package api import ( "bytes" "fmt" "io/ioutil" "log" "net/http" "os" "path" "strings" "text/template" "unicode" "srs.epita.fr/fic-server/admin/pki" "srs.epita.fr/fic-server/libfic" "github.com/gin-gonic/gin" ) var ( OidcIssuer = "live.fic.srs.epita.fr" OidcClientId = "epita-challenge" OidcSecret = "" ) func declarePasswordRoutes(router *gin.RouterGroup) { router.POST("/password", func(c *gin.Context) { passwd, err := fic.GeneratePassword() if err != nil { c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"errmsg": err.Error()}) return } c.JSON(http.StatusOK, gin.H{"password": passwd}) }) router.GET("/dex.yaml", func(c *gin.Context) { cfg, err := genDexConfig() if err != nil { c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"errmsg": err.Error()}) return } c.String(http.StatusOK, string(cfg)) }) router.POST("/dex.yaml", func(c *gin.Context) { if dexcfg, err := genDexConfig(); err != nil { c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"errmsg": err.Error()}) return } else if err := ioutil.WriteFile(path.Join(pki.PKIDir, "shared", "dex-config.yaml"), []byte(dexcfg), 0644); err != nil { c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"errmsg": err.Error()}) return } c.JSON(http.StatusOK, true) }) router.GET("/dex-password.tpl", func(c *gin.Context) { passtpl, err := genDexPasswordTpl() if err != nil { c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"errmsg": err.Error()}) return } c.String(http.StatusOK, string(passtpl)) }) router.POST("/dex-password.tpl", func(c *gin.Context) { if dexcfg, err := genDexPasswordTpl(); err != nil { c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"errmsg": err.Error()}) return } else if err := ioutil.WriteFile(path.Join(pki.PKIDir, "shared", "dex-password.tpl"), []byte(dexcfg), 0644); err != nil { c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"errmsg": err.Error()}) return } c.JSON(http.StatusOK, true) }) router.GET("/vouch-proxy.yaml", func(c *gin.Context) { cfg, err := genVouchProxyConfig() if err != nil { c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"errmsg": err.Error()}) return } c.String(http.StatusOK, string(cfg)) }) router.POST("/vouch-proxy.yaml", func(c *gin.Context) { if dexcfg, err := genVouchProxyConfig(); err != nil { c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"errmsg": err.Error()}) return } else if err := ioutil.WriteFile(path.Join(pki.PKIDir, "shared", "vouch-config.yaml"), []byte(dexcfg), 0644); err != nil { c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"errmsg": err.Error()}) return } c.JSON(http.StatusOK, true) }) } func declareTeamsPasswordRoutes(router *gin.RouterGroup) { router.GET("/password", func(c *gin.Context) { team := c.MustGet("team").(*fic.Team) if team.Password != nil { c.String(http.StatusOK, *team.Password) } else { c.AbortWithStatusJSON(http.StatusNotFound, nil) } }) router.POST("/password", func(c *gin.Context) { team := c.MustGet("team").(*fic.Team) if passwd, err := fic.GeneratePassword(); err != nil { log.Println("Unable to GeneratePassword:", err.Error()) c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"errmsg": "Something went wrong when generating the new team password"}) return } else { team.Password = &passwd _, err := team.Update() if err != nil { log.Println("Unable to Update Team:", err.Error()) c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"errmsg": "Something went wrong when updating the new team password"}) return } c.JSON(http.StatusOK, team) } }) } const dexcfgtpl = `issuer: {{ .Issuer }} storage: type: sqlite3 config: file: /var/dex/dex.db web: http: 0.0.0.0:5556 frontend: issuer: Challenge forensic logoURL: {{ .LogoPath }} dir: /srv/dex/web/ oauth2: skipApprovalScreen: true staticClients: {{ range $c := .Clients }} - id: {{ $c.Id }} name: {{ $c.Name }} redirectURIs: [{{ range $u := $c.RedirectURIs }}'{{ $u }}'{{ end }}] secret: {{ $c.Secret }} {{ end }} enablePasswordDB: true staticPasswords: {{ range $t := .Teams }} - email: "team{{ printf "%02d" $t.Id }}" hash: "{{with $t }}{{ .HashedPassword }}{{end}}" {{ end }} ` const dexpasswdtpl = `{{ "{{" }} template "header.html" . {{ "}}" }}