From 32a1ca955a321a65d88f0a6d1b95df01ce37904f Mon Sep 17 00:00:00 2001 From: Meutel Date: Sat, 9 Sep 2017 13:10:29 +0200 Subject: [PATCH] Configure secrets --- README.md | 22 +++++++++++++++++++++- bouquins/bouquins.go | 18 ++++++++++++++---- bouquins/github.go | 16 ++++++++++------ bouquins/google.go | 18 +++++++++++------- main.go | 2 +- 5 files changed, 57 insertions(+), 19 deletions(-) diff --git a/README.md b/README.md index f8ed5d6..a461bf1 100644 --- a/README.md +++ b/README.md @@ -26,7 +26,21 @@ Example: { "calibre-path": "/usr/home/meutel/data/calibre", "bind-address": ":8080", - "prod": true + "prod": true, + "cookie-secret": "random", + "external-url":"https://bouquins.meutel.net", + "providers": [ + { + "name": "github", + "client-id": "ID client", + "client-secret": "SECRET" + }, + { + "name": "google", + "client-id":"ID client", + "client-secret":"SECRET" + } + ] } Options: @@ -35,3 +49,9 @@ Options: * db-path path to calibre SQLite database (default /metadata.db) * bind-address HTTP socket bind address * prod (boolean) use minified javascript/CSS +* cookie-secret random string for cookie encryption +* external-url URL used by client browsers +* providers configuration for OAuth 2 providers + * name provider name + * client-id OAuth client ID + * client-secret OAuth secret diff --git a/bouquins/bouquins.go b/bouquins/bouquins.go index 78baa4e..1cce295 100644 --- a/bouquins/bouquins.go +++ b/bouquins/bouquins.go @@ -67,10 +67,20 @@ const ( // BouquinsConf App configuration type BouquinsConf struct { - BindAddress string `json:"bind-address"` - DbPath string `json:"db-path"` - CalibrePath string `json:"calibre-path"` - Prod bool `json:"prod"` + BindAddress string `json:"bind-address"` + DbPath string `json:"db-path"` + CalibrePath string `json:"calibre-path"` + Prod bool `json:"prod"` + CookieSecret string `json:"cookie-secret"` + ExternalUrl string `json:"external-url"` + ProvidersConf []ProviderConf `json:"providers"` +} + +// ProviderConf OAuth2 provider configuration +type ProviderConf struct { + Name string `json:"name"` + ClientID string `json:"client-id"` + ClientSecret string `json:"client-secret"` } // Bouquins contains application common resources: templates, database diff --git a/bouquins/github.go b/bouquins/github.go index 8b2622d..df4e75d 100644 --- a/bouquins/github.go +++ b/bouquins/github.go @@ -40,13 +40,17 @@ func (p GithubProvider) Icon() string { } func (p GithubProvider) Config(conf *BouquinsConf) *oauth2.Config { - // FIXME client ID and secret in conf file - return &oauth2.Config{ - ClientID: "8b0aedf07828f06918a0", - ClientSecret: "eb26ec9c986fc28bd169bdddf169b794861e0d65", - Scopes: []string{"user:email"}, - Endpoint: github.Endpoint, + for _, c := range conf.ProvidersConf { + if c.Name == p.Name() { + return &oauth2.Config{ + ClientID: c.ClientID, + ClientSecret: c.ClientSecret, + Scopes: []string{"user:email"}, + Endpoint: github.Endpoint, + } + } } + return nil } // GetUser returns github primary email diff --git a/bouquins/google.go b/bouquins/google.go index 97fbb28..45e8823 100644 --- a/bouquins/google.go +++ b/bouquins/google.go @@ -44,14 +44,18 @@ func (p GoogleProvider) Icon() string { } func (p GoogleProvider) Config(conf *BouquinsConf) *oauth2.Config { - // FIXME client ID and secret in conf file - return &oauth2.Config{ - ClientID: "51149464161-8mu7ohfujn655p0qas5uj1echn36m9uu.apps.googleusercontent.com", - ClientSecret: "5IWFxm_9NoWb5hfGt6Wj1oSV", - Scopes: []string{"https://www.googleapis.com/auth/userinfo.email"}, - Endpoint: google.Endpoint, - RedirectURL: "http://localhost:9000" + URLCallback, // FIXME + for _, c := range conf.ProvidersConf { + if c.Name == p.Name() { + return &oauth2.Config{ + ClientID: c.ClientID, + ClientSecret: c.ClientSecret, + Scopes: []string{"https://www.googleapis.com/auth/userinfo.email"}, + Endpoint: google.Endpoint, + RedirectURL: conf.ExternalUrl + URLCallback, + } + } } + return nil } // GetUser returns github primary email diff --git a/main.go b/main.go index 6972f15..a750c7c 100644 --- a/main.go +++ b/main.go @@ -66,7 +66,7 @@ func initApp() *bouquins.BouquinsConf { oauthConf[provider.Name()] = provider.Config(conf) } // FIXME constructor, conf cookies secret - app := &bouquins.Bouquins{Tpl: tpl, DB: db, OAuthConf: oauthConf, Cookies: sessions.NewCookieStore([]byte("flQ6QzM/c3Jtdl9ycDx6OXRIfFgK"))} + app := &bouquins.Bouquins{Tpl: tpl, DB: db, OAuthConf: oauthConf, Cookies: sessions.NewCookieStore([]byte(conf.CookieSecret))} err = app.PrepareAll() if err != nil { log.Fatalln(err)