Initial QSfera import
This commit is contained in:
@@ -0,0 +1,160 @@
|
||||
package defaults
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
|
||||
"github.com/qsfera/server/pkg/config/defaults"
|
||||
"github.com/qsfera/server/pkg/shared"
|
||||
"github.com/qsfera/server/pkg/structs"
|
||||
"github.com/qsfera/server/services/idp/pkg/config"
|
||||
)
|
||||
|
||||
// FullDefaultConfig returns a fully initialized default configuration
|
||||
func FullDefaultConfig() *config.Config {
|
||||
cfg := DefaultConfig()
|
||||
EnsureDefaults(cfg)
|
||||
Sanitize(cfg)
|
||||
return cfg
|
||||
}
|
||||
|
||||
// DefaultConfig returns a basic default configuration
|
||||
func DefaultConfig() *config.Config {
|
||||
return &config.Config{
|
||||
Debug: config.Debug{
|
||||
Addr: "127.0.0.1:9134",
|
||||
},
|
||||
HTTP: config.HTTP{
|
||||
Addr: "127.0.0.1:9130",
|
||||
Root: "/",
|
||||
Namespace: "qsfera.web",
|
||||
TLSCert: filepath.Join(defaults.BaseDataPath(), "idp", "server.crt"),
|
||||
TLSKey: filepath.Join(defaults.BaseDataPath(), "idp", "server.key"),
|
||||
TLS: false,
|
||||
},
|
||||
Reva: shared.DefaultRevaConfig(),
|
||||
Service: config.Service{
|
||||
Name: "idp",
|
||||
},
|
||||
IDP: config.Settings{
|
||||
Iss: "https://localhost:9200",
|
||||
IdentityManager: "ldap",
|
||||
URIBasePath: "",
|
||||
SignInURI: "",
|
||||
SignedOutURI: "",
|
||||
AuthorizationEndpointURI: "",
|
||||
EndsessionEndpointURI: "",
|
||||
Insecure: false,
|
||||
TrustedProxy: nil,
|
||||
AllowScope: nil,
|
||||
AllowClientGuests: false,
|
||||
AllowDynamicClientRegistration: false,
|
||||
EncryptionSecretFile: filepath.Join(defaults.BaseDataPath(), "idp", "encryption.key"),
|
||||
Listen: "",
|
||||
IdentifierClientDisabled: true,
|
||||
IdentifierClientPath: filepath.Join(defaults.BaseDataPath(), "idp"),
|
||||
IdentifierRegistrationConf: filepath.Join(defaults.BaseDataPath(), "idp", "tmp", "identifier-registration.yaml"),
|
||||
IdentifierScopesConf: "",
|
||||
IdentifierDefaultBannerLogo: "",
|
||||
IdentifierDefaultSignInPageText: "",
|
||||
IdentifierDefaultLogoTargetURI: "",
|
||||
IdentifierDefaultUsernameHintText: "",
|
||||
SigningKid: "private-key",
|
||||
SigningMethod: "PS256",
|
||||
SigningPrivateKeyFiles: []string{filepath.Join(defaults.BaseDataPath(), "idp", "private-key.pem")},
|
||||
ValidationKeysPath: "",
|
||||
CookieBackendURI: "",
|
||||
CookieNames: nil,
|
||||
CookieSameSite: http.SameSiteStrictMode,
|
||||
AccessTokenDurationSeconds: 60 * 5, // 5 minutes
|
||||
IDTokenDurationSeconds: 60 * 5, // 5 minutes
|
||||
RefreshTokenDurationSeconds: 60 * 60 * 24 * 30, // 30 days
|
||||
DynamicClientSecretDurationSeconds: 0,
|
||||
},
|
||||
Clients: []config.Client{
|
||||
{
|
||||
ID: "web",
|
||||
Name: "КуСфера Web App",
|
||||
Trusted: true,
|
||||
RedirectURIs: []string{
|
||||
"{{OC_URL}}/",
|
||||
"{{OC_URL}}/oidc-callback.html",
|
||||
"{{OC_URL}}/oidc-silent-redirect.html",
|
||||
},
|
||||
Origins: []string{
|
||||
"{{OC_URL}}",
|
||||
},
|
||||
},
|
||||
{
|
||||
ID: "QsferaDesktop",
|
||||
Name: "КуСфера Desktop Client",
|
||||
ApplicationType: "native",
|
||||
RedirectURIs: []string{
|
||||
"http://127.0.0.1",
|
||||
"http://localhost",
|
||||
},
|
||||
},
|
||||
{
|
||||
ID: "QsferaAndroid",
|
||||
Name: "КуСфера Android App",
|
||||
ApplicationType: "native",
|
||||
RedirectURIs: []string{
|
||||
"oc://android.qsfera.eu",
|
||||
},
|
||||
PostLogoutRedirectURIs: []string{
|
||||
"oc://android.qsfera.eu",
|
||||
},
|
||||
},
|
||||
{
|
||||
ID: "QsferaIOS",
|
||||
Name: "КуСфера iOS App",
|
||||
ApplicationType: "native",
|
||||
RedirectURIs: []string{
|
||||
"oc://ios.qsfera.eu",
|
||||
},
|
||||
PostLogoutRedirectURIs: []string{
|
||||
"oc://ios.qsfera.eu",
|
||||
},
|
||||
},
|
||||
},
|
||||
Ldap: config.Ldap{
|
||||
URI: "ldaps://localhost:9235",
|
||||
TLSCACert: filepath.Join(defaults.BaseDataPath(), "idm", "ldap.crt"),
|
||||
BindDN: "uid=idp,ou=sysusers,o=libregraph-idm",
|
||||
BaseDN: "ou=users,o=libregraph-idm",
|
||||
Scope: "sub",
|
||||
LoginAttribute: "uid",
|
||||
EmailAttribute: "mail",
|
||||
NameAttribute: "displayName",
|
||||
UUIDAttribute: "qsferaUUID",
|
||||
UUIDAttributeType: "text",
|
||||
Filter: "",
|
||||
ObjectClass: "inetOrgPerson",
|
||||
UserEnabledAttribute: "qsferaUserEnabled",
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
// EnsureDefaults adds default values to the configuration if they are not set yet
|
||||
func EnsureDefaults(cfg *config.Config) {
|
||||
if cfg.LogLevel == "" {
|
||||
cfg.LogLevel = "error"
|
||||
}
|
||||
|
||||
if cfg.Reva == nil && cfg.Commons != nil {
|
||||
cfg.Reva = structs.CopyOrZeroValue(cfg.Commons.Reva)
|
||||
}
|
||||
|
||||
if cfg.MachineAuthAPIKey == "" && cfg.Commons != nil && cfg.Commons.MachineAuthAPIKey != "" {
|
||||
cfg.MachineAuthAPIKey = cfg.Commons.MachineAuthAPIKey
|
||||
}
|
||||
}
|
||||
|
||||
// Sanitize sanitizes the configuration
|
||||
func Sanitize(cfg *config.Config) {
|
||||
// sanitize config
|
||||
if cfg.HTTP.Root != "/" {
|
||||
cfg.HTTP.Root = strings.TrimSuffix(cfg.HTTP.Root, "/")
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user