forked from authentricity/authentricity
webAuthn: Add initial support
This commit is contained in:
parent
933ed6d613
commit
cc469027ba
10
go.mod
10
go.mod
|
@ -6,6 +6,7 @@ require (
|
|||
github.com/GehirnInc/crypt v0.0.0-20200316065508-bb7000b8a962
|
||||
github.com/coreos/go-systemd/v22 v22.3.2
|
||||
github.com/go-chi/chi/v5 v5.0.7
|
||||
github.com/go-webauthn/webauthn v0.8.1
|
||||
github.com/google/uuid v1.3.0
|
||||
github.com/gorilla/csrf v1.7.1
|
||||
github.com/hashicorp/consul/api v1.13.0
|
||||
|
@ -18,7 +19,8 @@ require (
|
|||
github.com/zaffka/zap-to-hclog v0.10.5
|
||||
go.etcd.io/bbolt v1.3.6
|
||||
go.uber.org/zap v1.21.0
|
||||
golang.org/x/sys v0.0.0-20220708085239-5a0f0661e09d
|
||||
golang.org/x/crypto v0.6.0
|
||||
golang.org/x/sys v0.5.0
|
||||
)
|
||||
|
||||
require (
|
||||
|
@ -26,7 +28,11 @@ require (
|
|||
github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e // indirect
|
||||
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.1 // indirect
|
||||
github.com/fatih/color v1.13.0 // indirect
|
||||
github.com/fxamacker/cbor/v2 v2.4.0 // indirect
|
||||
github.com/go-webauthn/revoke v0.1.9 // indirect
|
||||
github.com/goccy/go-json v0.9.7 // indirect
|
||||
github.com/golang-jwt/jwt/v4 v4.4.3 // indirect
|
||||
github.com/google/go-tpm v0.3.3 // indirect
|
||||
github.com/gorilla/securecookie v1.1.1 // indirect
|
||||
github.com/hashicorp/go-cleanhttp v0.5.1 // indirect
|
||||
github.com/hashicorp/go-hclog v1.2.1 // indirect
|
||||
|
@ -45,9 +51,9 @@ require (
|
|||
github.com/mitchellh/go-homedir v1.1.0 // indirect
|
||||
github.com/pkg/errors v0.9.1 // indirect
|
||||
github.com/spf13/pflag v1.0.5 // indirect
|
||||
github.com/x448/float16 v0.8.4 // indirect
|
||||
go.uber.org/atomic v1.9.0 // indirect
|
||||
go.uber.org/multierr v1.8.0 // indirect
|
||||
golang.org/x/crypto v0.0.0-20220427172511-eb4f295cb31f // indirect
|
||||
)
|
||||
|
||||
replace github.com/varlink/go => github.com/erincandescent/varlink-go v0.4.1-0.20220710172442-b1ca3a35207e
|
||||
|
|
180
go.sum
180
go.sum
|
@ -1,22 +1,40 @@
|
|||
cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
|
||||
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
|
||||
github.com/GehirnInc/crypt v0.0.0-20200316065508-bb7000b8a962 h1:KeNholpO2xKjgaaSyd+DyQRrsQjhbSeS7qe4nEw8aQw=
|
||||
github.com/GehirnInc/crypt v0.0.0-20200316065508-bb7000b8a962/go.mod h1:kC29dT1vFpj7py2OvG1khBdQpo3kInWP+6QipLbdngo=
|
||||
github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
|
||||
github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
|
||||
github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
|
||||
github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
|
||||
github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
|
||||
github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da h1:8GUt8eRujhVEGZFFEjBj46YV4rDjvGrNxb0KMWYkL2I=
|
||||
github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
|
||||
github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
|
||||
github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
|
||||
github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8=
|
||||
github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
|
||||
github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
|
||||
github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
|
||||
github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
|
||||
github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
|
||||
github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
|
||||
github.com/chzyer/logex v1.1.10 h1:Swpa1K6QvQznwJRcfTfQJmTE72DqScAa40E+fbHEXEE=
|
||||
github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
|
||||
github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e h1:fY5BOSpyZCqRo5OhCuC+XN+r/bBCmeuuJtjz+bCNIf8=
|
||||
github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
|
||||
github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1 h1:q763qf9huN11kDQavWsoZXJNW3xEE4JJyHa5Q25/sd8=
|
||||
github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
|
||||
github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
|
||||
github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
|
||||
github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
|
||||
github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk=
|
||||
github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
|
||||
github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
|
||||
github.com/coreos/go-systemd/v22 v22.3.2 h1:D9/bQk5vlXQFZ6Kwuu6zaiXJ9oTPe68++AzAJc1DzSI=
|
||||
github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
|
||||
github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
|
||||
github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE=
|
||||
github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
|
||||
github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
|
||||
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
|
||||
|
@ -24,21 +42,65 @@ github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs
|
|||
github.com/decred/dcrd/crypto/blake256 v1.0.0/go.mod h1:sQl2p6Y26YV+ZOcSTP6thNdn47hh8kt6rqSlvmrXFAc=
|
||||
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.1 h1:YLtO71vCjJRCBcrPMtQ9nqBsqpA1m5sE92cU+pd5Mcc=
|
||||
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.1/go.mod h1:hyedUtir6IdtD/7lIxGeCxkaw7y45JueMRL4DIyJDKs=
|
||||
github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
|
||||
github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
|
||||
github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
|
||||
github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
|
||||
github.com/erincandescent/varlink-go v0.4.1-0.20220710172442-b1ca3a35207e h1:vGp1F0lLJqVpuZNVXedply/GckrIcibkVmHoFvQ6KQk=
|
||||
github.com/erincandescent/varlink-go v0.4.1-0.20220710172442-b1ca3a35207e/go.mod h1:DKg9Y2ctoNkesREGAEak58l+jOC6JU2aqZvUYs5DynU=
|
||||
github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
|
||||
github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU=
|
||||
github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w=
|
||||
github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
|
||||
github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
|
||||
github.com/fxamacker/cbor/v2 v2.4.0 h1:ri0ArlOR+5XunOP8CRUowT0pSJOwhW098ZCUyskZD88=
|
||||
github.com/fxamacker/cbor/v2 v2.4.0/go.mod h1:TA1xS00nchWmaBnEIxPSE5oHLuJBAVvqrtAnWBwBCVo=
|
||||
github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
|
||||
