Configure secrets

This commit is contained in:
Meutel 2017-09-09 13:10:29 +02:00
parent 91ff184804
commit 32a1ca955a
5 changed files with 57 additions and 19 deletions

View File

@ -26,7 +26,21 @@ Example:
{
"calibre-path": "/usr/home/meutel/data/calibre",
"bind-address": ":8080",
"prod": true
"prod": true,
"cookie-secret": "random",
"external-url":"https://bouquins.meutel.net",
"providers": [
{
"name": "github",
"client-id": "ID client",
"client-secret": "SECRET"
},
{
"name": "google",
"client-id":"ID client",
"client-secret":"SECRET"
}
]
}
Options:
@ -35,3 +49,9 @@ Options:
* db-path path to calibre SQLite database (default <calibre-path>/metadata.db)
* bind-address HTTP socket bind address
* prod (boolean) use minified javascript/CSS
* cookie-secret random string for cookie encryption
* external-url URL used by client browsers
* providers configuration for OAuth 2 providers
* name provider name
* client-id OAuth client ID
* client-secret OAuth secret

View File

@ -71,6 +71,16 @@ type BouquinsConf struct {
DbPath string `json:"db-path"`
CalibrePath string `json:"calibre-path"`
Prod bool `json:"prod"`
CookieSecret string `json:"cookie-secret"`
ExternalUrl string `json:"external-url"`
ProvidersConf []ProviderConf `json:"providers"`
}
// ProviderConf OAuth2 provider configuration
type ProviderConf struct {
Name string `json:"name"`
ClientID string `json:"client-id"`
ClientSecret string `json:"client-secret"`
}
// Bouquins contains application common resources: templates, database

View File

@ -40,13 +40,17 @@ func (p GithubProvider) Icon() string {
}
func (p GithubProvider) Config(conf *BouquinsConf) *oauth2.Config {
// FIXME client ID and secret in conf file
for _, c := range conf.ProvidersConf {
if c.Name == p.Name() {
return &oauth2.Config{
ClientID: "8b0aedf07828f06918a0",
ClientSecret: "eb26ec9c986fc28bd169bdddf169b794861e0d65",
ClientID: c.ClientID,
ClientSecret: c.ClientSecret,
Scopes: []string{"user:email"},
Endpoint: github.Endpoint,
}
}
}
return nil
}
// GetUser returns github primary email

View File

@ -44,14 +44,18 @@ func (p GoogleProvider) Icon() string {
}
func (p GoogleProvider) Config(conf *BouquinsConf) *oauth2.Config {
// FIXME client ID and secret in conf file
for _, c := range conf.ProvidersConf {
if c.Name == p.Name() {
return &oauth2.Config{
ClientID: "51149464161-8mu7ohfujn655p0qas5uj1echn36m9uu.apps.googleusercontent.com",
ClientSecret: "5IWFxm_9NoWb5hfGt6Wj1oSV",
ClientID: c.ClientID,
ClientSecret: c.ClientSecret,
Scopes: []string{"https://www.googleapis.com/auth/userinfo.email"},
Endpoint: google.Endpoint,
RedirectURL: "http://localhost:9000" + URLCallback, // FIXME
RedirectURL: conf.ExternalUrl + URLCallback,
}
}
}
return nil
}
// GetUser returns github primary email

View File

@ -66,7 +66,7 @@ func initApp() *bouquins.BouquinsConf {
oauthConf[provider.Name()] = provider.Config(conf)
}
// FIXME constructor, conf cookies secret
app := &bouquins.Bouquins{Tpl: tpl, DB: db, OAuthConf: oauthConf, Cookies: sessions.NewCookieStore([]byte("flQ6QzM/c3Jtdl9ycDx6OXRIfFgK"))}
app := &bouquins.Bouquins{Tpl: tpl, DB: db, OAuthConf: oauthConf, Cookies: sessions.NewCookieStore([]byte(conf.CookieSecret))}
err = app.PrepareAll()
if err != nil {
log.Fatalln(err)