2024-10-27 06:10:27 +01:00
|
|
|
package pkg
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
Copyright 2024 Jonas Kaninda
|
|
|
|
|
|
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
|
you may not use this file except in compliance with the License.
|
|
|
|
|
You may obtain a copy of the License at
|
|
|
|
|
|
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
|
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
|
See the License for the specific language governing permissions and
|
|
|
|
|
limitations under the License.
|
|
|
|
|
*/
|
|
|
|
|
import (
|
|
|
|
|
"fmt"
|
2024-11-07 09:45:09 +01:00
|
|
|
"github.com/jkaninda/goma-gateway/internal/middleware"
|
2024-11-04 08:48:38 +01:00
|
|
|
"github.com/jkaninda/goma-gateway/pkg/logger"
|
2024-10-27 06:10:27 +01:00
|
|
|
"github.com/jkaninda/goma-gateway/util"
|
2024-11-07 09:45:09 +01:00
|
|
|
"golang.org/x/oauth2"
|
2024-11-08 12:03:52 +01:00
|
|
|
"golang.org/x/oauth2/amazon"
|
|
|
|
|
"golang.org/x/oauth2/facebook"
|
|
|
|
|
"golang.org/x/oauth2/github"
|
|
|
|
|
"golang.org/x/oauth2/gitlab"
|
|
|
|
|
"golang.org/x/oauth2/google"
|
2024-10-27 06:10:27 +01:00
|
|
|
"gopkg.in/yaml.v3"
|
|
|
|
|
"os"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
var cfg *Gateway
|
|
|
|
|
|
|
|
|
|
// Config reads config file and returns Gateway
|
|
|
|
|
func (GatewayServer) Config(configFile string) (*GatewayServer, error) {
|
|
|
|
|
if util.FileExists(configFile) {
|
|
|
|
|
buf, err := os.ReadFile(configFile)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
util.SetEnv("GOMA_CONFIG_FILE", configFile)
|
|
|
|
|
c := &GatewayConfig{}
|
|
|
|
|
err = yaml.Unmarshal(buf, c)
|
|
|
|
|
if err != nil {
|
2024-11-07 15:53:36 +01:00
|
|
|
return nil, fmt.Errorf("parsing the configuration file %q: %w", configFile, err)
|
2024-10-27 06:10:27 +01:00
|
|
|
}
|
|
|
|
|
return &GatewayServer{
|
|
|
|
|
ctx: nil,
|
2024-11-10 14:52:31 +01:00
|
|
|
version: c.Version,
|
2024-10-27 06:10:27 +01:00
|
|
|
gateway: c.GatewayConfig,
|
|
|
|
|
middlewares: c.Middlewares,
|
|
|
|
|
}, nil
|
|
|
|
|
}
|
|
|
|
|
logger.Error("Configuration file not found: %v", configFile)
|
2024-11-07 15:53:36 +01:00
|
|
|
// Check a default file
|
|
|
|
|
if util.FileExists(ConfigFile) {
|
|
|
|
|
buf, err := os.ReadFile(ConfigFile)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
logger.Info("Using configuration file: %s", ConfigFile)
|
|
|
|
|
util.SetEnv("GOMA_CONFIG_FILE", configFile)
|
|
|
|
|
c := &GatewayConfig{}
|
|
|
|
|
err = yaml.Unmarshal(buf, c)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, fmt.Errorf("parsing the configuration file %q: %w", ConfigFile, err)
|
|
|
|
|
}
|
|
|
|
|
return &GatewayServer{
|
|
|
|
|
ctx: nil,
|
|
|
|
|
gateway: c.GatewayConfig,
|
|
|
|
|
middlewares: c.Middlewares,
|
|
|
|
|
}, nil
|
|
|
|
|
|
|
|
|
|
}
|
2024-10-27 06:10:27 +01:00
|
|
|
logger.Info("Generating new configuration file...")
