From cf8762b7a0c4e08cfdfed7ef6bb2c4e2689db541 Mon Sep 17 00:00:00 2001 From: Lakhan Samani Date: Tue, 31 May 2022 08:14:03 +0530 Subject: [PATCH] fix: slice envs --- .env.sample | 1 + .env.test | 9 + .gitignore | 1 + Makefile | 2 +- server/cli/cli.go | 2 + server/constants/env.go | 41 +- server/db/providers/arangodb/provider.go | 11 +- server/db/providers/arangodb/user.go | 5 +- server/db/providers/cassandradb/provider.go | 47 +- server/db/providers/cassandradb/user.go | 4 +- server/db/providers/mongodb/provider.go | 11 +- server/db/providers/mongodb/user.go | 5 +- server/db/providers/provider_template/user.go | 5 +- server/db/providers/sql/provider.go | 11 +- server/db/providers/sql/user.go | 5 +- server/env/env.go | 456 ++++++++++++------ server/env/persist_env.go | 53 +- server/handlers/oauth_callback.go | 14 +- server/handlers/oauth_login.go | 17 +- server/main.go | 1 + .../providers/inmemory/envstore.go | 5 +- .../memorystore/providers/inmemory/store.go | 30 +- server/memorystore/providers/providers.go | 2 - server/memorystore/providers/redis/store.go | 12 - server/memorystore/required_env_store.go | 8 +- server/resolvers/invite_members.go | 7 +- server/resolvers/login.go | 7 +- server/resolvers/magic_link_login.go | 19 +- server/resolvers/signup.go | 9 +- server/resolvers/update_user.go | 13 +- server/test/env_file_test.go | 23 +- server/test/test.go | 13 +- server/test/update_env_test.go | 4 +- server/types/interface_slice.go | 16 + server/validators/url.go | 5 +- 35 files changed, 557 insertions(+), 317 deletions(-) create mode 100644 .env.test create mode 100644 server/types/interface_slice.go diff --git a/.env.sample b/.env.sample index c3ca441..6f9874b 100644 --- a/.env.sample +++ b/.env.sample @@ -1,3 +1,4 @@ +ENV=production DATABASE_URL=data.db DATABASE_TYPE=sqlite CUSTOM_ACCESS_TOKEN_SCRIPT="function(user,tokenPayload){var data = tokenPayload;data.extra = {'x-extra-id': user.id};return data;}" \ No newline at end of file diff --git a/.env.test b/.env.test new file mode 100644 index 0000000..0df0238 --- /dev/null +++ b/.env.test @@ -0,0 +1,9 @@ +ENV=test +DATABASE_URL=test.db +DATABASE_TYPE=sqlite +CUSTOM_ACCESS_TOKEN_SCRIPT="function(user,tokenPayload){var data = tokenPayload;data.extra = {'x-extra-id': user.id};return data;}" +SMTP_HOST=smtp.mailtrap.io +SMTP_PORT=2525 +SMTP_USERNAME=test +SMTP_PASSWORD=test +SENDER_EMAIL="info@authorizer.dev" \ No newline at end of file diff --git a/.gitignore b/.gitignore index 8b70df4..7fdb338 100644 --- a/.gitignore +++ b/.gitignore @@ -8,6 +8,7 @@ dashboard/build build .env data.db +test.db .DS_Store .env.local *.tar.gz diff --git a/Makefile b/Makefile index 635edec..3c9ece5 100644 --- a/Makefile +++ b/Makefile @@ -10,7 +10,7 @@ build-dashboard: clean: rm -rf build test: - cd server && go clean --testcache && go test -v ./test + rm -rf server/test/test.db && rm -rf test.db && cd server && go clean --testcache && go test -v ./test generate: cd server && go get github.com/99designs/gqlgen/cmd@v0.14.0 && go run github.com/99designs/gqlgen generate \ No newline at end of file diff --git a/server/cli/cli.go b/server/cli/cli.go index 7f6f250..391d632 100644 --- a/server/cli/cli.go +++ b/server/cli/cli.go @@ -9,4 +9,6 @@ var ( ARG_ENV_FILE *string // ARG_LOG_LEVEL is the cli arg variable for the log level ARG_LOG_LEVEL *string + // ARG_REDIS_URL is the cli arg variable for the redis url + ARG_REDIS_URL *string ) diff --git a/server/constants/env.go b/server/constants/env.go index afca3f9..4886bd7 100644 --- a/server/constants/env.go +++ b/server/constants/env.go @@ -19,7 +19,6 @@ const ( EnvKeyAuthorizerURL = "AUTHORIZER_URL" // EnvKeyPort key for env variable PORT EnvKeyPort = "PORT" - // EnvKeyAccessTokenExpiryTime key for env variable ACCESS_TOKEN_EXPIRY_TIME EnvKeyAccessTokenExpiryTime = "ACCESS_TOKEN_EXPIRY_TIME" // EnvKeyAdminSecret key for env variable ADMIN_SECRET @@ -62,30 +61,12 @@ const ( EnvKeyJwtPrivateKey = "JWT_PRIVATE_KEY" // EnvKeyJwtPublicKey key for env variable JWT_PUBLIC_KEY EnvKeyJwtPublicKey = "JWT_PUBLIC_KEY" - // EnvKeyAllowedOrigins key for env variable ALLOWED_ORIGINS - EnvKeyAllowedOrigins = "ALLOWED_ORIGINS" // EnvKeyAppURL key for env variable APP_URL EnvKeyAppURL = "APP_URL" // EnvKeyRedisURL key for env variable REDIS_URL EnvKeyRedisURL = "REDIS_URL" // EnvKeyResetPasswordURL key for env variable RESET_PASSWORD_URL EnvKeyResetPasswordURL = "RESET_PASSWORD_URL" - // EnvKeyDisableEmailVerification key for env variable DISABLE_EMAIL_VERIFICATION - EnvKeyDisableEmailVerification = "DISABLE_EMAIL_VERIFICATION" - // EnvKeyDisableBasicAuthentication key for env variable DISABLE_BASIC_AUTH - EnvKeyDisableBasicAuthentication = "DISABLE_BASIC_AUTHENTICATION" - // EnvKeyDisableMagicLinkLogin key for env variable DISABLE_MAGIC_LINK_LOGIN - EnvKeyDisableMagicLinkLogin = "DISABLE_MAGIC_LINK_LOGIN" - // EnvKeyDisableLoginPage key for env variable DISABLE_LOGIN_PAGE - EnvKeyDisableLoginPage = "DISABLE_LOGIN_PAGE" - // EnvKeyDisableSignUp key for env variable DISABLE_SIGN_UP - EnvKeyDisableSignUp = "DISABLE_SIGN_UP" - // EnvKeyRoles key for env variable ROLES - EnvKeyRoles = "ROLES" - // EnvKeyProtectedRoles key for env variable PROTECTED_ROLES - EnvKeyProtectedRoles = "PROTECTED_ROLES" - // EnvKeyDefaultRoles key for env variable DEFAULT_ROLES - EnvKeyDefaultRoles = "DEFAULT_ROLES" // EnvKeyJwtRoleClaim key for env variable JWT_ROLE_CLAIM EnvKeyJwtRoleClaim = "JWT_ROLE_CLAIM" // EnvKeyGoogleClientID key for env variable GOOGLE_CLIENT_ID @@ -116,6 +97,28 @@ const ( EnvKeyEncryptionKey = "ENCRYPTION_KEY" // EnvKeyJWK key for env variable JWK EnvKeyJWK = "JWK" + + // Boolean variables // EnvKeyIsProd key for env variable IS_PROD EnvKeyIsProd = "IS_PROD" + // EnvKeyDisableEmailVerification key for env variable DISABLE_EMAIL_VERIFICATION + EnvKeyDisableEmailVerification = "DISABLE_EMAIL_VERIFICATION" + // EnvKeyDisableBasicAuthentication key for env variable DISABLE_BASIC_AUTH + EnvKeyDisableBasicAuthentication = "DISABLE_BASIC_AUTHENTICATION" + // EnvKeyDisableMagicLinkLogin key for env variable DISABLE_MAGIC_LINK_LOGIN + EnvKeyDisableMagicLinkLogin = "DISABLE_MAGIC_LINK_LOGIN" + // EnvKeyDisableLoginPage key for env variable DISABLE_LOGIN_PAGE + EnvKeyDisableLoginPage = "DISABLE_LOGIN_PAGE" + // EnvKeyDisableSignUp key for env variable DISABLE_SIGN_UP + EnvKeyDisableSignUp = "DISABLE_SIGN_UP" + + // Slice variables + // EnvKeyRoles key for env variable ROLES + EnvKeyRoles = "ROLES" + // EnvKeyProtectedRoles key for env variable PROTECTED_ROLES + EnvKeyProtectedRoles = "PROTECTED_ROLES" + // EnvKeyDefaultRoles key for env variable DEFAULT_ROLES + EnvKeyDefaultRoles = "DEFAULT_ROLES" + // EnvKeyAllowedOrigins key for env variable ALLOWED_ORIGINS + EnvKeyAllowedOrigins = "ALLOWED_ORIGINS" ) diff --git a/server/db/providers/arangodb/provider.go b/server/db/providers/arangodb/provider.go index a9c693e..a9a8432 100644 --- a/server/db/providers/arangodb/provider.go +++ b/server/db/providers/arangodb/provider.go @@ -6,7 +6,6 @@ import ( "github.com/arangodb/go-driver" arangoDriver "github.com/arangodb/go-driver" "github.com/arangodb/go-driver/http" - "github.com/authorizerdev/authorizer/server/constants" "github.com/authorizerdev/authorizer/server/db/models" "github.com/authorizerdev/authorizer/server/memorystore" ) @@ -22,10 +21,7 @@ type provider struct { // NewProvider to initialize arangodb connection func NewProvider() (*provider, error) { ctx := context.Background() - dbURL, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDatabaseURL) - if err != nil { - return nil, err - } + dbURL := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseURL conn, err := http.NewConnection(http.ConnectionConfig{ Endpoints: []string{dbURL}, }) @@ -41,10 +37,7 @@ func NewProvider() (*provider, error) { } var arangodb driver.Database - dbName, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDatabaseName) - if