Configure secrets

README.md

@@ -26,7 +26,21 @@ Example:
     {
       "calibre-path": "/usr/home/meutel/data/calibre",
       "bind-address": ":8080",
-      "prod": true
+      "prod": true,
+      "cookie-secret": "random",
+      "external-url":"https://bouquins.meutel.net",
+      "providers": [
+        {
+          "name": "github",
+          "client-id": "ID client",
+          "client-secret": "SECRET"
+        },
+        {
+          "name": "google",
+          "client-id":"ID client",
+          "client-secret":"SECRET"
+        }
+      ]
     }
 
 Options:
@@ -35,3 +49,9 @@ Options:
 * db-path path to calibre SQLite database (default <calibre-path>/metadata.db)
 * bind-address HTTP socket bind address
 * prod (boolean) use minified javascript/CSS
+* cookie-secret random string for cookie encryption
+* external-url URL used by client browsers
+* providers configuration for OAuth 2 providers
+  * name provider name
+  * client-id OAuth client ID
+  * client-secret OAuth secret

bouquins/bouquins.go

@@ -67,10 +67,20 @@ const (
 
 // BouquinsConf App configuration
 type BouquinsConf struct {
-	BindAddress string `json:"bind-address"`
-	DbPath      string `json:"db-path"`
-	CalibrePath string `json:"calibre-path"`
-	Prod        bool   `json:"prod"`
+	BindAddress   string         `json:"bind-address"`
+	DbPath        string         `json:"db-path"`
+	CalibrePath   string         `json:"calibre-path"`
+	Prod          bool           `json:"prod"`
+	CookieSecret  string         `json:"cookie-secret"`
+	ExternalUrl   string         `json:"external-url"`
+	ProvidersConf []ProviderConf `json:"providers"`
+}
+
+// ProviderConf OAuth2 provider configuration
+type ProviderConf struct {
+	Name         string `json:"name"`
+	ClientID     string `json:"client-id"`
+	ClientSecret string `json:"client-secret"`
 }
 
 // Bouquins contains application common resources: templates, database

bouquins/github.go

@@ -40,13 +40,17 @@ func (p GithubProvider) Icon() string {
 }
 
 func (p GithubProvider) Config(conf *BouquinsConf) *oauth2.Config {
-	// FIXME client ID and secret in conf file
-	return &oauth2.Config{
-		ClientID:     "8b0aedf07828f06918a0",
-		ClientSecret: "eb26ec9c986fc28bd169bdddf169b794861e0d65",
-		Scopes:       []string{"user:email"},
-		Endpoint:     github.Endpoint,
+	for _, c := range conf.ProvidersConf {
+		if c.Name == p.Name() {
+			return &oauth2.Config{
+				ClientID:     c.ClientID,
+				ClientSecret: c.ClientSecret,
+				Scopes:       []string{"user:email"},
+				Endpoint:     github.Endpoint,
+			}
+		}
 	}
+	return nil
 }
 
 // GetUser returns github primary email

bouquins/google.go

@@ -44,14 +44,18 @@ func (p GoogleProvider) Icon() string {
 }
 
 func (p GoogleProvider) Config(conf *BouquinsConf) *oauth2.Config {
-	// FIXME client ID and secret in conf file
-	return &oauth2.Config{
-		ClientID:     "51149464161-8mu7ohfujn655p0qas5uj1echn36m9uu.apps.googleusercontent.com",
-		ClientSecret: "5IWFxm_9NoWb5hfGt6Wj1oSV",
-		Scopes:       []string{"https://www.googleapis.com/auth/userinfo.email"},
-		Endpoint:     google.Endpoint,
-		RedirectURL:  "http://localhost:9000" + URLCallback, // FIXME
+	for _, c := range conf.ProvidersConf {
+		if c.Name == p.Name() {
+			return &oauth2.Config{
+				ClientID:     c.ClientID,
+				ClientSecret: c.ClientSecret,
+				Scopes:       []string{"https://www.googleapis.com/auth/userinfo.email"},
+				Endpoint:     google.Endpoint,
+				RedirectURL:  conf.ExternalUrl + URLCallback,
+			}
+		}
 	}
+	return nil
 }
 
 // GetUser returns github primary email

main.go

@@ -66,7 +66,7 @@ func initApp() *bouquins.BouquinsConf {
 		oauthConf[provider.Name()] = provider.Config(conf)
 	}
 	// FIXME constructor, conf cookies secret
-	app := &bouquins.Bouquins{Tpl: tpl, DB: db, OAuthConf: oauthConf, Cookies: sessions.NewCookieStore([]byte("flQ6QzM/c3Jtdl9ycDx6OXRIfFgK"))}
+	app := &bouquins.Bouquins{Tpl: tpl, DB: db, OAuthConf: oauthConf, Cookies: sessions.NewCookieStore([]byte(conf.CookieSecret))}
 	err = app.PrepareAll()
 	if err != nil {
 		log.Fatalln(err)