|
2024-11-09 05:34:23 +01:00
|
|
|
//check if config directory does exist
|
|
|
|
|
if !util.FolderExists(ConfigDir) {
|
|
|
|
|
err := os.MkdirAll(ConfigDir, os.ModePerm)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
}
|
2024-11-11 08:50:34 +01:00
|
|
|
err := initConfig(ConfigFile)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
logger.Info("Generating new configuration file...done")
|
2024-10-27 06:10:27 +01:00
|
|
|
logger.Info("Server configuration file is available at %s", ConfigFile)
|
|
|
|
|
util.SetEnv("GOMA_CONFIG_FILE", ConfigFile)
|
|
|
|
|
buf, err := os.ReadFile(ConfigFile)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
c := &GatewayConfig{}
|
|
|
|
|
err = yaml.Unmarshal(buf, c)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, fmt.Errorf("in file %q: %w", ConfigFile, err)
|
|
|
|
|
}
|
|
|
|
|
logger.Info("Generating new configuration file...done")
|
|
|
|
|
return &GatewayServer{
|
|
|
|
|
ctx: nil,
|
|
|
|
|
gateway: c.GatewayConfig,
|
|
|
|
|
middlewares: c.Middlewares,
|
|
|
|
|
}, nil
|
|
|
|
|
}
|
2024-11-10 19:58:53 +01:00
|
|
|
|
|
|
|
|
// SetEnv sets environment variables
|
|
|
|
|
func (gatewayServer GatewayServer) SetEnv() {
|
|
|
|
|
util.SetEnv("GOMA_LOG_LEVEL", gatewayServer.gateway.LogLevel)
|
|
|
|
|
util.SetEnv("GOMA_ERROR_LOG", gatewayServer.gateway.ErrorLog)
|
|
|
|
|
util.SetEnv("GOMA_ACCESS_LOG", gatewayServer.gateway.AccessLog)
|
|
|
|
|
}
|
|
|
|
|
|
2024-10-27 06:10:27 +01:00
|
|
|
func GetConfigPaths() string {
|
2024-11-10 19:58:53 +01:00
|
|
|
return util.GetStringEnv("GOMA_CONFIG_FILE", ConfigFile)
|
2024-10-27 06:10:27 +01:00
|
|
|
}
|
2024-11-10 19:58:53 +01:00
|
|
|
|
|
|
|
|
// InitConfig initializes configs
|
2024-11-11 08:50:34 +01:00
|
|
|
func InitConfig(configFile string) error {
|
|
|
|
|
return initConfig(configFile)
|
2024-10-27 06:10:27 +01:00
|
|
|
|
|
|
|
|
}
|
2024-11-10 19:58:53 +01:00
|
|
|
|
|
|
|
|
// initConfig initializes configs
|
2024-11-11 08:50:34 +01:00
|
|
|
func initConfig(configFile string) error {
|
2024-10-27 06:10:27 +01:00
|
|
|
if configFile == "" {
|
|
|
|
|
configFile = GetConfigPaths()
|
|
|
|
|
}
|
|
|
|
|
conf := &GatewayConfig{
|
2024-11-10 07:56:46 +01:00
|
|
|
Version: util.ConfigVersion,
|
2024-10-27 06:10:27 +01:00
|
|
|
GatewayConfig: Gateway{
|
|
|
|
|
WriteTimeout: 15,
|
|
|
|
|
ReadTimeout: 15,
|
2024-11-10 14:52:31 +01:00
|
|
|
IdleTimeout: 30,
|
2024-10-27 06:10:27 +01:00
|
|
|
AccessLog: "/dev/Stdout",
|
|
|
|
|
ErrorLog: "/dev/stderr",
|
|
|
|
|
DisableRouteHealthCheckError: false,
|
|
|
|
|
DisableDisplayRouteOnStart: false,
|
2024-11-08 22:58:09 +01:00
|
|
|
RateLimit: 0,
|
2024-10-29 14:21:55 +01:00
|
|
|
InterceptErrors: []int{405, 500},
|
2024-10-27 06:10:27 +01:00
|
|
|
Cors: Cors{
|
|
|
|
|
Origins: []string{"http://localhost:8080", "https://example.com"},
|
|
|
|
|
Headers: map[string]string{
|
|
|
|
|
"Access-Control-Allow-Headers": "Origin, Authorization, Accept, Content-Type, Access-Control-Allow-Headers, X-Client-Id, X-Session-Id",
