From 0c97e08ed3319b3e2da47862148fb9cea069e6f3 Mon Sep 17 00:00:00 2001 From: "kali kaneko (leap communications)" Date: Tue, 4 Feb 2020 20:36:29 +0100 Subject: [feat] configurable api paths - Resolves: #6 --- config/CONFIG | 3 ++ main.go | 12 ++--- pkg/config/config.go | 137 +++++++++++++++++++++++++++++++++++++++++++++++++++ pkg/config/main.go | 117 ------------------------------------------- 4 files changed, 146 insertions(+), 123 deletions(-) create mode 100644 pkg/config/config.go delete mode 100644 pkg/config/main.go diff --git a/config/CONFIG b/config/CONFIG index 9a99584..939393d 100755 --- a/config/CONFIG +++ b/config/CONFIG @@ -14,3 +14,6 @@ export VPNWEB_SIP_HOST="localhost" export VPNWEB_SIP_PORT="6001" export VPNWEB_SIP_LIBR_LOCATION=testlibrary export VPNWEB_SIP_TERMINATOR="\r" + +#export VPNWEB_API_PATH="./public" +#export VPNWEB_PROVIDER_CA="./public/ca.crt" diff --git a/main.go b/main.go index 48c3efa..2d7492c 100644 --- a/main.go +++ b/main.go @@ -27,12 +27,12 @@ func main() { /* TODO -- pass static file path in options */ - web.HttpFileHandler("/3/configs.json", "./public/3/configs.json") - web.HttpFileHandler("/3/service.json", "./public/3/service.json") - web.HttpFileHandler("/3/config/eip-service.json", "./public/3/eip-service.json") - web.HttpFileHandler("/3/ca.crt", "./public/ca.crt") - web.HttpFileHandler("/provider.json", "./public/provider.json") - web.HttpFileHandler("/ca.crt", "./public/ca.crt") + web.HttpFileHandler("/3/configs.json", opts.ApiPath+"/3/configs.json") + web.HttpFileHandler("/3/service.json", opts.ApiPath+"/3/service.json") + web.HttpFileHandler("/3/config/eip-service.json", opts.ApiPath+"/3/eip-service.json") + web.HttpFileHandler("/provider.json", opts.ApiPath+"provider.json") + web.HttpFileHandler("/ca.crt", opts.ProviderCaPath) + web.HttpFileHandler("/3/ca.crt", opts.ProviderCaPath) pstr := ":" + opts.Port log.Println("Listening in port", opts.Port) diff --git a/pkg/config/config.go b/pkg/config/config.go new file mode 100644 index 0000000..76b4e4e --- /dev/null +++ b/pkg/config/config.go @@ -0,0 +1,137 @@ +// Copyright (C) 2019 LEAP +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package config + +import ( + "flag" + "log" + "os" +) + +const DefaultAuthenticationModule string = "anon" + +type Opts struct { + Tls bool + CaCrt string + CaKey string + TlsCrt string + TlsKey string + Port string + Auth string + AuthSecret string + ApiPath string + ProviderCaPath string +} + +func checkPathExists(path string) bool { + if _, err := os.Stat(path); os.IsNotExist(err) { + return false + } + return true +} + +func FallbackToEnv(variable *string, envVar, defaultVar string) { + + if *variable == "" { + val, exists := os.LookupEnv(envVar) + if exists && val != "" { + *variable = val + } else { + *variable = defaultVar + } + } +} + +func doCaFilesSanityCheck(caCrt string, caKey string) { + if _, err := os.Stat(caCrt); os.IsNotExist(err) { + log.Fatal("cannot find caCrt file") + } + if _, err := os.Stat(caKey); os.IsNotExist(err) { + log.Fatal("cannot find caKey file") + } +} + +func doTlsFilesSanityCheck(tlsCrt string, tlsKey string) { + if _, err := os.Stat(tlsCrt); os.IsNotExist(err) { + log.Fatal("cannot find tlsCrt file") + } + if _, err := os.Stat(tlsKey); os.IsNotExist(err) { + log.Fatal("cannot find tlsKey file") + } +} + +func NewOpts() *Opts { + opts := new(Opts) + initializeFlags(opts) + checkConfigurationOptions(opts) + return opts +} + +func initializeFlags(opts *Opts) { + flag.StringVar(&opts.CaCrt, "vpnCaCrt", "", "Path to the CA public key used for VPN certificates") + flag.StringVar(&opts.CaKey, "vpnCaKey", "", "Path to the CA private key used for VPN certificates") + flag.BoolVar(&opts.Tls, "tls", false, "Enable TLS on the service") + flag.StringVar(&opts.TlsCrt, "tlsCrt", "", "Path to the cert file for TLS") + flag.StringVar(&opts.TlsKey, "tlsKey", "", "Path to the key file for TLS") + flag.StringVar(&opts.Port, "port", "", "Port where the server will listen (default: 8000)") + flag.StringVar(&opts.Auth, "auth", "", "Authentication module (ano, sip2)") + flag.StringVar(&opts.AuthSecret, "authSecret", "", "Authentication secret (optional)") + flag.StringVar(&opts.ApiPath, "apiPath", "", "Path to the API public files") + flag.StringVar(&opts.ProviderCaPath, "providerCaCrt", "", "Path to the provider CA