212 lines
5.0 KiB
Go
212 lines
5.0 KiB
Go
package provision
|
|
|
|
import (
|
|
"context"
|
|
"github.com/cortezaproject/corteza-server/pkg/logger"
|
|
"github.com/cortezaproject/corteza-server/system/service"
|
|
"github.com/cortezaproject/corteza-server/system/types"
|
|
"github.com/spf13/cast"
|
|
"go.uber.org/zap"
|
|
"os"
|
|
)
|
|
|
|
type (
|
|
settingsService interface {
|
|
FindByPrefix(context.Context, ...string) (types.SettingValueSet, error)
|
|
BulkSet(context.Context, types.SettingValueSet) error
|
|
}
|
|
)
|
|
|
|
var (
|
|
IsMonolith bool
|
|
)
|
|
|
|
// Discovers "auth.%" settings from the environment
|
|
//
|
|
// when other kinds of auto-discoverable settings come, lambdas inside will probably need a bit of refactoring
|
|
func authSettingsAutoDiscovery(ctx context.Context, log *zap.Logger, svc settingsService) (err error) {
|
|
type (
|
|
stringWrapper func() string
|
|
boolWrapper func() bool
|
|
)
|
|
|
|
var (
|
|
current types.SettingValueSet
|
|
)
|
|
|
|
if log == nil {
|
|
log = zap.NewNop()
|
|
}
|
|
|
|
log = service.DefaultLogger.Named("auth-settings-discovery")
|
|
|
|
current, err = svc.FindByPrefix(ctx, "auth.")
|
|
if err != nil {
|
|
return
|
|
}
|
|
|
|
var (
|
|
new = current
|
|
|
|
// Setter
|
|
//
|
|
// Finds existing settings, tries with environmental "PROVISION_SETTINGS_AUTH_..." probing
|
|
// and falls back to default value
|
|
//
|
|
// We are extremely verbose here - we want to show all the info available and
|
|
// how settings were discovered and set
|
|
//
|
|
// @todo generalize and move under settings
|
|
set = func(name string, env string, def interface{}, maskSensitive bool) {
|
|
var (
|
|
log = log.With(
|
|
zap.String("name", name),
|
|
)
|
|
|
|
v = current.First(name)
|
|
value interface{}
|
|
)
|
|
|
|
if v != nil {
|
|
// Nothing to discover, already set
|
|
log.Debug("already set", logger.MaskIf("value", v, maskSensitive))
|
|
return
|
|
}
|
|
|
|
v = &types.SettingValue{Name: name}
|
|
|
|
value, envExists := os.LookupEnv(env)
|
|
|
|
switch dfn := def.(type) {
|
|
case stringWrapper:
|
|
log = log.With(zap.String("type", "string"))
|
|
// already a string, no need to do any magic
|
|
if envExists {
|
|
log = log.With(zap.String("env", env), logger.MaskIf("value", value, maskSensitive))
|
|
} else {
|
|
value = dfn()
|
|
log = log.With(zap.Any("default", value))
|
|
}
|
|
case boolWrapper:
|
|
log = log.With(zap.String("type", "bool"))
|
|
|
|
if envExists {
|
|
value = cast.ToBool(value)
|
|
log = log.With(zap.String("env", env), zap.Any("value", value))
|
|
} else {
|
|
value = dfn()
|
|
log = log.With(zap.Any("default", value))
|
|
}
|
|
|
|
default:
|
|
log.Error("unsupported type")
|
|
return
|
|
}
|
|
|
|
if err := v.SetValue(value); err != nil {
|
|
log.Error("could not set value", zap.Error(err))
|
|
return
|
|
}
|
|
|
|
log.Info("value auto-discovered")
|
|
|
|
new.Replace(v)
|
|
}
|
|
|
|
// Assume we have emailing capabilities if SMTP_HOST variable is set
|
|
emailCapabilities = func() boolWrapper {
|
|
return func() bool {
|
|
val, has := os.LookupEnv("SMTP_HOST")
|
|
return has && len(val) > 0
|
|
}
|
|
}
|
|
|
|
wrapBool = func(val bool) boolWrapper {
|
|
return func() bool { return val }
|
|
}
|
|
|
|
wrapString = func(val string) stringWrapper {
|
|
return func() string { return val }
|
|
}
|
|
)
|
|
|
|
// List of name-value pairs we need to iterate and set
|
|
list := []struct {
|
|
// Setting name
|
|
nme string
|
|
|
|
// provision environmental variable name
|
|
// we're using full variable name here so developers
|
|
// can find where things are coming from
|
|
env string
|
|
|
|
// default value
|
|
// expects one of the *wrapper() functions
|
|
// this also determinate the value type of the setting and casting rules for the env value
|
|
def interface{}
|
|
|
|
// mask value if sensitive
|
|
mask bool
|
|
}{
|
|
// // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // //
|
|
// External auth
|
|
|
|
// Enable federated auth
|
|
{
|
|
"auth.external.enabled",
|
|
"PROVISION_SETTINGS_AUTH_EXTERNAL_ENABLED",
|
|
wrapBool(true),
|
|
false},
|
|
|
|
// // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // //
|
|
|
|
// Auth email
|
|
{
|
|
"auth.mail.from-address",
|
|
"PROVISION_SETTINGS_AUTH_EMAIL_FROM_ADDRESS",
|
|
wrapString("info@example.tld"),
|
|
false},
|
|
|
|
{
|
|
"auth.mail.from-name",
|
|
"PROVISION_SETTINGS_AUTH_EMAIL_FROM_NAME",
|
|
wrapString("Example Sender"),
|
|
false},
|
|
|
|
// // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // //
|
|
// Enable internal login
|
|
{
|
|
"auth.internal.enabled",
|
|
"PROVISION_SETTINGS_AUTH_INTERNAL_ENABLED",
|
|
wrapBool(true),
|
|
false},
|
|
|
|
// Enable internal signup
|
|
{
|
|
"auth.internal.signup.enabled",
|
|
"PROVISION_SETTINGS_AUTH_INTERNAL_SIGNUP_ENABLED",
|
|
wrapBool(true),
|
|
false},
|
|
|
|
// Enable email confirmation if we have email capabilities
|
|
{
|
|
"auth.internal.signup.email-confirmation-required",
|
|
"PROVISION_SETTINGS_AUTH_INTERNAL_SIGNUP_EMAIL_CONFIRMATION_REQUIRED",
|
|
emailCapabilities(),
|
|
false},
|
|
|
|
// Enable password reset if we have email capabilities
|
|
{
|
|
"auth.internal.password-reset.enabled",
|
|
"PROVISION_SETTINGS_AUTH_INTERNAL_PASSWORD_RESET_ENABLED",
|
|
emailCapabilities(),
|
|
false},
|
|
}
|
|
|
|
for _, item := range list {
|
|
set(item.nme, item.env, item.def, item.mask)
|
|
}
|
|
|
|
return svc.BulkSet(ctx, new)
|
|
}
|