github.com/go-chi/chi/v5 v5.0.7 h1:rDTPXLDHGATaeHvVlLcR4Qe0zftYethFucbjVQ1PxU8=
|
||||
github.com/go-chi/chi/v5 v5.0.7/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8=
|
||||
github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
|
||||
github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
|
||||
github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
|
||||
github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
|
||||
github.com/go-webauthn/revoke v0.1.9 h1:gSJ1ckA9VaKA2GN4Ukp+kiGTk1/EXtaDb1YE8RknbS0=
|
||||
github.com/go-webauthn/revoke v0.1.9/go.mod h1:j6WKPnv0HovtEs++paan9g3ar46gm1NarktkXBaPR+w=
|
||||
github.com/go-webauthn/webauthn v0.8.1 h1:Yv9yOxEhsJULGYLbDfEuQXtSu2RthLGzPPSN2DYdXG8=
|
||||
github.com/go-webauthn/webauthn v0.8.1/go.mod h1:22OJd+TV8oHrjjXmPHtcPR82lR/yR5m5ilGiF8yPFrE=
|
||||
github.com/goccy/go-json v0.9.7 h1:IcB+Aqpx/iMHu5Yooh7jEzJk1JZ7Pjtmys2ukPr7EeM=
|
||||
github.com/goccy/go-json v0.9.7/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
|
||||
github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
|
||||
github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c h1:964Od4U6p2jUkFxvCydnIczKteheJEzHRToSGK3Bnlw=
|
||||
github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
|
||||
github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
|
||||
github.com/golang-jwt/jwt/v4 v4.4.3 h1:Hxl6lhQFj4AnOX6MLrsCb/+7tCj7DxP7VA+2rDIq5AU=
|
||||
github.com/golang-jwt/jwt/v4 v4.4.3/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
|
||||
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
|
||||
github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
|
||||
github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
|
||||
github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
|
||||
github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
|
||||
github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
|
||||
github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
|
||||
github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
|
||||
github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
|
||||
github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
|
||||
github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
|
||||
github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
|
||||
github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
|
||||
github.com/google/btree v1.0.0 h1:0udJVsspx3VBr5FwtLhQQtuAsVc79tTq0ocGIPAU6qo=
|
||||
github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
|
||||
github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
|
||||
github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
|
||||
github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
|
||||
github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
|
||||
github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
|
||||
github.com/google/go-cmp v0.5.7 h1:81/ik6ipDQS2aGcBfIN5dHDB36BwrStyeAQquSYCV4o=
|
||||
github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE=
|
||||
github.com/google/go-tpm v0.1.2-0.20190725015402-ae6dd98980d4/go.mod h1:H9HbmUG2YgV/PHITkO7p6wxEEj/v5nlsVWIwumwH2NI=
|
||||
github.com/google/go-tpm v0.3.0/go.mod h1:iVLWvrPp/bHeEkxTFi9WG6K9w0iy2yIszHwZGHPbzAw=
|
||||
github.com/google/go-tpm v0.3.3 h1:P/ZFNBZYXRxc+z7i5uyd8VP7MaDteuLZInzrH2idRGo=
|
||||
github.com/google/go-tpm v0.3.3/go.mod h1:9Hyn3rgnzWF9XBWVk6ml6A6hNkbWjNFlDQL51BeghL4=
|
||||
github.com/google/go-tpm-tools v0.0.0-20190906225433-1614c142f845/go.mod h1:AVfHadzbdzHo54inR2x1v640jdi1YSi3NauM2DUsxk0=
|
||||
github.com/google/go-tpm-tools v0.2.0/go.mod h1:npUd03rQ60lxN7tzeBJreG38RvWwme2N1reF/eeiBk4=
|
||||
github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
|
||||
github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
|
||||
github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
|
||||
|
@ -46,6 +108,10 @@ github.com/gorilla/csrf v1.7.1 h1:Ir3o2c1/Uzj6FBxMlAUB6SivgVMy1ONXwYgXn+/aHPE=
|
|||
github.com/gorilla/csrf v1.7.1/go.mod h1:+a/4tCmqhG6/w4oafeAZ9pEa3/NZOWYVbD9fV0FwIQA=
|
||||
github.com/gorilla/securecookie v1.1.1 h1:miw7JPhV+b/lAHSXz4qd/nN9jRiAFV5FwjeKyCS8BvQ=
|
||||
github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4=
|
||||
github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
|
||||
github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
|
||||
github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
|
||||
github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
|
||||
github.com/hashicorp/consul/api v1.13.0 h1:2hnLQ0GjQvw7f3O61jMO8gbasZviZTrt9R8WzgiirHc=
|
||||
github.com/hashicorp/consul/api v1.13.0/go.mod h1:ZlVrynguJKcYr54zGaDbaL3fOvKC9m72FhPvA8T35KQ=
|
||||
github.com/hashicorp/consul/sdk v0.8.0 h1:OJtKBtEjboEZvG6AOUdh4Z1Zbyu0WcxQ0qatRrZHTVU=
|
||||
|
@ -75,6 +141,7 @@ github.com/hashicorp/go-uuid v1.0.1 h1:fv1ep09latC32wFoVwnqcnKJGnMSdBanPczbHAYm1
|
|||
github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
|
||||
github.com/hashicorp/golang-lru v0.5.0 h1:CL2msUPvZTLb5O648aiLNJw3hnBxN2+1Jq8rCOH9wdo=
|
||||
github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
|
||||
github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
|
||||
github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
|
||||
github.com/hashicorp/mdns v1.0.4/go.mod h1:mtBihi+LeNXGtG8L9dX59gAEa12BDtBQSp4v/YAJqrc=
|
||||
github.com/hashicorp/memberlist v0.3.0 h1:8+567mCcFDnS5ADl7lrpxPMWiFCElyUEeW0gtj34fMA=
|
||||
|
@ -83,9 +150,14 @@ github.com/hashicorp/serf v0.9.6 h1:uuEX1kLR6aoda1TBttmJQKDLZE1Ob7KN0NPdE7EtCDc=
|
|||
github.com/hashicorp/serf v0.9.6/go.mod h1:TXZNMjZQijwlDvp+r0b63xZ45H7JmCmgg4gpTwn9UV4=
|
||||
github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM=
|
||||
github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
|
||||
github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
|
||||
github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
|
||||
github.com/kelseyhightower/envconfig v1.4.0 h1:Im6hONhd3pLkfDFsbRgu68RDNkGF1r3dvMUtDTo2cv8=
|
||||
github.com/kelseyhightower/envconfig v1.4.0/go.mod h1:cccZRl6mQpaq41TPp5QxidR+Sa3axMbJDNb//FQX6Gg=
|
||||
github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
|
||||
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
|
||||
github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
|
||||
github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
|
||||
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
|
||||
github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
|
||||
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
|
||||
|