certificate") + flag.Parse() + + FallbackToEnv(&opts.CaCrt, "VPNWEB_CACRT", "") + FallbackToEnv(&opts.CaKey, "VPNWEB_CAKEY", "") + FallbackToEnv(&opts.TlsCrt, "VPNWEB_TLSCRT", "") + FallbackToEnv(&opts.TlsKey, "VPNWEB_TLSKEY", "") + FallbackToEnv(&opts.Port, "VPNWEB_PORT", "8000") + FallbackToEnv(&opts.Auth, "VPNWEB_AUTH", DefaultAuthenticationModule) + FallbackToEnv(&opts.AuthSecret, "VPNWEB_AUTH_SECRET", "") + FallbackToEnv(&opts.ApiPath, "VPNWEB_API_PATH", "/etc/leap/config/vpn") + FallbackToEnv(&opts.ProviderCaPath, "VPNWEB_PROVIDER_CA", "/etc/leap/ca/ca.crt") +} + +func checkConfigurationOptions(opts *Opts) { + if opts.CaCrt == "" { + log.Fatal("missing caCrt parameter") + } + if opts.CaKey == "" { + log.Fatal("missing caKey parameter") + } + + if opts.Tls == true { + if opts.TlsCrt == "" { + log.Fatal("missing tls_crt parameter") + } + if opts.TlsKey == "" { + log.Fatal("missing tls_key parameter") + } + } + + doCaFilesSanityCheck(opts.CaCrt, opts.CaKey) + if opts.Tls == true { + doTlsFilesSanityCheck(opts.TlsCrt, opts.TlsKey) + } + + if !checkPathExists(opts.ApiPath) { + log.Fatal("Configured API path does not exist: ", opts.ApiPath) + } + if !checkPathExists(opts.ProviderCaPath) { + log.Fatal("Configured provider CA path does not exist: ", opts.ProviderCaPath) + } + + log.Println("Authentication module:", opts.Auth) +} diff --git a/pkg/config/main.go b/pkg/config/main.go deleted file mode 100644 index 1ce00aa..0000000 --- a/pkg/config/main.go +++ /dev/null @@ -1,117 +0,0 @@ -// Copyright (C) 2019 LEAP -// -// This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation, either version 3 of the License, or -// (at your option) any later version. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see . - -package config - -import ( - "flag" - "log" - "os" -) - -const DefaultAuthenticationModule string = "anon" - -type Opts struct { - Tls bool - CaCrt string - CaKey string - TlsCrt string - TlsKey string - Port string - Auth string - AuthSecret string -} - -func FallbackToEnv(variable *string, envVar, defaultVar string) { - - if *variable == "" { - val, exists := os.LookupEnv(envVar) - if exists && val != "" { - *variable = val - } else { - *variable = defaultVar - } - } -} - -func doCaFilesSanityCheck(caCrt string, caKey string) { - if _, err := os.Stat(caCrt); os.IsNotExist(err) { - log.Fatal("cannot find caCrt file") - } - if _, err := os.Stat(caKey); os.IsNotExist(err) { - log.Fatal("cannot find caKey file") - } -} - -func doTlsFilesSanityCheck(tlsCrt string, tlsKey string) { - if _, err := os.Stat(tlsCrt); os.IsNotExist(err) { - log.Fatal("cannot find tlsCrt file") - } - if _, err := os.Stat(tlsKey); os.IsNotExist(err) { - log.Fatal("cannot find tlsKey file") - } -} - -func NewOpts() *Opts { - opts := new(Opts) - initializeFlags(opts) - checkConfigurationOptions(opts) - return opts -} - -func initializeFlags(opts *Opts) { - flag.StringVar(&opts.CaCrt, "caCrt", "", "Path to the CA public key used for VPN certificates") - flag.StringVar(&opts.CaKey, "caKey", "", "Path to the CA private key used for VPN certificates") - flag.BoolVar(&opts.Tls, "tls", false, "Enable TLS on the service") - flag.StringVar(&opts.TlsCrt, "tlsCrt", "", "Path to the cert file for TLS") - flag.StringVar(&opts.TlsKey, "tlsKey", "", "Path to the key file for TLS") - flag.StringVar(&opts.Port, "port", "", "Port where the server will listen (default: 8000)") - flag.StringVar(&opts.Auth, "auth", "", "Authentication module (anonymous, sip)") - flag.StringVar(&opts.AuthSecret, "authSecret", "", "Authentication secret (optional)") - flag.Parse() - - FallbackToEnv(&opts.CaCrt, "VPNWEB_CACRT", "") - FallbackToEnv(&opts.CaKey, "VPNWEB_CAKEY", "") - FallbackToEnv(&opts.TlsCrt, "VPNWEB_TLSCRT", "") - FallbackToEnv(&opts.TlsKey, "VPNWEB_TLSKEY", "") - FallbackToEnv(&opts.Port, "VPNWEB_PORT", "8000") - FallbackToEnv(&opts.Auth, "VPNWEB_AUTH", DefaultAuthenticationModule) - FallbackToEnv(&opts.AuthSecret, "VPNWEB_AUTH_SECRET", "") -} - -func checkConfigurationOptions(opts *Opts) { - if opts.CaCrt == "" { - log.Fatal("missing caCrt parameter") - } - if opts.CaKey == "" { - log.Fatal("missing caKey parameter") - } - - if opts.Tls == true { - if opts.TlsCrt == "" { - log.Fatal("missing tls_crt parameter") - } - if opts.TlsKey == "" { - log.Fatal("missing tls_key parameter") - } - } - - doCaFilesSanityCheck(opts.CaCrt, opts.CaKey) - if opts.Tls == true { - doTlsFilesSanityCheck(opts.TlsCrt, opts.TlsKey) - } - - log.Println("Authentication module:", opts.Auth) -} -- cgit v1.2.3