179 lines
5.0 KiB
Go
179 lines
5.0 KiB
Go
package main
|
|
|
|
import (
|
|
"encoding/base64"
|
|
"encoding/json"
|
|
"log"
|
|
"net/http"
|
|
|
|
"gitlab.com/wpetit/goweb/template/html"
|
|
|
|
"forge.cadoles.com/wpetit/hydra-webauthn/internal/config"
|
|
"forge.cadoles.com/wpetit/hydra-webauthn/internal/hydra"
|
|
"forge.cadoles.com/wpetit/hydra-webauthn/internal/storage"
|
|
"forge.cadoles.com/wpetit/hydra-webauthn/internal/storage/sqlite"
|
|
"forge.cadoles.com/wpetit/hydra-webauthn/internal/webauthn"
|
|
|
|
gotemplate "html/template"
|
|
|
|
"github.com/gorilla/sessions"
|
|
"github.com/pkg/errors"
|
|
"gitlab.com/wpetit/goweb/service"
|
|
"gitlab.com/wpetit/goweb/service/build"
|
|
"gitlab.com/wpetit/goweb/service/session"
|
|
"gitlab.com/wpetit/goweb/service/template"
|
|
"gitlab.com/wpetit/goweb/session/gorilla"
|
|
)
|
|
|
|
func getServiceContainer(conf *config.Config) (*service.Container, error) {
|
|
// Initialize and configure service container
|
|
ctn := service.NewContainer()
|
|
|
|
ctn.Provide(build.ServiceName, build.ServiceProvider(ProjectVersion, GitRef, BuildDate))
|
|
|
|
// Generate random cookie authentication key if none is set
|
|
if conf.HTTP.CookieAuthenticationKey == "" {
|
|
log.Println("could not find cookie authentication key. generating one...")
|
|
|
|
cookieAuthenticationKey, err := gorilla.GenerateRandomBytes(64)
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, "could not generate cookie authentication key")
|
|
}
|
|
|
|
conf.HTTP.CookieAuthenticationKey = string(cookieAuthenticationKey)
|
|
}
|
|
|
|
// Generate random cookie encryption key if none is set
|
|
if conf.HTTP.CookieEncryptionKey == "" {
|
|
log.Println("could not find cookie encryption key. generating one...")
|
|
|
|
cookieEncryptionKey, err := gorilla.GenerateRandomBytes(32)
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, "could not generate cookie encryption key")
|
|
}
|
|
|
|
conf.HTTP.CookieEncryptionKey = string(cookieEncryptionKey)
|
|
}
|
|
|
|
// Generate random token signing key if none is set
|
|
if conf.HTTP.TokenSigningKey == "" {
|
|
log.Println("could not find token signing key. generating one...")
|
|
|
|
tokenSigningKey, err := gorilla.GenerateRandomBytes(64)
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, "could not generate token signing key")
|
|
}
|
|
|
|
conf.HTTP.TokenSigningKey = string(tokenSigningKey)
|
|
}
|
|
|
|
// Generate random token encryption key if none is set
|
|
if conf.HTTP.TokenEncryptionKey == "" {
|
|
log.Println("could not find token encryption key. generating one...")
|
|
|
|
tokenEncryptionKey, err := gorilla.GenerateRandomBytes(32)
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, "could not generate token encryption key")
|
|
}
|
|
|
|
conf.HTTP.TokenEncryptionKey = string(tokenEncryptionKey)
|
|
}
|
|
|
|
// Create and initialize HTTP session service provider
|
|
cookieStore := sessions.NewCookieStore(
|
|
[]byte(conf.HTTP.CookieAuthenticationKey),
|
|
[]byte(conf.HTTP.CookieEncryptionKey),
|
|
)
|
|
|
|
// Define default cookie options
|
|
cookieStore.Options = &sessions.Options{
|
|
Path: "/",
|
|
HttpOnly: true,
|
|
MaxAge: conf.HTTP.CookieMaxAge,
|
|
SameSite: http.SameSiteStrictMode,
|
|
}
|
|
|
|
ctn.Provide(
|
|
session.ServiceName,
|
|
gorilla.ServiceProvider("hydra-webauthn", cookieStore),
|
|
)
|
|
|
|
// Create and expose template service provider
|
|
// Create and expose template service provider
|
|
ctn.Provide(template.ServiceName, html.ServiceProvider(
|
|
html.NewDirectoryLoader(conf.HTTP.TemplateDir),
|
|
html.WithHelper("marshal", func(v interface{}) (gotemplate.JS, error) {
|
|
data, err := json.Marshal(v)
|
|
if err != nil {
|
|
return "", errors.WithStack(err)
|
|
}
|
|
|
|
return gotemplate.JS(data), nil
|
|
}),
|
|
html.WithHelper("base64", func(v interface{}) (gotemplate.JS, error) {
|
|
var b64 string
|
|
|
|
switch typ := v.(type) {
|
|
case string:
|
|
b64 = base64.RawURLEncoding.EncodeToString([]byte(typ))
|
|
case []byte:
|
|
b64 = base64.RawURLEncoding.EncodeToString(typ)
|
|
case gotemplate.JS:
|
|
b64 = base64.RawURLEncoding.EncodeToString([]byte(typ))
|
|
default:
|
|
return "", errors.Errorf("unexpected type '%T'", v)
|
|
}
|
|
|
|
return gotemplate.JS(b64), nil
|
|
}),
|
|
))
|
|
|
|
// Create and expose config service provider
|
|
ctn.Provide(config.ServiceName, config.ServiceProvider(conf))
|
|
|
|
ctn.Provide(
|
|
hydra.ServiceName,
|
|
hydra.ServiceProvider(
|
|
conf.Hydra.BaseURL,
|
|
conf.Hydra.FakeSSLTermination,
|
|
conf.Hydra.HTTPClientTimeout,
|
|
),
|
|
)
|
|
|
|
// Create and expose webauthn service provider
|
|
webauthnConfig := &webauthn.Config{
|
|
RPID: conf.WebAuthn.RelyingParty.ID,
|
|
RPDisplayName: conf.WebAuthn.RelyingParty.DisplayName,
|
|
RPOrigins: conf.WebAuthn.RelyingParty.Origins,
|
|
// AttestationPreference: protocol.PreferDirectAttestation,
|
|
// AuthenticatorSelection: protocol.AuthenticatorSelection{
|
|
// AuthenticatorAttachment: protocol.CrossPlatform,
|
|
// },
|
|
Debug: true,
|
|
// EncodeUserIDAsString: true,
|
|
// Timeouts: webauthn.TimeoutsConfig{
|
|
// Login: webauthn.TimeoutConfig{
|
|
// Enforce: true,
|
|
// Timeout: ,
|
|
// },
|
|
// },
|
|
}
|
|
|
|
ctn.Provide(
|
|
webauthn.ServiceName,
|
|
webauthn.ServiceProvider(webauthnConfig),
|
|
)
|
|
|
|
userRepository, err := sqlite.NewUserRepository(conf.Storage.DSN)
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, "could not create sqlite user repository")
|
|
}
|
|
|
|
ctn.Provide(
|
|
storage.ServiceName,
|
|
storage.ServiceProvider(userRepository),
|
|
)
|
|
|
|
return ctn, nil
|
|
}
|