@ -102,6 +174,7 @@ github.com/lestrrat-go/jwx/v2 v2.0.3 h1:9zeZGkbiVkiSuzRsy2SbQJdTuA/At1I2Hh9R/Gon
|
|||
github.com/lestrrat-go/jwx/v2 v2.0.3/go.mod h1:4tnab1l/rJWhxmtVsAtc2kr+pWGg72IcnWFk8gM0tLM=
|
||||
github.com/lestrrat-go/option v1.0.0 h1:WqAWL8kh8VcSoD6xjSH34/1m8yxluXQbDeKNfvFeEO4=
|
||||
github.com/lestrrat-go/option v1.0.0/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I=
|
||||
github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
|
||||
github.com/manifoldco/promptui v0.9.0 h1:3V4HzJk1TtXW1MTZMP7mdlwbBpIinw3HztaIlYthEiA=
|
||||
github.com/manifoldco/promptui v0.9.0/go.mod h1:ka04sppxSGFAtxX0qhlYQjISsg9mR4GWtQEhdbn6Pgg=
|
||||
github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
|
||||
|
@ -117,6 +190,7 @@ github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOA
|
|||
github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
|
||||
github.com/mattn/go-isatty v0.0.14 h1:yVuAays6BHfxijgZPzw+3Zlu5yQgKGP2/hcQbHb7S9Y=
|
||||
github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
|
||||
github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
|
||||
github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso=
|
||||
github.com/miekg/dns v1.1.41 h1:WMszZWJG0XmzbK9FEmzH2TVcqYzFesusSIB41b8KHxY=
|
||||
github.com/miekg/dns v1.1.41/go.mod h1:p6aan82bvRIyn+zDIv9xYNUpwa73JcSh9BKwknJysuI=
|
||||
|
@ -129,8 +203,12 @@ github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:F
|
|||
github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
|
||||
github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
|
||||
github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
|
||||
github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
|
||||
github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
|
||||
github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c h1:Lgl0gzECD8GnQ5QCWA8o6BtfL6mDH5rQgM4/fX3avOs=
|
||||
github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
|
||||
github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
|
||||
github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
|
||||
github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
|
||||
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
|
||||
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
|
||||
|
@ -138,66 +216,125 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb
|
|||
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
|
||||
github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
|
||||
github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s=
|
||||
github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
|
||||
github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso=
|
||||
github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
|
||||
github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
|
||||
github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
|
||||
github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
|
||||
github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
|
||||
github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
|
||||
github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
|
||||
github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
|
||||
github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
|
||||
github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
|
||||
github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
|
||||
github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
|
||||
github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
|
||||
github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
|
||||
github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 h1:nn5Wsu0esKSJiIVhscUtVbo7ada43DJhG55ua/hjS5I=
|
||||
github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
|
||||
github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
|
||||
github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
|
||||
github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
|
||||
github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
|
||||
github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
|
||||
github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
|
||||
github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU=
|
||||
github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE=
|
||||
github.com/spf13/cobra v1.5.0 h1:X+jTBEBqF0bHN+9cSMgmfuvv2VHJ9ezmFNf9Y/XstYU=
|
||||
github.com/spf13/cobra v1.5.0/go.mod h1:dWXEIy2H428czQCjInthrTRUg7yKbok+2Qi/yBIJoUM=
|
||||
github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
|
||||
github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
|
||||
github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
|
||||
github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
|
||||
github.com/stretchr/objx v0.1.0 h1:4G4v2dO3VZwixGIRoQ5Lfboy6nUhCyYzaqnIAPPhYs4=
|
||||
github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s=
|
||||
github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE=
|
||||
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
|
||||
github.com/stretchr/objx v0.1.1 h1:2vfRuCMp5sSVIDSqO8oNnWJq7mPa6KVP3iPIwFBuy8A=
|
||||
github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
|
||||
github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
|
||||
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
|
||||
github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
|
||||
github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
|
||||
github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
|
||||
github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
|
||||
github.com/stretchr/testify v1.7.2 h1:4jaiDzPyXQvSd7D0EjG45355tLlV3VOECpq10pLC+8s=
|
||||
github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals=
|
||||
github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk=
|
||||
github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
|
||||
github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc=
|
||||
github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0=
|
||||
github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
|
||||
github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
|
||||
github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
|
||||
github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
|
||||
github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
|
||||
github.com/zaffka/zap-to-hclog v0.10.5 h1:6s9uMa4H8slD3c0UE7Ga3DreJci95Ujjbc8X+bMVPAU=
|
||||
github.com/zaffka/zap-to-hclog v0.10.5/go.mod h1:5b3vf3ndIbXOmBrnDHoCyh4F6h5VNtTO2va7AX17cwg=
|
