Added TLS support to the example application
This commit is contained in:
parent
4440b3a085
commit
6f98dfeb96
1 changed files with 20 additions and 5 deletions
|
@ -31,6 +31,9 @@ func main() {
|
||||||
clientSecret := fs.String("client-secret", "ZXhhbXBsZS1hcHAtc2VjcmV0", "")
|
clientSecret := fs.String("client-secret", "ZXhhbXBsZS1hcHAtc2VjcmV0", "")
|
||||||
caFile := fs.String("trusted-ca-file", "", "the TLS CA file, if empty then the host's root CA will be used")
|
caFile := fs.String("trusted-ca-file", "", "the TLS CA file, if empty then the host's root CA will be used")
|
||||||
|
|
||||||
|
certFile := fs.String("tls-cert-file", "", "the TLS cert file. If empty, the app will listen on HTTP")
|
||||||
|
keyFile := fs.String("tls-key-file", "", "the TLS key file. If empty, the app will listen on HTTP")
|
||||||
|
|
||||||
discovery := fs.String("discovery", "http://127.0.0.1:5556", "")
|
discovery := fs.String("discovery", "http://127.0.0.1:5556", "")
|
||||||
logDebug := fs.Bool("log-debug", false, "log debug-level information")
|
logDebug := fs.Bool("log-debug", false, "log debug-level information")
|
||||||
logTimestamps := fs.Bool("log-timestamps", false, "prefix log lines with timestamps")
|
logTimestamps := fs.Bool("log-timestamps", false, "prefix log lines with timestamps")
|
||||||
|
@ -70,6 +73,16 @@ func main() {
|
||||||
log.Fatalf("Unable to parse host from --listen flag: %v", err)
|
log.Fatalf("Unable to parse host from --listen flag: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
redirectURLParsed, err := url.Parse(*redirectURL)
|
||||||
|
if err != nil {
|
||||||
|
log.Fatalf("Unable to parse url from --redirect-url flag: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
useTLS := *keyFile != "" && *certFile != ""
|
||||||
|
if useTLS && (redirectURLParsed.Scheme != "https" || l.Scheme != "https") {
|
||||||
|
log.Fatalf("TLS Cert File and Key File were provided. Ensure the listen and redirect URL are using HTTPS.")
|
||||||
|
}
|
||||||
|
|
||||||
cc := oidc.ClientCredentials{
|
cc := oidc.ClientCredentials{
|
||||||
ID: *clientID,
|
ID: *clientID,
|
||||||
Secret: *clientSecret,
|
Secret: *clientSecret,
|
||||||
|
@ -117,10 +130,6 @@ func main() {
|
||||||
|
|
||||||
client.SyncProviderConfig(*discovery)
|
client.SyncProviderConfig(*discovery)
|
||||||
|
|
||||||
redirectURLParsed, err := url.Parse(*redirectURL)
|
|
||||||
if err != nil {
|
|
||||||
log.Fatalf("Unable to parse url from --redirect-url flag: %v", err)
|
|
||||||
}
|
|
||||||
hdlr := NewClientHandler(client, *discovery, *redirectURLParsed)
|
hdlr := NewClientHandler(client, *discovery, *redirectURLParsed)
|
||||||
httpsrv := &http.Server{
|
httpsrv := &http.Server{
|
||||||
Addr: fmt.Sprintf(":%s", p),
|
Addr: fmt.Sprintf(":%s", p),
|
||||||
|
@ -128,7 +137,13 @@ func main() {
|
||||||
}
|
}
|
||||||
|
|
||||||
log.Infof("Binding to %s...", httpsrv.Addr)
|
log.Infof("Binding to %s...", httpsrv.Addr)
|
||||||
log.Fatal(httpsrv.ListenAndServe())
|
|
||||||
|
if useTLS {
|
||||||
|
log.Info("Key and cert file provided. Using TLS")
|
||||||
|
log.Fatal(httpsrv.ListenAndServeTLS(*certFile, *keyFile))
|
||||||
|
} else {
|
||||||
|
log.Fatal(httpsrv.ListenAndServe())
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewClientHandler(c *oidc.Client, issuer string, cbURL url.URL) http.Handler {
|
func NewClientHandler(c *oidc.Client, issuer string, cbURL url.URL) http.Handler {
|
||||||
|
|
Reference in a new issue