Oidc (#109)

* add oidc config

* inching forward with oidc idp

* lil webfingy fix

* bit more progress

* further oidc

* oidc now working

* document dex config

* replace broken images

* add additional credits

* tiny doc update

* update

* add oidc config

* inching forward with oidc idp

* bit more progress

* further oidc

* oidc now working

* document dex config

* replace broken images

* add additional credits

* tiny doc update

* update

* document

* docs + comments

.gitignore

@@ -8,4 +8,7 @@
 cp.out
 
 # exclude node_modules if installed
-/web/source/node_modules
+/web/source/node_modules
+
+# exclude compiled mkdocs site
+site/

.readthedocs.yaml

@@ -0,0 +1,9 @@
+# .readthedocs.yaml
+# Read the Docs configuration file
+# See https://docs.readthedocs.io/en/stable/config-file/v2.html for details
+
+# Required
+version: 2
+
+mkdocs:
+  configuration: mkdocs.yml

README.md

@@ -116,6 +116,7 @@ For bugs and feature requests, please check to see if there's [already an issue]
 The following libraries and frameworks are used by GoToSocial, with gratitude 💕
 
 * [buckket/go-blurhash](https://github.com/buckket/go-blurhash); used for generating image blurhashes. [GPL-3.0 License](https://spdx.org/licenses/GPL-3.0-only.html).
+* [coreos/go-oidc](https://github.com/coreos/go-oidc); OIDC client library. [Apache-2.0 License](https://spdx.org/licenses/Apache-2.0.html).
 * [gin-gonic/gin](https://github.com/gin-gonic/gin); speedy router engine. [MIT License](https://spdx.org/licenses/MIT.html).
   * [gin-contrib/cors](https://github.com/gin-contrib/cors); Gin CORS middleware. [MIT License](https://spdx.org/licenses/MIT.html).
   * [gin-contrib/sessions](https://github.com/gin-contrib/sessions); Gin sessions middleware. [MIT License](https://spdx.org/licenses/MIT.html)
@@ -127,6 +128,7 @@ The following libraries and frameworks are used by GoToSocial, with gratitude 
 * [gorilla/websocket](https://github.com/gorilla/websocket); Websocket connectivity. [BSD-2-Clause License](https://spdx.org/licenses/BSD-2-Clause.html).
 * [h2non/filetype](https://github.com/h2non/filetype); filetype checking. [MIT License](https://spdx.org/licenses/MIT.html).
 * [microcosm-cc/bluemonday](https://github.com/microcosm-cc/bluemonday); HTML user-input sanitization. [BSD-3-Clause License](https://spdx.org/licenses/BSD-3-Clause.html).
+* [nfnt/resize](https://github.com/nfnt/resize); convenient image resizing. [ISC License](https://spdx.org/licenses/ISC.html).
 * [oklog/ulid](https://github.com/oklog/ulid); sequential, database-friendly ID generation. [Apache-2.0 License](https://spdx.org/licenses/Apache-2.0.html).
 * [sirupsen/logrus](https://github.com/sirupsen/logrus); logging. [MIT License](https://spdx.org/licenses/MIT.html).
 * [stretchr/testify](https://github.com/stretchr/testify); test framework. [MIT License](https://spdx.org/licenses/MIT.html).

cmd/gotosocial/accountsflags.go

@@ -0,0 +1,47 @@
+/*
+   GoToSocial
+   Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org
+
+   This program is free software: you can redistribute it and/or modify
+   it under the terms of the GNU Affero General Public License as published by
+   the Free Software Foundation, either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU Affero General Public License for more details.
+
+   You should have received a copy of the GNU Affero General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package main
+
+import (
+	"github.com/superseriousbusiness/gotosocial/internal/config"
+	"github.com/urfave/cli/v2"
+)
+
+func accountsFlags(flagNames, envNames config.Flags, defaults config.Defaults) []cli.Flag {
+	return []cli.Flag{
+		&cli.BoolFlag{
+			Name:    flagNames.AccountsOpenRegistration,
+			Usage:   "Allow anyone to submit an account signup request. If false, server will be invite-only.",
+			Value:   defaults.AccountsOpenRegistration,
+			EnvVars: []string{envNames.AccountsOpenRegistration},
+		},
+		&cli.BoolFlag{
+			Name:    flagNames.AccountsApprovalRequired,
+			Usage:   "Do account signups require approval by an admin or moderator before user can log in? If false, new registrations will be automatically approved.",
+			Value:   defaults.AccountsRequireApproval,
+			EnvVars: []string{envNames.AccountsApprovalRequired},
+		},
+		&cli.BoolFlag{
+			Name:    flagNames.AccountsReasonRequired,
+			Usage:   "Do new account signups require a reason to be submitted on registration?",
+			Value:   defaults.AccountsReasonRequired,
+			EnvVars: []string{envNames.AccountsReasonRequired},
+		},
+	}
+}

