pxcloud/rdpgw
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix randomstring generation

Browse Source
This commit is contained in:
Bolke de Bruin 2022-08-24 22:44:44 +02:00
parent fb58cb299e
commit 69bcf81230
4 changed files with 43 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cmd/rdpgw/api/basic.go
View File

@ -47,6 +47,8 @@ func (c *Config) BasicAuth(next http.HandlerFunc) http.HandlerFunc {
if !res.Authenticated {
log.Printf("User %s is not authenticated for this service", username)
} else {
ctx := context.WithValue(r.Context(), "preferred_username", username)
ctx = context.WithValue(ctx, "access_token", "EMPTY")
next.ServeHTTP(w, r.WithContext(ctx))
return
}

63
cmd/rdpgw/main.go
View File

@ -42,37 +42,8 @@ func main() {
security.UserSigningKey = []byte(conf.Security.UserTokenSigningKey)
security.QuerySigningKey = []byte(conf.Security.QueryTokenSigningKey)
// set oidc config
provider, err := oidc.NewProvider(context.Background(), conf.OpenId.ProviderUrl)
if err != nil {
log.Fatalf("Cannot get oidc provider: %s", err)
}
oidcConfig := &oidc.Config{
ClientID: conf.OpenId.ClientId,
}
verifier := provider.Verifier(oidcConfig)
// get callback url and external advertised gateway address
url, err := url.Parse(conf.Server.GatewayAddress)
if url.Scheme == "" {
url.Scheme = "https"
}
url.Path = "callback"
oauthConfig := oauth2.Config{
ClientID: conf.OpenId.ClientId,
ClientSecret: conf.OpenId.ClientSecret,
RedirectURL: url.String(),
Endpoint: provider.Endpoint(),
Scopes: []string{oidc.ScopeOpenID, "profile", "email"},
}
security.OIDCProvider = provider
security.Oauth2Config = oauthConfig
// configure api
api := &api.Config{
GatewayAddress: url.Host,
OAuth2Config: &oauthConfig,
OIDCTokenVerifier: verifier,
PAATokenGenerator: security.GeneratePAAToken,
UserTokenGenerator: security.GenerateUserToken,
QueryInfo: security.QueryInfo,
@ -92,6 +63,38 @@ func main() {
SocketAddress: conf.Server.AuthSocket,
Authentication: conf.Server.Authentication,
}
if conf.Server.Authentication == "openid" {
// set oidc config
provider, err := oidc.NewProvider(context.Background(), conf.OpenId.ProviderUrl)
if err != nil {
log.Fatalf("Cannot get oidc provider: %s", err)
}
oidcConfig := &oidc.Config{
ClientID: conf.OpenId.ClientId,
}
verifier := provider.Verifier(oidcConfig)
// get callback url and external advertised gateway address
url, err := url.Parse(conf.Server.GatewayAddress)
if url.Scheme == "" {
url.Scheme = "https"
}
url.Path = "callback"
api.GatewayAddress = url.Host
oauthConfig := oauth2.Config{
ClientID: conf.OpenId.ClientId,
ClientSecret: conf.OpenId.ClientSecret,
RedirectURL: url.String(),
Endpoint: provider.Endpoint(),
Scopes: []string{oidc.ScopeOpenID, "profile", "email"},
}
security.OIDCProvider = provider
security.Oauth2Config = oauthConfig
api.OAuth2Config = &oauthConfig
api.OIDCTokenVerifier = verifier
}
api.NewApi()
log.Printf("Starting remote desktop gateway server")

12
cmd/rdpgw/security/jwt.go
View File

@ -65,11 +65,13 @@ func VerifyPAAToken(ctx context.Context, tokenString string) (bool, error) {
}
// validate the access token
tokenSource := Oauth2Config.TokenSource(ctx, &oauth2.Token{AccessToken: custom.AccessToken})
_, err = OIDCProvider.UserInfo(ctx, tokenSource)
if err != nil {
log.Printf("Cannot get user info for access token: %s", err)
return false, err
if custom.AccessToken != "EMPTY" {
tokenSource := Oauth2Config.TokenSource(ctx, &oauth2.Token{AccessToken: custom.AccessToken})
_, err = OIDCProvider.UserInfo(ctx, tokenSource)
if err != nil {
log.Printf("Cannot get user info for access token: %s", err)
return false, err
}
}
s := getSessionInfo(ctx)

2
cmd/rdpgw/security/string.go
View File

@ -32,7 +32,7 @@ func GenerateRandomString(n int) (string, error) {
if err != nil {
return "", err
}
ret = append(ret, letters[num.Int64()])
ret[i] = letters[num.Int64()]
}
return string(ret), nil