admin: Make OIDC_ISSUER a variable

2024-03-23 18:00:42 +01:00 · 2024-03-23 18:00:42 +01:00 · 52bc7b6650
commit 52bc7b6650
parent 18fb11360b
3 changed files with 13 additions and 4 deletions
--- a/admin/api/password.go
+++ b/admin/api/password.go
@ -16,7 +16,10 @@ import (
 	"github.com/gin-gonic/gin"
 )

-var OidcSecret = ""
+var (
+	OidcIssuer = "live.fic.srs.epita.fr"
+	OidcSecret = ""
+)

 func declarePasswordRoutes(router *gin.RouterGroup) {
 	router.POST("/password", func(c *gin.Context) {
@ -102,7 +105,7 @@ func declareTeamsPasswordRoutes(router *gin.RouterGroup) {
 	})
 }

-const dexcfgtpl = `issuer: https://fic.srs.epita.fr
+const dexcfgtpl = `issuer: {{ .Issuer }}
 storage:
  type: sqlite3
  config:
@ -111,7 +114,7 @@ web:
  http: 0.0.0.0:5556
 frontend:
  issuer: Challenge forensic
-  logoURL: img/fic.png
+  logoURL: files/logo/ec2.png
  dir: /srv/dex/web/
 oauth2:
  skipApprovalScreen: true
@ -179,6 +182,7 @@ type dexConfigClient struct {
 }

 type dexConfig struct {
+	Issuer  string
 	Clients []dexConfigClient
 	Teams   []*fic.Team
 }
@ -196,11 +200,12 @@ func genDexConfig() ([]byte, error) {
 		} else if dexTmpl, err := template.New("dexcfg").Parse(dexcfgtpl); err != nil {
 			return nil, fmt.Errorf("Cannot create template: %w", err)
 		} else if err = dexTmpl.Execute(b, dexConfig{
+			Issuer: "https://" + OidcIssuer,
 			Clients: []dexConfigClient{
 				dexConfigClient{
 					Id:           "epita-challenge",
 					Name:         challengeInfo.Title,
-					RedirectURIs: []string{"https://fic.srs.epita.fr/challenge_access/auth"},
+					RedirectURIs: []string{"https://" + OidcIssuer + "/challenge_access/auth"},
 					Secret:       OidcSecret,
 				},
 			},
--- a/admin/main.go
+++ b/admin/main.go
@ -34,6 +34,9 @@ func main() {
 	checkplugins := sync.CheckPluginList{}

 	// Read paremeters from environment
+	if v, exists := os.LookupEnv("FICOIDC_ISSUER"); exists {
+		api.OidcIssuer = v
+	}
 	if v, exists := os.LookupEnv("FICOIDC_SECRET"); exists {
 		api.OidcSecret = v
 	}
--- a/fickit-backend.yml
+++ b/fickit-backend.yml
@ -202,6 +202,7 @@ services:
      - PATH=/usr/sbin:/usr/bin:/sbin:/bin
      - MYSQL_HOST=db
      - FICCA_PASS=jee8AhloAith1aesCeQu5ahgIegaeM4K
+      - FICOIDC_ISSUER=live.fic.srs.epita.fr
      - FICOIDC_SECRET=N4n7AXzK9kpXt3TmSn8wAgtxqxhGORgcubLaE2g
    binds:
      - /etc/hosts:/etc/hosts:ro