err != nil { - return nil, err - } + dbName := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseName arangodb_exists, err := arangoClient.DatabaseExists(nil, dbName) if arangodb_exists { diff --git a/server/db/providers/arangodb/user.go b/server/db/providers/arangodb/user.go index 8c303a0..315a827 100644 --- a/server/db/providers/arangodb/user.go +++ b/server/db/providers/arangodb/user.go @@ -3,7 +3,6 @@ package arangodb import ( "context" "fmt" - "strings" "time" "github.com/arangodb/go-driver" @@ -22,11 +21,11 @@ func (p *provider) AddUser(user models.User) (models.User, error) { } if user.Roles == "" { - defaultRoles, err := memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyDefaultRoles) + defaultRoles, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDefaultRoles) if err != nil { return user, err } - user.Roles = strings.Join(defaultRoles, ",") + user.Roles = defaultRoles } user.CreatedAt = time.Now().Unix() diff --git a/server/db/providers/cassandradb/provider.go b/server/db/providers/cassandradb/provider.go index 0dcc07e..0a5f4a5 100644 --- a/server/db/providers/cassandradb/provider.go +++ b/server/db/providers/cassandradb/provider.go @@ -23,23 +23,17 @@ var KeySpace string // NewProvider to initialize arangodb connection func NewProvider() (*provider, error) { - dbURL, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDatabaseURL) - if err != nil { - return nil, err - } + dbURL := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseURL if dbURL == "" { - dbURL, err = memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDatabaseHost) - dbPort, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDatabasePort) - if err != nil { - return nil, err - } - if dbPort != "" { - dbURL = fmt.Sprintf("%s:%s", dbURL, dbPort) + dbHost := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseHost + dbPort := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabasePort + if dbPort != "" && dbHost != "" { + dbURL = fmt.Sprintf("%s:%s", dbHost, dbPort) } } - KeySpace, err = memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDatabaseName) - if err != nil || KeySpace == "" { + KeySpace = memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseName + if KeySpace == "" { KeySpace = constants.EnvKeyDatabaseName } clusterURL := []string{} @@ -49,14 +43,8 @@ func NewProvider() (*provider, error) { clusterURL = append(clusterURL, dbURL) } cassandraClient := cansandraDriver.NewCluster(clusterURL...) - dbUsername, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDatabaseUsername) - if err != nil { - return nil, err - } - dbPassword, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDatabasePassword) - if err != nil { - return nil, err - } + dbUsername := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseUsername + dbPassword := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabasePassword if dbUsername != "" && dbPassword != "" { cassandraClient.Authenticator = &cansandraDriver.PasswordAuthenticator{ @@ -65,20 +53,9 @@ func NewProvider() (*provider, error) { } } - dbCert, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDatabaseCert) - if err != nil { - return nil, err - } - - dbCACert, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDatabaseCACert) - if err != nil { - return nil, err - } - - dbCertKey, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDatabaseCertKey) - if err != nil { - return nil, err - } + dbCert := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseCert + dbCACert := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseCACert + dbCertKey := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseCertKey if dbCert != "" && dbCACert != "" && dbCertKey != "" { certString, err := crypto.DecryptB64(dbCert) if err != nil { diff --git a/server/db/providers/cassandradb/user.go b/server/db/providers/cassandradb/user.go index 68fa36e..d1305da 100644 --- a/server/db/providers/cassandradb/user.go +++ b/server/db/providers/cassandradb/user.go @@ -22,11 +22,11 @@ func (p *provider) AddUser(user models.User) (models.User, error) { } if user.Roles == "" { - defaultRoles, err := memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyDefaultRoles) + defaultRoles, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDefaultRoles) if err != nil { return user, err } - user.Roles = strings.Join(defaultRoles, ",") + user.Roles = defaultRoles } user.CreatedAt = time.Now().Unix() diff --git a/server/db/providers/mongodb/provider.go b/server/db/providers/mongodb/provider.go index b3ae62f..8909406 100644 --- a/server/db/providers/mongodb/provider.go +++ b/server/db/providers/mongodb/provider.go @@ -4,7 +4,6 @@ import ( "context" "time" - "github.com/authorizerdev/authorizer/server/constants" "github.com/authorizerdev/authorizer/server/db/models" "github.com/authorizerdev/authorizer/server/memorystore" "go.mongodb.org/mongo-driver/bson" @@ -19,10 +18,7 @@ type provider struct { // NewProvider to initialize mongodb connection func NewProvider() (*provider, error) { - dbURL, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDatabaseURL) - if err != nil { - return nil, err - } + dbURL := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseURL mongodbOptions := options.Client().ApplyURI(dbURL) maxWait := time.Duration(5 * time.Second) mongodbOptions.ConnectTimeout = &maxWait @@ -41,10 +37,7 @@ func NewProvider() (*provider, error) { return nil, err } - dbName, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDatabaseName) - if err != nil { - return nil, err - } + dbName := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseName mongodb := mongoClient.Database(dbName, options.Database()) mongodb.CreateCollection(ctx, models.Collections.User, options.CreateCollection()) diff --git a/server/db/providers/mongodb/user.go b/server/db/providers/mongodb/user.go index f1a5f73..4f60349 100644 --- a/server/db/providers/mongodb/user.go +++ b/server/db/providers/mongodb/user.go @@ -1,7 +1,6 @@ package mongodb import ( - "strings" "time" "github.com/authorizerdev/authorizer/server/constants" @@ -20,11 +19,11 @@ func (p *provider) AddUser(user models.User) (models.User, error) { } if user.Roles == "" { - defaultRoles, err := memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyDefaultRoles) + defaultRoles, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDefaultRoles) if err != nil { return user, err } - user.Roles = strings.Join(defaultRoles, ",") + user.Roles = defaultRoles } user.CreatedAt = time.Now().Unix() user.UpdatedAt = time.Now().Unix() diff --git a/server/db/providers/provider_template/user.go b/server/db/providers/provider_template/user.go index 3f45421..cb1069f 100644 --- a/server/db/providers/provider_template/user.go +++ b/server/db/providers/provider_template/user.go @@ -1,7 +1,6 @@ package provider_template import ( - "strings" "time" "github.com/authorizerdev/authorizer/server/constants" @@ -18,11 +17,11 @@ func (p *provider) AddUser(user models.User) (models.User, error) { } if user.Roles == "" { - defaultRoles, err := memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyDefaultRoles) + defaultRoles, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDefaultRoles) if err != nil { return user, err } - user.Roles = strings.Join(defaultRoles, ",") + user.Roles = defaultRoles } user.CreatedAt = time.Now().Unix() diff --git a/server/db/providers/sql/provider.go b/server/db/providers/sql/provider.go index 20f19d0..68910e5 100644 --- a/server/db/providers/sql/provider.go +++ b/server/db/providers/sql/provider.go @@ -42,15 +42,8 @@ func NewProvider() (*provider, error) { }, } - dbType, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDatabaseType) - if err != nil { - return nil, err - } - - dbURL, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDatabaseURL) - if err != nil { - return nil, err - } + dbType := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseType + dbURL := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseURL switch dbType { case constants.DbTypePostgres, constants.DbTypeYugabyte: diff --git a/server/db/providers/sql/user.go b/server/db/providers/sql/user.go index 4c57c5d..e7e999e 100644 --- a/server/db/providers/sql/user.go +++ b/server/db/providers/sql/user.go @@ -1,7 +1,6 @@ package sql import ( - "strings" "time" "github.com/authorizerdev/authorizer/server/constants" @@ -19,11 +18,11 @@ func (p *provider) AddUser(user models.User) (models.User, error) { } if user.Roles == "" { - defaultRoles, err := memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyDefaultRoles) + defaultRoles, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDefaultRoles) if err != nil { return user, err } - user.Roles = strings.Join(defaultRoles, ",") + user.Roles = defaultRoles } user.CreatedAt = time.Now().Unix() diff --git a/server/env/env.go b/server/env/env.go index 8b47746..c110a60 100644 --- a/server/env/env.go +++ b/server/env/env.go @@ -2,7 +2,9 @@ package env import ( "errors" + "fmt" "os" + "strconv" "strings" "github.com/google/uuid" @@ -11,7 +13,6 @@ import ( "github.com/authorizerdev/authorizer/server/constants" "github.com/authorizerdev/authorizer/server/crypto" "github.com/authorizerdev/authorizer/server/memorystore" - "github.com/authorizerdev/authorizer/server/parsers" "github.com/authorizerdev/authorizer/server/utils" ) @@ -28,22 +29,65 @@ func InitAllEnv() error { } } - clientID := envData[constants.EnvKeyClientID].(string) // unique client id for each instance - if clientID == "" { + cid, ok := envData[constants.EnvKeyClientID] + clientID := "" + if !ok || cid == "" { clientID = uuid.New().String() envData[constants.EnvKeyClientID] = clientID + } else { + clientID = cid.(string) } - clientSecret := envData[constants.EnvKeyClientSecret] - // unique client id for each instance - if clientSecret == "" { - clientSecret = uuid.New().String() - envData[constants.EnvKeyClientSecret] = clientSecret + // unique client secret for each instance + if val, ok := envData[constants.EnvKeyClientSecret]; !ok || val != "" { + envData[constants.EnvKeyClientSecret] = uuid.New().String() } - if envData[constants.EnvKeyEnv] == "" { - envData[constants.EnvKeyEnv] = os.Getenv(constants.EnvKeyEnv) + // os string envs + osEnv := os.Getenv(constants.EnvKeyEnv) + osAppURL := os.Getenv(constants.EnvKeyAppURL) + osAuthorizerURL := os.Getenv(constants.EnvKeyAuthorizerURL) + osPort := os.Getenv(constants.EnvKeyPort) + osAccessTokenExpiryTime := os.Getenv(constants.EnvKeyAccessTokenExpiryTime) + osAdminSecret := os.Getenv(constants.EnvKeyAdminSecret) + osSmtpHost := os.Getenv(constants.EnvKeySmtpHost) + osSmtpPort := os.Getenv(constants.EnvKeySmtpPort) + osSmtpUsername := os.Getenv(constants.EnvKeySmtpUsername) + osSmtpPassword := os.Getenv(constants.EnvKeySmtpPassword) + osSenderEmail := os.Getenv(constants.EnvKeySenderEmail) + osJwtType := os.Getenv(constants.EnvKeyJwtType) + osJwtSecret := os.Getenv(constants.EnvKeyJwtSecret) + osJwtPrivateKey := os.Getenv(constants.EnvKeyJwtPrivateKey) + osJwtPublicKey := os.Getenv(constants.EnvKeyJwtPublicKey) + osJwtRoleClaim := os.Getenv(constants.EnvKeyJwtRoleClaim) + osCustomAccessTokenScript := os.Getenv(constants.EnvKeyCustomAccessTokenScript) + osGoogleClientID := os.Getenv(constants.EnvKeyGoogleClientID) + osGoogleClientSecret := os.Getenv(constants.EnvKeyGoogleClientSecret) + osGithubClientID := os.Getenv(constants.EnvKeyGithubClientID) + osGithubClientSecret := os.Getenv(constants.EnvKeyGithubClientSecret) + osFacebookClientID := os.Getenv(constants.EnvKeyFacebookClientID) + osFacebookClientSecret := os.Getenv(constants.EnvKeyFacebookClientSecret) + osResetPasswordURL := os.Getenv(constants.EnvKeyResetPasswordURL) + osOrganizationName := os.Getenv(constants.EnvKeyOrganizationName) + osOrganizationLogo := os.Getenv(constants.EnvKeyOrganizationLogo) + + // os bool vars + osDisableBasicAuthentication := os.Getenv(constants.EnvKeyDisableBasicAuthentication) + osDisableEmailVerification := os.Getenv(constants.EnvKeyDisableEmailVerification) + osDisableMagicLinkLogin := os.Getenv(constants.EnvKeyDisableMagicLinkLogin) + osDisableLoginPage := os.Getenv(constants.EnvKeyDisableLoginPage) + osDisableSignUp := os.Getenv(constants.EnvKeyDisableSignUp) + + // os slice vars + osAllowedOrigins := os.Getenv(constants.EnvKeyAllowedOrigins) + osRoles := os.Getenv(constants.EnvKeyRoles) + osDefaultRoles := os.Getenv(constants.EnvKeyDefaultRoles) + osProtectedRoles := os.Getenv(constants.EnvKeyProtectedRoles) + + ienv, ok := envData[constants.EnvKeyEnv] + if !ok || ienv == "" { + envData[constants.EnvKeyEnv] = osEnv if envData[constants.EnvKeyEnv] == "" { envData[constants.EnvKeyEnv] = "production" } @@ -54,71 +98,118 @@ func InitAllEnv() error { envData[constants.EnvKeyIsProd] = false } } - - if envData[constants.EnvKeyAppURL] == "" { - envData[constants.EnvKeyAppURL] = os.Getenv(constants.EnvKeyAppURL) + if osEnv != "" && osEnv != envData[constants.EnvKeyEnv] { + envData[constants.EnvKeyEnv] = osEnv + if envData[constants.EnvKeyEnv] == "production" { + envData[constants.EnvKeyIsProd] = true + } else { + envData[constants.EnvKeyIsProd] = false + } } - if envData[constants.EnvKeyAuthorizerURL] == "" { - envData[constants.EnvKeyAuthorizerURL] = os.Getenv(constants.EnvKeyAuthorizerURL) + if val, ok := envData[constants.EnvKeyAppURL]; !ok || val == "" { + envData[constants.EnvKeyAppURL] = osAppURL + } + if osAppURL != "" && envData[constants.EnvKeyAppURL] != osAppURL { + envData[constants.EnvKeyAppURL] = osAppURL } - if envData[constants.EnvKeyPort] == "" { - envData[constants.EnvKeyPort] = os.Getenv(constants.EnvKeyPort) + if val, ok := envData[constants.EnvKeyAuthorizerURL]; !ok || val == "" { + envData[constants.EnvKeyAuthorizerURL] = osAuthorizerURL + } + if osAuthorizerURL != "" && envData[constants.EnvKeyAuthorizerURL] != osAuthorizerURL { + envData[constants.EnvKeyAuthorizerURL] = osAuthorizerURL + } + + if val, ok := envData[constants.EnvKeyPort]; !ok || val == "" { + envData[constants.EnvKeyPort] = osPort if envData[constants.EnvKeyPort] == "" { envData[constants.EnvKeyPort] = "8080" } } + if osPort != "" && envData[constants.EnvKeyPort] != osPort { + envData[constants.EnvKeyPort] = osPort + } - if envData[constants.EnvKeyAccessTokenExpiryTime] == "" { - envData[constants.EnvKeyAccessTokenExpiryTime] = os.Getenv(constants.EnvKeyAccessTokenExpiryTime) + if val, ok := envData[constants.EnvKeyAccessTokenExpiryTime]; !ok || val == "" { + envData[constants.EnvKeyAccessTokenExpiryTime] = osAccessTokenExpiryTime if envData[constants.EnvKeyAccessTokenExpiryTime] == "" { envData[constants.EnvKeyAccessTokenExpiryTime] = "30m" } } - - if envData[constants.EnvKeyAdminSecret] == "" { - envData[constants.EnvKeyAdminSecret] = os.Getenv(constants.EnvKeyAdminSecret) + if osAccessTokenExpiryTime != "" && envData[constants.EnvKeyAccessTokenExpiryTime] != osAccessTokenExpiryTime { + envData[constants.EnvKeyAccessTokenExpiryTime] = osAccessTokenExpiryTime } - if envData[constants.EnvKeySmtpHost] == "" { - envData[constants.EnvKeySmtpHost] = os.Getenv(constants.EnvKeySmtpHost) + if val, ok := envData[constants.EnvKeyAdminSecret]; !ok || val == "" { + envData[constants.EnvKeyAdminSecret] = osAdminSecret + } + if osAdminSecret != "" && envData[constants.EnvKeyAdminSecret] != osAdminSecret { + envData[constants.EnvKeyAdminSecret] = osAdminSecret } - if envData[constants.EnvKeySmtpPort] == "" { - envData[constants.EnvKeySmtpPort] = os.Getenv(constants.EnvKeySmtpPort) + if val, ok := envData[constants.EnvKeySmtpHost]; !ok || val == "" { + envData[constants.EnvKeySmtpHost] = osSmtpHost + } + if osSmtpHost != "" && envData[constants.EnvKeySmtpHost] != osSmtpHost { + envData[constants.EnvKeySmtpHost] = osSmtpHost } - if envData[constants.EnvKeySmtpUsername] == "" { - envData[constants.EnvKeySmtpUsername] = os.Getenv(constants.EnvKeySmtpUsername) + if val, ok := envData[constants.EnvKeySmtpPort]; !ok || val == "" { + envData[constants.EnvKeySmtpPort] = osSmtpPort + } + if osSmtpPort != "" && envData[constants.EnvKeySmtpPort] != osSmtpPort { + envData[constants.EnvKeySmtpPort] = osSmtpPort } - if envData[constants.EnvKeySmtpPassword] == "" { - envData[constants.EnvKeySmtpPassword] = os.Getenv(constants.EnvKeySmtpPassword) + if val, ok := envData[constants.EnvKeySmtpUsername]; !ok || val == "" { + envData[constants.EnvKeySmtpUsername] = osSmtpUsername + } + if osSmtpUsername != "" && envData[constants.EnvKeySmtpUsername] != osSmtpUsername { + envData[constants.EnvKeySmtpUsername] = osSmtpUsername } - if envData[constants.EnvKeySenderEmail] == "" { - envData[constants.EnvKeySenderEmail] = os.Getenv(constants.EnvKeySenderEmail) + if val, ok := envData[constants.EnvKeySmtpPassword]; !ok || val == "" { + envData[constants.EnvKeySmtpPassword] = osSmtpPassword + } + if osSmtpPassword != "" && envData[constants.EnvKeySmtpPassword] != osSmtpPassword { + envData[constants.EnvKeySmtpPassword] = osSmtpPassword } - algo := envData[constants.EnvKeyJwtType].