Configure secrets

This commit is contained in:
Meutel 2017-09-09 13:10:29 +02:00
parent 91ff184804
commit 32a1ca955a
5 changed files with 57 additions and 19 deletions

View File

@ -26,7 +26,21 @@ Example:
{ {
"calibre-path": "/usr/home/meutel/data/calibre", "calibre-path": "/usr/home/meutel/data/calibre",
"bind-address": ":8080", "bind-address": ":8080",
"prod": true "prod": true,
"cookie-secret": "random",
"external-url":"https://bouquins.meutel.net",
"providers": [
{
"name": "github",
"client-id": "ID client",
"client-secret": "SECRET"
},
{
"name": "google",
"client-id":"ID client",
"client-secret":"SECRET"
}
]
} }
Options: Options:
@ -35,3 +49,9 @@ Options:
* db-path path to calibre SQLite database (default <calibre-path>/metadata.db) * db-path path to calibre SQLite database (default <calibre-path>/metadata.db)
* bind-address HTTP socket bind address * bind-address HTTP socket bind address
* prod (boolean) use minified javascript/CSS * prod (boolean) use minified javascript/CSS
* cookie-secret random string for cookie encryption
* external-url URL used by client browsers
* providers configuration for OAuth 2 providers
* name provider name
* client-id OAuth client ID
* client-secret OAuth secret

View File

@ -67,10 +67,20 @@ const (
// BouquinsConf App configuration // BouquinsConf App configuration
type BouquinsConf struct { type BouquinsConf struct {
BindAddress string `json:"bind-address"` BindAddress string `json:"bind-address"`
DbPath string `json:"db-path"` DbPath string `json:"db-path"`
CalibrePath string `json:"calibre-path"` CalibrePath string `json:"calibre-path"`
Prod bool `json:"prod"` Prod bool `json:"prod"`
CookieSecret string `json:"cookie-secret"`
ExternalUrl string `json:"external-url"`
ProvidersConf []ProviderConf `json:"providers"`
}
// ProviderConf OAuth2 provider configuration
type ProviderConf struct {
Name string `json:"name"`
ClientID string `json:"client-id"`
ClientSecret string `json:"client-secret"`
} }
// Bouquins contains application common resources: templates, database // Bouquins contains application common resources: templates, database

View File

@ -40,13 +40,17 @@ func (p GithubProvider) Icon() string {
} }
func (p GithubProvider) Config(conf *BouquinsConf) *oauth2.Config { func (p GithubProvider) Config(conf *BouquinsConf) *oauth2.Config {
// FIXME client ID and secret in conf file for _, c := range conf.ProvidersConf {
return &oauth2.Config{ if c.Name == p.Name() {
ClientID: "8b0aedf07828f06918a0", return &oauth2.Config{
ClientSecret: "eb26ec9c986fc28bd169bdddf169b794861e0d65", ClientID: c.ClientID,
Scopes: []string{"user:email"}, ClientSecret: c.ClientSecret,
Endpoint: github.Endpoint, Scopes: []string{"user:email"},
Endpoint: github.Endpoint,
}
}
} }
return nil
} }
// GetUser returns github primary email // GetUser returns github primary email

View File

@ -44,14 +44,18 @@ func (p GoogleProvider) Icon() string {
} }
func (p GoogleProvider) Config(conf *BouquinsConf) *oauth2.Config { func (p GoogleProvider) Config(conf *BouquinsConf) *oauth2.Config {
// FIXME client ID and secret in conf file for _, c := range conf.ProvidersConf {
return &oauth2.Config{ if c.Name == p.Name() {
ClientID: "51149464161-8mu7ohfujn655p0qas5uj1echn36m9uu.apps.googleusercontent.com", return &oauth2.Config{
ClientSecret: "5IWFxm_9NoWb5hfGt6Wj1oSV", ClientID: c.ClientID,
Scopes: []string{"https://www.googleapis.com/auth/userinfo.email"}, ClientSecret: c.ClientSecret,
Endpoint: google.Endpoint, Scopes: []string{"https://www.googleapis.com/auth/userinfo.email"},
RedirectURL: "http://localhost:9000" + URLCallback, // FIXME Endpoint: google.Endpoint,
RedirectURL: conf.ExternalUrl + URLCallback,
}
}
} }
return nil
} }
// GetUser returns github primary email // GetUser returns github primary email

View File

@ -66,7 +66,7 @@ func initApp() *bouquins.BouquinsConf {
oauthConf[provider.Name()] = provider.Config(conf) oauthConf[provider.Name()] = provider.Config(conf)
} }
// FIXME constructor, conf cookies secret // FIXME constructor, conf cookies secret
app := &bouquins.Bouquins{Tpl: tpl, DB: db, OAuthConf: oauthConf, Cookies: sessions.NewCookieStore([]byte("flQ6QzM/c3Jtdl9ycDx6OXRIfFgK"))} app := &bouquins.Bouquins{Tpl: tpl, DB: db, OAuthConf: oauthConf, Cookies: sessions.NewCookieStore([]byte(conf.CookieSecret))}
err = app.PrepareAll() err = app.PrepareAll()
if err != nil { if err != nil {
log.Fatalln(err) log.Fatalln(err)