feat: initial commit

2023-11-15 20:38:25 +01:00
commit e199fe3d26
67 changed files with 4152 additions and 0 deletions
--- a/cmd/server/container.go
+++ b/cmd/server/container.go
@ -0,0 +1,178 @@
+package main
+
+import (
+	"encoding/base64"
+	"encoding/json"
+	"log"
+	"net/http"
+
+	"gitlab.com/wpetit/goweb/template/html"
+
+	"forge.cadoles.com/wpetit/hydra-webauthn/internal/config"
+	"forge.cadoles.com/wpetit/hydra-webauthn/internal/hydra"
+	"forge.cadoles.com/wpetit/hydra-webauthn/internal/storage"
+	"forge.cadoles.com/wpetit/hydra-webauthn/internal/storage/sqlite"
+	"forge.cadoles.com/wpetit/hydra-webauthn/internal/webauthn"
+
+	gotemplate "html/template"
+
+	"github.com/gorilla/sessions"
+	"github.com/pkg/errors"
+	"gitlab.com/wpetit/goweb/service"
+	"gitlab.com/wpetit/goweb/service/build"
+	"gitlab.com/wpetit/goweb/service/session"
+	"gitlab.com/wpetit/goweb/service/template"
+	"gitlab.com/wpetit/goweb/session/gorilla"
+)
+
+func getServiceContainer(conf *config.Config) (*service.Container, error) {
+	// Initialize and configure service container
+	ctn := service.NewContainer()
+
+	ctn.Provide(build.ServiceName, build.ServiceProvider(ProjectVersion, GitRef, BuildDate))
+
+	// Generate random cookie authentication key if none is set
+	if conf.HTTP.CookieAuthenticationKey == "" {
+		log.Println("could not find cookie authentication key. generating one...")
+
+		cookieAuthenticationKey, err := gorilla.GenerateRandomBytes(64)
+		if err != nil {
+			return nil, errors.Wrap(err, "could not generate cookie authentication key")
+		}
+
+		conf.HTTP.CookieAuthenticationKey = string(cookieAuthenticationKey)
+	}
+
+	// Generate random cookie encryption key if none is set
+	if conf.HTTP.CookieEncryptionKey == "" {
+		log.Println("could not find cookie encryption key. generating one...")
+
+		cookieEncryptionKey, err := gorilla.GenerateRandomBytes(32)
+		if err != nil {
+			return nil, errors.Wrap(err, "could not generate cookie encryption key")
+		}
+
+		conf.HTTP.CookieEncryptionKey = string(cookieEncryptionKey)
+	}
+
+	// Generate random token signing key if none is set
+	if conf.HTTP.TokenSigningKey == "" {
+		log.Println("could not find token signing key. generating one...")
+
+		tokenSigningKey, err := gorilla.GenerateRandomBytes(64)
+		if err != nil {
+			return nil, errors.Wrap(err, "could not generate token signing key")
+		}
+
+		conf.HTTP.TokenSigningKey = string(tokenSigningKey)
+	}
+
+	// Generate random token encryption key if none is set
+	if conf.HTTP.TokenEncryptionKey == "" {
+		log.Println("could not find token encryption key. generating one...")