(string) - if algo == "" { - envData[constants.EnvKeyJwtType] = os.Getenv(constants.EnvKeyJwtType) + if val, ok := envData[constants.EnvKeySenderEmail]; !ok || val == "" { + envData[constants.EnvKeySenderEmail] = osSenderEmail + } + if osSenderEmail != "" && envData[constants.EnvKeySenderEmail] != osSenderEmail { + envData[constants.EnvKeySenderEmail] = osSenderEmail + } + + algoVal, ok := envData[constants.EnvKeyJwtType] + algo := "" + if !ok || algoVal == "" { + envData[constants.EnvKeyJwtType] = osJwtType if envData[constants.EnvKeyJwtType] == "" { envData[constants.EnvKeyJwtType] = "RS256" algo = envData[constants.EnvKeyJwtType].(string) - } else { - algo = envData[constants.EnvKeyJwtType].(string) - if !crypto.IsHMACA(algo) && !crypto.IsRSA(algo) && !crypto.IsECDSA(algo) { - log.Debug("Invalid JWT Algorithm") - return errors.New("invalid JWT_TYPE") - } } + } else { + algo = algoVal.(string) + if !crypto.IsHMACA(algo) && !crypto.IsRSA(algo) && !crypto.IsECDSA(algo) { + log.Debug("Invalid JWT Algorithm") + return errors.New("invalid JWT_TYPE") + } + } + if osJwtType != "" && osJwtType != algo { + if !crypto.IsHMACA(osJwtType) && !crypto.IsRSA(osJwtType) && !crypto.IsECDSA(osJwtType) { + log.Debug("Invalid JWT Algorithm") + return errors.New("invalid JWT_TYPE") + } + algo = osJwtType + envData[constants.EnvKeyJwtType] = osJwtType } if crypto.IsHMACA(algo) { - if envData[constants.EnvKeyJwtSecret] == "" { - envData[constants.EnvKeyJwtSecret] = os.Getenv(constants.EnvKeyJwtSecret) + if val, ok := envData[constants.EnvKeyJwtSecret]; !ok || val == "" { + envData[constants.EnvKeyJwtSecret] = osJwtSecret if envData[constants.EnvKeyJwtSecret] == "" { envData[constants.EnvKeyJwtSecret], _, err = crypto.NewHMACKey(algo, clientID) if err != nil { @@ -126,17 +217,26 @@ func InitAllEnv() error { } } } + if osJwtSecret != "" && envData[constants.EnvKeyJwtSecret] != osJwtSecret { + envData[constants.EnvKeyJwtSecret] = osJwtSecret + } } if crypto.IsRSA(algo) || crypto.IsECDSA(algo) { privateKey, publicKey := "", "" - if envData[constants.EnvKeyJwtPrivateKey] == "" { - privateKey = os.Getenv(constants.EnvKeyJwtPrivateKey) + if val, ok := envData[constants.EnvKeyJwtPrivateKey]; !ok || val == "" { + privateKey = osJwtPrivateKey + } + if osJwtPrivateKey != "" && privateKey != osJwtPrivateKey { + privateKey = osJwtPrivateKey } - if envData[constants.EnvKeyJwtPublicKey] == "" { - publicKey = os.Getenv(constants.EnvKeyJwtPublicKey) + if val, ok := envData[constants.EnvKeyJwtPublicKey]; !ok || val == "" { + publicKey = osJwtPublicKey + } + if osJwtPublicKey != "" && publicKey != osJwtPublicKey { + publicKey = osJwtPublicKey } // if algo is RSA / ECDSA, then we need to have both private and public key @@ -184,55 +284,151 @@ func InitAllEnv() error { } - if envData[constants.EnvKeyJwtRoleClaim] == "" { - envData[constants.EnvKeyJwtRoleClaim] = os.Getenv(constants.EnvKeyJwtRoleClaim) + if val, ok := envData[constants.EnvKeyJwtRoleClaim]; !ok || val == "" { + envData[constants.EnvKeyJwtRoleClaim] = osJwtRoleClaim if envData[constants.EnvKeyJwtRoleClaim] == "" { envData[constants.EnvKeyJwtRoleClaim] = "role" } } - - if envData[constants.EnvKeyCustomAccessTokenScript] == "" { - envData[constants.EnvKeyCustomAccessTokenScript] = os.Getenv(constants.EnvKeyCustomAccessTokenScript) + if osJwtRoleClaim != "" && envData[constants.EnvKeyJwtRoleClaim] != osJwtRoleClaim { + envData[constants.EnvKeyJwtRoleClaim] = osJwtRoleClaim } - if envData[constants.EnvKeyRedisURL] == "" { - envData[constants.EnvKeyRedisURL] = os.Getenv(constants.EnvKeyRedisURL) + if val, ok := envData[constants.EnvKeyCustomAccessTokenScript]; !ok || val == "" { + envData[constants.EnvKeyCustomAccessTokenScript] = osCustomAccessTokenScript + } + if osCustomAccessTokenScript != "" && envData[constants.EnvKeyCustomAccessTokenScript] != osCustomAccessTokenScript { + envData[constants.EnvKeyCustomAccessTokenScript] = osCustomAccessTokenScript } - if envData[constants.EnvKeyGoogleClientID] == "" { - envData[constants.EnvKeyGoogleClientID] = os.Getenv(constants.EnvKeyGoogleClientID) + if val, ok := envData[constants.EnvKeyGoogleClientID]; !ok || val == "" { + envData[constants.EnvKeyGoogleClientID] = osGoogleClientID + } + if osGoogleClientID != "" && envData[constants.EnvKeyGoogleClientID] != osGoogleClientID { + envData[constants.EnvKeyGoogleClientID] = osGoogleClientID } - if envData[constants.EnvKeyGoogleClientSecret] == "" { - envData[constants.EnvKeyGoogleClientSecret] = os.Getenv(constants.EnvKeyGoogleClientSecret) + if val, ok := envData[constants.EnvKeyGoogleClientSecret]; !ok || val == "" { + envData[constants.EnvKeyGoogleClientSecret] = osGoogleClientSecret + } + if osGoogleClientSecret != "" && envData[constants.EnvKeyGoogleClientSecret] != osGoogleClientSecret { + envData[constants.EnvKeyGoogleClientSecret] = osGoogleClientSecret } - if envData[constants.EnvKeyGithubClientID] == "" { - envData[constants.EnvKeyGithubClientID] = os.Getenv(constants.EnvKeyGithubClientID) + if val, ok := envData[constants.EnvKeyGithubClientID]; !ok || val == "" { + envData[constants.EnvKeyGithubClientID] = osGithubClientID + } + if osGithubClientID != "" && envData[constants.EnvKeyGithubClientID] != osGithubClientID { + envData[constants.EnvKeyGithubClientID] = osGithubClientID } - if envData[constants.EnvKeyGithubClientSecret] == "" { - envData[constants.EnvKeyGithubClientSecret] = os.Getenv(constants.EnvKeyGithubClientSecret) + if val, ok := envData[constants.EnvKeyGithubClientSecret]; !ok || val == "" { + envData[constants.EnvKeyGithubClientSecret] = osGithubClientSecret + } + if osGithubClientSecret != "" && envData[constants.EnvKeyGithubClientSecret] != osGithubClientSecret { + envData[constants.EnvKeyGithubClientSecret] = osGithubClientSecret } - if envData[constants.EnvKeyFacebookClientID] == "" { - envData[constants.EnvKeyFacebookClientID] = os.Getenv(constants.EnvKeyFacebookClientID) + if val, ok := envData[constants.EnvKeyFacebookClientID]; !ok || val == "" { + envData[constants.EnvKeyFacebookClientID] = osFacebookClientID + } + if osFacebookClientID != "" && envData[constants.EnvKeyFacebookClientID] != osFacebookClientID { + envData[constants.EnvKeyFacebookClientID] = osFacebookClientID } - if envData[constants.EnvKeyFacebookClientSecret] == "" { - envData[constants.EnvKeyFacebookClientSecret] = os.Getenv(constants.EnvKeyFacebookClientSecret) + if val, ok := envData[constants.EnvKeyFacebookClientSecret]; !ok || val == "" { + envData[constants.EnvKeyFacebookClientSecret] = osFacebookClientSecret + } + if osFacebookClientSecret != "" && envData[constants.EnvKeyFacebookClientSecret] != osFacebookClientSecret { + envData[constants.EnvKeyFacebookClientSecret] = osFacebookClientSecret } - if