|
|
|
|
|
"Access-Control-Allow-Credentials": "true",
|
|
|
|
|
"Access-Control-Max-Age": "1728000",
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
Routes: []Route{
|
|
|
|
|
{
|
2024-10-29 14:21:55 +01:00
|
|
|
Name: "Public",
|
2024-11-10 14:52:31 +01:00
|
|
|
Path: "/",
|
2024-11-08 22:58:09 +01:00
|
|
|
Methods: []string{"GET"},
|
2024-11-02 12:24:31 +01:00
|
|
|
Destination: "https://example.com",
|
|
|
|
|
Rewrite: "/",
|
2024-11-10 14:52:31 +01:00
|
|
|
HealthCheck: RouteHealthCheck{
|
|
|
|
|
Path: "/",
|
|
|
|
|
HealthyStatuses: []int{200, 404},
|
|
|
|
|
},
|
2024-11-02 12:24:31 +01:00
|
|
|
Middlewares: []string{"api-forbidden-paths"},
|
2024-10-27 06:10:27 +01:00
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
Name: "Basic auth",
|
2024-10-28 03:26:32 +01:00
|
|
|
Path: "/protected",
|
|
|
|
|
Destination: "https://example.com",
|
|
|
|
|
Rewrite: "/",
|
2024-11-10 14:52:31 +01:00
|
|
|
HealthCheck: RouteHealthCheck{},
|
2024-10-28 10:17:55 +01:00
|
|
|
Cors: Cors{
|
|
|
|
|
Origins: []string{"http://localhost:3000", "https://dev.example.com"},
|
|
|
|
|
Headers: map[string]string{
|
|
|
|
|
"Access-Control-Allow-Headers": "Origin, Authorization",
|
|
|
|
|
"Access-Control-Allow-Credentials": "true",
|
|
|
|
|
"Access-Control-Max-Age": "1728000",
|
|
|
|
|
},
|
|
|
|
|
},
|
2024-10-30 16:58:22 +01:00
|
|
|
Middlewares: []string{"basic-auth", "api-forbidden-paths"},
|
2024-10-27 06:10:27 +01:00
|
|
|
},
|
2024-10-29 14:21:55 +01:00
|
|
|
{
|
2024-11-10 14:52:31 +01:00
|
|
|
Path: "/",
|
|
|
|
|
Name: "Hostname and load balancing example",
|
|
|
|
|
Hosts: []string{"example.com", "example.localhost"},
|
|
|
|
|
InterceptErrors: []int{404, 405, 500},
|
|
|
|
|
RateLimit: 60,
|
|
|
|
|
Backends: []string{
|
|
|
|
|
"https://example.com",
|
|
|
|
|
"https://example2.com",
|
|
|
|
|
"https://example4.com",
|
|
|
|
|
},
|
2024-10-29 14:21:55 +01:00
|
|
|
Rewrite: "/",
|
2024-11-10 14:52:31 +01:00
|
|
|
HealthCheck: RouteHealthCheck{},
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
Path: "/loadbalancing",
|
|
|
|
|
Name: "loadBalancing example",
|
|
|
|
|
Hosts: []string{"example.com", "example.localhost"},
|
|
|
|
|
Backends: []string{
|
|
|
|
|
"https://example.com",
|
|
|
|
|
"https://example2.com",
|
|
|
|
|
"https://example4.com",
|
|
|
|
|
},
|
|
|
|
|
Rewrite: "/",
|
|
|
|
|
HealthCheck: RouteHealthCheck{
|
|
|
|
|
Path: "/health/live",
|
|
|
|
|
HealthyStatuses: []int{200, 404},
|
2024-11-12 12:38:34 +01:00
|
|
|
Interval: "30s",
|
|
|
|
|
Timeout: "10s",
|
2024-11-10 14:52:31 +01:00
|
|
|
},
|
2024-10-29 14:21:55 +01:00
|
|
|
},
|
2024-10-27 06:10:27 +01:00
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
Middlewares: []Middleware{
|
|
|
|
|
{
|
|
|
|
|
Name: "basic-auth",
|
2024-10-30 16:58:22 +01:00
|
|
|
Type: BasicAuth,
|
|
|
|
|
Paths: []string{
|
2024-11-02 12:24:31 +01:00
|
|
|
"/*",
|
2024-10-30 16:58:22 +01:00
|
|
|
},
|
2024-10-30 16:38:09 +01:00
|
|
|
Rule: BasicRuleMiddleware{
|
2024-11-02 12:24:31 +01:00
|
|
|
