-
Notifications
You must be signed in to change notification settings - Fork 2
/
config.go
208 lines (188 loc) · 5.08 KB
/
config.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
package authaus
import (
"database/sql"
"encoding/json"
"fmt"
"io/ioutil"
"os"
"strconv"
_ "github.com/lib/pq"
)
/*
Full populated config:
{
"Log": {
"Filename": "/var/log/authaus/authaus.log" // This can also be 'stdout' or 'stderr'. 'stdout' is the default, if unspecified.
},
"HTTP": {
"CookieName": "session",
"CookieSecure": true,
"Port": 8080,
"Bind": "127.0.0.1"
},
"DB": {
"Driver": "postgres",
"Host": "auth.example.com",
"Port": 5432,
"Database": "auth",
"User": "jim",
"Password": "123",
"SSL": true
},
"LDAP": {
"LdapHost": "example.local",
"LdapPort": 389,
"Encryption": "",
"LdapUsername": "joe@example.local",
"LdapPassword": "1234abcd",
"LdapDomain": "example.local",
"LdapTickerTime": 300 // Seconds,
"BaseDN": "dc=exmaple1,dc=example2",
"SysAdminEmail": "joeAdmin@example.com",
"LdapSearchFilter": "(&(objectCategory=person)(objectClass=user))"
},
"OAuth": {
"Verbose": false,
"Providers": {
"eMerge": {
"Type": "msaad",
"Title": "Hooli",
"LoginURL": "https://login.microsoftonline.com/{your tenant id here}/oauth2/v2.0/authorize",
"TokenURL": "https://login.microsoftonline.com/{your tenant id here}/oauth2/v2.0/token",
"RedirectURL": "https://mysite.example.com/auth/oauth/finish",
"ClientID": "your client UUID here",
"Scope": "openid email offline_access",
"ClientSecret": "your secret here"
}
}
},
"MSAAD": {
"ClientID": "your client UUID",
"ClientSecret": "your secret"
},
"SessionDB": {
"MaxActiveSessions": 0,
"SessionExpirySeconds": 2592000,
}
}
*/
var configLdapNameToMode = map[string]LdapConnectionMode{
"": LdapConnectionModePlainText,
"SSL": LdapConnectionModeSSL,
"TLS": LdapConnectionModeTLS,
}
// Database connection information
type DBConnection struct {
Driver string
Host string
Port uint16
Database string
User string
Password string
SSL bool
// If you add more fields, remember to change Equals() as well as signature()
}
func (x *DBConnection) Connect() (*sql.DB, error) {
return sql.Open(x.Driver, x.ConnectionString())
}
func (x *DBConnection) Equals(y *DBConnection) bool {
return x.Driver == y.Driver &&
x.Host == y.Host &&
x.Port == y.Port &&
x.Database == y.Database &&
x.User == y.User &&
x.Password == y.Password &&
x.SSL == y.SSL
}
func (x *DBConnection) ConnectionString() string {
sslmode := "disable"
if x.SSL {
sslmode = "require"
}
conStr := fmt.Sprintf("host=%v user=%v password=%v dbname=%v sslmode=%v", x.Host, x.User, x.Password, x.Database, sslmode)
if x.Port != 0 {
conStr += fmt.Sprintf(" port=%v", x.Port)
}
return conStr
}
// Return a concatenation of all struct fields
func (x *DBConnection) signature() string {
return x.Driver + " " +
x.Host + " " +
strconv.FormatInt(int64(x.Port), 10) + " " +
x.Database + " " +
x.User + " " +
x.Password + " " +
strconv.FormatBool(x.SSL)
}
type ConfigHTTP struct {
CookieName string
CookieSecure bool
Port string
Bind string
}
type ConfigLog struct {
Filename string
}
type ConfigSessionDB struct {
MaxActiveSessions int32 // Maximum number of active sessions per user. legal values are 0 and 1. Zero means unlimited.
SessionExpirySeconds int64 // Lifetime of newly created sessions, in seconds. Zero means default, which is defaultSessionExpirySeconds (30 days)
}
type ConfigLDAP struct {
LdapHost string //
LdapPort uint16 //
Encryption string // "", "TLS", "SSL"
LdapUsername string //
LdapPassword string //
LdapDomain string //
LdapTickerTime int // seconds
BaseDN string //
SysAdminEmail string //
LdapSearchFilter string
InsecureSkipVerify bool // If true, then skip SSL verification. Only applicable when Encryption = SSL
DebugUserPull bool // If true, prints out the result of every LDAP user pull
}
type ConfigUserStoreDB struct {
DisablePasswordReuse bool
OldPasswordHistorySize int // When DisablePasswordReuse is true, this is how far back in history we look (i.e. number of password changes), to determine if a password has been used before
PasswordExpirySeconds int
}
/*
Configuration information. This is typically loaded from a .json config file.
*/
type Config struct {
DB DBConnection
Log ConfigLog
HTTP ConfigHTTP
SessionDB ConfigSessionDB
LDAP ConfigLDAP
UserStore ConfigUserStoreDB
OAuth ConfigOAuth
MSAAD ConfigMSAAD
AuditServiceUrl string
EnableAccountLocking bool
MaxFailedLoginAttempts int
}
func (x *Config) Reset() {
*x = Config{}
x.HTTP.CookieName = "session"
x.HTTP.Bind = "127.0.0.1"
x.HTTP.Port = "8080"
}
func (x *Config) LoadFile(filename string) error {
x.Reset()
var file *os.File
var all []byte
var err error
if file, err = os.Open(filename); err != nil {
return err
}
defer file.Close()
if all, err = ioutil.ReadAll(file); err != nil {
return err
}
if err = json.Unmarshal(all, x); err != nil {
return err
}
return nil
}