summaryrefslogtreecommitdiff
path: root/pkg/config/main.go
diff options
context:
space:
mode:
authorkali kaneko (leap communications) <kali@leap.se>2020-01-24 21:19:19 -0600
committerkali kaneko (leap communications) <kali@leap.se>2020-01-24 21:20:50 -0600
commitd437b73a8c2dda9884c92d2be44727e66c2289e2 (patch)
treeb9936d4e12a14b76d88ba1464a765e5b05ca6159 /pkg/config/main.go
parent12f0aca04bb613cae64d3c438042b85474abb411 (diff)
refactor into cmd/pkg
Diffstat (limited to 'pkg/config/main.go')
-rw-r--r--pkg/config/main.go97
1 files changed, 97 insertions, 0 deletions
diff --git a/pkg/config/main.go b/pkg/config/main.go
new file mode 100644
index 0000000..142738d
--- /dev/null
+++ b/pkg/config/main.go
@@ -0,0 +1,97 @@
+package config
+
+import (
+ "flag"
+ "log"
+ "os"
+ "reflect"
+)
+
+const DefaultAuthenticationModule = "anonymous"
+
+type Opts struct {
+ Notls bool
+ CaCrt string
+ CaKey string
+ TlsCrt string
+ TlsKey string
+ Port string
+ Auth string
+}
+
+func (o *Opts) fallbackToEnv(field string, envVar string, defaultVal string) {
+ r := reflect.ValueOf(o)
+ f := reflect.Indirect(r).FieldByName(field)
+
+ if f.String() == "" {
+ val, exists := os.LookupEnv(envVar)
+ if exists && val != "" {
+ f.SetString(val)
+ } else {
+ f.SetString(defaultVal)
+ }
+ }
+}
+
+func doCaFilesSanityCheck(caCrt string, caKey string) {
+ if _, err := os.Stat(caCrt); os.IsNotExist(err) {
+ log.Fatal("cannot find caCrt file")
+ }
+ if _, err := os.Stat(caKey); os.IsNotExist(err) {
+ log.Fatal("cannot find caKey file")
+ }
+}
+
+func doTlsFilesSanityCheck(tlsCrt string, tlsKey string) {
+ if _, err := os.Stat(tlsCrt); os.IsNotExist(err) {
+ log.Fatal("cannot find tlsCrt file")
+ }
+ if _, err := os.Stat(tlsKey); os.IsNotExist(err) {
+ log.Fatal("cannot find tlsKey file")
+ }
+}
+
+func InitializeFlags(opts *Opts) {
+ flag.BoolVar(&opts.Notls, "notls", false, "disable TLS on the service")
+ flag.StringVar(&opts.CaCrt, "caCrt", "", "path to the CA public key")
+ flag.StringVar(&opts.CaKey, "caKey", "", "path to the CA private key")
+ flag.StringVar(&opts.TlsCrt, "tls_crt", "", "path to the cert file for TLS")
+ flag.StringVar(&opts.TlsKey, "tls_key", "", "path to the key file for TLS")
+ flag.StringVar(&opts.Port, "port", "", "port where the server will listen (default: 8000)")
+ flag.StringVar(&opts.Auth, "auth", "", "authentication module (anonymous, sip)")
+ flag.Parse()
+
+ opts.fallbackToEnv("CaCrt", "VPNWEB_CACRT", "")
+ opts.fallbackToEnv("CaKey", "VPNWEB_CAKEY", "")
+ opts.fallbackToEnv("TlsCrt", "VPNWEB_TLSCRT", "")
+ opts.fallbackToEnv("TlsKey", "VPNWEB_TLSKEY", "")
+ opts.fallbackToEnv("Port", "VPNWEB_PORT", "8000")
+ opts.fallbackToEnv("Auth", "VPNWEB_AUTH", DefaultAuthenticationModule)
+}
+
+func CheckConfigurationOptions(opts *Opts) {
+ if opts.CaCrt == "" {
+ log.Fatal("missing caCrt parameter")
+ }
+ if opts.CaKey == "" {
+ log.Fatal("missing caKey parameter")
+ }
+
+ if opts.Notls == false {
+ if opts.TlsCrt == "" {
+ log.Fatal("missing tls_crt parameter. maybe use -notls?")
+ }
+ if opts.TlsKey == "" {
+ log.Fatal("missing tls_key parameter. maybe use -notls?")
+ }
+ }
+
+ doCaFilesSanityCheck(opts.CaCrt, opts.CaKey)
+ if opts.Notls == false {
+ doTlsFilesSanityCheck(opts.TlsCrt, opts.TlsKey)
+ }
+
+ log.Println("Authentication module:", opts.Auth)
+
+ // TODO -- check authentication module is valud, bail out otherwise
+}