||||
go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
|
||||
go.etcd.io/bbolt v1.3.6 h1:/ecaJf0sk1l4l6V4awd65v2C3ILy7MSj+s/x1ADCIMU=
|
||||
go.etcd.io/bbolt v1.3.6/go.mod h1:qXsaaIqmgQH0T+OPdb99Bf+PKfBBQVAdyD6TY9G8XM4=
|
||||
go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
|
||||
go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
|
||||
go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
|
||||
go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE=
|
||||
go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
|
||||
go.uber.org/goleak v1.1.11 h1:wy28qYRKZgnJTxGxvye5/wgWr1EKjmUDGYox5mGlRlI=
|
||||
go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
|
||||
go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
|
||||
go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU=
|
||||
go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
|
||||
go.uber.org/multierr v1.8.0 h1:dg6GjLku4EH+249NNmoIciG9N/jURbDG+pFlTkhzIC8=
|
||||
go.uber.org/multierr v1.8.0/go.mod h1:7EAYxJLBy9rStEaz58O2t4Uvip6FSURkq8/ppBp95ak=
|
||||
go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA=
|
||||
go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
|
||||
go.uber.org/zap v1.16.0/go.mod h1:MA8QOfq0BHJwdXa996Y4dYkAqRKB8/1K1QMMZVaNZjQ=
|
||||
go.uber.org/zap v1.21.0 h1:WefMeulhovoZ2sYXz7st6K0sLj7bBhpiFaud4r4zST8=
|
||||
go.uber.org/zap v1.21.0/go.mod h1:wjWOCqI0f2ZZrJF/UufIOkiC8ii6tm1iqIsLo76RfJw=
|
||||
golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
|
||||
golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
|
||||
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
|
||||
golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
|
||||
golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY=
|
||||
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
|
||||
golang.org/x/crypto v0.0.0-20220427172511-eb4f295cb31f h1:OeJjE6G4dgCY4PIXvIRQbE8+RX+uXZyGhUy/ksMGJoc=
|
||||
golang.org/x/crypto v0.0.0-20220427172511-eb4f295cb31f/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
|
||||
golang.org/x/crypto v0.6.0 h1:qfktjS5LUO+fFKeJXZ+ikTRijMmljikvG68fpMMruSc=
|
||||
golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
|
||||
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
|
||||
golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
|
||||
golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
|
||||
golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
|
||||
golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
|
||||
golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
|
||||
golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
|
||||
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||
golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||
golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||
golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||
golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||
golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
|
||||
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
|
||||
golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
|
||||
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
|
||||
golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
|
||||
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
|
||||
golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
|
||||
golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8=
|
||||
golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2 h1:CIJ76btIcR3eFI5EgSo6k1qKw9KJexJuRLI9G7Hp5wE=
|
||||
golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
|
||||
golang.org/x/net v0.6.0 h1:L4ZwwTvKW9gr0ZMS1yrHD9GZhIuVjOBBnaKH+SPQK0Q=
|
||||
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
|
||||
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||
golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||
golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||
golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||
golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||
golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||
golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
|
@ -215,18 +352,24 @@ golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7w
|
|||
golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20210629170331-7dc0b73dc9fb/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20220708085239-5a0f0661e09d h1:/m5NbqQelATgoSPVC2Z23sR4kVNokFwDDyWh/3rGY+I=
|
||||
golang.org/x/sys v0.0.0-20220708085239-5a0f0661e09d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU=
|
||||
golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
|
||||
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
|
||||
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
|
||||
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
|
||||
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
|
||||
golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
||||
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
||||
golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
||||
golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
|
||||
golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
|
||||
golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
|
||||
golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
|
||||
golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
|
||||
golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
|
||||
|
@ -238,10 +381,31 @@ golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8T
|
|||
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
|
||||
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
|
||||
google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
|
||||
google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
|
||||
google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
|
||||
google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
|
||||
google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
|
||||
google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
|
||||
google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
|
||||
google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
|
||||
google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
|
||||
google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
|
||||
google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
|
||||
google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
|
||||
google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
|
||||
google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
