feat: persist encrypted env
This commit is contained in:
Lakhan Samani
@@ -1,7 +1,6 @@
|
||||
package handlers
|
||||
|
||||
import (
|
||||
"encoding/base64"
|
||||
"encoding/json"
|
||||
"log"
|
||||
"net/http"
|
||||
@@ -30,17 +29,17 @@ func AppHandler() gin.HandlerFunc {
|
||||
// return
|
||||
// }
|
||||
|
||||
stateObj.AuthorizerURL = constants.AUTHORIZER_URL
|
||||
stateObj.RedirectURL = constants.AUTHORIZER_URL + "/app"
|
||||
stateObj.AuthorizerURL = constants.EnvData.AUTHORIZER_URL
|
||||
stateObj.RedirectURL = constants.EnvData.AUTHORIZER_URL + "/app"
|
||||
|
||||
} else {
|
||||
decodedState, err := base64.StdEncoding.DecodeString(state)
|
||||
decodedState, err := utils.DecryptB64(state)
|
||||
if err != nil {
|
||||
c.JSON(400, gin.H{"error": "[unable to decode state] invalid state"})
|
||||
return
|
||||
}
|
||||
|
||||
err = json.Unmarshal(decodedState, &stateObj)
|
||||
err = json.Unmarshal([]byte(decodedState), &stateObj)
|
||||
if err != nil {
|
||||
c.JSON(400, gin.H{"error": "[unable to parse state] invalid state"})
|
||||
return
|
||||
@@ -60,7 +59,7 @@ func AppHandler() gin.HandlerFunc {
|
||||
}
|
||||
|
||||
// validate host and domain of authorizer url
|
||||
if strings.TrimSuffix(stateObj.AuthorizerURL, "/") != constants.AUTHORIZER_URL {
|
||||
if strings.TrimSuffix(stateObj.AuthorizerURL, "/") != constants.EnvData.AUTHORIZER_URL {
|
||||
c.JSON(400, gin.H{"error": "invalid host url"})
|
||||
return
|
||||
}
|
||||
@@ -77,8 +76,8 @@ func AppHandler() gin.HandlerFunc {
|
||||
"data": map[string]string{
|
||||
"authorizerURL": stateObj.AuthorizerURL,
|
||||
"redirectURL": stateObj.RedirectURL,
|
||||
"organizationName": constants.ORGANIZATION_NAME,
|
||||
"organizationLogo": constants.ORGANIZATION_LOGO,
|
||||
"organizationName": constants.EnvData.ORGANIZATION_NAME,
|
||||
"organizationLogo": constants.EnvData.ORGANIZATION_LOGO,
|
||||
},
|
||||
})
|
||||
}
|
||||
|
||||
@@ -10,7 +10,7 @@ import (
|
||||
func DashboardHandler() gin.HandlerFunc {
|
||||
return func(c *gin.Context) {
|
||||
isOnboardingCompleted := false
|
||||
if constants.ADMIN_SECRET != "" && constants.DATABASE_TYPE != "" && constants.DATABASE_URL != "" {
|
||||
if constants.EnvData.ADMIN_SECRET != "" && constants.EnvData.DATABASE_TYPE != "" && constants.EnvData.DATABASE_URL != "" {
|
||||
isOnboardingCompleted = true
|
||||
}
|
||||
|
||||
|
||||
@@ -195,7 +195,7 @@ func OAuthCallbackHandler() gin.HandlerFunc {
|
||||
// make sure inputRoles don't include protected roles
|
||||
hasProtectedRole := false
|
||||
for _, ir := range inputRoles {
|
||||
if utils.StringSliceContains(constants.PROTECTED_ROLES, ir) {
|
||||
if utils.StringSliceContains(constants.EnvData.PROTECTED_ROLES, ir) {
|
||||
hasProtectedRole = true
|
||||
}
|
||||
}
|
||||
@@ -238,7 +238,7 @@ func OAuthCallbackHandler() gin.HandlerFunc {
|
||||
// check if it contains protected unassigned role
|
||||
hasProtectedRole := false
|
||||
for _, ur := range unasignedRoles {
|
||||
if utils.StringSliceContains(constants.PROTECTED_ROLES, ur) {
|
||||
if utils.StringSliceContains(constants.EnvData.PROTECTED_ROLES, ur) {
|
||||
hasProtectedRole = true
|
||||
}
|
||||
}
|
||||
|
||||
@@ -34,14 +34,14 @@ func OAuthLoginHandler() gin.HandlerFunc {
|
||||
|
||||
// use protected roles verification for admin login only.
