-
Notifications
You must be signed in to change notification settings - Fork 32
/
main.go
144 lines (115 loc) · 4.79 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
package main
import (
"crypto/tls"
"flag"
"net"
"net/http"
"strconv"
"github.com/TykTechnologies/tyk-identity-broker/backends"
"github.com/TykTechnologies/tyk-identity-broker/configuration"
"github.com/TykTechnologies/tyk-identity-broker/data_loader"
"github.com/TykTechnologies/tyk-identity-broker/initializer"
errors "github.com/TykTechnologies/tyk-identity-broker/error"
logger "github.com/TykTechnologies/tyk-identity-broker/log"
"github.com/TykTechnologies/tyk-identity-broker/tap"
"github.com/TykTechnologies/tyk-identity-broker/tothic"
"github.com/TykTechnologies/tyk-identity-broker/tyk-api"
"github.com/gorilla/mux"
)
// AuthConfigStore Is the back end we are storing our configuration files to
var AuthConfigStore tap.AuthRegisterBackend
// IdentityKeyStore keeps a record of identities tied to tokens (if needed)
var IdentityKeyStore tap.AuthRegisterBackend
// config is the system-wide configuration
var config configuration.Configuration
// TykAPIHandler is a global API handler for Tyk, wraps the tyk APi in Go functions
var TykAPIHandler tyk.TykAPI
var GlobalDataLoader data_loader.DataLoader
var log = logger.Get()
var mainLogger = log.WithField("prefix", "MAIN")
var ProfileFilename, confFile string
func init() {
mainLogger.Info("Tyk Identity Broker ", Version)
mainLogger.Info("Copyright Tyk Technologies Ltd 2020")
flag.StringVar(&confFile, "conf", "tib.conf", "Path to the config file")
flag.StringVar(&confFile, "c", "tib.conf", "Path to the config file")
flag.StringVar(&ProfileFilename, "p", "./profiles.json", "Path to the profiles file")
flag.Parse()
configuration.LoadConfig(confFile, &config)
AuthConfigStore, IdentityKeyStore = initializer.InitBackend(config.BackEnd.ProfileBackendSettings, config.BackEnd.IdentityBackendSettings)
configStore := &backends.RedisBackend{KeyPrefix: "tib-provider-config-"}
configStore.Init(config.BackEnd.IdentityBackendSettings)
initializer.SetConfigHandler(configStore)
TykAPIHandler = config.TykAPISettings
// In OIDC there are calls to the https://{IDP-DOMAIN}/.well-know/openid-configuration and other endpoints
// We set the http client's Transport to do InsecureSkipVerify to avoid error in case the certificate
// was signed by unknown authority, trusting the user to set up his profile with the correct .well-know URL.
http.DefaultClient.Transport = &http.Transport{
TLSClientConfig: &tls.Config{
InsecureSkipVerify: config.SSLInsecureSkipVerify,
},
}
var err error
GlobalDataLoader, err = data_loader.CreateDataLoader(config, ProfileFilename)
if err != nil {
return
}
err = GlobalDataLoader.LoadIntoStore(AuthConfigStore)
if err != nil {
mainLogger.Errorf("loading into store %v", err)
return
}
tothic.TothErrorHandler = errors.HandleError
tothic.SetupSessionStore()
}
func main() {
p := mux.NewRouter()
p.Handle("/auth/{id}/{provider}/callback", http.HandlerFunc(HandleAuthCallback))
p.Handle("/auth/{id}/{provider}", http.HandlerFunc(HandleAuth))
p.Handle("/auth/{id}/saml/metadata", http.HandlerFunc(HandleMetadata))
p.Handle("/api/profiles/{id}", IsAuthenticated(http.HandlerFunc(HandleGetProfile))).Methods("GET")
p.Handle("/api/profiles/{id}", IsAuthenticated(http.HandlerFunc(HandleAddProfile))).Methods("POST")
p.Handle("/api/profiles/{id}", IsAuthenticated(http.HandlerFunc(HandleUpdateProfile))).Methods("PUT")
p.Handle("/api/profiles/{id}", IsAuthenticated(http.HandlerFunc(HandleDeleteProfile))).Methods("DELETE")
p.Handle("/api/profiles", IsAuthenticated(http.HandlerFunc(HandleGetProfileList))).Methods("GET")
p.Handle("/health", http.HandlerFunc(HandleHealthCheck)).Methods("GET")
listenPort := 3010
if config.Port != 0 {
listenPort = config.Port
}
var tibServer net.Listener
if config.HttpServerOptions.UseSSL {
mainLogger.Info("--> Using SSL (https) for TIB")
cert, err := tls.LoadX509KeyPair(config.HttpServerOptions.CertFile, config.HttpServerOptions.KeyFile)
if err != nil {
mainLogger.WithError(err).Error("loading cert file")
return
}
cfg := tls.Config{
Certificates: []tls.Certificate{cert},
InsecureSkipVerify: config.HttpServerOptions.SSLInsecureSkipVerify,
}
tibServer = createListener(listenPort, &cfg)
} else {
mainLogger.Info("--> Standard listener (http) for TIB")
tibServer = createListener(listenPort, nil)
}
_ = http.Serve(tibServer, p)
}
func createListener(port int, tlsConfig *tls.Config) (listener net.Listener) {
var err error
addr := ":" + strconv.Itoa(port)
if tlsConfig != nil {
listener, err = tls.Listen("tcp", addr, tlsConfig)
// to consume Dash api, then we skip as well the verification in the client side
tr := &http.Transport{TLSClientConfig: tlsConfig}
c := &http.Client{Transport: tr}
tyk.SetHttpClient(c)
} else {
listener, err = net.Listen("tcp", addr)
}
if err != nil {
log.Panic("Server creation failed! ", err)
}
return
}