refactor into cmd/pkg

10 files changed, 115 insertions, 56 deletions

diff --git a/.gitignore b/.gitignore
index f352413..2f043b4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,6 @@
-vpnweb
 deploy/*
 .mypy_cache
 *.swp
 *.swo
+vpnweb
+public/*
diff --git a/Makefile b/Makefile
index d34d541..50e53ab 100644
--- a/Makefile
+++ b/Makefile
@@ -1,5 +1,5 @@
 build:
-	go build
+	go build cmd/vpnweb/vpnweb.go
 demo:
 	. config/CONFIG && ./vpnweb -notls
 clean:
diff --git a/cmd/vpnweb/vpnweb.go b/cmd/vpnweb/vpnweb.go
new file mode 100644
index 0000000..86fc38c
--- /dev/null
+++ b/cmd/vpnweb/vpnweb.go
@@ -0,0 +1,50 @@
+package main
+
+import (
+	"log"
+	"net/http"
+
+	//"0xacab.org/leap/pkg/auth"
+	"0xacab.org/leap/vpnweb/pkg/config"
+	"0xacab.org/leap/vpnweb/pkg/web"
+)
+
+func main() {
+	opts := new(config.Opts)
+	config.InitializeFlags(opts)
+	config.CheckConfigurationOptions(opts)
+
+	ci := web.NewCaInfo(opts.CaCrt, opts.CaKey)
+	ch := web.CertHandler{ci}
+
+	/* protected routes */
+
+	/* TODO ----
+	http.HandleFunc("/3/auth", auth.AuthMiddleware(opts.Auth))
+	http.HandleFunc("/3/refresh-token", auth.RefreshAuthMiddleware(opts.Auth))
+	http.HandleFunc("/3/cert", jwtMiddleware.Handler(ch.certResponder))
+	*/
+
+	http.HandleFunc("/3/cert", ch.CertResponder)
+
+	/* static files */
+
+	/* TODO -- pass static file path in options */
+
+	web.HttpFileHandler("/3/configs.json", "./public/3/configs.json")
+	web.HttpFileHandler("/3/service.json", "./public/3/service.json")
+	web.HttpFileHandler("/3/config/eip-service.json", "./public/3/eip-service.json")
+	web.HttpFileHandler("/3/ca.crt", "./public/ca.crt")
+	web.HttpFileHandler("/provider.json", "./public/provider.json")
+	web.HttpFileHandler("/ca.crt", "./public/ca.crt")
+
+	pstr := ":" + opts.Port
+	log.Println("Listening in port", opts.Port)
+
+	if opts.Notls == true {
+		log.Fatal(http.ListenAndServe(pstr, nil))
+	} else {
+		log.Fatal(http.ListenAndServeTLS(pstr, opts.TlsCrt, opts.TlsKey, nil))
+
+	}
+}
diff --git a/config/CONFIG b/config/CONFIG
index d21bd09..04b4496 100755
--- a/config/CONFIG
+++ b/config/CONFIG
@@ -1,4 +1,4 @@
 export VPNWEB_AUTH=sip
 export VPNWEB_CAKEY=test/files/ca.key
 export VPNWEB_CACRT=test/files/ca.crt
-export VPNWEB_PORT=3000
+export VPNWEB_PORT=8000
diff --git a/go.mod b/go.mod
index cb75645..11be102 100644
--- a/go.mod
+++ b/go.mod
@@ -1,3 +1,12 @@
 module 0xacab.org/leap/vpnweb
 
