auth

Paddy 2015-06-29 Parent:9e3ceddf29ad Child:0a2c3d677161

175:aa14e29b666f Go to Latest

auth/authd/server.go

Create Docker image for authd. Create a Dockerfile for authd, which will wrap the compiled Go binary up into a tiny little Docker image. Create an authd/build-docker.sh script that will build the statically-linked binary in a Docker container, so the authd Docker image can use it. We had to include ca-certificates.crt in the Dockerfile, as well, so we could communicate over SSL with things. A wrapper.sh file is included that will pull the JWT_SECRET environment variable out of a kubernetes secrets file, which is a handy wrapper to have. Finally, we added the authd/docker-authd binary to the .hgignore.

Download raw file
View source Diff to previous Annotate
History
paddy@100 1 package main
paddy@100 2
paddy@100 3 import (
paddy@174 4 "encoding/base64"
paddy@100 5 "html/template"
paddy@100 6 "log"
paddy@100 7 "net/http"
paddy@157 8 "os"
paddy@100 9
paddy@107 10 "code.secondbit.org/auth.hg"
paddy@100 11 "github.com/gorilla/mux"
paddy@100 12 )
paddy@100 13
paddy@100 14 func main() {
paddy@151 15 log.SetFlags(log.LstdFlags | log.Llongfile)
paddy@170 16 log.Printf("Running version '%s'\n", auth.Version)
paddy@157 17 var config auth.Config
paddy@174 18 var jwtSecret string
paddy@174 19 var err error
paddy@174 20 if os.Getenv("JWT_SECRET") == "" {
paddy@174 21 log.Fatal("JWT_SECRET must be set.")
paddy@174 22 } else {
paddy@174 23 jwtSecret = os.Getenv("JWT_SECRET")
paddy@174 24 }
paddy@174 25 if os.Getenv("JWT_SECRET_IS_BASE64_ENCODED") == "true" {
paddy@174 26 config.JWTPrivateKey, err = base64.StdEncoding.DecodeString(jwtSecret)
paddy@174 27 if err != nil {
paddy@174 28 panic(err)
paddy@174 29 }
paddy@174 30 } else {
paddy@174 31 config.JWTPrivateKey = []byte(jwtSecret)
paddy@174 32 }
paddy@157 33 if os.Getenv("AUTH_PG_DB") != "" {
paddy@157 34 p, err := auth.NewPostgres(os.Getenv("AUTH_PG_DB"))
paddy@157 35 if err != nil {
paddy@157 36 panic(err)
paddy@157 37 }
paddy@157 38 config.ClientStore = &p
paddy@157 39 config.AuthCodeStore = &p
paddy@157 40 config.ProfileStore = &p
paddy@157 41 config.TokenStore = &p
paddy@157 42 config.SessionStore = &p
paddy@157 43 config.ScopeStore = &p
paddy@157 44 } else {
paddy@157 45 store := auth.NewMemstore()
paddy@157 46 config.ClientStore = store
paddy@157 47 config.AuthCodeStore = store
paddy@157 48 config.ProfileStore = store
paddy@157 49 config.TokenStore = store
paddy@157 50 config.SessionStore = store
paddy@157 51 config.ScopeStore = store
paddy@149 52 }
paddy@157 53 config.Template = template.Must(template.New("base").ParseGlob("./templates/*.gotmpl"))
paddy@157 54 config.LoginURI = "/login"
paddy@170 55 if os.Getenv("AUTH_NSQD_ADDR") != "" {
paddy@170 56 n, err := auth.NewNSQNotifier(os.Getenv("AUTH_NSQD_ADDR"))
paddy@170 57 if err != nil {
paddy@170 58 log.Fatal(err)
paddy@170 59 }
paddy@170 60 config.LoginVerificationNotifier = n
paddy@170 61 } else {
paddy@170 62 config.LoginVerificationNotifier = auth.NewStdoutNotifier()
paddy@170 63 }
paddy@174 64 err = config.Init()
paddy@106 65 if err != nil {
paddy@106 66 log.Fatal(err)
paddy@106 67 }
paddy@100 68 context, err := auth.NewContext(config)
paddy@100 69 if err != nil {
paddy@100 70 panic(err)
paddy@100 71 }
paddy@149 72 err = context.CreateScopes([]auth.Scope{
paddy@173 73 auth.ScopeLoginAdmin,
paddy@174 74 {ID: "subscriptions", Name: "Manage subscriptions", Description: "Create, view, edit, and cancel your subscriptions."},
paddy@149 75 })
paddy@157 76 if err != nil && err != auth.ErrScopeAlreadyExists {
paddy@157 77 log.Fatal(err)
paddy@152 78 }
paddy@100 79
paddy@100 80 router := mux.NewRouter()
paddy@100 81 auth.RegisterOAuth2(router, context)
paddy@100 82 auth.RegisterSessionHandlers(router, context)
paddy@106 83 auth.RegisterProfileHandlers(router, context)
paddy@108 84 auth.RegisterClientHandlers(router, context)
paddy@100 85 http.Handle("/", router)
paddy@174 86 log.Println("Listening on port 9000")
paddy@174 87 log.Fatal(http.ListenAndServe("0.0.0.0:9000", nil))
paddy@100 88 }