Username: "admin",
|
|
|
|
|
Password: "admin",
|
2024-10-27 06:10:27 +01:00
|
|
|
},
|
|
|
|
|
}, {
|
2024-10-28 03:26:32 +01:00
|
|
|
Name: "jwt",
|
2024-10-30 16:58:22 +01:00
|
|
|
Type: JWTAuth,
|
|
|
|
|
Paths: []string{
|
|
|
|
|
"/protected-access",
|
|
|
|
|
"/example-of-jwt",
|
|
|
|
|
},
|
2024-10-30 16:38:09 +01:00
|
|
|
Rule: JWTRuleMiddleware{
|
2024-11-08 12:03:52 +01:00
|
|
|
URL: "https://example.com/auth/userinfo",
|
2024-10-28 03:26:32 +01:00
|
|
|
RequiredHeaders: []string{
|
|
|
|
|
"Authorization",
|
|
|
|
|
},
|
2024-10-27 06:10:27 +01:00
|
|
|
Headers: map[string]string{},
|
|
|
|
|
Params: map[string]string{},
|
|
|
|
|
},
|
|
|
|
|
},
|
2024-10-30 16:58:22 +01:00
|
|
|
{
|
|
|
|
|
Name: "api-forbidden-paths",
|
|
|
|
|
Type: AccessMiddleware,
|
|
|
|
|
Paths: []string{
|
|
|
|
|
"/swagger-ui/*",
|
|
|
|
|
"/v2/swagger-ui/*",
|
|
|
|
|
"/api-docs/*",
|
|
|
|
|
"/actuator/*",
|
|
|
|
|
},
|
|
|
|
|
},
|
2024-11-07 09:45:09 +01:00
|
|
|
{
|
2024-11-08 12:03:52 +01:00
|
|
|
Name: "oauth-google",
|
2024-11-07 09:45:09 +01:00
|
|
|
Type: OAuth,
|
|
|
|
|
Paths: []string{
|
|
|
|
|
"/protected",
|
|
|
|
|
"/example-of-oauth",
|
|
|
|
|
},
|
|
|
|
|
Rule: OauthRulerMiddleware{
|
2024-11-08 12:03:52 +01:00
|
|
|
ClientID: "xxx",
|
|
|
|
|
ClientSecret: "xxx",
|
|
|
|
|
Provider: "google",
|
|
|
|
|
JWTSecret: "your-strong-jwt-secret | It's optional",
|
|
|
|
|
RedirectURL: "http://localhost:8080/callback",
|
|
|
|
|
Scopes: []string{"https://www.googleapis.com/auth/userinfo.email",
|
|
|
|
|
"https://www.googleapis.com/auth/userinfo.profile"},
|
|
|
|
|
Endpoint: OauthEndpoint{},
|
|
|
|
|
State: "randomStateString",
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
Name: "oauth-authentik",
|
|
|
|
|
Type: OAuth,
|
|
|
|
|
Paths: []string{
|
2024-11-10 14:52:31 +01:00
|
|
|
"/*",
|
2024-11-08 12:03:52 +01:00
|
|
|
},
|
|
|
|
|
Rule: OauthRulerMiddleware{
|
2024-11-10 14:52:31 +01:00
|
|
|
ClientID: "xxxx",
|
|
|
|
|
ClientSecret: "xxxx",
|
2024-11-08 12:03:52 +01:00
|
|
|
RedirectURL: "http://localhost:8080/callback",
|
|
|
|
|
Scopes: []string{"email", "openid"},
|
|
|
|
|
JWTSecret: "your-strong-jwt-secret | It's optional",
|
2024-11-07 09:45:09 +01:00
|
|
|
Endpoint: OauthEndpoint{
|
2024-11-08 12:03:52 +01:00
|
|
|
AuthURL: "https://authentik.example.com/application/o/authorize/",
|
|
|
|
|
TokenURL: "https://authentik.example.com/application/o/token/",
|
|
|
|
|
UserInfoURL: "https://authentik.example.com/application/o/userinfo/",
|
2024-11-07 09:45:09 +01:00
|
|
|
},
|
|
|
|
|
State: "randomStateString",
|
|
|
|
|
},
|
|
|
|
|
},
|
2024-10-27 06:10:27 +01:00
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
yamlData, err := yaml.Marshal(&conf)
|
|
|
|
|
if err != nil {
|
2024-11-11 08:50:34 +01:00
|
|
|
return fmt.Errorf("serializing configuration %v\n", err.Error())
|
2024-10-27 06:10:27 +01:00
|
|
|
}
|
|
|
|
|
err = os.WriteFile(configFile, yamlData, 0644)
|
|
|
|
|
if err != nil {
|
2024-11-11 08:50:34 +01:00
|
|
|