|
||||
google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
|
||||
google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
|
||||
gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
|
||||
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
||||
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
||||
gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
||||
gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
|
||||
gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
|
||||
gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74=
|
||||
gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
|
||||
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
|
||||
gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
|
||||
gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
|
||||
|
@ -250,4 +414,6 @@ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C
|
|||
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
|
||||
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
|
||||
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
|
||||
honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
|
||||
honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
|
||||
honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
|
||||
|
|
|
@ -5,8 +5,8 @@ import (
|
|||
"fmt"
|
||||
|
||||
"github.com/google/uuid"
|
||||
"github.com/spf13/cobra"
|
||||
"github.com/manifoldco/promptui"
|
||||
"github.com/spf13/cobra"
|
||||
"go.uber.org/zap"
|
||||
|
||||
"go.e43.eu/authentricity/internal/models"
|
||||
|
@ -41,7 +41,7 @@ var createGroupCmd = &cobra.Command{
|
|||
}).Run()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
group := &models.GroupRecord{
|
||||
UUID: uuid.New(),
|
||||
|
|
24
internal/models/field.go
Normal file
24
internal/models/field.go
Normal file
|
@ -0,0 +1,24 @@
|
|||
package models
|
||||
|
||||
import "encoding/base64"
|
||||
|
||||
type Base64Field []byte
|
||||
|
||||
func (f Base64Field) String() string {
|
||||
return base64.RawStdEncoding.EncodeToString([]byte(f))
|
||||
}
|
||||
|
||||
func (f Base64Field) MarshalText() ([]byte, error) {
|
||||
buf := make([]byte, base64.RawStdEncoding.EncodedLen(len(f)))
|
||||
base64.RawStdEncoding.Encode(buf, []byte(f))
|
||||
return buf, nil
|
||||
}
|
||||
|
||||
func (f *Base64Field) UnmarshalText(text []byte) error {
|
||||
buf := make([]byte, base64.RawStdEncoding.DecodedLen(len(text)))
|
||||
_, err := base64.RawStdEncoding.Decode(buf, text)
|
||||
if err == nil {
|
||||
*f = Base64Field(buf)
|
||||
}
|
||||
return err
|
||||
}
|
32
internal/models/public_key_credential.go
Normal file
32
internal/models/public_key_credential.go
Normal file
|
@ -0,0 +1,32 @@
|
|||
package models
|
||||
|
||||
import "encoding/json"
|
||||
|
||||
type PublicKeyCredential struct {
|
||||
Credential Base64Field `mapstructure:"credential,omitempty"`
|
||||
PublicKey Base64Field `mapstructure:"publicKey,omitempty"`
|
||||
UserPresent bool `mapstructure:"up,omitempty"`
|
||||
UserVerified bool `mapstructure:"uv,omitempty"`
|
||||
Comment string `mapstructure:"comment,omitempty"`
|
||||
|
||||
Other map[string]interface{} `mapstructure:"-,remain"`
|
||||
}
|
||||
|
||||
func (c PublicKeyCredential) MarshalJSON() ([]byte, error) {
|
||||
m := make(map[string]interface{})
|
||||
for k, v := range c.Other {
|
||||
m[k] = v
|
||||
}
|
||||
if err := decode(c, &m); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return json.Marshal(m)
|
||||
}
|
||||
|
||||
func (c *PublicKeyCredential) UnmarshalJSON(data []byte) error {
|
||||
m := make(map[string]interface{})
|
||||
if err := json.Unmarshal(data, m); err != nil {
|
||||
return err
|
||||
}
|
||||
return decode(m, c)
|
||||
}
|
|
@ -136,8 +136,11 @@ func (ur *UserRecord) EnsurePrivileged() *UserPrivileged {
|
|||
}
|
||||
|
||||
type UserPrivileged struct {
|
||||
HashedPassword []string `mapstructure:"hashedPassword,omitempty"`
|
||||
SSHAuthorizedKeys []string `mapstructure:"sshAuthorizedKeys,omitempty"`
|
||||
HashedPassword []string `mapstructure:"hashedPassword,omitempty"`
|
||||
SSHAuthorizedKeys []string `mapstructure:"sshAuthorizedKeys,omitempty"`
|
||||
PublicKeyCredentials []PublicKeyCredential `mapstructure:"publicKeyCredentials,omitempty"`
|
||||
|
||||
Other map[string]interface{} `mapstructure:"-,remain"`
|
||||
}
|
||||
|
||||
func (priv *UserPrivileged) CheckPassword(pw string) bool {
|
||||
|
|
|
@ -15,11 +15,11 @@ func (s *Service) actionChangePassword(
|
|||
ent models.Entity,
|
||||
md store.EntryMetadata,
|
||||
) {
|
||||
if ent.Type() != models.TypeUser {
|
||||
user, ok := ent.(*models.UserRecord)
|
||||
if !ok {
|
||||
s.renderBadRequest(w, r)
|
||||
return
|
||||
}
|
||||
user := ent.(*models.UserRecord)
|
||||
|
||||
if !s.canEditEntity(r.Context(), user.UUID) {
|
||||
s.renderForbidden(w, r)
|
||||
|
|
|
@ -16,11 +16,11 @@ func (s *Service) actionAddGroup(
|
|||
ent models.Entity,
|
||||
md store.EntryMetadata,
|
||||
) {
|
||||
if ent.Type() != models.TypeUser {
|
||||
user, ok := ent.(*models.UserRecord)
|
||||
if !ok {
|
||||
s.renderBadRequest(w, r)
|
||||
return
|
||||
}
|
||||
user := ent.(*models.UserRecord)
|
||||
|
||||
if !s.isAdmin(r.Context()) {
|
||||
s.renderForbidden(w, r)
|
||||
|
@ -61,11 +61,11 @@ func (s *Service) actionRemoveGroups(
|
|||
ent models.Entity,
|
||||
md store.EntryMetadata,
|
||||
) {
|
||||
if ent.Type() != models.TypeUser {
|
||||
user, ok := ent.(*models.UserRecord)
|
||||
if !ok {
|
||||
s.renderBadRequest(w, r)
|
||||
return
|
||||
}
|
||||
user := ent.(*models.UserRecord)
|
||||
|
||||
if !s.isAdmin(r.Context()) {
|
||||
s.renderForbidden(w, r)
|
||||
|
|
|
@ -15,11 +15,11 @@ func (s *Service) actionAddSSHKey(
|
|||
ent models.Entity,
|
||||
md store.EntryMetadata,
|
||||
) {
|
||||
if ent.Type() != models.TypeUser {
|
||||
user, ok := ent.(*models.UserRecord)
|
||||
if !ok {
|
||||
s.renderBadRequest(w, r)
|
||||
return
|
||||
}
|
||||
user := ent.(*models.UserRecord)
|
||||
|
||||
if !s.canEditEntity(r.Context(), user.ID()) {
|
||||
s.renderForbidden(w, r)
|
||||
|
@ -29,6 +29,7 @@ func (s *Service) actionAddSSHKey(
|
|||
key := strings.TrimSpace(r.PostForm.Get("key"))
|
||||
if key == "" {
|
||||
s.renderEntity(w, r, ent, "No SSH key Specified")
|
||||
return
|
||||
}
|
||||
|
||||
priv := user.EnsurePrivileged()
|
||||
|
@ -57,11 +58,11 @@ func (s *Service) actionRemoveSSHKeys(
|
|||
ent models.Entity,
|
||||
md store.EntryMetadata,
|
||||
) {
|
||||
if ent.Type() != models.TypeUser {
|
||||
user, ok := ent.(*models.UserRecord)
|
