a, nil return a, nil
} }
@ -169,7 +169,7 @@ func staticScriptJs() (*asset, error) {
return nil, err return nil, err
} }
info := bindataFileInfo{name: "static/script.js", size: 1240, mode: os.FileMode(0644), modTime: time.Unix(1565090829, 0)} info := bindataFileInfo{name: "static/script.js", size: 1240, mode: os.FileMode(0644), modTime: time.Unix(1631861563, 0)}
a := &asset{bytes: bytes, info: info, digest: [32]uint8{0x21, 0x83, 0x40, 0xc4, 0xb1, 0x4e, 0x2c, 0xf8, 0x84, 0x11, 0x9b, 0x80, 0xc2, 0xe6, 0xab, 0xb5, 0xf8, 0xd5, 0x3b, 0xc9, 0x2e, 0x5b, 0x12, 0x7, 0x29, 0x2f, 0x21, 0x5f, 0x59, 0x35, 0xf7, 0xad}} a := &asset{bytes: bytes, info: info, digest: [32]uint8{0x21, 0x83, 0x40, 0xc4, 0xb1, 0x4e, 0x2c, 0xf8, 0x84, 0x11, 0x9b, 0x80, 0xc2, 0xe6, 0xab, 0xb5, 0xf8, 0xd5, 0x3b, 0xc9, 0x2e, 0x5b, 0x12, 0x7, 0x29, 0x2f, 0x21, 0x5f, 0x59, 0x35, 0xf7, 0xad}}
return a, nil return a, nil
} }
@ -189,7 +189,7 @@ func staticStyleCss() (*asset, error) {
return nil, err return nil, err
} }
info := bindataFileInfo{name: "static/style.css", size: 5966, mode: os.FileMode(0644), modTime: time.Unix(1574945279, 0)} info := bindataFileInfo{name: "static/style.css", size: 5966, mode: os.FileMode(0644), modTime: time.Unix(1631861563, 0)}
a := &asset{bytes: bytes, info: info, digest: [32]uint8{0xdf, 0x10, 0x89, 0x7e, 0x7, 0xd2, 0xf2, 0xcc, 0xa2, 0x4e, 0xcf, 0x1, 0x63, 0x75, 0x97, 0xa1, 0x1c, 0x36, 0x4e, 0x34, 0x44, 0x85, 0x53, 0x93, 0xd4, 0x40, 0x69, 0x5f, 0x78, 0x30, 0x17, 0x8f}} a := &asset{bytes: bytes, info: info, digest: [32]uint8{0xdf, 0x10, 0x89, 0x7e, 0x7, 0xd2, 0xf2, 0xcc, 0xa2, 0x4e, 0xcf, 0x1, 0x63, 0x75, 0x97, 0xa1, 0x1c, 0x36, 0x4e, 0x34, 0x44, 0x85, 0x53, 0x93, 0xd4, 0x40, 0x69, 0x5f, 0x78, 0x30, 0x17, 0x8f}}
return a, nil return a, nil
} }

22
misc/packaging/nfpm.yml Normal file
View File

@ -0,0 +1,22 @@
name: "hydra-werther"
arch: "amd64"
platform: "linux"
version: "${PACKAGE_VERSION}"
section: "default"
priority: "extra"
maintainer: "Cadoles <contact@cadoles.com>"
description: |
PostgreSQL automated backup scripts
vendor: "Cadoles"
homepage: "https://forge.cadoles.com/Cadoles/postgres-backup"
license: "AGPL-3.0"
version_schema: none
contents:
- src: bin/werther_linux_amd64
dst: /usr/bin/hydra-werther
- src: conf/hydra-werther.conf
dst: /etc/hydra-werther/hydra-werther.conf
- src: misc/packaging/systemd/hydra-werther.service
dst: /usr/lib/systemd/system/hydra-werther.service

View File

@ -0,0 +1,12 @@
[Unit]
Description=Run Hydra Werther login/consent/logout app
After=network-online.target
[Service]
Type=simple
EnvironmentFile=/etc/hydra-werther/hydra-werther.conf
ExecStart=/usr/bin/hydra-werther
Restart=on-failure
[Install]
WantedBy=multi-user.target