cmd/gotosocial/admincommands.go

@@ -0,0 +1,128 @@
+/*
+   GoToSocial
+   Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org
+
+   This program is free software: you can redistribute it and/or modify
+   it under the terms of the GNU Affero General Public License as published by
+   the Free Software Foundation, either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU Affero General Public License for more details.
+
+   You should have received a copy of the GNU Affero General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package main
+
+import (
+	"github.com/superseriousbusiness/gotosocial/internal/cliactions/admin/account"
+	"github.com/superseriousbusiness/gotosocial/internal/config"
+	"github.com/urfave/cli/v2"
+)
+
+func adminCommands() []*cli.Command {
+	return []*cli.Command{
+		{
+			Name:  "admin",
+			Usage: "gotosocial admin-related tasks",
+			Subcommands: []*cli.Command{
+				{
+					Name:  "account",
+					Usage: "admin commands related to accounts",
+					Subcommands: []*cli.Command{
+						{
+							Name:  "create",
+							Usage: "create a new account",
+							Flags: []cli.Flag{
+								&cli.StringFlag{
+									Name:  config.UsernameFlag,
+									Usage: config.UsernameUsage,
+								},
+								&cli.StringFlag{
+									Name:  config.EmailFlag,
+									Usage: config.EmailUsage,
+								},
+								&cli.StringFlag{
+									Name:  config.PasswordFlag,
+									Usage: config.PasswordUsage,
+								},
+							},
+							Action: func(c *cli.Context) error {
+								return runAction(c, account.Create)
+							},
+						},
+						{
+							Name:  "confirm",
+							Usage: "confirm an existing account manually, thereby skipping email confirmation",
+							Flags: []cli.Flag{
+								&cli.StringFlag{
+									Name:  config.UsernameFlag,
+									Usage: config.UsernameUsage,
+								},
+							},
+							Action: func(c *cli.Context) error {
+								return runAction(c, account.Confirm)
+							},
+						},
+						{
+							Name:  "promote",
+							Usage: "promote an account to admin",
+							Flags: []cli.Flag{
+								&cli.StringFlag{
+									Name:  config.UsernameFlag,
+									Usage: config.UsernameUsage,
+								},
+							},
+							Action: func(c *cli.Context) error {
+								return runAction(c, account.Promote)
+							},
+						},
+						{
+							Name:  "demote",
+							Usage: "demote an account from admin to normal user",
+							Flags: []cli.Flag{
+								&cli.StringFlag{
+									Name:  config.UsernameFlag,
+									Usage: config.UsernameUsage,
+								},
+							},
+							Action: func(c *cli.Context) error {
+								return runAction(c, account.Demote)
+							},
+						},
+						{
+							Name:  "disable",
+							Usage: "prevent an account from signing in or posting etc, but don't delete anything",
+							Flags: []cli.Flag{
+								&cli.StringFlag{
+									Name:  config.UsernameFlag,
+									Usage: config.UsernameUsage,
+								},
+							},
+							Action: func(c *cli.Context) error {
+								return runAction(c, account.Disable)
+							},
+						},
+						{
+							Name:  "suspend",
+							Usage: "completely remove an account and all of its posts, media, etc",
+							Flags: []cli.Flag{
+								&cli.StringFlag{
+									Name:  config.UsernameFlag,
+									Usage: config.UsernameUsage,
+								},
+							},
+							Action: func(c *cli.Context) error {
+								return runAction(c, account.Suspend)
+							},
+						},
+					},
+				},
+			},
+		},
+	}
+}

