CSEC_PUBLIC/catalyst
1
0
Fork 0
mirror of https://github.com/SecurityBrewery/catalyst.git synced 2025-12-06 15:22:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add auth url (#466)

Browse Source 
* Add auth url

Co-authored-by: Jonas Plum <git@jonasplum.de>
This commit is contained in:
Jonas Plum
2022-10-01 03:05:07 +02:00
committed by GitHub
parent 5b5bba30ca
commit a50133f6fd
2 changed files with 19 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
auth/auth.go
View File

@@ -31,6 +31,7 @@ type Config struct {
OIDCAuthEnable bool OIDCAuthEnable bool
OIDCIssuer string OIDCIssuer string
AuthURL string
OAuth2 *oauth2.Config OAuth2 *oauth2.Config
UserCreateConfig *UserCreateConfig UserCreateConfig *UserCreateConfig
@@ -64,6 +65,9 @@ func (c *Config) Load(ctx context.Context) error {
if err == nil { if err == nil {
c.provider = provider c.provider = provider
c.OAuth2.Endpoint = provider.Endpoint() c.OAuth2.Endpoint = provider.Endpoint()
if c.AuthURL != "" {
c.OAuth2.Endpoint.AuthURL = c.AuthURL
}
break break
} }

17
cmd/cmd.go
View File

@@ -1,6 +1,8 @@
package cmd package cmd
import ( import (
"errors"
"github.com/alecthomas/kong" "github.com/alecthomas/kong"
kongyaml "github.com/alecthomas/kong-yaml" kongyaml "github.com/alecthomas/kong-yaml"
"github.com/coreos/go-oidc/v3/oidc" "github.com/coreos/go-oidc/v3/oidc"
@@ -30,9 +32,10 @@ type CLI struct {
APIKeyAuthEnable bool `env:"API_KEY_AUTH_ENABLE" default:"true"` APIKeyAuthEnable bool `env:"API_KEY_AUTH_ENABLE" default:"true"`
OIDCEnable bool `env:"OIDC_ENABLE" default:"true"` OIDCEnable bool `env:"OIDC_ENABLE" default:"true"`
OIDCIssuer string `env:"OIDC_ISSUER" required:""` OIDCIssuer string `env:"OIDC_ISSUER"`
AuthURL string `env:"OIDC_AUTH_URL"`
OIDCClientID string `env:"OIDC_CLIENT_ID" default:"catalyst"` OIDCClientID string `env:"OIDC_CLIENT_ID" default:"catalyst"`
OIDCClientSecret string `env:"OIDC_CLIENT_SECRET" required:""` OIDCClientSecret string `env:"OIDC_CLIENT_SECRET"`
OIDCScopes []string `env:"OIDC_SCOPES" help:"Additional scopes, ['oidc', 'profile', 'email'] are always added." placeholder:"customscopes"` OIDCScopes []string `env:"OIDC_SCOPES" help:"Additional scopes, ['oidc', 'profile', 'email'] are always added." placeholder:"customscopes"`
OIDCClaimUsername string `env:"OIDC_CLAIM_USERNAME" default:"preferred_username" help:"username field in the OIDC claim"` OIDCClaimUsername string `env:"OIDC_CLAIM_USERNAME" default:"preferred_username" help:"username field in the OIDC claim"`
OIDCClaimEmail string `env:"OIDC_CLAIM_EMAIL" default:"email" help:"email field in the OIDC claim"` OIDCClaimEmail string `env:"OIDC_CLAIM_EMAIL" default:"email" help:"email field in the OIDC claim"`
@@ -57,6 +60,15 @@ func ParseCatalystConfig() (*catalyst.Config, error) {
kong.Configuration(kongyaml.Loader, "/etc/catalyst.yaml", ".catalyst.yaml"), kong.Configuration(kongyaml.Loader, "/etc/catalyst.yaml", ".catalyst.yaml"),
) )
if cli.OIDCEnable {
if cli.OIDCIssuer == "" {
return nil, errors.New("OIDC issuer not set")
}
if cli.OIDCClientSecret == "" {
return nil, errors.New("OIDC client secret is required")
}
}
return MapConfig(cli) return MapConfig(cli)
} }
@@ -84,6 +96,7 @@ func MapConfig(cli CLI) (*catalyst.Config, error) {
APIKeyAuthEnable: cli.APIKeyAuthEnable, APIKeyAuthEnable: cli.APIKeyAuthEnable,
OIDCAuthEnable: cli.OIDCEnable, OIDCAuthEnable: cli.OIDCEnable,
OIDCIssuer: cli.OIDCIssuer, OIDCIssuer: cli.OIDCIssuer,
AuthURL: cli.AuthURL,
OAuth2: &oauth2.Config{ OAuth2: &oauth2.Config{
ClientID: cli.OIDCClientID, ClientID: cli.OIDCClientID,
ClientSecret: cli.OIDCClientSecret, ClientSecret: cli.OIDCClientSecret,