 go 1.12
+
+require (
+	github.com/auth0/go-jwt-middleware v0.0.0-20190805220309-36081240882b
+	github.com/codegangsta/inject v0.0.0-20150114235600-33e0aa1cb7c0 // indirect
+	github.com/dgrijalva/jwt-go v3.2.0+incompatible
+	github.com/go-martini/martini v0.0.0-20170121215854-22fa46961aab // indirect
+	github.com/gorilla/mux v1.7.3 // indirect
+	github.com/urfave/negroni v1.0.0 // indirect
+)
diff --git a/go.sum b/go.sum
new file mode 100644
index 0000000..7211e92
--- /dev/null
+++ b/go.sum
@@ -0,0 +1,12 @@
+github.com/auth0/go-jwt-middleware v0.0.0-20190805220309-36081240882b h1:CvoEHGmxWl5kONC5icxwqV899dkf4VjOScbxLpllEnw=
+github.com/auth0/go-jwt-middleware v0.0.0-20190805220309-36081240882b/go.mod h1:LWMyo4iOLWXHGdBki7NIht1kHru/0wM179h+d3g8ATM=
+github.com/codegangsta/inject v0.0.0-20150114235600-33e0aa1cb7c0 h1:sDMmm+q/3+BukdIpxwO365v/Rbspp2Nt5XntgQRXq8Q=
+github.com/codegangsta/inject v0.0.0-20150114235600-33e0aa1cb7c0/go.mod h1:4Zcjuz89kmFXt9morQgcfYZAYZ5n8WHjt81YYWIwtTM=
+github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM=
+github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
+github.com/go-martini/martini v0.0.0-20170121215854-22fa46961aab h1:xveKWz2iaueeTaUgdetzel+U7exyigDYBryyVfV/rZk=
+github.com/go-martini/martini v0.0.0-20170121215854-22fa46961aab/go.mod h1:/P9AEU963A2AYjv4d1V5eVL1CQbEJq6aCNHDDjibzu8=
+github.com/gorilla/mux v1.7.3 h1:gnP5JzjVOuiZD07fKKToCAOjS0yOpj/qPETTXCCS6hw=
+github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
+github.com/urfave/negroni v1.0.0 h1:kIimOitoypq34K7TG7DUaJ9kq/N4Ofuwi1sjz0KipXc=
+github.com/urfave/negroni v1.0.0/go.mod h1:Meg73S6kFm/4PpbYdq35yYWoCZ9mS/YSx+lKnmiohz4=
diff --git a/pkg/auth/middleware.go b/pkg/auth/middleware.go
new file mode 100644
index 0000000..a3a955c
--- /dev/null
+++ b/pkg/auth/middleware.go
@@ -0,0 +1,12 @@
+package auth
+
+import ()
+
+import (
+	"github.com/auth0/go-jwt-middleware"
+	jwt "github.com/dgrijalva/jwt-go"
+)
+
+func getProtectedHandler() {
+	jwtMiddleware.Handler(CertHandler)
+}
diff --git a/main.go b/pkg/config/main.go
index 3259d1f..142738d 100644
--- a/main.go
+++ b/pkg/config/main.go
@@ -1,25 +1,14 @@
-package main
+package config
 
 import (
 	"flag"
 	"log"
-	"net/http"
 	"os"
 	"reflect"
 )
 
-const keySize = 2048
-const expiryDays = 28
 const DefaultAuthenticationModule = "anonymous"
 
-type certHandler struct {
-	cainfo caInfo
-}
-
-func (ch *certHandler) certResponder(w http.ResponseWriter, r *http.Request) {
-	ch.cainfo.CertWriter(w)
-}
-
 type Opts struct {
 	Notls  bool
 	CaCrt  string
@@ -62,14 +51,7 @@ func doTlsFilesSanityCheck(tlsCrt string, tlsKey string) {
 	}
 }
 
-func httpFileHandler(route string, path string) {
-	http.HandleFunc(route, func(w http.ResponseWriter, r *http.Request) {
-		http.ServeFile(w, r, path)
-	})
-}
-
-func initializeFlags(opts *Opts) {
-
+func InitializeFlags(opts *Opts) {
 	flag.BoolVar(&opts.Notls, "notls", false, "disable TLS on the service")
 	flag.StringVar(&opts.CaCrt, "caCrt", "", "path to the CA public key")
 	flag.StringVar(&opts.CaKey, "caKey", "", "path to the CA private key")
@@ -87,8 +69,7 @@ func initializeFlags(opts *Opts) {
 	opts.fallbackToEnv("Auth", "VPNWEB_AUTH", DefaultAuthenticationModule)
 }
 
