diff options
Diffstat (limited to 'pkg/config/config.go')
-rw-r--r-- | pkg/config/config.go | 137 |
1 files changed, 137 insertions, 0 deletions
diff --git a/pkg/config/config.go b/pkg/config/config.go new file mode 100644 index 0000000..76b4e4e --- /dev/null +++ b/pkg/config/config.go @@ -0,0 +1,137 @@ +// Copyright (C) 2019 LEAP +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see <http://www.gnu.org/licenses/>. + +package config + +import ( + "flag" + "log" + "os" +) + +const DefaultAuthenticationModule string = "anon" + +type Opts struct { + Tls bool + CaCrt string + CaKey string + TlsCrt string + TlsKey string + Port string + Auth string + AuthSecret string + ApiPath string + ProviderCaPath string +} + +func checkPathExists(path string) bool { + if _, err := os.Stat(path); os.IsNotExist(err) { + return false + } + return true +} + +func FallbackToEnv(variable *string, envVar, defaultVar string) { + + if *variable == "" { + val, exists := os.LookupEnv(envVar) + if exists && val != "" { + *variable = val + } else { + *variable = defaultVar + } + } +} + +func doCaFilesSanityCheck(caCrt string, caKey string) { + if _, err := os.Stat(caCrt); os.IsNotExist(err) { + log.Fatal("cannot find caCrt file") + } + if _, err := os.Stat(caKey); os.IsNotExist(err) { + log.Fatal("cannot find caKey file") + } +} + +func doTlsFilesSanityCheck(tlsCrt string, tlsKey string) { + if _, err := os.Stat(tlsCrt); os.IsNotExist(err) { + log.Fatal("cannot find tlsCrt file") + } + if _, err := os.Stat(tlsKey); os.IsNotExist(err) { + log.Fatal("cannot find tlsKey file") + } +} + +func NewOpts() *Opts { + opts := new(Opts) + initializeFlags(opts) + checkConfigurationOptions(opts) + return opts +} + +func initializeFlags(opts *Opts) { + flag.StringVar(&opts.CaCrt, "vpnCaCrt", "", "Path to the CA public key used for VPN certificates") + flag.StringVar(&opts.CaKey, "vpnCaKey", "", "Path to the CA private key used for VPN certificates") + flag.BoolVar(&opts.Tls, "tls", false, "Enable TLS on the service") + flag.StringVar(&opts.TlsCrt, "tlsCrt", "", "Path to the cert file for TLS") + flag.StringVar(&opts.TlsKey, "tlsKey", "", "Path to the key file for TLS") + flag.StringVar(&opts.Port, "port", "", "Port where the server will listen (default: 8000)") + flag.StringVar(&opts.Auth, "auth", "", "Authentication module (ano, sip2)") + flag.StringVar(&opts.AuthSecret, "authSecret", "", "Authentication secret (optional)") + flag.StringVar(&opts.ApiPath, "apiPath", "", "Path to the API public files") + flag.StringVar(&opts.ProviderCaPath, "providerCaCrt", "", "Path to the provider CA certificate") + flag.Parse() + + FallbackToEnv(&opts.CaCrt, "VPNWEB_CACRT", "") + FallbackToEnv(&opts.CaKey, "VPNWEB_CAKEY", "") + FallbackToEnv(&opts.TlsCrt, "VPNWEB_TLSCRT", "") + FallbackToEnv(&opts.TlsKey, "VPNWEB_TLSKEY", "") + FallbackToEnv(&opts.Port, "VPNWEB_PORT", "8000") + FallbackToEnv(&opts.Auth, "VPNWEB_AUTH", DefaultAuthenticationModule) + FallbackToEnv(&opts.AuthSecret, "VPNWEB_AUTH_SECRET", "") + FallbackToEnv(&opts.ApiPath, "VPNWEB_API_PATH", "/etc/leap/config/vpn") + FallbackToEnv(&opts.ProviderCaPath, "VPNWEB_PROVIDER_CA", "/etc/leap/ca/ca.crt") +} + +func checkConfigurationOptions(opts *Opts) { + if opts.CaCrt == "" { + log.Fatal("missing caCrt parameter") + } + if opts.CaKey == "" { + log.Fatal("missing caKey parameter") + } + + if opts.Tls == true { + if opts.TlsCrt == "" { + log.Fatal("missing tls_crt parameter") + } + if opts.TlsKey == "" { + log.Fatal("missing tls_key parameter") + } + } + + doCaFilesSanityCheck(opts.CaCrt, opts.CaKey) + if opts.Tls == true { + doTlsFilesSanityCheck(opts.TlsCrt, opts.TlsKey) + } + + if !checkPathExists(opts.ApiPath) { + log.Fatal("Configured API path does not exist: ", opts.ApiPath) + } + if !checkPathExists(opts.ProviderCaPath) { + log.Fatal("Configured provider CA path does not exist: ", opts.ProviderCaPath) + } + + log.Println("Authentication module:", opts.Auth) +} |