fic/server
1
0
Fork 0
Code Issues Pull Requests 4 Releases Wiki Activity

admin: Make OIDC_ISSUER a variable

Browse Source
This commit is contained in:
nemunaire 2024-03-23 18:00:42 +01:00
parent 18fb11360b
commit 52bc7b6650
3 changed files with 13 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
admin/api/password.go
View File

@ -16,7 +16,10 @@ import (
"github.com/gin-gonic/gin" "github.com/gin-gonic/gin"
) )
var OidcSecret = "" var (
OidcIssuer = "live.fic.srs.epita.fr"
OidcSecret = ""
)
func declarePasswordRoutes(router *gin.RouterGroup) { func declarePasswordRoutes(router *gin.RouterGroup) {
router.POST("/password", func(c *gin.Context) { router.POST("/password", func(c *gin.Context) {
@ -102,7 +105,7 @@ func declareTeamsPasswordRoutes(router *gin.RouterGroup) {
}) })
} }
const dexcfgtpl = `issuer: https://fic.srs.epita.fr const dexcfgtpl = `issuer: {{ .Issuer }}
storage: storage:
type: sqlite3 type: sqlite3
config: config:
@ -111,7 +114,7 @@ web:
http: 0.0.0.0:5556 http: 0.0.0.0:5556
frontend: frontend:
issuer: Challenge forensic issuer: Challenge forensic
logoURL: img/fic.png logoURL: files/logo/ec2.png
dir: /srv/dex/web/ dir: /srv/dex/web/
oauth2: oauth2:
skipApprovalScreen: true skipApprovalScreen: true
@ -179,6 +182,7 @@ type dexConfigClient struct {
} }
type dexConfig struct { type dexConfig struct {
Issuer string
Clients []dexConfigClient Clients []dexConfigClient
Teams []*fic.Team Teams []*fic.Team
} }
@ -196,11 +200,12 @@ func genDexConfig() ([]byte, error) {
} else if dexTmpl, err := template.New("dexcfg").Parse(dexcfgtpl); err != nil { } else if dexTmpl, err := template.New("dexcfg").Parse(dexcfgtpl); err != nil {
return nil, fmt.Errorf("Cannot create template: %w", err) return nil, fmt.Errorf("Cannot create template: %w", err)
} else if err = dexTmpl.Execute(b, dexConfig{ } else if err = dexTmpl.Execute(b, dexConfig{
Issuer: "https://" + OidcIssuer,
Clients: []dexConfigClient{ Clients: []dexConfigClient{
dexConfigClient{ dexConfigClient{
Id: "epita-challenge", Id: "epita-challenge",
Name: challengeInfo.Title, Name: challengeInfo.Title,
RedirectURIs: []string{"https://fic.srs.epita.fr/challenge_access/auth"}, RedirectURIs: []string{"https://" + OidcIssuer + "/challenge_access/auth"},
Secret: OidcSecret, Secret: OidcSecret,
}, },
}, },

3
admin/main.go
View File

@ -34,6 +34,9 @@ func main() {
checkplugins := sync.CheckPluginList{} checkplugins := sync.CheckPluginList{}
// Read paremeters from environment // Read paremeters from environment
if v, exists := os.LookupEnv("FICOIDC_ISSUER"); exists {
api.OidcIssuer = v
}
if v, exists := os.LookupEnv("FICOIDC_SECRET"); exists { if v, exists := os.LookupEnv("FICOIDC_SECRET"); exists {
api.OidcSecret = v api.OidcSecret = v
} }

1
fickit-backend.yml
View File

@ -202,6 +202,7 @@ services:
- PATH=/usr/sbin:/usr/bin:/sbin:/bin - PATH=/usr/sbin:/usr/bin:/sbin:/bin
- MYSQL_HOST=db - MYSQL_HOST=db
- FICCA_PASS=jee8AhloAith1aesCeQu5ahgIegaeM4K - FICCA_PASS=jee8AhloAith1aesCeQu5ahgIegaeM4K
- FICOIDC_ISSUER=live.fic.srs.epita.fr
- FICOIDC_SECRET=N4n7AXzK9kpXt3TmSn8wAgtxqxhGORgcubLaE2g - FICOIDC_SECRET=N4n7AXzK9kpXt3TmSn8wAgtxqxhGORgcubLaE2g
binds: binds:
- /etc/hosts:/etc/hosts:ro - /etc/hosts:/etc/hosts:ro