1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
|
// Copyright (C) 2019 LEAP
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
package config
import (
"flag"
"log"
"os"
)
const DefaultAuthenticationModule string = "anon"
type Opts struct {
Tls bool
CaCrt string
CaKey string
TlsCrt string
TlsKey string
Port string
Auth string
AuthSecret string
}
func FallbackToEnv(variable *string, envVar, defaultVar string) {
if *variable == "" {
val, exists := os.LookupEnv(envVar)
if exists && val != "" {
*variable = val
} else {
*variable = defaultVar
}
}
}
func doCaFilesSanityCheck(caCrt string, caKey string) {
if _, err := os.Stat(caCrt); os.IsNotExist(err) {
log.Fatal("cannot find caCrt file")
}
if _, err := os.Stat(caKey); os.IsNotExist(err) {
log.Fatal("cannot find caKey file")
}
}
func doTlsFilesSanityCheck(tlsCrt string, tlsKey string) {
if _, err := os.Stat(tlsCrt); os.IsNotExist(err) {
log.Fatal("cannot find tlsCrt file")
}
if _, err := os.Stat(tlsKey); os.IsNotExist(err) {
log.Fatal("cannot find tlsKey file")
}
}
func NewOpts() *Opts {
opts := new(Opts)
initializeFlags(opts)
checkConfigurationOptions(opts)
return opts
}
func initializeFlags(opts *Opts) {
flag.StringVar(&opts.CaCrt, "caCrt", "", "Path to the CA public key used for VPN certificates")
flag.StringVar(&opts.CaKey, "caKey", "", "Path to the CA private key used for VPN certificates")
flag.BoolVar(&opts.Tls, "tls", false, "Enable TLS on the service")
flag.StringVar(&opts.TlsCrt, "tlsCrt", "", "Path to the cert file for TLS")
flag.StringVar(&opts.TlsKey, "tlsKey", "", "Path to the key file for TLS")
flag.StringVar(&opts.Port, "port", "", "Port where the server will listen (default: 8000)")
flag.StringVar(&opts.Auth, "auth", "", "Authentication module (anonymous, sip)")
flag.StringVar(&opts.AuthSecret, "authSecret", "", "Authentication secret (optional)")
flag.Parse()
FallbackToEnv(&opts.CaCrt, "VPNWEB_CACRT", "")
FallbackToEnv(&opts.CaKey, "VPNWEB_CAKEY", "")
FallbackToEnv(&opts.TlsCrt, "VPNWEB_TLSCRT", "")
FallbackToEnv(&opts.TlsKey, "VPNWEB_TLSKEY", "")
FallbackToEnv(&opts.Port, "VPNWEB_PORT", "8000")
FallbackToEnv(&opts.Auth, "VPNWEB_AUTH", DefaultAuthenticationModule)
FallbackToEnv(&opts.AuthSecret, "VPNWEB_AUTH_SECRET", "")
}
func checkConfigurationOptions(opts *Opts) {
if opts.CaCrt == "" {
log.Fatal("missing caCrt parameter")
}
if opts.CaKey == "" {
log.Fatal("missing caKey parameter")
}
if opts.Tls == true {
if opts.TlsCrt == "" {
log.Fatal("missing tls_crt parameter")
}
if opts.TlsKey == "" {
log.Fatal("missing tls_key parameter")
}
}
doCaFilesSanityCheck(opts.CaCrt, opts.CaKey)
if opts.Tls == true {
doTlsFilesSanityCheck(opts.TlsCrt, opts.TlsKey)
}
log.Println("Authentication module:", opts.Auth)
}
|