Configure secrets
This commit is contained in:
parent
91ff184804
commit
32a1ca955a
22
README.md
22
README.md
@ -26,7 +26,21 @@ Example:
|
|||||||
{
|
{
|
||||||
"calibre-path": "/usr/home/meutel/data/calibre",
|
"calibre-path": "/usr/home/meutel/data/calibre",
|
||||||
"bind-address": ":8080",
|
"bind-address": ":8080",
|
||||||
"prod": true
|
"prod": true,
|
||||||
|
"cookie-secret": "random",
|
||||||
|
"external-url":"https://bouquins.meutel.net",
|
||||||
|
"providers": [
|
||||||
|
{
|
||||||
|
"name": "github",
|
||||||
|
"client-id": "ID client",
|
||||||
|
"client-secret": "SECRET"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "google",
|
||||||
|
"client-id":"ID client",
|
||||||
|
"client-secret":"SECRET"
|
||||||
|
}
|
||||||
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
Options:
|
Options:
|
||||||
@ -35,3 +49,9 @@ Options:
|
|||||||
* db-path path to calibre SQLite database (default <calibre-path>/metadata.db)
|
* db-path path to calibre SQLite database (default <calibre-path>/metadata.db)
|
||||||
* bind-address HTTP socket bind address
|
* bind-address HTTP socket bind address
|
||||||
* prod (boolean) use minified javascript/CSS
|
* prod (boolean) use minified javascript/CSS
|
||||||
|
* cookie-secret random string for cookie encryption
|
||||||
|
* external-url URL used by client browsers
|
||||||
|
* providers configuration for OAuth 2 providers
|
||||||
|
* name provider name
|
||||||
|
* client-id OAuth client ID
|
||||||
|
* client-secret OAuth secret
|
||||||
|
@ -71,6 +71,16 @@ type BouquinsConf struct {
|
|||||||
DbPath string `json:"db-path"`
|
DbPath string `json:"db-path"`
|
||||||
CalibrePath string `json:"calibre-path"`
|
CalibrePath string `json:"calibre-path"`
|
||||||
Prod bool `json:"prod"`
|
Prod bool `json:"prod"`
|
||||||
|
CookieSecret string `json:"cookie-secret"`
|
||||||
|
ExternalUrl string `json:"external-url"`
|
||||||
|
ProvidersConf []ProviderConf `json:"providers"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// ProviderConf OAuth2 provider configuration
|
||||||
|
type ProviderConf struct {
|
||||||
|
Name string `json:"name"`
|
||||||
|
ClientID string `json:"client-id"`
|
||||||
|
ClientSecret string `json:"client-secret"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// Bouquins contains application common resources: templates, database
|
// Bouquins contains application common resources: templates, database
|
||||||
|
@ -40,14 +40,18 @@ func (p GithubProvider) Icon() string {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (p GithubProvider) Config(conf *BouquinsConf) *oauth2.Config {
|
func (p GithubProvider) Config(conf *BouquinsConf) *oauth2.Config {
|
||||||
// FIXME client ID and secret in conf file
|
for _, c := range conf.ProvidersConf {
|
||||||
|
if c.Name == p.Name() {
|
||||||
return &oauth2.Config{
|
return &oauth2.Config{
|
||||||
ClientID: "8b0aedf07828f06918a0",
|
ClientID: c.ClientID,
|
||||||
ClientSecret: "eb26ec9c986fc28bd169bdddf169b794861e0d65",
|
ClientSecret: c.ClientSecret,
|
||||||
Scopes: []string{"user:email"},
|
Scopes: []string{"user:email"},
|
||||||
Endpoint: github.Endpoint,
|
Endpoint: github.Endpoint,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
// GetUser returns github primary email
|
// GetUser returns github primary email
|
||||||
func (p GithubProvider) GetUser(token *oauth2.Token) (string, error) {
|
func (p GithubProvider) GetUser(token *oauth2.Token) (string, error) {
|
||||||
|
@ -44,15 +44,19 @@ func (p GoogleProvider) Icon() string {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (p GoogleProvider) Config(conf *BouquinsConf) *oauth2.Config {
|
func (p GoogleProvider) Config(conf *BouquinsConf) *oauth2.Config {
|
||||||
// FIXME client ID and secret in conf file
|
for _, c := range conf.ProvidersConf {
|
||||||
|
if c.Name == p.Name() {
|
||||||
return &oauth2.Config{
|
return &oauth2.Config{
|
||||||
ClientID: "51149464161-8mu7ohfujn655p0qas5uj1echn36m9uu.apps.googleusercontent.com",
|
ClientID: c.ClientID,
|
||||||
ClientSecret: "5IWFxm_9NoWb5hfGt6Wj1oSV",
|
ClientSecret: c.ClientSecret,
|
||||||
Scopes: []string{"https://www.googleapis.com/auth/userinfo.email"},
|
Scopes: []string{"https://www.googleapis.com/auth/userinfo.email"},
|
||||||
Endpoint: google.Endpoint,
|
Endpoint: google.Endpoint,
|
||||||
RedirectURL: "http://localhost:9000" + URLCallback, // FIXME
|
RedirectURL: conf.ExternalUrl + URLCallback,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
// GetUser returns github primary email
|
// GetUser returns github primary email
|
||||||
func (p GoogleProvider) GetUser(token *oauth2.Token) (string, error) {
|
func (p GoogleProvider) GetUser(token *oauth2.Token) (string, error) {
|
||||||
|
2
main.go
2
main.go
@ -66,7 +66,7 @@ func initApp() *bouquins.BouquinsConf {
|
|||||||
oauthConf[provider.Name()] = provider.Config(conf)
|
oauthConf[provider.Name()] = provider.Config(conf)
|
||||||
}
|
}
|
||||||
// FIXME constructor, conf cookies secret
|
// FIXME constructor, conf cookies secret
|
||||||
app := &bouquins.Bouquins{Tpl: tpl, DB: db, OAuthConf: oauthConf, Cookies: sessions.NewCookieStore([]byte("flQ6QzM/c3Jtdl9ycDx6OXRIfFgK"))}
|
app := &bouquins.Bouquins{Tpl: tpl, DB: db, OAuthConf: oauthConf, Cookies: sessions.NewCookieStore([]byte(conf.CookieSecret))}
|
||||||
err = app.PrepareAll()
|
err = app.PrepareAll()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatalln(err)
|
log.Fatalln(err)
|
||||||
|
Loading…
Reference in New Issue
Block a user