envData[constants.EnvKeyResetPasswordURL] == "" { - envData[constants.EnvKeyResetPasswordURL] = strings.TrimPrefix(os.Getenv(constants.EnvKeyResetPasswordURL), "/") + if val, ok := envData[constants.EnvKeyResetPasswordURL]; !ok || val == "" { + envData[constants.EnvKeyResetPasswordURL] = strings.TrimPrefix(osResetPasswordURL, "/") + } + if osResetPasswordURL != "" && envData[constants.EnvKeyResetPasswordURL] != osResetPasswordURL { + envData[constants.EnvKeyResetPasswordURL] = osResetPasswordURL } - envData[constants.EnvKeyDisableBasicAuthentication] = os.Getenv(constants.EnvKeyDisableBasicAuthentication) == "true" - envData[constants.EnvKeyDisableEmailVerification] = os.Getenv(constants.EnvKeyDisableEmailVerification) == "true" - envData[constants.EnvKeyDisableMagicLinkLogin] = os.Getenv(constants.EnvKeyDisableMagicLinkLogin) == "true" - envData[constants.EnvKeyDisableLoginPage] = os.Getenv(constants.EnvKeyDisableLoginPage) == "true" - envData[constants.EnvKeyDisableSignUp] = os.Getenv(constants.EnvKeyDisableSignUp) == "true" + if val, ok := envData[constants.EnvKeyOrganizationName]; !ok || val == "" { + envData[constants.EnvKeyOrganizationName] = osOrganizationName + } + if osOrganizationName != "" && envData[constants.EnvKeyOrganizationName] != osOrganizationName { + envData[constants.EnvKeyOrganizationName] = osOrganizationName + } + + if val, ok := envData[constants.EnvKeyOrganizationLogo]; !ok || val == "" { + envData[constants.EnvKeyOrganizationLogo] = osOrganizationLogo + } + if osOrganizationLogo != "" && envData[constants.EnvKeyOrganizationLogo] != osOrganizationLogo { + envData[constants.EnvKeyOrganizationLogo] = osOrganizationLogo + } + + if _, ok := envData[constants.EnvKeyDisableBasicAuthentication]; !ok { + envData[constants.EnvKeyDisableBasicAuthentication] = osDisableBasicAuthentication == "true" + } + if osDisableBasicAuthentication != "" { + boolValue, err := strconv.ParseBool(osDisableBasicAuthentication) + if err != nil { + return err + } + if boolValue != envData[constants.EnvKeyDisableBasicAuthentication].(bool) { + envData[constants.EnvKeyDisableBasicAuthentication] = boolValue + } + } + + if _, ok := envData[constants.EnvKeyDisableEmailVerification]; !ok { + envData[constants.EnvKeyDisableEmailVerification] = osDisableEmailVerification == "true" + } + if osDisableEmailVerification != "" { + boolValue, err := strconv.ParseBool(osDisableEmailVerification) + if err != nil { + return err + } + if boolValue != envData[constants.EnvKeyDisableEmailVerification].(bool) { + envData[constants.EnvKeyDisableEmailVerification] = boolValue + } + } + + if _, ok := envData[constants.EnvKeyDisableMagicLinkLogin]; !ok { + envData[constants.EnvKeyDisableMagicLinkLogin] = osDisableMagicLinkLogin == "true" + } + if osDisableMagicLinkLogin != "" { + boolValue, err := strconv.ParseBool(osDisableMagicLinkLogin) + if err != nil { + return err + } + if boolValue != envData[constants.EnvKeyDisableMagicLinkLogin].(bool) { + envData[constants.EnvKeyDisableMagicLinkLogin] = boolValue + } + } + + if _, ok := envData[constants.EnvKeyDisableLoginPage]; !ok { + envData[constants.EnvKeyDisableLoginPage] = osDisableLoginPage == "true" + } + if osDisableLoginPage != "" { + boolValue, err := strconv.ParseBool(osDisableLoginPage) + if err != nil { + return err + } + if boolValue != envData[constants.EnvKeyDisableLoginPage].(bool) { + envData[constants.EnvKeyDisableLoginPage] = boolValue + } + } + + if _, ok := envData[constants.EnvKeyDisableSignUp]; !ok { + envData[constants.EnvKeyDisableSignUp] = osDisableSignUp == "true" + } + if osDisableSignUp != "" { + boolValue, err := strconv.ParseBool(osDisableSignUp) + if err != nil { + return err + } + if boolValue != envData[constants.EnvKeyDisableSignUp].(bool) { + envData[constants.EnvKeyDisableSignUp] = boolValue + } + } // no need to add nil check as its already done above if envData[constants.EnvKeySmtpHost] == "" || envData[constants.EnvKeySmtpUsername] == "" || envData[constants.EnvKeySmtpPassword] == "" || envData[constants.EnvKeySenderEmail] == "" && envData[constants.EnvKeySmtpPort] == "" { @@ -244,87 +440,67 @@ func InitAllEnv() error { envData[constants.EnvKeyDisableMagicLinkLogin] = true } - allowedOriginsSplit := strings.Split(os.Getenv(constants.EnvKeyAllowedOrigins), ",") - allowedOrigins := []string{} - hasWildCard := false - - for _, val := range allowedOriginsSplit { - trimVal := strings.TrimSpace(val) - if trimVal != "" { - if trimVal != "*" { - host, port := parsers.GetHostParts(trimVal) - allowedOrigins = append(allowedOrigins, host+":"+port) - } else { - hasWildCard = true - allowedOrigins = append(allowedOrigins, trimVal) - break - } + if val, ok := envData[constants.EnvKeyAllowedOrigins]; !ok || val == "" { + envData[constants.EnvKeyAllowedOrigins] = osAllowedOrigins + if envData[constants.EnvKeyAllowedOrigins] == "" { + envData[constants.EnvKeyAllowedOrigins] = "*" } } - - if len(allowedOrigins) > 1 && hasWildCard { - allowedOrigins = []string{"*"} + if osAllowedOrigins != "" && envData[constants.EnvKeyAllowedOrigins] != osAllowedOrigins { + envData[constants.EnvKeyAllowedOrigins] = osAllowedOrigins } - if len(allowedOrigins) == 0 { - allowedOrigins = []string{"*"} - } - - envData[constants.EnvKeyAllowedOrigins] = allowedOrigins - - rolesEnv := strings.TrimSpace(os.Getenv(constants.EnvKeyRoles)) - rolesSplit := strings.Split(rolesEnv, ",") - roles := []string{} - if len(rolesEnv) == 0 { - roles = []string{"user"} - } - - defaultRolesEnv := strings.TrimSpace(os.Getenv(constants.EnvKeyDefaultRoles)) - defaultRoleSplit := strings.Split(defaultRolesEnv, ",") - defaultRoles := []string{} - - if len(defaultRolesEnv) == 0 { - defaultRoles = []string{"user"} - } - - protectedRolesEnv := strings.TrimSpace(os.Getenv(constants.EnvKeyProtectedRoles)) - protectedRolesSplit := strings.Split(protectedRolesEnv, ",") - protectedRoles := []string{} - - if len(protectedRolesEnv) > 0 { - for _, val := range protectedRolesSplit { - trimVal := strings.TrimSpace(val) - protectedRoles = append(protectedRoles, trimVal) + ////// Roles ///// + if val, ok := envData[constants.EnvKeyRoles]; !ok || val == "" { + envData[constants.EnvKeyRoles] = osRoles + if envData[constants.EnvKeyRoles] == "" { + envData[constants.EnvKeyRoles] = "user" } } + if osRoles != "" && envData[constants.EnvKeyRoles] != osRoles { + envData[constants.EnvKeyRoles] = osRoles + } + roles := strings.Split(envData[constants.EnvKeyRoles].(string), ",") + ////// Roles ///// - for _, val := range rolesSplit { - trimVal := strings.TrimSpace(val) - if trimVal != "" { - roles = append(roles, trimVal) - if utils.StringSliceContains(defaultRoleSplit, trimVal) { - defaultRoles = append(defaultRoles, trimVal) - } + ////// Default Role ///// + if val, ok := envData[constants.EnvKeyDefaultRoles]; !ok || val == "" { + envData[constants.EnvKeyDefaultRoles] = osDefaultRoles + if envData[constants.EnvKeyDefaultRoles] == "" { + envData[constants.EnvKeyDefaultRoles] = "user" } } - - if len(roles) > 0 && len(defaultRoles) == 0 && len(defaultRolesEnv) > 0 { - log.Debug("Default roles not found in roles list. It can be one from ROLES only") - return errors.New(`invalid DEFAULT_ROLE environment variable. It can be one from give ROLES environment variable value`) + if osDefaultRoles != "" && envData[constants.EnvKeyDefaultRoles] != osDefaultRoles { + envData[constants.EnvKeyDefaultRoles] = osDefaultRoles + } + defaultRoles := strings.Split(envData[constants.EnvKeyDefaultRoles].