mirror of
https://github.com/opencloud-eu/opencloud.git
synced 2026-05-01 20:53:05 -04:00
c400949718
* re-implement the auth-api service to authenticate Reva tokens following the OIDC Userinfo endpoint specification * pass the context where necessary and add an authenticator interface to the JMAP HTTP driver, in order to select between master authentication (which is used when GROUPWARE_JMAP_MASTER_USERNAME and GROUPWARE_JMAP_MASTER_PASSWORD are both set) and OIDC token forwarding through bearer auth * add Stalwart directory configuration "idmoidc" which uses the OpenCloud auth-api service API (/auth/) to validate the token it received as bearer auth from the Groupware backend's JMAP client, using it as an OIDC Userinfo endpoint * implement optional additional shared secret to secure the Userinfo service, as an additional path parameter
93 lines
2.6 KiB
Go
93 lines
2.6 KiB
Go
package defaults
|
|
|
|
import (
|
|
"strings"
|
|
"time"
|
|
|
|
"github.com/opencloud-eu/opencloud/services/groupware/pkg/config"
|
|
)
|
|
|
|
// FullDefaultConfig returns a fully initialized default configuration
|
|
func FullDefaultConfig() *config.Config {
|
|
cfg := DefaultConfig()
|
|
EnsureDefaults(cfg)
|
|
Sanitize(cfg)
|
|
return cfg
|
|
}
|
|
|
|
// DefaultConfig returns a basic default configuration
|
|
func DefaultConfig() *config.Config {
|
|
return &config.Config{
|
|
Debug: config.Debug{
|
|
Addr: "127.0.0.1:9292",
|
|
Token: "",
|
|
Pprof: false,
|
|
Zpages: false,
|
|
},
|
|
Mail: config.Mail{
|
|
Master: config.MailMasterAuth{
|
|
Username: "",
|
|
Password: "",
|
|
},
|
|
BaseUrl: "https://stalwart.opencloud.test",
|
|
Timeout: 30 * time.Second,
|
|
DefaultEmailLimit: uint(0),
|
|
MaxBodyValueBytes: uint(0),
|
|
DefaultContactLimit: uint(0),
|
|
ResponseHeaderTimeout: 10 * time.Second,
|
|
PushHandshakeTimeout: 10 * time.Second,
|
|
SessionCache: config.MailSessionCache{
|
|
Ttl: 5 * time.Minute,
|
|
FailureTtl: 15 * time.Second,
|
|
MaxCapacity: 10_000,
|
|
},
|
|
},
|
|
HTTP: config.HTTP{
|
|
Addr: "127.0.0.1:9276",
|
|
Root: "/groupware",
|
|
Namespace: "eu.opencloud.web",
|
|
CORS: config.CORS{
|
|
AllowedOrigins: []string{"*"},
|
|
AllowedMethods: []string{"GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS", "REPORT"},
|
|
AllowedHeaders: []string{"Authorization", "Origin", "Content-Type", "Accept", "X-Requested-With", "X-Request-Id", "Trace-Id", "Cache-Control"},
|
|
AllowCredentials: true,
|
|
},
|
|
},
|
|
Service: config.Service{
|
|
Name: "groupware",
|
|
},
|
|
}
|
|
}
|
|
|
|
// EnsureDefaults adds default values to the configuration if they are not set yet
|
|
func EnsureDefaults(cfg *config.Config) {
|
|
// provide with defaults for shared logging, since we need a valid destination address for "envdecode".
|
|
if cfg.Log == nil && cfg.Commons != nil && cfg.Commons.Log != nil {
|
|
cfg.Log = &config.Log{
|
|
Level: cfg.Commons.Log.Level,
|
|
Pretty: cfg.Commons.Log.Pretty,
|
|
Color: cfg.Commons.Log.Color,
|
|
File: cfg.Commons.Log.File,
|
|
}
|
|
} else if cfg.Log == nil {
|
|
cfg.Log = &config.Log{}
|
|
}
|
|
if cfg.TokenManager == nil && cfg.Commons != nil && cfg.Commons.TokenManager != nil {
|
|
cfg.TokenManager = &config.TokenManager{
|
|
JWTSecret: cfg.Commons.TokenManager.JWTSecret,
|
|
}
|
|
} else if cfg.TokenManager == nil {
|
|
cfg.TokenManager = &config.TokenManager{}
|
|
}
|
|
if cfg.Commons != nil {
|
|
cfg.HTTP.TLS = cfg.Commons.HTTPServiceTLS
|
|
}
|
|
}
|
|
|
|
// Sanitize sanitized the configuration
|
|
func Sanitize(cfg *config.Config) {
|
|
if cfg.HTTP.Root != "/" {
|
|
cfg.HTTP.Root = strings.TrimSuffix(cfg.HTTP.Root, "/")
|
|
}
|
|
}
|