fic/server
Archived
1
0
Fork 0
Code Issues Pull requests 10 Releases Wiki Activity

admin: Generate Vouch-Proxy config

Browse source
This commit is contained in:
nemunaire 2024-03-23 18:51:53 +01:00
commit 24e825d500
5 changed files with 96 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

78
admin/api/password.go
View file

@ -17,8 +17,9 @@ import (
)
var (
OidcIssuer = "live.fic.srs.epita.fr"
OidcSecret = ""
OidcIssuer = "live.fic.srs.epita.fr"
OidcClientId = "epita-challenge"
OidcSecret = ""
)
func declarePasswordRoutes(router *gin.RouterGroup) {
@ -69,6 +70,26 @@ func declarePasswordRoutes(router *gin.RouterGroup) {
return
}
c.JSON(http.StatusOK, true)
})
router.GET("/vouch-proxy.yaml", func(c *gin.Context) {
cfg, err := genVouchProxyConfig()
if err != nil {
c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"errmsg": err.Error()})
return
}
c.String(http.StatusOK, string(cfg))
})
router.POST("/vouch-proxy.yaml", func(c *gin.Context) {
if dexcfg, err := genVouchProxyConfig(); err != nil {
c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"errmsg": err.Error()})
return
} else if err := ioutil.WriteFile(path.Join(pki.PKIDir, "shared", "vouch-config.yaml"), []byte(dexcfg), 0644); err != nil {
c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"errmsg": err.Error()})
return
}
c.JSON(http.StatusOK, true)
})
}
@ -203,7 +224,7 @@ func genDexConfig() ([]byte, error) {
Issuer: "https://" + OidcIssuer,
Clients: []dexConfigClient{
dexConfigClient{
Id: "epita-challenge",
Id: OidcClientId,
Name: challengeInfo.Title,
RedirectURIs: []string{"https://" + OidcIssuer + "/challenge_access/auth"},
Secret: OidcSecret,
@ -249,3 +270,54 @@ func genDexPasswordTpl() ([]byte, error) {
}
}
}
const vouchcfgtpl = `# CONFIGURATION FILE HANDLED BY fic-admin
# DO NOT MODIFY IT BY HAND
vouch:
logLevel: debug
allowAllUsers: true
document_root: /challenge_access
cookie:
domain: {{ .Issuer }}
oauth:
provider: oidc
client_id: {{ .ClientId }}
client_secret: {{ .ClientSecret }}
callback_urls:
- https://{{ .Issuer }}/challenge_access/auth
auth_url: https://{{ .Issuer }}/auth
token_url: http://127.0.0.1:5556/token
user_info_url: http://127.0.0.1:5556/userinfo
scopes:
- openid
- email
`
type vouchProxyConfig struct {
Issuer string
ClientId string
ClientSecret string
}
func genVouchProxyConfig() ([]byte, error) {
if OidcSecret == "" {
return nil, fmt.Errorf("Unable to generate vouch proxy configuration: OIDC Secret not defined. Please define FICOIDC_SECRET in your environment.")
}
b := bytes.NewBufferString("")
if vouchTmpl, err := template.New("vouchcfg").Parse(vouchcfgtpl); err != nil {
return nil, fmt.Errorf("Cannot create template: %w", err)
} else if err = vouchTmpl.Execute(b, vouchProxyConfig{
Issuer: "https://" + OidcIssuer,
ClientId: OidcClientId,
ClientSecret: OidcSecret,
}); err != nil {
return nil, fmt.Errorf("An error occurs during template execution: %w", err)
} else {
return b.Bytes(), nil
}
}

10
admin/main.go
View file

@ -38,6 +38,16 @@ func main() {
// Read paremeters from environment
if v, exists := os.LookupEnv("FICOIDC_ISSUER"); exists {
api.OidcIssuer = v
} else if v, exists := os.LookupEnv("FICOIDC_ISSUER_FILE"); exists {
fd, err := os.Open(v)
if err != nil {
log.Fatal("Unable to open FICOIDC_ISSUER_FILE:", err)
}
b, _ := ioutil.ReadAll(fd)
api.OidcIssuer = strings.TrimSpace(string(b))
fd.Close()
}
if v, exists := os.LookupEnv("FICOIDC_SECRET"); exists {
api.OidcSecret = v

6
admin/static/js/app.js
View file

@ -2396,6 +2396,12 @@ angular.module("FICApp")
}, function(response) {
$scope.addToast('danger', 'An error occurs when generating dex config:', response.data.errmsg);
});
$http.post("api/vouch.yaml").then(function() {
$scope.addToast('success', 'VouchProxy config refreshed.', "Don't forget to reload/reboot frontend host.");
}, function(response) {
$scope.addToast('danger', 'An error occurs when generating VouchProxy config:', response.data.errmsg);
});
});
}
$scope.desactiveTeams = function() {
$http.post("api/disableinactiveteams").then(function() {