(string), ",") + if len(defaultRoles) == 0 { + defaultRoles = []string{roles[0]} } - envData[constants.EnvKeyRoles] = roles - envData[constants.EnvKeyDefaultRoles] = defaultRoles - envData[constants.EnvKeyProtectedRoles] = protectedRoles - - if os.Getenv(constants.EnvKeyOrganizationName) != "" { - envData[constants.EnvKeyOrganizationName] = os.Getenv(constants.EnvKeyOrganizationName) + for _, role := range defaultRoles { + if !utils.StringSliceContains(roles, role) { + return fmt.Errorf("Default role %s is not defined in roles", role) + } } + ////// Default Role ///// - if os.Getenv(constants.EnvKeyOrganizationLogo) != "" { - envData[constants.EnvKeyOrganizationLogo] = os.Getenv(constants.EnvKeyOrganizationLogo) + ////// Roles ///// + if val, ok := envData[constants.EnvKeyProtectedRoles]; !ok || val == "" { + envData[constants.EnvKeyProtectedRoles] = osProtectedRoles + if envData[constants.EnvKeyProtectedRoles] == "" { + envData[constants.EnvKeyProtectedRoles] = "user" + } } + if osProtectedRoles != "" && envData[constants.EnvKeyProtectedRoles] != osProtectedRoles { + envData[constants.EnvKeyProtectedRoles] = osProtectedRoles + } + ////// Roles ///// - memorystore.Provider.UpdateEnvStore(envData) + err = memorystore.Provider.UpdateEnvStore(envData) + if err != nil { + log.Debug("Error while updating env store: ", err) + return err + } return nil } diff --git a/server/env/persist_env.go b/server/env/persist_env.go index 64b366f..ecedcb5 100644 --- a/server/env/persist_env.go +++ b/server/env/persist_env.go @@ -14,8 +14,6 @@ import ( "github.com/authorizerdev/authorizer/server/db" "github.com/authorizerdev/authorizer/server/db/models" "github.com/authorizerdev/authorizer/server/memorystore" - "github.com/authorizerdev/authorizer/server/utils" - "github.com/authorizerdev/authorizer/server/validators" ) // GetEnvData returns the env data from database @@ -55,6 +53,42 @@ func GetEnvData() (map[string]interface{}, error) { return result, err } + ///////// start backward compatibility /////////// + // check if env data is stored in older format + hasOlderFormat := false + if _, ok := result["bool_env"]; ok { + for key, value := range result["bool_env"].(map[string]interface{}) { + result[key] = value + } + hasOlderFormat = true + delete(result, "bool_env") + } + + if _, ok := result["string_env"]; ok { + for key, value := range result["string_env"].(map[string]interface{}) { + result[key] = value + } + hasOlderFormat = true + delete(result, "string_env") + } + + if _, ok := result["slice_env"]; ok { + for key, value := range result["slice_env"].(map[string]interface{}) { + result[key] = strings.Join(value.([]string), ",") + } + hasOlderFormat = true + delete(result, "slice_env") + } + + if hasOlderFormat { + err := memorystore.Provider.UpdateEnvStore(result) + if err != nil { + log.Fatal("Error while updating env store: ", err) + return result, err + } + } + ///////// end backward compatibility /////////// + return result, err } @@ -136,15 +170,6 @@ func PersistEnv() error { envValue := strings.TrimSpace(os.Getenv(key)) if envValue != "" { switch key { - case constants.EnvKeyRoles, constants.EnvKeyDefaultRoles, constants.EnvKeyProtectedRoles: - envStringArr := strings.Split(envValue, ",") - originalValue := utils.ConvertInterfaceToStringSlice(value) - if !validators.IsStringArrayEqual(originalValue, envStringArr) { - storeData[key] = envStringArr - hasChanged = true - } - - break case constants.EnvKeyIsProd, constants.EnvKeyDisableBasicAuthentication, constants.EnvKeyDisableEmailVerification, constants.EnvKeyDisableLoginPage, constants.EnvKeyDisableMagicLinkLogin, constants.EnvKeyDisableSignUp: if envValueBool, err := strconv.ParseBool(envValue); err == nil { if value.(bool) != envValueBool { @@ -152,15 +177,11 @@ func PersistEnv() error { hasChanged = true } } - - break default: - if value.(string) != envValue { + if value != nil && value.(string) != envValue { storeData[key] = envValue hasChanged = true } - - break } } } diff --git a/server/handlers/oauth_callback.go b/server/handlers/oauth_callback.go index bffbdcf..d384040 100644 --- a/server/handlers/oauth_callback.go +++ b/server/handlers/oauth_callback.go @@ -91,10 +91,13 @@ func OAuthCallbackHandler() gin.HandlerFunc { // make sure inputRoles don't include protected roles hasProtectedRole := false for _, ir := range inputRoles { - protectedRoles, err := memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyProtectedRoles) + protectedRolesString, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyProtectedRoles) + protectedRoles := []string{} if err != nil { log.Debug("Failed to get protected roles: ", err) - protectedRoles = []string{} + protectedRolesString = "" + } else { + protectedRoles = strings.Split(protectedRolesString, ",") } if utils.StringSliceContains(protectedRoles, ir) { hasProtectedRole = true @@ -149,10 +152,13 @@ func OAuthCallbackHandler() gin.HandlerFunc { // check if it contains protected unassigned role hasProtectedRole := false for _, ur := range unasignedRoles { - protectedRoles, err := memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyProtectedRoles) + protectedRolesString, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyProtectedRoles) + protectedRoles := []string{} if err != nil { log.Debug("Failed to get protected roles: ", err) - protectedRoles = []string{} + protectedRolesString = "" + } else { + protectedRoles = strings.Split(protectedRolesString, ",") } if utils.StringSliceContains(protectedRoles, ur) { hasProtectedRole = true diff --git a/server/handlers/oauth_login.go b/server/handlers/oauth_login.go index 7f3e948..ca8e628 100644 --- a/server/handlers/oauth_login.go +++ b/server/handlers/oauth_login.go @@ -56,13 +56,22 @@ func OAuthLoginHandler() gin.HandlerFunc { // use protected roles verification for admin login only. // though if not associated with user, it will be rejected from oauth_callback - roles, err := memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyRoles) + rolesString, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyRoles) + roles := []string{} if err != nil { log.Debug("Error getting roles: ", err) + rolesString = "" + } else { + roles = strings.Split(rolesString, ",") } - protectedRoles, err := memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyProtectedRoles) + + protectedRolesString, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyProtectedRoles) + protectedRoles := []string{} if err != nil { log.Debug("Error getting protected roles: ", err) + protectedRolesString = "" + } else { + protectedRoles = strings.Split(protectedRolesString, ",") } if !validators.IsValidRoles(rolesSplit, append([]string{}, append(roles, protectedRoles...)...)) { @@ -73,7 +82,7 @@ func OAuthLoginHandler() gin.HandlerFunc { return } } else { - defaultRoles, err := memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyDefaultRoles) + defaultRoles, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDefaultRoles) if err != nil { log.Debug("Error getting default roles: ", err) c.JSON(400, gin.H{ @@ -81,7 +90,7 @@ func OAuthLoginHandler() gin.HandlerFunc { }) return } - roles = strings.Join(defaultRoles, ",") + roles = defaultRoles } diff --git a/server/main.go b/server/main.go index e2ee442..e00500a 100644 --- a/server/main.go +++ b/server/main.go @@ -31,6 +31,7 @@ func main() { cli.ARG_DB_TYPE = flag.String("database_type", "", "Database type, possible values are postgres,mysql,sqlite") cli.ARG_ENV_FILE = flag.String("env_file", "", "Env file path") cli.ARG_LOG_LEVEL = flag.String("log_level", "info", "Log level, possible values are debug,info,warn,error,fatal,panic") + cli.ARG_REDIS_URL = flag.String("redis_url", "", "Redis connection string") flag.Parse() // global log level diff --git a/server/memorystore/providers/inmemory/envstore.go b/server/memorystore/providers/inmemory/envstore.go index a290280..37fee08 100644 --- a/server/memorystore/providers/inmemory/envstore.go +++ b/server/memorystore/providers/inmemory/envstore.go @@ -1,6 +1,8 @@ package inmemory -import "sync" +import ( + "sync" +) // EnvStore struct to store the env variables type EnvStore struct { @@ -23,6 +25,7 @@ func (e *EnvStore) UpdateStore(store map[string]interface{}) { func (e *EnvStore) GetStore() map[string]interface{} { e.mutex.Lock() defer e.mutex.Unlock() + return e.store } diff --git