amigan/stillbox
1
0
Fork 0
Code Issues 16 Pull requests Projects Releases Packages Wiki Activity Actions

config

Browse source
This commit is contained in:
Daniel 2024-08-04 08:55:12 -04:00
parent aff226940f
commit 8742029109
5 changed files with 32 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
config.yaml.sample
View file

@ -1,6 +1,12 @@
db: db:
driver: pgx driver: pgx
connect: 'postgres://postgres:password@localhost:5432/example' connect: 'postgres://postgres:password@localhost:5432/example'
jwtsecret: 'super secret string' auth:
jwtsecret: 'super secret string'
# this is the JWT cookie domain
domain: example.com
# this allows the JWT cookie to be served over plain HTTP only for these Host: header values
allowInsecureFor:
"localhost:3050": true
listen: ':3050' listen: ':3050'
public: true public: true

10
pkg/gordio/auth/auth.go
View file

@ -4,6 +4,7 @@ import (
"errors" "errors"
"net/http" "net/http"
"dynatron.me/x/stillbox/pkg/gordio/config"
"github.com/go-chi/jwtauth/v5" "github.com/go-chi/jwtauth/v5"
) )
@ -28,13 +29,14 @@ type Authenticator interface {
type authenticator struct { type authenticator struct {
domain string domain string
jwt *jwtauth.JWTAuth jwt *jwtauth.JWTAuth
cfg *config.Auth
} }
// NewAuthenticator creates a new Authenticator with the provided JWT secret and cookie domain. // NewAuthenticator creates a new Authenticator with the provided config.
func NewAuthenticator(jwtSecret string, domain string) Authenticator { func NewAuthenticator(cfg *config.Auth) Authenticator {
return &authenticator{ return &authenticator{
domain: domain, domain: cfg.Domain,
jwt: jwtauth.New("HS256", []byte(jwtSecret), nil), jwt: jwtauth.New("HS256", []byte(cfg.JWTSecret), nil),
} }
} }

8
pkg/gordio/auth/jwt.go
View file

@ -3,7 +3,6 @@ package auth
import ( import (
"context" "context"
"net/http" "net/http"
"strings"
"time" "time"
"golang.org/x/crypto/bcrypt" "golang.org/x/crypto/bcrypt"
@ -94,6 +93,11 @@ func (a *authenticator) PublicRoutes(r chi.Router) {
r.Post("/login", a.routeAuth) r.Post("/login", a.routeAuth)
} }
func (a *authenticator) allowInsecureCookie(r *http.Request) bool {
v, has := a.cfg.AllowInsecure[r.Host]
return has && v == true
}
func (a *authenticator) routeAuth(w http.ResponseWriter, r *http.Request) { func (a *authenticator) routeAuth(w http.ResponseWriter, r *http.Request) {
err := r.ParseForm() err := r.ParseForm()
if err != nil { if err != nil {
@ -115,7 +119,7 @@ func (a *authenticator) routeAuth(w http.ResponseWriter, r *http.Request) {
Name: "jwt", Name: "jwt",
Value: tok, Value: tok,
HttpOnly: true, HttpOnly: true,
Secure: !strings.HasPrefix(r.Host, "localhost:"), Secure: a.allowInsecureCookie(r),
Domain: a.domain, Domain: a.domain,
}) })

18
pkg/gordio/config/config.go
View file

@ -1,22 +1,28 @@
package config package config
import ( import (
"os"
"github.com/rs/zerolog/log" "github.com/rs/zerolog/log"
"github.com/spf13/cobra" "github.com/spf13/cobra"
"gopkg.in/yaml.v3" "gopkg.in/yaml.v3"
"os"
) )
type Config struct { type Config struct {
DB DB `yaml:"db"` DB DB `yaml:"db"`
JWTSecret string `yaml:"jwtsecret"` Auth Auth `yaml:"auth"`
Listen string `yaml:"listen"` Listen string `yaml:"listen"`
Public bool `yaml:"public"` Public bool `yaml:"public"`
Domain string `yaml:"domain"`
configPath string configPath string
} }
type Auth struct {
JWTSecret string `yaml:"jwtsecret"`
Domain string `yaml:"domain"`
AllowInsecure map[string]bool `yaml:"allowInsecureFor"`
}
type DB struct { type DB struct {
Connect string `yaml:"connect"` Connect string `yaml:"connect"`
Driver string `yaml:"driver"` Driver string `yaml:"driver"`

2
pkg/gordio/server/server.go
View file

@ -30,7 +30,7 @@ func New(cfg *config.Config) (*Server, error) {
} }
r := chi.NewRouter() r := chi.NewRouter()
authenticator := auth.NewAuthenticator(cfg.JWTSecret, cfg.Domain) authenticator := auth.NewAuthenticator(&cfg.Auth)
srv := &Server{ srv := &Server{
auth: authenticator, auth: authenticator,
conf: cfg, conf: cfg,