-func checkConfigurationOptions(opts *Opts) {
-
+func CheckConfigurationOptions(opts *Opts) {
 	if opts.CaCrt == "" {
 		log.Fatal("missing caCrt parameter")
 	}
@@ -110,35 +91,7 @@ func checkConfigurationOptions(opts *Opts) {
 		doTlsFilesSanityCheck(opts.TlsCrt, opts.TlsKey)
 	}
 
-	log.Println("authentication module:", opts.Auth)
+	log.Println("Authentication module:", opts.Auth)
 
 	// TODO -- check authentication module is valud, bail out otherwise
 }
-
-func main() {
-	opts := new(Opts)
-	initializeFlags(opts)
-	checkConfigurationOptions(opts)
-
-	ci := newCaInfo(opts.CaCrt, opts.CaKey)
-	ch := certHandler{ci}
-
-	// add routes here
-	http.HandleFunc("/3/cert", ch.certResponder)
-	httpFileHandler("/3/configs.json", "./public/3/configs.json")
-	httpFileHandler("/3/service.json", "./public/3/service.json")
-	httpFileHandler("/3/config/eip-service.json", "./public/3/eip-service.json")
-	httpFileHandler("/provider.json", "./public/provider.json")
-	httpFileHandler("/ca.crt", "./public/ca.crt")
-	httpFileHandler("/3/ca.crt", "./public/ca.crt")
-
-	pstr := ":" + opts.Port
-	log.Println("serving vpnweb in port", opts.Port)
-
-	if opts.Notls == true {
-		log.Fatal(http.ListenAndServe(pstr, nil))
-	} else {
-		log.Fatal(http.ListenAndServeTLS(pstr, opts.TlsCrt, opts.TlsKey, nil))
-
-	}
-}
diff --git a/certs.go b/pkg/web/certs.go
index 1138ff1..8c5d423 100644
--- a/certs.go
+++ b/pkg/web/certs.go
@@ -1,4 +1,4 @@
-package main
+package web
 
 import (
 	"crypto/rand"
@@ -13,6 +13,8 @@ import (
 	"time"
 )
 
+const keySize = 2048
+const expiryDays = 28
 const certPrefix = "UNLIMITED"
 
 var letterRunes = []rune("abcdefghijklmnopqrstuvwxyz")
@@ -29,11 +31,12 @@ type caInfo struct {
 	cacrt, cakey string
 }
 
-func newCaInfo(cacrt string, cakey string) caInfo {
+func NewCaInfo(cacrt string, cakey string) caInfo {
 	return caInfo{cacrt, cakey}
 }
 
 // CertWriter main handler
+
 func (ci *caInfo) CertWriter(out io.Writer) {
 	catls, err := tls.LoadX509KeyPair(ci.cacrt, ci.cakey)
 
diff --git a/pkg/web/handlers.go b/pkg/web/handlers.go
new file mode 100644
index 0000000..c4f2e9a
--- /dev/null
+++ b/pkg/web/handlers.go
@@ -0,0 +1,19 @@
+package web
+
+import (
+	"net/http"
+)
+
+type CertHandler struct {
+	Cainfo caInfo
+}
+
+func (ch *CertHandler) CertResponder(w http.ResponseWriter, r *http.Request) {
+	ch.Cainfo.CertWriter(w)
+}
+
+func HttpFileHandler(route string, path string) {
+	http.HandleFunc(route, func(w http.ResponseWriter, r *http.Request) {
+		http.ServeFile(w, r, path)
+	})
+}