a/server/memorystore/providers/inmemory/store.go b/server/memorystore/providers/inmemory/store.go index ebb48cf..2113046 100644 --- a/server/memorystore/providers/inmemory/store.go +++ b/server/memorystore/providers/inmemory/store.go @@ -1,6 +1,7 @@ package inmemory import ( + "fmt" "strings" ) @@ -15,8 +16,8 @@ func (c *provider) ClearStore() error { // GetUserSessions returns all the user session token from the in-memory store. func (c *provider) GetUserSessions(userId string) map[string]string { - // c.mutex.Lock() - // defer c.mutex.Unlock() + c.mutex.Lock() + defer c.mutex.Unlock() res := map[string]string{} for k, v := range c.stateStore { split := strings.Split(v, "@") @@ -30,8 +31,8 @@ func (c *provider) GetUserSessions(userId string) map[string]string { // DeleteAllUserSession deletes all the user sessions from in-memory store. func (c *provider) DeleteAllUserSession(userId string) error { - // c.mutex.Lock() - // defer c.mutex.Unlock() + c.mutex.Lock() + defer c.mutex.Unlock() sessions := c.GetUserSessions(userId) for k := range sessions { c.RemoveState(k) @@ -91,24 +92,17 @@ func (c *provider) UpdateEnvVariable(key string, value interface{}) error { // GetStringStoreEnvVariable to get the env variable from string store object func (c *provider) GetStringStoreEnvVariable(key string) (string, error) { res := c.envStore.Get(key) - return res.(string), nil + if res == nil { + return "", nil + } + return fmt.Sprintf("%v", res), nil } // GetBoolStoreEnvVariable to get the env variable from bool store object func (c *provider) GetBoolStoreEnvVariable(key string) (bool, error) { res := c.envStore.Get(key) + if res == nil { + return false, nil + } return res.(bool), nil } - -// GetSliceStoreEnvVariable to get the env variable from slice store object -func (c *provider) GetSliceStoreEnvVariable(key string) ([]string, error) { - res := c.envStore.Get(key) - data := res.([]interface{}) - var resSlice []string - - for _, v := range data { - resSlice = append(resSlice, v.(string)) - } - - return resSlice, nil -} diff --git a/server/memorystore/providers/providers.go b/server/memorystore/providers/providers.go index df4507a..b9730f3 100644 --- a/server/memorystore/providers/providers.go +++ b/server/memorystore/providers/providers.go @@ -27,6 +27,4 @@ type Provider interface { GetStringStoreEnvVariable(key string) (string, error) // GetBoolStoreEnvVariable to get the bool env variable from env store GetBoolStoreEnvVariable(key string) (bool, error) - // GetSliceStoreEnvVariable to get the string slice env variable from env store - GetSliceStoreEnvVariable(key string) ([]string, error) } diff --git a/server/memorystore/providers/redis/store.go b/server/memorystore/providers/redis/store.go index 0390436..dada48c 100644 --- a/server/memorystore/providers/redis/store.go +++ b/server/memorystore/providers/redis/store.go @@ -148,15 +148,3 @@ func (c *provider) GetBoolStoreEnvVariable(key string) (bool, error) { return res, nil } - -// GetSliceStoreEnvVariable to get the string slice env variable from env store -func (c *provider) GetSliceStoreEnvVariable(key string) ([]string, error) { - var res []string - err := c.store.Get(c.ctx, envStorePrefix+key).Scan(&res) - if err != nil { - log.Debug("error getting token from redis store: ", err) - return nil, err - } - - return res, nil -} diff --git a/server/memorystore/required_env_store.go b/server/memorystore/required_env_store.go index 68dc85c..43073fd 100644 --- a/server/memorystore/required_env_store.go +++ b/server/memorystore/required_env_store.go @@ -69,7 +69,7 @@ func InitRequiredEnv() error { err := godotenv.Load(envPath) if err != nil { - log.Info("using OS env instead of %s file", envPath) + log.Infof("using OS env instead of %s file", envPath) } dbURL := os.Getenv(constants.EnvKeyDatabaseURL) @@ -84,6 +84,12 @@ func InitRequiredEnv() error { dbCACert := os.Getenv(constants.EnvKeyDatabaseCACert) redisURL := os.Getenv(constants.EnvKeyRedisURL) + if strings.TrimSpace(redisURL) == "" { + if cli.ARG_REDIS_URL != nil && *cli.ARG_REDIS_URL != "" { + redisURL = *cli.ARG_REDIS_URL + } + } + if strings.TrimSpace(dbType) == "" { if cli.ARG_DB_TYPE != nil && *cli.ARG_DB_TYPE != "" { dbType = strings.TrimSpace(*cli.ARG_DB_TYPE) diff --git a/server/resolvers/invite_members.go b/server/resolvers/invite_members.go index 959f164..c454dc8 100644 --- a/server/resolvers/invite_members.go +++ b/server/resolvers/invite_members.go @@ -87,10 +87,15 @@ func InviteMembersResolver(ctx context.Context, params model.InviteMemberInput) // invite new emails for _, email := range newEmails { - defaultRoles, err := memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyDefaultRoles) + defaultRolesString, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDefaultRoles) + defaultRoles := []string{} if err != nil { log.Debug("Error getting default roles: ", err) + defaultRolesString = "" + } else { + defaultRoles = strings.Split(defaultRolesString, ",") } + user := models.User{ Email: email, Roles: strings.Join(defaultRoles, ","), diff --git a/server/resolvers/login.go b/server/resolvers/login.go index 45ea318..54ff030 100644 --- a/server/resolvers/login.go +++ b/server/resolvers/login.go @@ -73,10 +73,15 @@ func LoginResolver(ctx context.Context, params model.LoginInput) (*model.AuthRes return res, fmt.Errorf(`invalid password`) } - roles, err := memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyDefaultRoles) + defaultRolesString, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDefaultRoles) + roles := []string{} if err != nil { log.Debug("Error getting default roles: ", err) + defaultRolesString = "" + } else { + roles = strings.Split(defaultRolesString, ",") } + currentRoles := strings.Split(user.Roles, ",") if len(params.Roles) > 0 { if !validators.IsValidRoles(params.Roles, currentRoles) { diff --git a/server/resolvers/magic_link_login.go b/server/resolvers/magic_link_login.go index e44386c..713c850 100644 --- a/server/resolvers/magic_link_login.go +++ b/server/resolvers/magic_link_login.go @@ -74,10 +74,13 @@ func MagicLinkLoginResolver(ctx context.Context, params model.MagicLinkLoginInpu // define roles for new user if len(params.Roles) > 0 { // check if roles exists - roles, err := memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyRoles) + rolesString, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyRoles) + roles := []string{} if err != nil { log.Debug("Error getting roles: ", err) return res, err + } else { + roles = strings.Split(rolesString, ",") } if !validators.IsValidRoles(params.Roles, roles) { log.Debug("Invalid roles: ", params.Roles) @@ -86,12 +89,13 @@ func MagicLinkLoginResolver(ctx context.Context, params model.MagicLinkLoginInpu inputRoles = params.Roles } } else { - inputRoles, err = memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyDefaultRoles) + inputRolesString, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDefaultRoles) if err != nil { log.Debug("Error getting default roles: ", err) return res, fmt.Errorf(`invalid roles`) + } else { + inputRoles = strings.Split(inputRolesString, ",") } - } user.Roles = strings.Join(inputRoles, ",") @@ -110,10 +114,12 @@ func MagicLinkLoginResolver(ctx context.Context, params model.MagicLinkLoginInpu // find the unassigned roles if len(params.Roles) <= 0 { - inputRoles, err = memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyDefaultRoles) + inputRolesString, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDefaultRoles) if err != nil { log.Debug("Error getting default roles: ", err) return res, fmt.Errorf(`invalid default roles`) + } else { + inputRoles = strings.Split(inputRolesString, ",") } } existingRoles := strings.Split(existingUser.Roles, ",") @@ -127,10 +133,13 @@ func MagicLinkLoginResolver(ctx context.Context, params model.MagicLinkLoginInpu if len(unasignedRoles) > 0 { // check if it contains protected unassigned role