feat(auth): remote and local third-party authentication
Some checks reported warnings
arcad/emissary/pipeline/head This commit is unstable
Some checks reported warnings
arcad/emissary/pipeline/head This commit is unstable
This commit is contained in:
@ -4,6 +4,7 @@ import (
|
||||
"os"
|
||||
"regexp"
|
||||
"strconv"
|
||||
"time"
|
||||
|
||||
"github.com/pkg/errors"
|
||||
"gopkg.in/yaml.v3"
|
||||
@ -123,3 +124,37 @@ func (iss *InterpolatedStringSlice) UnmarshalYAML(value *yaml.Node) error {
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
type InterpolatedDuration time.Duration
|
||||
|
||||
func (id *InterpolatedDuration) UnmarshalYAML(value *yaml.Node) error {
|
||||
var str string
|
||||
|
||||
if err := value.Decode(&str); err != nil {
|
||||
return errors.Wrapf(err, "could not decode value '%v' (line '%d') into string", value.Value, value.Line)
|
||||
}
|
||||
|
||||
if match := reVar.FindStringSubmatch(str); len(match) > 0 {
|
||||
str = os.Getenv(match[1])
|
||||
}
|
||||
|
||||
duration, err := time.ParseDuration(str)
|
||||
if err != nil {
|
||||
return errors.Wrapf(err, "could not parse duration '%v', line '%d'", str, value.Line)
|
||||
}
|
||||
|
||||
*id = InterpolatedDuration(duration)
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (id *InterpolatedDuration) MarshalYAML() (interface{}, error) {
|
||||
duration := time.Duration(*id)
|
||||
|
||||
return duration.String(), nil
|
||||
}
|
||||
|
||||
func NewInterpolatedDuration(d time.Duration) *InterpolatedDuration {
|
||||
id := InterpolatedDuration(d)
|
||||
return &id
|
||||
}
|
||||
|
||||
@ -1,19 +1,50 @@
|
||||
package config
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
|
||||
"forge.cadoles.com/Cadoles/emissary/internal/auth/thirdparty"
|
||||
)
|
||||
|
||||
type ServerConfig struct {
|
||||
PrivateKeyPath InterpolatedString `yaml:"privateKeyPath"`
|
||||
Issuer InterpolatedString `yaml:"issuer"`
|
||||
HTTP HTTPConfig `yaml:"http"`
|
||||
Database DatabaseConfig `yaml:"database"`
|
||||
CORS CORSConfig `yaml:"cors"`
|
||||
HTTP HTTPConfig `yaml:"http"`
|
||||
Database DatabaseConfig `yaml:"database"`
|
||||
CORS CORSConfig `yaml:"cors"`
|
||||
Auth AuthConfig `yaml:"auth"`
|
||||
}
|
||||
|
||||
func NewDefaultServerConfig() ServerConfig {
|
||||
return ServerConfig{
|
||||
PrivateKeyPath: "server-key.json",
|
||||
Issuer: "http://127.0.0.1:3000",
|
||||
HTTP: NewDefaultHTTPConfig(),
|
||||
Database: NewDefaultDatabaseConfig(),
|
||||
CORS: NewDefaultCORSConfig(),
|
||||
HTTP: NewDefaultHTTPConfig(),
|
||||
Database: NewDefaultDatabaseConfig(),
|
||||
CORS: NewDefaultCORSConfig(),
|
||||
Auth: NewDefaultAuthConfig(),
|
||||
}
|
||||
}
|
||||
|
||||
type AuthConfig struct {
|
||||
Local *LocalAuthConfig `yaml:"local"`
|
||||
Remote *RemoteAuthConfig `yaml:"remote"`
|
||||
RoleExtractionRules []string `yaml:"roleExtractionRules"`
|
||||
}
|
||||
|
||||
func NewDefaultAuthConfig() AuthConfig {
|
||||
return AuthConfig{
|
||||
Local: &LocalAuthConfig{
|
||||
PrivateKeyPath: "server-key.json",
|
||||
},
|
||||
Remote: nil,
|
||||
RoleExtractionRules: []string{
|
||||
fmt.Sprintf("jwt.%s != nil ? str(jwt.%s) : ''", thirdparty.DefaultRoleKey, thirdparty.DefaultRoleKey),
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
type LocalAuthConfig struct {
|
||||
PrivateKeyPath InterpolatedString `yaml:"privateKeyPath"`
|
||||
}
|
||||
|
||||
type RemoteAuthConfig struct {
|
||||
JsonWebKeySetURL InterpolatedString `yaml:"jwksUrl"`
|
||||
RefreshInterval *InterpolatedDuration `yaml:"refreshInterval"`
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user