diff options
author | kali kaneko (leap communications) <kali@leap.se> | 2020-01-24 21:19:19 -0600 |
---|---|---|
committer | kali kaneko (leap communications) <kali@leap.se> | 2020-01-24 21:20:50 -0600 |
commit | d437b73a8c2dda9884c92d2be44727e66c2289e2 (patch) | |
tree | b9936d4e12a14b76d88ba1464a765e5b05ca6159 | |
parent | 12f0aca04bb613cae64d3c438042b85474abb411 (diff) |
refactor into cmd/pkg
-rw-r--r-- | .gitignore | 3 | ||||
-rw-r--r-- | Makefile | 2 | ||||
-rw-r--r-- | cmd/vpnweb/vpnweb.go | 50 | ||||
-rwxr-xr-x | config/CONFIG | 2 | ||||
-rw-r--r-- | go.mod | 9 | ||||
-rw-r--r-- | go.sum | 12 | ||||
-rw-r--r-- | pkg/auth/middleware.go | 12 | ||||
-rw-r--r-- | pkg/config/main.go (renamed from main.go) | 55 | ||||
-rw-r--r-- | pkg/web/certs.go (renamed from certs.go) | 7 | ||||
-rw-r--r-- | pkg/web/handlers.go | 19 |
10 files changed, 115 insertions, 56 deletions
@@ -1,5 +1,6 @@ -vpnweb deploy/* .mypy_cache *.swp *.swo +vpnweb +public/* @@ -1,5 +1,5 @@ build: - go build + go build cmd/vpnweb/vpnweb.go demo: . config/CONFIG && ./vpnweb -notls clean: diff --git a/cmd/vpnweb/vpnweb.go b/cmd/vpnweb/vpnweb.go new file mode 100644 index 0000000..86fc38c --- /dev/null +++ b/cmd/vpnweb/vpnweb.go @@ -0,0 +1,50 @@ +package main + +import ( + "log" + "net/http" + + //"0xacab.org/leap/pkg/auth" + "0xacab.org/leap/vpnweb/pkg/config" + "0xacab.org/leap/vpnweb/pkg/web" +) + +func main() { + opts := new(config.Opts) + config.InitializeFlags(opts) + config.CheckConfigurationOptions(opts) + + ci := web.NewCaInfo(opts.CaCrt, opts.CaKey) + ch := web.CertHandler{ci} + + /* protected routes */ + + /* TODO ---- + http.HandleFunc("/3/auth", auth.AuthMiddleware(opts.Auth)) + http.HandleFunc("/3/refresh-token", auth.RefreshAuthMiddleware(opts.Auth)) + http.HandleFunc("/3/cert", jwtMiddleware.Handler(ch.certResponder)) + */ + + http.HandleFunc("/3/cert", ch.CertResponder) + + /* static files */ + + /* TODO -- pass static file path in options */ + + web.HttpFileHandler("/3/configs.json", "./public/3/configs.json") + web.HttpFileHandler("/3/service.json", "./public/3/service.json") + web.HttpFileHandler("/3/config/eip-service.json", "./public/3/eip-service.json") + web.HttpFileHandler("/3/ca.crt", "./public/ca.crt") + web.HttpFileHandler("/provider.json", "./public/provider.json") + web.HttpFileHandler("/ca.crt", "./public/ca.crt") + + pstr := ":" + opts.Port + log.Println("Listening in port", opts.Port) + + if opts.Notls == true { + log.Fatal(http.ListenAndServe(pstr, nil)) + } else { + log.Fatal(http.ListenAndServeTLS(pstr, opts.TlsCrt, opts.TlsKey, nil)) + + } +} diff --git a/config/CONFIG b/config/CONFIG index d21bd09..04b4496 100755 --- a/config/CONFIG +++ b/config/CONFIG @@ -1,4 +1,4 @@ export VPNWEB_AUTH=sip export VPNWEB_CAKEY=test/files/ca.key export VPNWEB_CACRT=test/files/ca.crt -export VPNWEB_PORT=3000 +export VPNWEB_PORT=8000 @@ -1,3 +1,12 @@ module 0xacab.org/leap/vpnweb go 1.12 + +require ( + github.com/auth0/go-jwt-middleware v0.0.0-20190805220309-36081240882b + github.com/codegangsta/inject v0.0.0-20150114235600-33e0aa1cb7c0 // indirect + github.com/dgrijalva/jwt-go v3.2.0+incompatible + github.com/go-martini/martini v0.0.0-20170121215854-22fa46961aab // indirect + github.com/gorilla/mux v1.7.3 // indirect + github.com/urfave/negroni v1.0.0 // indirect +) @@ -0,0 +1,12 @@ +github.com/auth0/go-jwt-middleware v0.0.0-20190805220309-36081240882b h1:CvoEHGmxWl5kONC5icxwqV899dkf4VjOScbxLpllEnw= +github.com/auth0/go-jwt-middleware v0.0.0-20190805220309-36081240882b/go.mod h1:LWMyo4iOLWXHGdBki7NIht1kHru/0wM179h+d3g8ATM= +github.com/codegangsta/inject v0.0.0-20150114235600-33e0aa1cb7c0 h1:sDMmm+q/3+BukdIpxwO365v/Rbspp2Nt5XntgQRXq8Q= +github.com/codegangsta/inject v0.0.0-20150114235600-33e0aa1cb7c0/go.mod h1:4Zcjuz89kmFXt9morQgcfYZAYZ5n8WHjt81YYWIwtTM= +github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM= +github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= +github.com/go-martini/martini v0.0.0-20170121215854-22fa46961aab h1:xveKWz2iaueeTaUgdetzel+U7exyigDYBryyVfV/rZk= +github.com/go-martini/martini v0.0.0-20170121215854-22fa46961aab/go.mod h1:/P9AEU963A2AYjv4d1V5eVL1CQbEJq6aCNHDDjibzu8= +github.com/gorilla/mux v1.7.3 