||||
if !ok {
|
||||
s.renderBadRequest(w, r)
|
||||
return
|
||||
}
|
||||
user := ent.(*models.UserRecord)
|
||||
|
||||
if !s.canEditEntity(r.Context(), user.UUID) {
|
||||
s.renderForbidden(w, r)
|
||||
|
|
104
internal/webui/act_webauthn.go
Normal file
104
internal/webui/act_webauthn.go
Normal file
|
@ -0,0 +1,104 @@
|
|||
package webui
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"net/http"
|
||||
"time"
|
||||
|
||||
"go.e43.eu/authentricity/internal/models"
|
||||
"go.e43.eu/authentricity/internal/store"
|
||||
"go.uber.org/zap"
|
||||
)
|
||||
|
||||
func (s *Service) actionAddAuthenticator(
|
||||
w http.ResponseWriter,
|
||||
r *http.Request,
|
||||
ent models.Entity,
|
||||
md store.EntryMetadata,
|
||||
) {
|
||||
user, ok := ent.(*models.UserRecord)
|
||||
if !ok {
|
||||
s.renderBadRequest(w, r)
|
||||
return
|
||||
}
|
||||
|
||||
tok := getUserToken(r.Context())
|
||||
isYou := user.UUID.String() == tok.Subject()
|
||||
if !isYou {
|
||||
s.renderForbidden(w, r)
|
||||
return
|
||||
}
|
||||
|
||||
rr := WebAuthnRegistrationResponse{
|
||||
Session: r.PostForm.Get("session"),
|
||||
Response: r.PostForm.Get("response"),
|
||||
}
|
||||
|
||||
cred, err := s.webAuthnCreateCredential(user, rr)
|
||||
if err != nil {
|
||||
zap.L().Error("Error creating credential", zap.Reflect("error", err))
|
||||
s.renderError(w)
|
||||
}
|
||||
|
||||
pkCred := models.PublicKeyCredential{
|
||||
Credential: cred.ID,
|
||||
PublicKey: cred.PublicKey,
|
||||
UserPresent: cred.Flags.UserPresent,
|
||||
UserVerified: cred.Flags.UserVerified,
|
||||
Comment: fmt.Sprintf("Added %s", time.Now().Format("Mon Jan _2 2006")),
|
||||
}
|
||||
|
||||
priv := user.EnsurePrivileged()
|
||||
priv.PublicKeyCredentials = append(priv.PublicKeyCredentials, pkCred)
|
||||
|
||||
if err := s.store.UpdateEntitySimple(r.Context(), user, md); err != nil {
|
||||
zap.L().Error("Error updating user", zap.Error(err))
|
||||
s.renderError(w)
|
||||
} else {
|
||||
s.renderEntity(w, r, ent, "Authenticator Added")
|
||||
}
|
||||
}
|
||||
|
||||
func (s *Service) actionRemoveCredentials(
|
||||
w http.ResponseWriter,
|
||||
r *http.Request,
|
||||
ent models.Entity,
|
||||
md store.EntryMetadata,
|
||||
) {
|
||||
user, ok := ent.(*models.UserRecord)
|
||||
if !ok {
|
||||
s.renderBadRequest(w, r)
|
||||
return
|
||||
}
|
||||
|
||||
if !s.canEditEntity(r.Context(), user.UUID) {
|
||||
s.renderForbidden(w, r)
|
||||
return
|
||||
}
|
||||
|
||||
toRemove := r.PostForm["credential"]
|
||||
priv := user.EnsurePrivileged()
|
||||
var newCreds []models.PublicKeyCredential
|
||||
|
||||
for _, cred := range priv.PublicKeyCredentials {
|
||||
remove := false
|
||||
for _, kr := range toRemove {
|
||||
if cred.Credential.String() == kr {
|
||||
remove = true
|
||||
}
|
||||
}
|
||||
|
||||
if !remove {
|
||||
newCreds = append(newCreds, cred)
|
||||
}
|
||||
}
|
||||
|
||||
priv.PublicKeyCredentials = newCreds
|
||||
|
||||
if err := s.store.UpdateEntitySimple(r.Context(), user, md); err != nil {
|
||||
zap.L().Error("Error updating user", zap.Error(err))
|
||||
s.renderError(w)
|
||||
} else {
|
||||
s.renderEntity(w, r, ent, "Credentials removed")
|
||||
}
|
||||
}
|
|
@ -7,6 +7,7 @@
|
|||
<title>{{.Title}}</title>
|
||||
<link href="/static/bootstrap/css/bootstrap.min.css" rel="stylesheet">
|
||||
<link href="/static/bootstrap-icons/bootstrap-icons.css" rel="stylesheet">
|
||||
<script type="module" src="/static/authentricity.js"></script>
|
||||
</head>
|
||||
<body>
|
||||
<div class="container">
|
||||
|
@ -40,4 +41,4 @@
|
|||
</div>
|
||||
</body>
|
||||
</html>
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
|
|
@ -41,6 +41,45 @@
|
|||
</div>
|
||||
{{end}}
|
||||
|
||||
<h3>Credentials</h3>
|
||||
<div>
|
||||
<form method="POST" id="cred-remove-form" data-req="{{.WA.Request}}">
|
||||
<input type="hidden" name="action" value="remove_credentials">
|
||||
<table class="table" style="overflow-wrap: anywhere;">
|
||||
<tr>
|
||||
<th scope="col"></th> <!-- Checkbox -->
|
||||
<th scope="col">#</th> <!-- Number -->
|
||||
<th scope="col"></th> <!-- Type -->
|
||||
<th scope="col" style="width: 100%">Description</th>
|
||||
</tr>
|
||||
{{range $ix, $cred := .Credentials}}
|
||||
<tr>
|
||||
<td>{{if $.Editable}}<input type="checkbox" name="credential" value="{{$cred.Credential}}">{{end}}</td>
|
||||
<th>{{$ix}}</th>
|
||||
<td><i class="bi bi-key-fill"></i></td>
|
||||
<td>{{$cred.Comment}}</td>
|
||||
</tr>
|
||||
{{end}}
|
||||
</table>
|
||||
{{.CSRFField}}
|
||||
</form>
|
||||
</div>
|
||||
{{if .Editable}}
|
||||
<div class="d-flex flex-row justify-content-between">
|
||||
<div><button type="submit" class="btn btn-danger" form="cred-remove-form">Remove selected credentials</button></div>
|
||||
<div style="float:right">
|
||||
<form method="POST" id="sk-add-form" data-req="{{.WA.Request}}">
|
||||
<input type="hidden" name="action" value="add_authenticator">
|
||||
<input type="hidden" name="session" value="{{.WA.Session}}">
|
||||
<input type="hidden" name="response">
|
||||
<button name="add" type="button" class="btn btn-primary" style="display: none">Add</button>
|
||||
{{.CSRFField}}
|
||||
</form>
|
||||
</div>
|
||||
</div>
|
||||
{{end}}
|
||||
|
||||
<br>
|
||||
<h3>SSH Keys</h3>
|
||||
<div>
|
||||
<form method="POST" id="remove_ssh_keys_form">
|
||||
|
@ -99,4 +138,4 @@
|
|||
{{.CSRFField}}
|
||||
</form>
|
||||
{{end}}
|
||||
{{template "footer"}}
|
||||
{{template "footer"}}
|
||||
|
|
|
@ -29,7 +29,7 @@
|
|||
z-index: 2;
|
||||
}
|
||||
|
||||
.form-signin input[type="email"] {
|
||||
.form-signin input[type="username"] {
|
||||
margin-bottom: -1px;
|
||||
border-bottom-right-radius: 0;
|
||||
border-bottom-left-radius: 0;
|
||||
|
@ -92,11 +92,13 @@
|
|||
-webkit-overflow-scrolling: touch;
|
||||
}
|
||||
</style>
|
||||
<script type="module" src="/static/authentricity.js"></script>
|
||||
</head>
|
||||
<body class="text-center">
|
||||
<main class="form-signin w-100 m-auto">
|
||||
<form action="/login" method="POST">
|
||||
<!--<img class="mb-4" src="/docs/5.2/assets/brand/bootstrap-logo.svg" alt="" width="72" height="57">-->
|
||||
<input type="hidden" name="action" value="up-login">
|
||||
<h1 class="h3 mb-3 fw-normal">Please sign in</h1>
|
||||
|
||||
{{if .ShowError}}
|
||||
|
@ -124,6 +126,15 @@
|
|||
{{.CSRFField}}
|
||||
<!--<p class="mt-5 mb-3 text-muted">© 2017–2022</p>-->
|
||||
</form>
|
||||
<br>
|
||||
<form method="POST" action="/login/webauthn-discovered" id="sk-login-form" data-req="{{.WA.Request}}">
|
||||