cmd/gotosocial/commands.go

@@ -0,0 +1,37 @@
+/*
+   GoToSocial
+   Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org
+
+   This program is free software: you can redistribute it and/or modify
+   it under the terms of the GNU Affero General Public License as published by
+   the Free Software Foundation, either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU Affero General Public License for more details.
+
+   You should have received a copy of the GNU Affero General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package main
+
+import (
+	"github.com/urfave/cli/v2"
+)
+
+func getCommands() []*cli.Command {
+	commands := []*cli.Command{}
+	commandSets := [][]*cli.Command{
+		serverCommands(),
+		adminCommands(),
+		testrigCommands(),
+	}
+	for _, cs := range commandSets {
+		commands = append(commands, cs...)
+	}
+
+	return commands
+}

cmd/gotosocial/databaseflags.go

@@ -0,0 +1,77 @@
+/*
+   GoToSocial
+   Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org
+
+   This program is free software: you can redistribute it and/or modify
+   it under the terms of the GNU Affero General Public License as published by
+   the Free Software Foundation, either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU Affero General Public License for more details.
+
+   You should have received a copy of the GNU Affero General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package main
+
+import (
+	"github.com/superseriousbusiness/gotosocial/internal/config"
+	"github.com/urfave/cli/v2"
+)
+
+func databaseFlags(flagNames, envNames config.Flags, defaults config.Defaults) []cli.Flag {
+	return []cli.Flag{
+		&cli.StringFlag{
+			Name:    flagNames.DbType,
+			Usage:   "Database type: eg., postgres",
+			Value:   defaults.DbType,
+			EnvVars: []string{envNames.DbType},
+		},
+		&cli.StringFlag{
+			Name:    flagNames.DbAddress,
+			Usage:   "Database ipv4 address or hostname",
+			Value:   defaults.DbAddress,
+			EnvVars: []string{envNames.DbAddress},
+		},
+		&cli.IntFlag{
+			Name:    flagNames.DbPort,
+			Usage:   "Database port",
+			Value:   defaults.DbPort,
+			EnvVars: []string{envNames.DbPort},
+		},
+		&cli.StringFlag{
+			Name:    flagNames.DbUser,
+			Usage:   "Database username",
+			Value:   defaults.DbUser,
+			EnvVars: []string{envNames.DbUser},
+		},
+		&cli.StringFlag{
+			Name:    flagNames.DbPassword,
+			Usage:   "Database password",
+			Value:   defaults.DbPassword,
+			EnvVars: []string{envNames.DbPassword},
+		},
+		&cli.StringFlag{
+			Name:    flagNames.DbDatabase,
+			Usage:   "Database name",
+			Value:   defaults.DbDatabase,
+			EnvVars: []string{envNames.DbDatabase},
+		},
+		&cli.StringFlag{
+			Name:    flagNames.DbTLSMode,
+			Usage:   "Database tls mode",
+			Value:   defaults.DBTlsMode,
+			EnvVars: []string{envNames.DbTLSMode},
+		},
+		&cli.StringFlag{
+			Name:    flagNames.DbTLSCACert,
+			Usage:   "Path to CA cert for db tls connection",
+			Value:   defaults.DBTlsCACert,
+			EnvVars: []string{envNames.DbTLSCACert},
+		},
+	}
+}

cmd/gotosocial/flags.go

@@ -0,0 +1,48 @@
+/*
+   GoToSocial
+   Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org
+
+   This program is free software: you can redistribute it and/or modify
+   it under the terms of the GNU Affero General Public License as published by
+   the Free Software Foundation, either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU Affero General Public License for more details.
+
+   You should have received a copy of the GNU Affero General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package main
+
+import (
+	"github.com/superseriousbusiness/gotosocial/internal/config"
+	"github.com/urfave/cli/v2"
+)
+
+func getFlags() []cli.Flag {
+	flagNames := config.GetFlagNames()
+	envNames := config.GetEnvNames()
+	defaults := config.GetDefaults()
+
+	flags := []cli.Flag{}
+	flagSets := [][]cli.Flag{
+		generalFlags(flagNames, envNames, defaults),
+		databaseFlags(flagNames, envNames, defaults),
+		templateFlags(flagNames, envNames, defaults),
+		accountsFlags(flagNames, envNames, defaults),
+		mediaFlags(flagNames, envNames, defaults),
+		storageFlags(flagNames, envNames, defaults),
+		statusesFlags(flagNames, envNames, defaults),
+		letsEncryptFlags(flagNames, envNames, defaults),
+		oidcFlags(flagNames, envNames, defaults),
+	}
+	for _, fs := range flagSets {
+		flags = append(flags, fs...)
+	}
+
+	return flags
+}