-
Notifications
You must be signed in to change notification settings - Fork 2
/
service_factory.go
77 lines (64 loc) · 2.05 KB
/
service_factory.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
package server
import (
"fmt"
"time"
bosherr "github.com/cloudfoundry/bosh-utils/errors"
jwt "github.com/dgrijalva/jwt-go"
"golang.org/x/oauth2"
svc "github.com/dpb587/ssoca/auth/authn/google"
svcconfig "github.com/dpb587/ssoca/auth/authn/google/config"
oauth2support "github.com/dpb587/ssoca/auth/authn/support/oauth2"
oauth2supportconfig "github.com/dpb587/ssoca/auth/authn/support/oauth2/config"
"github.com/dpb587/ssoca/config"
"github.com/dpb587/ssoca/server/service"
)
type ServiceFactory struct {
endpointURL string
}
func NewServiceFactory(endpointURL string) ServiceFactory {
return ServiceFactory{
endpointURL: endpointURL,
}
}
func (f ServiceFactory) Type() string {
return svc.Service{}.Type()
}
func (f ServiceFactory) Create(name string, options map[string]interface{}) (service.Service, error) {
var cfg svcconfig.Config
cfg.JWT.Validity = 24 * time.Hour
cfg.JWT.ValidityPast = 2 * time.Second
cfg.AuthURL = "https://accounts.google.com/o/oauth2/v2/auth"
cfg.TokenURL = "https://www.googleapis.com/oauth2/v4/token"
err := config.RemarshalYAML(options, &cfg)
if err != nil {
return nil, bosherr.WrapError(err, "Loading config")
}
privateKey, err := jwt.ParseRSAPrivateKeyFromPEM([]byte(cfg.JWT.PrivateKey))
if err != nil {
return nil, bosherr.WrapError(err, "Parsing private key")
}
scopes := []string{"https://www.googleapis.com/auth/userinfo.email"}
if cfg.Scopes.CloudProject != nil {
scopes = append(scopes, "https://www.googleapis.com/auth/cloud-platform.read-only")
}
backend := oauth2support.NewBackend(
fmt.Sprintf("%s/%s", f.endpointURL, name),
oauth2.Config{
ClientID: cfg.ClientID,
ClientSecret: cfg.ClientSecret,
Endpoint: oauth2.Endpoint{
AuthURL: cfg.AuthURL,
TokenURL: cfg.TokenURL,
},
RedirectURL: fmt.Sprintf("%s/%s/callback", f.endpointURL, name),
Scopes: scopes,
},
oauth2.NoContext,
oauth2supportconfig.JWT{
PrivateKey: *privateKey,
Validity: cfg.JWT.Validity,
ValidityPast: cfg.JWT.ValidityPast,
},
)
return NewService(name, cfg, backend), nil
}