return fmt.Errorf("unable to write config file %s\n", err)
|
2024-10-27 06:10:27 +01:00
|
|
|
}
|
2024-11-11 08:50:34 +01:00
|
|
|
return nil
|
2024-10-27 06:10:27 +01:00
|
|
|
}
|
|
|
|
|
func (Gateway) Setup(conf string) *Gateway {
|
|
|
|
|
if util.FileExists(conf) {
|
|
|
|
|
buf, err := os.ReadFile(conf)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return &Gateway{}
|
|
|
|
|
}
|
|
|
|
|
util.SetEnv("GOMA_CONFIG_FILE", conf)
|
|
|
|
|
c := &GatewayConfig{}
|
|
|
|
|
err = yaml.Unmarshal(buf, c)
|
|
|
|
|
if err != nil {
|
|
|
|
|
logger.Fatal("Error loading configuration %v", err.Error())
|
|
|
|
|
}
|
|
|
|
|
return &c.GatewayConfig
|
|
|
|
|
}
|
|
|
|
|
return &Gateway{}
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
2024-10-30 16:38:09 +01:00
|
|
|
// getJWTMiddleware returns JWTRuleMiddleware,error
|
|
|
|
|
func getJWTMiddleware(input interface{}) (JWTRuleMiddleware, error) {
|
|
|
|
|
jWTRuler := new(JWTRuleMiddleware)
|
2024-10-27 06:10:27 +01:00
|
|
|
var bytes []byte
|
|
|
|
|
bytes, err := yaml.Marshal(input)
|
|
|
|
|
if err != nil {
|
2024-10-30 16:38:09 +01:00
|
|
|
return JWTRuleMiddleware{}, fmt.Errorf("error parsing yaml: %v", err)
|
2024-10-27 06:10:27 +01:00
|
|
|
}
|
|
|
|
|
err = yaml.Unmarshal(bytes, jWTRuler)
|
|
|
|
|
if err != nil {
|
2024-10-30 16:38:09 +01:00
|
|
|
return JWTRuleMiddleware{}, fmt.Errorf("error parsing yaml: %v", err)
|
2024-10-27 07:24:50 +01:00
|
|
|
}
|
|
|
|
|
if jWTRuler.URL == "" {
|
2024-10-30 16:38:09 +01:00
|
|
|
return JWTRuleMiddleware{}, fmt.Errorf("error parsing yaml: empty url in jwt auth middleware")
|
2024-10-27 07:24:50 +01:00
|
|
|
|
2024-10-27 06:10:27 +01:00
|
|
|
}
|
|
|
|
|
return *jWTRuler, nil
|
|
|
|
|
}
|
|
|
|
|
|
2024-10-30 16:38:09 +01:00
|
|
|
// getBasicAuthMiddleware returns BasicRuleMiddleware,error
|
|
|
|
|
func getBasicAuthMiddleware(input interface{}) (BasicRuleMiddleware, error) {
|
|
|
|
|
basicAuth := new(BasicRuleMiddleware)
|
2024-10-27 06:10:27 +01:00
|
|
|
var bytes []byte
|
|
|
|
|
bytes, err := yaml.Marshal(input)
|
|
|
|
|
if err != nil {
|
2024-10-30 16:38:09 +01:00
|
|
|
return BasicRuleMiddleware{}, fmt.Errorf("error parsing yaml: %v", err)
|
2024-10-27 06:10:27 +01:00
|
|
|
}
|
|
|
|
|
err = yaml.Unmarshal(bytes, basicAuth)
|
|
|
|
|
if err != nil {
|
2024-10-30 16:38:09 +01:00
|
|
|
return BasicRuleMiddleware{}, fmt.Errorf("error parsing yaml: %v", err)
|
2024-10-27 07:24:50 +01:00
|
|
|
}
|
|
|
|
|
if basicAuth.Username == "" || basicAuth.Password == "" {
|
2024-10-30 16:38:09 +01:00
|
|
|
return BasicRuleMiddleware{}, fmt.Errorf("error parsing yaml: empty username/password in %s middleware", basicAuth)
|
2024-10-27 07:24:50 +01:00
|
|
|
|
2024-10-27 06:10:27 +01:00
|
|
|
}
|
|
|
|
|
return *basicAuth, nil
|
|
|
|
|
}
|
2024-11-07 09:45:09 +01:00
|
|
|
|
|
|
|
|
// oAuthMiddleware returns OauthRulerMiddleware, error
|
|
|
|
|
func oAuthMiddleware(input interface{}) (OauthRulerMiddleware, error) {
|
|
|
|
|
oauthRuler := new(OauthRulerMiddleware)
|
|
|
|
|
var bytes []byte
