fic/server
2
0
Fork 0
Code Issues Pull Requests 7 Releases Wiki Activity

admin: Can use GRPC to manage password

Browse Source
This commit is contained in:
nemunaire 2024-03-24 19:23:31 +01:00
parent 77cdfdb355
commit e23377329a
1 changed files with 27 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
admin/api/password.go
View File

@ -35,7 +35,8 @@ func declarePasswordRoutes(router *gin.RouterGroup) {
c.JSON(http.StatusOK, gin.H{"password": passwd}) c.JSON(http.StatusOK, gin.H{"password": passwd})
}) })
router.GET("/dex.yaml", func(c *gin.Context) { router.GET("/dex.yaml", func(c *gin.Context) {
cfg, err := genDexConfig() _, staticpassword := c.Request.URL.Query()["staticpassword"]
cfg, err := genDexConfig(staticpassword)
if err != nil { if err != nil {
c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"errmsg": err.Error()}) c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"errmsg": err.Error()})
return return
@ -44,7 +45,8 @@ func declarePasswordRoutes(router *gin.RouterGroup) {
c.String(http.StatusOK, string(cfg)) c.String(http.StatusOK, string(cfg))
}) })
router.POST("/dex.yaml", func(c *gin.Context) { router.POST("/dex.yaml", func(c *gin.Context) {
if dexcfg, err := genDexConfig(); err != nil { _, staticpassword := c.Request.URL.Query()["staticpassword"]
if dexcfg, err := genDexConfig(staticpassword); err != nil {
c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"errmsg": err.Error()}) c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"errmsg": err.Error()})
return return
} else if err := ioutil.WriteFile(path.Join(pki.PKIDir, "shared", "dex-config.yaml"), []byte(dexcfg), 0644); err != nil { } else if err := ioutil.WriteFile(path.Join(pki.PKIDir, "shared", "dex-config.yaml"), []byte(dexcfg), 0644); err != nil {
@ -135,6 +137,10 @@ storage:
file: /var/dex/dex.db file: /var/dex/dex.db
web: web:
http: 0.0.0.0:5556 http: 0.0.0.0:5556
{{ if .GRPC }}
grpc:
addr: 127.0.0.1:5557
{{ end }}
frontend: frontend:
issuer: Challenge forensic issuer: Challenge forensic
logoURL: {{ .LogoPath }} logoURL: {{ .LogoPath }}
@ -210,16 +216,23 @@ type dexConfig struct {
Clients []dexConfigClient Clients []dexConfigClient
Teams []*fic.Team Teams []*fic.Team
LogoPath string LogoPath string
GRPC bool
} }
func genDexConfig() ([]byte, error) { func genDexConfig(withTeams bool) ([]byte, error) {
if OidcSecret == "" { if OidcSecret == "" {
return nil, fmt.Errorf("Unable to generate dex configuration: OIDC Secret not defined. Please define FICOIDC_SECRET in your environment.") return nil, fmt.Errorf("Unable to generate dex configuration: OIDC Secret not defined. Please define FICOIDC_SECRET in your environment.")
} }
teams, err := fic.GetTeams() var teams []*fic.Team
if err != nil { var err error
return nil, err
// Should teams be included as static passwords, instead of being managed by GRPC
if withTeams {
teams, err = fic.GetTeams()
if err != nil {
return nil, err
}
} }
b := bytes.NewBufferString("") b := bytes.NewBufferString("")
@ -258,12 +271,20 @@ func genDexConfig() ([]byte, error) {
}, },
Teams: teams, Teams: teams,
LogoPath: logoPath, LogoPath: logoPath,
GRPC: !withTeams,
}) })
if err != nil { if err != nil {
return nil, fmt.Errorf("An error occurs during template execution: %w", err) return nil, fmt.Errorf("An error occurs during template execution: %w", err)
} }
// Also generate team associations // Also generate team associations
if !withTeams {
teams, err = fic.GetTeams()
if err != nil {
return nil, err
}
}
for _, team := range teams { for _, team := range teams {
if _, err := os.Stat(path.Join(TeamsDir, fmt.Sprintf("team%02d", team.Id))); err == nil { if _, err := os.Stat(path.Join(TeamsDir, fmt.Sprintf("team%02d", team.Id))); err == nil {
if err = os.Remove(path.Join(TeamsDir, fmt.Sprintf("team%02d", team.Id))); err != nil { if err = os.Remove(path.Join(TeamsDir, fmt.Sprintf("team%02d", team.Id))); err != nil {