<input type="hidden" name="session" value="{{.WA.Session}}">
|
||||
<input type="hidden" name="response">
|
||||
{{.CSRFField}}
|
||||
<button name="login" type="button" class="btn btn-primary" style="display: none">
|
||||
<i class="bi bi-key-fill"></i>Login with Security Key
|
||||
</button>
|
||||
</form>
|
||||
</main>
|
||||
</body>
|
||||
</html>
|
||||
|
|
115
internal/webui/content/static/authentricity.js
Normal file
115
internal/webui/content/static/authentricity.js
Normal file
|
@ -0,0 +1,115 @@
|
|||
import * as b64 from "./base64.js";
|
||||
|
||||
|
||||
function addSecurityKey() {
|
||||
const form = document.getElementById("sk-add-form");
|
||||
const req = JSON.parse(form.dataset["req"]);
|
||||
|
||||
console.log("Request", req);
|
||||
req.publicKey.challenge = b64.decode(req.publicKey.challenge);
|
||||
req.publicKey.user.id = b64.decode(req.publicKey.user.id);
|
||||
|
||||
let excl = req.publicKey.excludeCredentials;
|
||||
if (excl) for (var i = 0; i < excl.length; i++) {
|
||||
excl[i].id = b64.decode(excl[i].id);
|
||||
}
|
||||
|
||||
console.log("Request", req);
|
||||
|
||||
navigator.credentials.create(req).then((cred) => {
|
||||
console.log("Credential", cred);
|
||||
|
||||
let jsonCred = {
|
||||
"type": cred.type,
|
||||
"id": cred.id,
|
||||
"response": {
|
||||
"clientDataJSON": b64.encode(cred.response.clientDataJSON),
|
||||
"attestationObject": b64.encode(cred.response.attestationObject),
|
||||
},
|
||||
}
|
||||
|
||||
console.log("JSON Credential", jsonCred);
|
||||
form.elements["response"].value = JSON.stringify(jsonCred);
|
||||
console.log("JSON Credential", form.elements["response"].value);
|
||||
alert(form.elements["response"].value);
|
||||
form.submit();
|
||||
})
|
||||
return false
|
||||
}
|
||||
|
||||
var abort;
|
||||
function doSecurityKeyLogin(form, mediation) {
|
||||
if (abort)
|
||||
abort.abort("cancelled");
|
||||
abort = new AbortController();
|
||||
|
||||
const req = JSON.parse(form.dataset["req"]);
|
||||
req.signal = abort.signal;
|
||||
req.mediation = mediation;
|
||||
req.publicKey.challenge = b64.decode(req.publicKey.challenge);
|
||||
if (req.publicKey.user)
|
||||
req.publicKey.user.id = b64.decode(req.publicKey.user.id);
|
||||
console.log("Request", req);
|
||||
|
||||
navigator.credentials.get(req).then((cred) => {
|
||||
console.log("Credential", cred);
|
||||
|
||||
let jsonCred = {
|
||||
"type": cred.type,
|
||||
"id": cred.id,
|
||||
"rawId": b64.encode(cred.rawId),
|
||||
"response": {
|
||||
"clientDataJSON": b64.encode(cred.response.clientDataJSON),
|
||||
"authenticatorData": b64.encode(cred.response.authenticatorData),
|
||||
"signature": b64.encode(cred.response.signature),
|
||||
"userHandle": b64.encode(cred.response.userHandle),
|
||||
},
|
||||
}
|
||||
|
||||
console.log("JSON Credential", jsonCred);
|
||||
form.elements["response"].value = JSON.stringify(jsonCred);
|
||||
console.log("JSON Credential", form.elements["response"].value);
|
||||
form.submit();
|
||||
}, (exc) => {
|
||||
console.log("Promise rejected", exc)
|
||||
})
|
||||
}
|
||||
|
||||
async function check(fn, orElse) {
|
||||
return fn ? await fn() : orElse;
|
||||
}
|
||||
|
||||
(async () => {
|
||||
if (!navigator.credentials || !PublicKeyCredential) {
|
||||
console.log("[WebAuthn] No support for WebAuthn, funcitonality will be disabled");
|
||||
return;
|
||||
}
|
||||
|
||||
const ctap2Supported = await check(PublicKeyCredential.isExternalCTAP2SecurityKeySupported, true);
|
||||
const passkeySupported = await check(PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable, false);
|
||||
|
||||
console.log("Credential support", {
|
||||
"ctap2": ctap2Supported,
|
||||
"passkey": passkeySupported,
|
||||
});
|
||||
if (!ctap2Supported && !passkeySupported) {
|
||||
console.log("[WebAuthn] No supported credential type, funcitonality will be disabled.");
|
||||
return;
|
||||
}
|
||||
|
||||
const skLoginForm = document.getElementById("sk-login-form");
|
||||
if (skLoginForm) {
|
||||
doSecurityKeyLogin(skLoginForm, "conditional");
|
||||
|
||||
const button = skLoginForm.elements["login"]
|
||||
button.addEventListener("click", (_) => doSecurityKeyLogin(skLoginForm, "required"));
|
||||
button.style.display = "";
|
||||
}
|
||||
|
||||
const skAddForm = document.getElementById("sk-add-form");
|
||||
if (skAddForm) {
|
||||
const button = skAddForm.elements["add"];
|
||||
button.addEventListener("click", addSecurityKey);
|
||||
button.style.display = "";
|
||||
}
|
||||
})();
|
44
internal/webui/content/static/base64.js
Normal file
44
internal/webui/content/static/base64.js
Normal file
|
@ -0,0 +1,44 @@
|
|||
/*
|
||||
* base64-arraybuffer 1.0.2 <https://github.com/niklasvh/base64-arraybuffer>
|
||||
* Copyright (c) 2022 Niklas von Hertzen <https://hertzen.com>
|
||||
* Released under MIT License
|
||||
*
|
||||
* Adjusted here to be base64url, without padding
|
||||
*/
|
||||
var chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_';
|
||||
// Use a lookup table to find the index.
|
||||
var lookup = typeof Uint8Array === 'undefined' ? [] : new Uint8Array(256);
|
||||
for (var i = 0; i < chars.length; i++) {
|
||||
lookup[chars.charCodeAt(i)] = i;
|
||||
}
|
||||
var encode = function (arraybuffer) {
|
||||
var bytes = new Uint8Array(arraybuffer), i, len = bytes.length, base64 = '';
|
||||
for (i = 0; i < len; i += 3) {
|
||||
base64 += chars[bytes[i] >> 2];
|
||||
base64 += chars[((bytes[i] & 3) << 4) | (bytes[i + 1] >> 4)];
|
||||
base64 += chars[((bytes[i + 1] & 15) << 2) | (bytes[i + 2] >> 6)];
|
||||
base64 += chars[bytes[i + 2] & 63];
|
||||
}
|
||||
if (len % 3 === 2) {
|
||||
base64 = base64.substring(0, base64.length - 1);
|
||||
} else if (len % 3 === 1) {
|
||||
base64 = base64.substring(0, base64.length - 2)
|
||||
}
|
||||
return base64;
|
||||
};
|
||||
var decode = function (base64) {
|
||||
var bufferLength = base64.length * 0.75, len = base64.length, i, p = 0, encoded1, encoded2, encoded3, encoded4;
|
||||
var arraybuffer = new ArrayBuffer(bufferLength), bytes = new Uint8Array(arraybuffer);
|
||||
for (i = 0; i < len; i += 4) {
|
||||
encoded1 = lookup[base64.charCodeAt(i)];
|
||||
encoded2 = lookup[base64.charCodeAt(i + 1)];
|
||||
encoded3 = lookup[base64.charCodeAt(i + 2)];
|
||||
encoded4 = lookup[base64.charCodeAt(i + 3)];
|
||||
bytes[p++] = (encoded1 << 2) | (encoded2 >> 4);
|
||||
bytes[p++] = ((encoded2 & 15) << 4) | (encoded3 >> 2);
|
||||
bytes[p++] = ((encoded3 & 3) << 6) | (encoded4 & 63);
|
||||
}
|
||||
return arraybuffer;
|
||||
};
|
||||
|
||||
export { decode, encode };