hasProtectedRole := false - protectedRoles, err := memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyProtectedRoles) + protectedRolesString, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyProtectedRoles) + protectedRoles := []string{} if err != nil { log.Debug("Error getting protected roles: ", err) return res, err + } else { + protectedRoles = strings.Split(protectedRolesString, ",") } for _, ur := range unasignedRoles { if utils.StringSliceContains(protectedRoles, ur) { diff --git a/server/resolvers/signup.go b/server/resolvers/signup.go index f820fb6..a649521 100644 --- a/server/resolvers/signup.go +++ b/server/resolvers/signup.go @@ -92,10 +92,13 @@ func SignupResolver(ctx context.Context, params model.SignUpInput) (*model.AuthR if len(params.Roles) > 0 { // check if roles exists - roles, err := memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyRoles) + rolesString, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyRoles) + roles := []string{} if err != nil { log.Debug("Error getting roles: ", err) return res, err + } else { + roles = strings.Split(rolesString, ",") } if !validators.IsValidRoles(roles, params.Roles) { log.Debug("Invalid roles: ", params.Roles) @@ -104,10 +107,12 @@ func SignupResolver(ctx context.Context, params model.SignUpInput) (*model.AuthR inputRoles = params.Roles } } else { - inputRoles, err = memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyDefaultRoles) + inputRolesString, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDefaultRoles) if err != nil { log.Debug("Error getting default roles: ", err) return res, err + } else { + inputRoles = strings.Split(inputRolesString, ",") } } diff --git a/server/resolvers/update_user.go b/server/resolvers/update_user.go index 5b90ddf..ca52f63 100644 --- a/server/resolvers/update_user.go +++ b/server/resolvers/update_user.go @@ -156,13 +156,22 @@ func UpdateUserResolver(ctx context.Context, params model.UpdateUserInput) (*mod inputRoles = append(inputRoles, *item) } - roles, err := memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyRoles) + rolesString, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyRoles) + roles := []string{} if err != nil { log.Debug("Error getting roles: ", err) + rolesString = "" + } else { + roles = strings.Split(rolesString, ",") } - protectedRoles, err := memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyProtectedRoles) + protectedRolesString, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyProtectedRoles) + fmt.Println(protectedRolesString) + protectedRoles := []string{} if err != nil { log.Debug("Error getting protected roles: ", err) + protectedRolesString = "" + } else { + protectedRoles = strings.Split(protectedRolesString, ",") } if !validators.IsValidRoles(inputRoles, append([]string{}, append(roles, protectedRoles...)...)) { diff --git a/server/test/env_file_test.go b/server/test/env_file_test.go index 113a066..31d5c70 100644 --- a/server/test/env_file_test.go +++ b/server/test/env_file_test.go @@ -1,28 +1,33 @@ package test import ( + "os" "testing" + "github.com/stretchr/testify/assert" + "github.com/authorizerdev/authorizer/server/constants" "github.com/authorizerdev/authorizer/server/env" "github.com/authorizerdev/authorizer/server/memorystore" - "github.com/authorizerdev/authorizer/server/utils" - "github.com/stretchr/testify/assert" ) func TestEnvs(t *testing.T) { - memorystore.Provider.UpdateEnvVariable(constants.EnvKeyEnvPath, "../../.env.sample") - env.InitAllEnv() + err := os.Setenv(constants.EnvKeyEnvPath, "../../.env.test") + assert.Nil(t, err) + err = memorystore.InitRequiredEnv() + assert.Nil(t, err) + err = env.InitAllEnv() + assert.Nil(t, err) store, err := memorystore.Provider.GetEnvStore() assert.Nil(t, err) - assert.Equal(t, store[constants.EnvKeyEnv].(string), "production") + assert.Equal(t, "test", store[constants.EnvKeyEnv].(string)) assert.False(t, store[constants.EnvKeyDisableEmailVerification].(bool)) assert.False(t, store[constants.EnvKeyDisableMagicLinkLogin].(bool)) assert.False(t, store[constants.EnvKeyDisableBasicAuthentication].(bool)) - assert.Equal(t, store[constants.EnvKeyJwtType].(string), "RS256") + assert.Equal(t, "RS256", store[constants.EnvKeyJwtType].(string)) assert.Equal(t, store[constants.EnvKeyJwtRoleClaim].(string), "role") - assert.EqualValues(t, utils.ConvertInterfaceToStringSlice(store[constants.EnvKeyRoles]), []string{"user"}) - assert.EqualValues(t, utils.ConvertInterfaceToStringSlice(store[constants.EnvKeyDefaultRoles]), []string{"user"}) - assert.EqualValues(t, utils.ConvertInterfaceToStringSlice(store[constants.EnvKeyAllowedOrigins]), []string{"*"}) + assert.EqualValues(t, store[constants.EnvKeyRoles].(string), "user") + assert.EqualValues(t, store[constants.EnvKeyDefaultRoles].(string), "user") + assert.EqualValues(t, store[constants.EnvKeyAllowedOrigins].(string), "*") } diff --git a/server/test/test.go b/server/test/test.go index 4a4a4ba..d89a361 100644 --- a/server/test/test.go +++ b/server/test/test.go @@ -5,8 +5,11 @@ import ( "fmt" "net/http" "net/http/httptest" + "os" "time" + log "github.com/sirupsen/logrus" + "github.com/authorizerdev/authorizer/server/constants" "github.com/authorizerdev/authorizer/server/db" "github.com/authorizerdev/authorizer/server/env" @@ -75,7 +78,15 @@ func testSetup() TestSetup { Password: "Test@123", } - memorystore.Provider.UpdateEnvVariable(constants.EnvKeyEnvPath, "../../.env.sample") + err := os.Setenv(constants.EnvKeyEnvPath, "../../.env.test") + if err != nil { + log.Fatal("Error loading .env.sample file") + } + err = memorystore.InitRequiredEnv() + if err != nil { + log.Fatal("Error loading required env: ", err) + } + memorystore.InitMemStore() memorystore.Provider.UpdateEnvVariable(constants.EnvKeySmtpHost, "smtp.yopmail.com") memorystore.Provider.UpdateEnvVariable(constants.EnvKeySmtpPort, "2525") diff --git a/server/test/update_env_test.go b/server/test/update_env_test.go index 8c09c17..c602b4a 100644 --- a/server/test/update_env_test.go +++ b/server/test/update_env_test.go @@ -2,6 +2,7 @@ package test import ( "fmt" + "strings" "testing" "github.com/authorizerdev/authorizer/server/constants" @@ -48,8 +49,9 @@ func updateEnvTests(t *testing.T, s TestSetup) { assert.Nil(t, err) assert.True(t, isLoginPageDisabled) - storedOrigins, err := memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyAllowedOrigins) + storedOriginsStrings, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAllowedOrigins) assert.Nil(t, err) + storedOrigins := strings.Split(storedOriginsStrings, ",") assert.Equal(t, storedOrigins, allowedOrigins) disableLoginPage = false diff --git a/server/types/interface_slice.go b/server/types/interface_slice.go new file mode 100644 index 0000000..6b33117 --- /dev/null +++ b/server/types/interface_slice.go @@ -0,0 +1,16 @@ +package types + +import "encoding/json" + +// Type for interface slice. Used for redis store. +type InterfaceSlice []interface{} + +// MarshalBinary for interface slice. +func (s InterfaceSlice) MarshalBinary() ([]byte, error) { + return json.Marshal(s) +} + +// UnmarshalBinary for interface slice. +func (s *InterfaceSlice) UnmarshalBinary(data []byte) error { + return json.Unmarshal(data, s) +} diff --git a/server/validators/url.go b/server/validators/url.go index bf434e3..eae9aa3 100644 --- a/server/validators/url.go +++ b/server/validators/url.go @@ -11,9 +11,12 @@ import ( // IsValidOrigin validates origin based on ALLOWED_ORIGINS func IsValidOrigin(url string) bool { - allowedOrigins, err := memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyAllowedOrigins) + allowedOriginsString, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAllowedOrigins) + allowedOrigins := []string{} if err != nil { allowedOrigins = []string{"*"} + } else { + allowedOrigins = strings.Split(allowedOriginsString, ",") } if len(allowedOrigins) == 1 && allowedOrigins[0] == "*" { return true