+
+		tokenEncryptionKey, err := gorilla.GenerateRandomBytes(32)
+		if err != nil {
+			return nil, errors.Wrap(err, "could not generate token encryption key")
+		}
+
+		conf.HTTP.TokenEncryptionKey = string(tokenEncryptionKey)
+	}
+
+	// Create and initialize HTTP session service provider
+	cookieStore := sessions.NewCookieStore(
+		[]byte(conf.HTTP.CookieAuthenticationKey),
+		[]byte(conf.HTTP.CookieEncryptionKey),
+	)
+
+	// Define default cookie options
+	cookieStore.Options = &sessions.Options{
+		Path:     "/",
+		HttpOnly: true,
+		MaxAge:   conf.HTTP.CookieMaxAge,
+		SameSite: http.SameSiteStrictMode,
+	}
+
+	ctn.Provide(
+		session.ServiceName,
+		gorilla.ServiceProvider("hydra-webauthn", cookieStore),
+	)
+
+	// Create and expose template service provider
+	// Create and expose template service provider
+	ctn.Provide(template.ServiceName, html.ServiceProvider(
+		html.NewDirectoryLoader(conf.HTTP.TemplateDir),
+		html.WithHelper("marshal", func(v interface{}) (gotemplate.JS, error) {
+			data, err := json.Marshal(v)
+			if err != nil {
+				return "", errors.WithStack(err)
+			}
+
+			return gotemplate.JS(data), nil
+		}),
+		html.WithHelper("base64", func(v interface{}) (gotemplate.JS, error) {
+			var b64 string
+
+			switch typ := v.(type) {
+			case string:
+				b64 = base64.RawURLEncoding.EncodeToString([]byte(typ))
+			case []byte:
+				b64 = base64.RawURLEncoding.EncodeToString(typ)
+			case gotemplate.JS:
+				b64 = base64.RawURLEncoding.EncodeToString([]byte(typ))
+			default:
+				return "", errors.Errorf("unexpected type '%T'", v)
+			}
+
+			return gotemplate.JS(b64), nil
+		}),
+	))
+
+	// Create and expose config service provider
+	ctn.Provide(config.ServiceName, config.ServiceProvider(conf))
+
+	ctn.Provide(
+		hydra.ServiceName,
+		hydra.ServiceProvider(
+			conf.Hydra.BaseURL,
+			conf.Hydra.FakeSSLTermination,
+			conf.Hydra.HTTPClientTimeout,
+		),
+	)
+
+	// Create and expose webauthn service provider
+	webauthnConfig := &webauthn.Config{
+		RPID:          conf.WebAuthn.RelyingParty.ID,
+		RPDisplayName: conf.WebAuthn.RelyingParty.DisplayName,
+		RPOrigins:     conf.WebAuthn.RelyingParty.Origins,
+		// AttestationPreference: protocol.PreferDirectAttestation,
+		// AuthenticatorSelection: protocol.AuthenticatorSelection{
+		// 	AuthenticatorAttachment: protocol.CrossPlatform,
+		// },
+		Debug: true,
+		// EncodeUserIDAsString: true,
+		// Timeouts: webauthn.TimeoutsConfig{
+		// 	Login: webauthn.TimeoutConfig{
+		// 		Enforce: true,
+		// 		Timeout: ,
+		// 	},
+		// },
+	}
+
+	ctn.Provide(
+		webauthn.ServiceName,
+		webauthn.ServiceProvider(webauthnConfig),
+	)
+
+	userRepository, err := sqlite.NewUserRepository(conf.Storage.DSN)
+	if err != nil {
+		return nil, errors.Wrap(err, "could not create sqlite user repository")
+	}
+
+	ctn.Provide(
+		storage.ServiceName,
+		storage.ServiceProvider(userRepository),
+	)
+
+	return ctn, nil
+}
--- a/cmd/server/main.go
+++ b/cmd/server/main.go
@ -0,0 +1,146 @@
+package main
+
+import (
+	"flag"
+	"fmt"
+	"log"
+	"net/http"
+	"os"
+
+	"forge.cadoles.com/wpetit/hydra-webauthn/internal/route"
+	"github.com/getsentry/sentry-go"
+	"github.com/go-chi/chi"
+	"github.com/go-chi/chi/middleware"
+	"gitlab.com/wpetit/goweb/middleware/container"
+