h1:gnP5JzjVOuiZD07fKKToCAOjS0yOpj/qPETTXCCS6hw= +github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= +github.com/urfave/negroni v1.0.0 h1:kIimOitoypq34K7TG7DUaJ9kq/N4Ofuwi1sjz0KipXc= +github.com/urfave/negroni v1.0.0/go.mod h1:Meg73S6kFm/4PpbYdq35yYWoCZ9mS/YSx+lKnmiohz4= diff --git a/pkg/auth/middleware.go b/pkg/auth/middleware.go new file mode 100644 index 0000000..a3a955c --- /dev/null +++ b/pkg/auth/middleware.go @@ -0,0 +1,12 @@ +package auth + +import () + +import ( + "github.com/auth0/go-jwt-middleware" + jwt "github.com/dgrijalva/jwt-go" +) + +func getProtectedHandler() { + jwtMiddleware.Handler(CertHandler) +} diff --git a/main.go b/pkg/config/main.go index 3259d1f..142738d 100644 --- a/main.go +++ b/pkg/config/main.go @@ -1,25 +1,14 @@ -package main +package config import ( "flag" "log" - "net/http" "os" "reflect" ) -const keySize = 2048 -const expiryDays = 28 const DefaultAuthenticationModule = "anonymous" -type certHandler struct { - cainfo caInfo -} - -func (ch *certHandler) certResponder(w http.ResponseWriter, r *http.Request) { - ch.cainfo.CertWriter(w) -} - type Opts struct { Notls bool CaCrt string @@ -62,14 +51,7 @@ func doTlsFilesSanityCheck(tlsCrt string, tlsKey string) { } } -func httpFileHandler(route string, path string) { - http.HandleFunc(route, func(w http.ResponseWriter, r *http.Request) { - http.ServeFile(w, r, path) - }) -} - -func initializeFlags(opts *Opts) { - +func InitializeFlags(opts *Opts) { flag.BoolVar(&opts.Notls, "notls", false, "disable TLS on the service") flag.StringVar(&opts.CaCrt, "caCrt", "", "path to the CA public key") flag.StringVar(&opts.CaKey, "caKey", "", "path to the CA private key") @@ -87,8 +69,7 @@ func initializeFlags(opts *Opts) { opts.fallbackToEnv("Auth", "VPNWEB_AUTH", DefaultAuthenticationModule) } -func checkConfigurationOptions(opts *Opts) { - +func CheckConfigurationOptions(opts *Opts) { if opts.CaCrt == "" { log.Fatal("missing caCrt parameter") } @@ -110,35 +91,7 @@ func checkConfigurationOptions(opts *Opts) { doTlsFilesSanityCheck(opts.TlsCrt, opts.TlsKey) } - log.Println("authentication module:", opts.Auth) + log.Println("Authentication module:", opts.Auth) // TODO -- check authentication module is valud, bail out otherwise } - -func main() { - opts := new(Opts) - initializeFlags(opts) - checkConfigurationOptions(opts) - - ci := newCaInfo(opts.CaCrt, opts.CaKey) - ch := certHandler{ci} - - // add routes here - http.HandleFunc("/3/cert", ch.certResponder) - httpFileHandler("/3/configs.json", "./public/3/configs.json") - httpFileHandler("/3/service.json", "./public/3/service.json") - httpFileHandler("/3/config/eip-service.json", "./public/3/eip-service.json") - httpFileHandler("/provider.json", "./public/provider.json") - httpFileHandler("/ca.crt", "./public/ca.crt") - httpFileHandler("/3/ca.crt", "./public/ca.crt") - - pstr := ":" + opts.Port - log.Println("serving vpnweb in port", opts.Port) - - if opts.Notls == true { - log.Fatal(http.ListenAndServe(pstr, nil)) - } else { - log.Fatal(http.ListenAndServeTLS(pstr, opts.TlsCrt, opts.TlsKey, nil)) - - } -} diff --git a/certs.go b/pkg/web/certs.go index 1138ff1..8c5d423 100644 --- a/certs.go +++ b/pkg/web/certs.go @@ -1,4 +1,4 @@ -package main +package web import ( "crypto/rand" @@ -13,6 +13,8 @@ import ( "time" ) +const keySize = 2048 +const expiryDays = 28 const certPrefix = "UNLIMITED" var letterRunes = []rune("abcdefghijklmnopqrstuvwxyz") @@ -29,11 +31,12 @@ type caInfo struct { cacrt, cakey string } -func newCaInfo(cacrt string, cakey string) caInfo { +func NewCaInfo(cacrt string, cakey string) caInfo { return caInfo{cacrt, cakey} } // CertWriter main handler + func (ci *caInfo) CertWriter(out io.Writer) { catls, err := tls.LoadX509KeyPair(ci.cacrt, ci.cakey) diff --git a/pkg/web/handlers.go b/pkg/web/handlers.go new file mode 100644 index 0000000..c4f2e9a --- /dev/null +++ b/pkg/web/handlers.go @@ -0,0 +1,19 @@ +package web + +import ( + "net/http" +) + +type CertHandler struct { + Cainfo caInfo +} + +func (ch *CertHandler) CertResponder(w http.ResponseWriter, r *http.Request) { + ch.Cainfo.CertWriter(w) +} + +func HttpFileHandler(route string, path string) { + http.HandleFunc(route, func(w http.ResponseWriter, r *http.Request) { + http.ServeFile(w, r, path) + }) +} |