From e23377329a825094c9268897b540d8460ef1df3e Mon Sep 17 00:00:00 2001
From: Pierre-Olivier Mercier <nemunaire@nemunai.re>
Date: Sun, 24 Mar 2024 19:23:31 +0100
Subject: [PATCH] admin: Can use GRPC to manage password

---
 admin/api/password.go | 33 +++++++++++++++++++++++++++------
 1 file changed, 27 insertions(+), 6 deletions(-)

diff --git a/admin/api/password.go b/admin/api/password.go
index 2247e918..79f324cd 100644
--- a/admin/api/password.go
+++ b/admin/api/password.go
@@ -35,7 +35,8 @@ func declarePasswordRoutes(router *gin.RouterGroup) {
 		c.JSON(http.StatusOK, gin.H{"password": passwd})
 	})
 	router.GET("/dex.yaml", func(c *gin.Context) {
-		cfg, err := genDexConfig()
+		_, staticpassword := c.Request.URL.Query()["staticpassword"]
+		cfg, err := genDexConfig(staticpassword)
 		if err != nil {
 			c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"errmsg": err.Error()})
 			return
@@ -44,7 +45,8 @@ func declarePasswordRoutes(router *gin.RouterGroup) {
 		c.String(http.StatusOK, string(cfg))
 	})
 	router.POST("/dex.yaml", func(c *gin.Context) {
-		if dexcfg, err := genDexConfig(); err != nil {
+		_, staticpassword := c.Request.URL.Query()["staticpassword"]
+		if dexcfg, err := genDexConfig(staticpassword); err != nil {
 			c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"errmsg": err.Error()})
 			return
 		} else if err := ioutil.WriteFile(path.Join(pki.PKIDir, "shared", "dex-config.yaml"), []byte(dexcfg), 0644); err != nil {
@@ -135,6 +137,10 @@ storage:
     file: /var/dex/dex.db
 web:
   http: 0.0.0.0:5556
+{{ if .GRPC }}
+grpc:
+  addr: 127.0.0.1:5557
+{{ end }}
 frontend:
   issuer: Challenge forensic
   logoURL: {{ .LogoPath }}
@@ -210,16 +216,23 @@ type dexConfig struct {
 	Clients  []dexConfigClient
 	Teams    []*fic.Team
 	LogoPath string
+	GRPC     bool
 }
 
-func genDexConfig() ([]byte, error) {
+func genDexConfig(withTeams bool) ([]byte, error) {
 	if OidcSecret == "" {
 		return nil, fmt.Errorf("Unable to generate dex configuration: OIDC Secret not defined. Please define FICOIDC_SECRET in your environment.")
 	}
 
-	teams, err := fic.GetTeams()
-	if err != nil {
-		return nil, err
+	var teams []*fic.Team
+	var err error
+
+	// Should teams be included as static passwords, instead of being managed by GRPC
+	if withTeams {
+		teams, err = fic.GetTeams()
+		if err != nil {
+			return nil, err
+		}
 	}
 
 	b := bytes.NewBufferString("")
@@ -258,12 +271,20 @@ func genDexConfig() ([]byte, error) {
 		},
 		Teams:    teams,
 		LogoPath: logoPath,
+		GRPC:     !withTeams,
 	})
 	if err != nil {
 		return nil, fmt.Errorf("An error occurs during template execution: %w", err)
 	}
 
 	// Also generate team associations
+	if !withTeams {
+		teams, err = fic.GetTeams()
+		if err != nil {
+			return nil, err
+		}
+	}
+
 	for _, team := range teams {
 		if _, err := os.Stat(path.Join(TeamsDir, fmt.Sprintf("team%02d", team.Id))); err == nil {
 			if err = os.Remove(path.Join(TeamsDir, fmt.Sprintf("team%02d", team.Id))); err != nil {