mirror of
https://github.com/bolkedebruin/rdpgw.git
synced 2026-03-30 15:36:36 +00:00
Fix randomstring generation
This commit is contained in:
Bolke de Bruin
@@ -47,6 +47,8 @@ func (c *Config) BasicAuth(next http.HandlerFunc) http.HandlerFunc {
|
|||||||
if !res.Authenticated {
|
if !res.Authenticated {
|
||||||
log.Printf("User %s is not authenticated for this service", username)
|
log.Printf("User %s is not authenticated for this service", username)
|
||||||
} else {
|
} else {
|
||||||
|
ctx := context.WithValue(r.Context(), "preferred_username", username)
|
||||||
|
ctx = context.WithValue(ctx, "access_token", "EMPTY")
|
||||||
next.ServeHTTP(w, r.WithContext(ctx))
|
next.ServeHTTP(w, r.WithContext(ctx))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -42,37 +42,8 @@ func main() {
|
|||||||
security.UserSigningKey = []byte(conf.Security.UserTokenSigningKey)
|
security.UserSigningKey = []byte(conf.Security.UserTokenSigningKey)
|
||||||
security.QuerySigningKey = []byte(conf.Security.QueryTokenSigningKey)
|
security.QuerySigningKey = []byte(conf.Security.QueryTokenSigningKey)
|
||||||
|
|
||||||
// set oidc config
|
// configure api
|
||||||
provider, err := oidc.NewProvider(context.Background(), conf.OpenId.ProviderUrl)
|
|
||||||
if err != nil {
|
|
||||||
log.Fatalf("Cannot get oidc provider: %s", err)
|
|
||||||
}
|
|
||||||
oidcConfig := &oidc.Config{
|
|
||||||
ClientID: conf.OpenId.ClientId,
|
|
||||||
}
|
|
||||||
verifier := provider.Verifier(oidcConfig)
|
|
||||||
|
|
||||||
// get callback url and external advertised gateway address
|
|
||||||
url, err := url.Parse(conf.Server.GatewayAddress)
|
|
||||||
if url.Scheme == "" {
|
|
||||||
url.Scheme = "https"
|
|
||||||
}
|
|
||||||
url.Path = "callback"
|
|
||||||
|
|
||||||
oauthConfig := oauth2.Config{
|
|
||||||
ClientID: conf.OpenId.ClientId,
|
|
||||||
ClientSecret: conf.OpenId.ClientSecret,
|
|
||||||
RedirectURL: url.String(),
|
|
||||||
Endpoint: provider.Endpoint(),
|
|
||||||
Scopes: []string{oidc.ScopeOpenID, "profile", "email"},
|
|
||||||
}
|
|
||||||
security.OIDCProvider = provider
|
|
||||||
security.Oauth2Config = oauthConfig
|
|
||||||
|
|
||||||
api := &api.Config{
|
api := &api.Config{
|
||||||
GatewayAddress: url.Host,
|
|
||||||
OAuth2Config: &oauthConfig,
|
|
||||||
OIDCTokenVerifier: verifier,
|
|
||||||
PAATokenGenerator: security.GeneratePAAToken,
|
PAATokenGenerator: security.GeneratePAAToken,
|
||||||
UserTokenGenerator: security.GenerateUserToken,
|
UserTokenGenerator: security.GenerateUserToken,
|
||||||
QueryInfo: security.QueryInfo,
|
QueryInfo: security.QueryInfo,
|
||||||
@@ -92,6 +63,38 @@ func main() {
|
|||||||
SocketAddress: conf.Server.AuthSocket,
|
SocketAddress: conf.Server.AuthSocket,
|
||||||
Authentication: conf.Server.Authentication,
|
Authentication: conf.Server.Authentication,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if conf.Server.Authentication == "openid" {
|
||||||
|
// set oidc config
|
||||||
|
provider, err := oidc.NewProvider(context.Background(), conf.OpenId.ProviderUrl)
|
||||||
|
if err != nil {
|
||||||
|
log.Fatalf("Cannot get oidc provider: %s", err)
|
||||||
|
}
|
||||||
|
oidcConfig := &oidc.Config{
|
||||||
|
ClientID: conf.OpenId.ClientId,
|
||||||
|
}
|
||||||
|
verifier := provider.Verifier(oidcConfig)
|
||||||
|
|
||||||
|
// get callback url and external advertised gateway address
|
||||||
|
url, err := url.Parse(conf.Server.GatewayAddress)
|
||||||
|
if url.Scheme == "" {
|
||||||
|
url.Scheme = "https"
|
||||||
|
}
|
||||||
|
url.Path = "callback"
|
||||||
|
api.GatewayAddress = url.Host
|
||||||
|
|
||||||
|
oauthConfig := oauth2.Config{
|
||||||
|
ClientID: conf.OpenId.ClientId,
|
||||||
|
ClientSecret: conf.OpenId.ClientSecret,
|
||||||
|
RedirectURL: url.String(),
|
||||||
|
Endpoint: provider.Endpoint(),
|
||||||
|
Scopes: []string{oidc.ScopeOpenID, "profile", "email"},
|
||||||
|
}
|
||||||
|
security.OIDCProvider = provider
|
||||||
|
security.Oauth2Config = oauthConfig
|
||||||
|
api.OAuth2Config = &oauthConfig
|
||||||
|
api.OIDCTokenVerifier = verifier
|
||||||
|
}
|
||||||
api.NewApi()
|
api.NewApi()
|
||||||
|
|
||||||
log.Printf("Starting remote desktop gateway server")
|
log.Printf("Starting remote desktop gateway server")
|
||||||
|
|||||||
@@ -65,11 +65,13 @@ func VerifyPAAToken(ctx context.Context, tokenString string) (bool, error) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// validate the access token
|
// validate the access token
|
||||||
tokenSource := Oauth2Config.TokenSource(ctx, &oauth2.Token{AccessToken: custom.AccessToken})
|
if custom.AccessToken != "EMPTY" {
|
||||||
_, err = OIDCProvider.UserInfo(ctx, tokenSource)
|
tokenSource := Oauth2Config.TokenSource(ctx, &oauth2.Token{AccessToken: custom.AccessToken})
|
||||||
if err != nil {
|
_, err = OIDCProvider.UserInfo(ctx, tokenSource)
|
||||||
log.Printf("Cannot get user info for access token: %s", err)
|
if err != nil {
|
||||||
return false, err
|
log.Printf("Cannot get user info for access token: %s", err)
|
||||||
|
return false, err
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
s := getSessionInfo(ctx)
|
s := getSessionInfo(ctx)
|
||||||
|
|||||||
@@ -32,7 +32,7 @@ func GenerateRandomString(n int) (string, error) {
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return "", err
|
return "", err
|
||||||
}
|
}
|
||||||
ret = append(ret, letters[num.Int64()])
|
ret[i] = letters[num.Int64()]
|
||||||
}
|
}
|
||||||
|
|
||||||
return string(ret), nil
|
return string(ret), nil
|
||||||
|
|||||||
Reference in New Issue
Block a user