|
|
|
|
|
bytes, err := yaml.Marshal(input)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return OauthRulerMiddleware{}, fmt.Errorf("error parsing yaml: %v", err)
|
|
|
|
|
}
|
|
|
|
|
err = yaml.Unmarshal(bytes, oauthRuler)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return OauthRulerMiddleware{}, fmt.Errorf("error parsing yaml: %v", err)
|
|
|
|
|
}
|
|
|
|
|
if oauthRuler.ClientID == "" || oauthRuler.ClientSecret == "" || oauthRuler.RedirectURL == "" {
|
|
|
|
|
return OauthRulerMiddleware{}, fmt.Errorf("error parsing yaml: empty clientId/secretId in %s middleware", oauthRuler)
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
return *oauthRuler, nil
|
|
|
|
|
}
|
2024-11-08 12:03:52 +01:00
|
|
|
func oauthRulerMiddleware(oauth middleware.Oauth) *OauthRulerMiddleware {
|
|
|
|
|
return &OauthRulerMiddleware{
|
2024-11-07 09:45:09 +01:00
|
|
|
ClientID: oauth.ClientID,
|
|
|
|
|
ClientSecret: oauth.ClientSecret,
|
|
|
|
|
RedirectURL: oauth.RedirectURL,
|
2024-11-08 12:03:52 +01:00
|
|
|
State: oauth.State,
|
2024-11-07 09:45:09 +01:00
|
|
|
Scopes: oauth.Scopes,
|
2024-11-08 12:03:52 +01:00
|
|
|
JWTSecret: oauth.JWTSecret,
|
|
|
|
|
Provider: oauth.Provider,
|
|
|
|
|
Endpoint: OauthEndpoint{
|
|
|
|
|
AuthURL: oauth.Endpoint.AuthURL,
|
|
|
|
|
TokenURL: oauth.Endpoint.TokenURL,
|
|
|
|
|
UserInfoURL: oauth.Endpoint.UserInfoURL,
|
2024-11-07 09:45:09 +01:00
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
}
|
2024-11-08 12:03:52 +01:00
|
|
|
func oauth2Config(oauth *OauthRulerMiddleware) *oauth2.Config {
|
|
|
|
|
conf := &oauth2.Config{
|
2024-11-07 09:45:09 +01:00
|
|
|
ClientID: oauth.ClientID,
|
|
|
|
|
ClientSecret: oauth.ClientSecret,
|
|
|
|
|
RedirectURL: oauth.RedirectURL,
|
|
|
|
|
Scopes: oauth.Scopes,
|
2024-11-08 12:03:52 +01:00
|
|
|
Endpoint: oauth2.Endpoint{
|
|
|
|
|
AuthURL: oauth.Endpoint.AuthURL,
|
|
|
|
|
TokenURL: oauth.Endpoint.TokenURL,
|
2024-11-07 09:45:09 +01:00
|
|
|
},
|
|
|
|
|
}
|
2024-11-08 12:03:52 +01:00
|
|
|
switch oauth.Provider {
|
|
|
|
|
case "google":
|
|
|
|
|
conf.Endpoint = google.Endpoint
|
|
|
|
|
if oauth.Endpoint.UserInfoURL == "" {
|
|
|
|
|
oauth.Endpoint.UserInfoURL = "https://www.googleapis.com/oauth2/v2/userinfo"
|
|
|
|
|
}
|
|
|
|
|
case "amazon":
|
|
|
|
|
conf.Endpoint = amazon.Endpoint
|
|
|
|
|
case "facebook":
|
|
|
|
|
conf.Endpoint = facebook.Endpoint
|
|
|
|
|
if oauth.Endpoint.UserInfoURL == "" {
|
|
|
|
|
oauth.Endpoint.UserInfoURL = "https://graph.facebook.com/me"
|
|
|
|
|
}
|
|
|
|
|
case "github":
|
|
|
|
|
conf.Endpoint = github.Endpoint
|
|
|
|
|
if oauth.Endpoint.UserInfoURL == "" {
|
|
|
|
|
oauth.Endpoint.UserInfoURL = "https://api.github.com/user/repo"
|
|
|
|
|
}
|
|
|
|
|
case "gitlab":
|
|
|
|
|
conf.Endpoint = gitlab.Endpoint
|
|
|
|
|
default:
|
|
|
|
|
if oauth.Provider != "custom" {
|
|
|
|
|
logger.Error("Unknown provider: %s", oauth.Provider)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
return conf
|
2024-11-07 09:45:09 +01:00
|
|
|
}
|