|
||||
// though if not associated with user, it will be rejected from oauth_callback
|
||||
if !utils.IsValidRoles(append([]string{}, append(constants.ROLES, constants.PROTECTED_ROLES...)...), rolesSplit) {
|
||||
if !utils.IsValidRoles(append([]string{}, append(constants.EnvData.ROLES, constants.EnvData.PROTECTED_ROLES...)...), rolesSplit) {
|
||||
c.JSON(400, gin.H{
|
||||
"error": "invalid role",
|
||||
})
|
||||
return
|
||||
}
|
||||
} else {
|
||||
roles = strings.Join(constants.DEFAULT_ROLES, ",")
|
||||
roles = strings.Join(constants.EnvData.DEFAULT_ROLES, ",")
|
||||
}
|
||||
|
||||
uuid := uuid.New()
|
||||
@@ -57,7 +57,7 @@ func OAuthLoginHandler() gin.HandlerFunc {
|
||||
}
|
||||
session.SetSocailLoginState(oauthStateString, enum.Google.String())
|
||||
// during the init of OAuthProvider authorizer url might be empty
|
||||
oauth.OAuthProviders.GoogleConfig.RedirectURL = constants.AUTHORIZER_URL + "/oauth_callback/google"
|
||||
oauth.OAuthProviders.GoogleConfig.RedirectURL = constants.EnvData.AUTHORIZER_URL + "/oauth_callback/google"
|
||||
url := oauth.OAuthProviders.GoogleConfig.AuthCodeURL(oauthStateString)
|
||||
c.Redirect(http.StatusTemporaryRedirect, url)
|
||||
case enum.Github.String():
|
||||
@@ -66,7 +66,7 @@ func OAuthLoginHandler() gin.HandlerFunc {
|
||||
break
|
||||
}
|
||||
session.SetSocailLoginState(oauthStateString, enum.Github.String())
|
||||
oauth.OAuthProviders.GithubConfig.RedirectURL = constants.AUTHORIZER_URL + "/oauth_callback/github"
|
||||
oauth.OAuthProviders.GithubConfig.RedirectURL = constants.EnvData.AUTHORIZER_URL + "/oauth_callback/github"
|
||||
url := oauth.OAuthProviders.GithubConfig.AuthCodeURL(oauthStateString)
|
||||
c.Redirect(http.StatusTemporaryRedirect, url)
|
||||
case enum.Facebook.String():
|
||||
@@ -75,7 +75,7 @@ func OAuthLoginHandler() gin.HandlerFunc {
|
||||
break
|
||||
}
|
||||
session.SetSocailLoginState(oauthStateString, enum.Facebook.String())
|
||||
oauth.OAuthProviders.FacebookConfig.RedirectURL = constants.AUTHORIZER_URL + "/oauth_callback/facebook"
|
||||
oauth.OAuthProviders.FacebookConfig.RedirectURL = constants.EnvData.AUTHORIZER_URL + "/oauth_callback/facebook"
|
||||
url := oauth.OAuthProviders.FacebookConfig.AuthCodeURL(oauthStateString)
|
||||
c.Redirect(http.StatusTemporaryRedirect, url)
|
||||
default:
|
||||
|
||||
Reference in New Issue
Block a user