From 52bc7b66506ad836ce993d8d249d13e5b4b39cd4 Mon Sep 17 00:00:00 2001
From: Pierre-Olivier Mercier <nemunaire@nemunai.re>
Date: Sat, 23 Mar 2024 18:00:42 +0100
Subject: [PATCH] admin: Make OIDC_ISSUER a variable

---
 admin/api/password.go | 13 +++++++++----
 admin/main.go         |  3 +++
 fickit-backend.yml    |  1 +
 3 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/admin/api/password.go b/admin/api/password.go
index d90cba14..2c26cd9d 100644
--- a/admin/api/password.go
+++ b/admin/api/password.go
@@ -16,7 +16,10 @@ import (
 	"github.com/gin-gonic/gin"
 )
 
-var OidcSecret = ""
+var (
+	OidcIssuer = "live.fic.srs.epita.fr"
+	OidcSecret = ""
+)
 
 func declarePasswordRoutes(router *gin.RouterGroup) {
 	router.POST("/password", func(c *gin.Context) {
@@ -102,7 +105,7 @@ func declareTeamsPasswordRoutes(router *gin.RouterGroup) {
 	})
 }
 
-const dexcfgtpl = `issuer: https://fic.srs.epita.fr
+const dexcfgtpl = `issuer: {{ .Issuer }}
 storage:
   type: sqlite3
   config:
@@ -111,7 +114,7 @@ web:
   http: 0.0.0.0:5556
 frontend:
   issuer: Challenge forensic
-  logoURL: img/fic.png
+  logoURL: files/logo/ec2.png
   dir: /srv/dex/web/
 oauth2:
   skipApprovalScreen: true
@@ -179,6 +182,7 @@ type dexConfigClient struct {
 }
 
 type dexConfig struct {
+	Issuer  string
 	Clients []dexConfigClient
 	Teams   []*fic.Team
 }
@@ -196,11 +200,12 @@ func genDexConfig() ([]byte, error) {
 		} else if dexTmpl, err := template.New("dexcfg").Parse(dexcfgtpl); err != nil {
 			return nil, fmt.Errorf("Cannot create template: %w", err)
 		} else if err = dexTmpl.Execute(b, dexConfig{
+			Issuer: "https://" + OidcIssuer,
 			Clients: []dexConfigClient{
 				dexConfigClient{
 					Id:           "epita-challenge",
 					Name:         challengeInfo.Title,
-					RedirectURIs: []string{"https://fic.srs.epita.fr/challenge_access/auth"},
+					RedirectURIs: []string{"https://" + OidcIssuer + "/challenge_access/auth"},
 					Secret:       OidcSecret,
 				},
 			},
diff --git a/admin/main.go b/admin/main.go
index 59da3d08..38231285 100644
--- a/admin/main.go
+++ b/admin/main.go
@@ -34,6 +34,9 @@ func main() {
 	checkplugins := sync.CheckPluginList{}
 
 	// Read paremeters from environment
+	if v, exists := os.LookupEnv("FICOIDC_ISSUER"); exists {
+		api.OidcIssuer = v
+	}
 	if v, exists := os.LookupEnv("FICOIDC_SECRET"); exists {
 		api.OidcSecret = v
 	}
diff --git a/fickit-backend.yml b/fickit-backend.yml
index 10468743..4c7909ac 100644
--- a/fickit-backend.yml
+++ b/fickit-backend.yml
@@ -202,6 +202,7 @@ services:
       - PATH=/usr/sbin:/usr/bin:/sbin:/bin
       - MYSQL_HOST=db
       - FICCA_PASS=jee8AhloAith1aesCeQu5ahgIegaeM4K
+      - FICOIDC_ISSUER=live.fic.srs.epita.fr
       - FICOIDC_SECRET=N4n7AXzK9kpXt3TmSn8wAgtxqxhGORgcubLaE2g
     binds:
       - /etc/hosts:/etc/hosts:ro