+	"forge.cadoles.com/wpetit/hydra-webauthn/internal/config"
+	sentryhttp "github.com/getsentry/sentry-go/http"
+	"github.com/pkg/errors"
+)
+
+// nolint: gochecknoglobals
+var (
+	configFile = ""
+	workdir    = ""
+	dumpConfig = false
+	version    = false
+)
+
+// nolint: gochecknoglobals
+var (
+	GitRef         = "unknown"
+	ProjectVersion = "unknown"
+	BuildDate      = "unknown"
+)
+
+// nolint: gochecknoinits
+func init() {
+	flag.StringVar(&configFile, "config", configFile, "configuration file")
+	flag.StringVar(&workdir, "workdir", workdir, "working directory")
+	flag.BoolVar(&dumpConfig, "dump-config", dumpConfig, "dump configuration and exit")
+	flag.BoolVar(&version, "version", version, "show version and exit")
+}
+
+func main() {
+	flag.Parse()
+
+	if version {
+		fmt.Printf("%s (%s) - %s\n", ProjectVersion, GitRef, BuildDate)
+
+		os.Exit(0)
+	}
+
+	// Switch to new working directory if defined
+	if workdir != "" {
+		if err := os.Chdir(workdir); err != nil {
+			log.Fatalf("%+v", errors.Wrapf(err, "could not change working directory to '%s'", workdir))
+		}
+	}
+
+	// Load configuration file if defined, use default configuration otherwise
+	var conf *config.Config
+
+	var err error
+
+	if configFile != "" {
+		conf, err = config.NewFromFile(configFile)
+		if err != nil {
+			log.Fatalf("%+v", errors.Wrapf(err, "could not load config file '%s'", configFile))
+		}
+	} else {
+		if dumpConfig {
+			conf = config.NewDumpDefault()
+		} else {
+			conf = config.NewDefault()
+		}
+	}
+
+	// Dump configuration if asked
+	if dumpConfig {
+		if err := config.Dump(conf, os.Stdout); err != nil {
+			log.Fatalf("%+v", errors.Wrap(err, "could not dump config"))
+		}
+
+		os.Exit(0)
+	}
+
+	if err := config.WithEnvironment(conf); err != nil {
+		log.Fatalf("%+v", errors.Wrap(err, "could not override config with environment"))
+	}
+
+	useSentry := conf.Sentry.DSN != ""
+
+	if useSentry {
+		var sentryEnv string
+		if conf.Sentry.Environment == "" {
+			sentryEnv, _ = os.Hostname()
+		} else {
+			sentryEnv = conf.Sentry.Environment
+		}
+
+		err := sentry.Init(sentry.ClientOptions{
+			Dsn:         conf.Sentry.DSN,
+			Debug:       conf.Debug,
+			SampleRate:  conf.Sentry.ServerSampleRate,
+			Release:     ProjectVersion + "-" + GitRef,
+			Environment: sentryEnv,
+		})
+		if err != nil {
+			log.Fatalf("%+v", errors.Wrap(err, "could not initialize sentry"))
+		}
+
+		defer sentry.Flush(conf.Sentry.ServerFlushTimeout)
+	}
+
+	// Create service container
+	ctn, err := getServiceContainer(conf)
+	if err != nil {
+		log.Fatalf("%+v", errors.Wrap(err, "could not create service container"))
+	}
+
+	r := chi.NewRouter()
+
+	// Define base middlewares
+	r.Use(middleware.Logger)
+
+	if useSentry {
+		sentryMiddleware := sentryhttp.New(sentryhttp.Options{
+			Repanic: true,
+		})
+
+		r.Use(sentryMiddleware.Handle)
+	}
+
+	// Expose service container on router
+	r.Use(container.ServiceContainer(ctn))
+
+	// Define routes
+	if err := route.Mount(r, conf); err != nil {
+		log.Fatalf("%+v", errors.Wrap(err, "could not mount http routes"))
+	}
+
+	log.Printf("listening on '%s'", conf.HTTP.Address)
+	if err := http.ListenAndServe(conf.HTTP.Address, r); err != nil {
+		log.Fatalf("%+v", errors.Wrapf(err, "could not listen on '%s'", conf.HTTP.Address))
+	}
+}