|
|
@ -20,6 +20,7 @@ type tokenCtxKey struct{}
|
|||
|
||||
func getUserToken(ctx context.Context) openid.Token {
|
||||
tok, ok := ctx.Value(tokenCtxKey{}).(openid.Token)
|
||||
zap.S().Debugf("getUserToken %+v", tok)
|
||||
if ok {
|
||||
return tok
|
||||
} else {
|
||||
|
@ -29,11 +30,11 @@ func getUserToken(ctx context.Context) openid.Token {
|
|||
|
||||
func requireLogin(w http.ResponseWriter, r *http.Request) bool {
|
||||
tok := getUserToken(r.Context())
|
||||
if tok == nil {
|
||||
http.Redirect(w, r, "/login?next="+url.QueryEscape(r.URL.String()), http.StatusFound)
|
||||
return false
|
||||
if tok != nil {
|
||||
return true
|
||||
}
|
||||
return true
|
||||
http.Redirect(w, r, "/login?next="+url.QueryEscape(r.URL.String()), http.StatusFound)
|
||||
return false
|
||||
}
|
||||
|
||||
func (s *Service) buildTokenForUser(
|
||||
|
@ -94,6 +95,7 @@ func (s *Service) buildTokenCookie(data []byte, maxAge int) http.Cookie {
|
|||
Name: s.tokenCookie,
|
||||
Value: string(data),
|
||||
Domain: s.cookieDomain,
|
||||
Path: "/",
|
||||
Secure: s.cookieSecure,
|
||||
HttpOnly: true,
|
||||
MaxAge: maxAge,
|
||||
|
@ -103,6 +105,7 @@ func (s *Service) buildTokenCookie(data []byte, maxAge int) http.Cookie {
|
|||
func (s *Service) tokenValidationMiddleware(next http.Handler) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
ck, err := r.Cookie(s.tokenCookie)
|
||||
zap.L().Debug("Token", zap.Any("token", ck))
|
||||
if err == nil {
|
||||
body, err := jwe.Decrypt([]byte(ck.Value), jwe.WithKey(s.cookieKey.Algorithm(), s.cookieKey))
|
||||
if err != nil {
|
||||
|
|
|
@ -14,14 +14,15 @@ import (
|
|||
)
|
||||
|
||||
type Config struct {
|
||||
Debug bool `default:"false" description:"Enable debug logging"`
|
||||
ListenType string `envconfig:"listen_type" default:"tcp" description:"Type of socket to listen on (Go 'net.Listen()' network)"`
|
||||
ListenAddress string `envconfig:"listen_address" default:":8700" description:"Address to listen on (Go 'net.Listen()' address)"`
|
||||
SecretsDir string `envconfig:"secrets_dir" default:"/var/lib/authentricity/webui/secrets" description:"Directory in which to store secrets"`
|
||||
TokenCookie string `envconfig:"token_cookie" default:"authentricity_token" description:"Cookie in which to store authentication token"`
|
||||
AdminGroupID uuid.UUID `envconfig:"admin_group_id" required:"true" description:"UUID of administrator group"`
|
||||
CookieDomain string `envconfig:"cookie_domain" default:"" description:"Domain to use when setting token cookie - customize to do cross-domain cookie based SSO"`
|
||||
NoHTTPS bool `envconfig:"no_https" default:"false" description:"Allow access over insecure HTTP. For development only"`
|
||||
Debug bool `default:"false" description:"Enable debug logging"`
|
||||
ListenType string `envconfig:"listen_type" default:"tcp" description:"Type of socket to listen on (Go 'net.Listen()' network)"`
|
||||
ListenAddress string `envconfig:"listen_address" default:":8700" description:"Address to listen on (Go 'net.Listen()' address)"`
|
||||
SecretsDir string `envconfig:"secrets_dir" default:"/var/lib/authentricity/webui/secrets" description:"Directory in which to store secrets"`
|
||||
TokenCookie string `envconfig:"token_cookie" default:"authentricity_token" description:"Cookie in which to store authentication token"`
|
||||
AdminGroupID uuid.UUID `envconfig:"admin_group_id" required:"true" description:"UUID of administrator group"`
|
||||
CookieDomain string `envconfig:"cookie_domain" default:"" description:"Domain to use when setting token cookie - customize to do cross-domain cookie based SSO"`
|
||||
NoHTTPS bool `envconfig:"no_https" default:"false" description:"Allow access over insecure HTTP. For development only"`
|
||||
WebAuthnOrigin string `envconfig:"webauthn_origin" default:"" description:"WebAuthn Origin"`
|
||||
}
|
||||
|
||||
func Main() {
|
||||
|
|
|
@ -103,6 +103,10 @@ func (s *Service) entityPost(w http.ResponseWriter, r *http.Request) {
|
|||
s.actionAddGroup(w, r, ent, md)
|
||||
case "remove_groups":
|
||||
s.actionRemoveGroups(w, r, ent, md)
|
||||
case "add_authenticator":
|
||||
s.actionAddAuthenticator(w, r, ent, md)
|
||||
case "remove_credentials":
|
||||
s.actionRemoveCredentials(w, r, ent, md)
|
||||
default:
|
||||
s.renderError(w)
|
||||
}
|
||||
|
@ -145,11 +149,17 @@ func (s *Service) renderUser(w http.ResponseWriter, r *http.Request, user *model
|
|||
UserName string
|
||||
DisplayName string
|
||||
Email string
|
||||
Groups []group
|
||||
SSHKeys []string
|
||||
Title string
|
||||
Message string
|
||||
CSRFField template.HTML
|
||||
|
||||
Groups []group
|
||||
|
||||
Credentials []models.PublicKeyCredential
|
||||
WA WebAuthnRegistrationRequest
|
||||
|
||||
SSHKeys []string
|
||||
|
||||
Title string
|
||||
Message string
|
||||
CSRFField template.HTML
|
||||
}{
|
||||
IsYou: user.UUID.String() == tok.Subject(),
|
||||
IsAdmin: s.isAdmin(r.Context()),
|
||||
|
@ -164,10 +174,6 @@ func (s *Service) renderUser(w http.ResponseWriter, r *http.Request, user *model
|
|||
CSRFField: csrf.TemplateField(r),
|
||||
}
|
||||
|
||||
if user.Privileged != nil {
|
||||
params.SSHKeys = user.Privileged.SSHAuthorizedKeys
|
||||
}
|
||||
|
||||
groupIDs, _, err := s.store.GetUserGroups(r.Context(), user.UUID)
|
||||
if err != nil {
|
||||
zap.L().Error("Error getting user groups", zap.Error(err))
|
||||
|
@ -194,6 +200,18 @@ func (s *Service) renderUser(w http.ResponseWriter, r *http.Request, user *model
|
|||
})
|
||||
}
|
||||
|
||||
params.WA, err = s.webAuthnRegister(user)
|
||||
if err != nil {
|
||||
zap.L().Error("Error generating WebAuthn registration information", zap.Error(err))
|
||||
s.renderError(w)
|
||||
return
|
||||
}
|
||||
|
||||
if user.Privileged != nil {
|
||||
params.SSHKeys = user.Privileged.SSHAuthorizedKeys
|
||||
params.Credentials = user.Privileged.PublicKeyCredentials
|
||||
}
|
||||
|
||||
err = s.templates.ExecuteTemplate(w, "ent_user.tmpl", params)
|
||||
if err != nil {
|
||||
zap.L().Error("Error rendering template", zap.Error(err))
|
||||
|
|
|
@ -65,7 +65,7 @@ func (s *Service) loginPost(w http.ResponseWriter, r *http.Request) {
|
|||
username := r.PostForm.Get("username")
|
||||
password := r.PostForm.Get("password")
|
||||
|
||||
user, err := s.tryLogin(r.Context(), username, password)
|
||||
user, err := s.tryPasswordLogin(r.Context(), username, password)
|
||||
if err != nil {
|
||||
var reason loginFailureReason
|
||||
if errors.As(err, &reason) {
|
||||
|
@ -76,16 +76,20 @@ func (s *Service) loginPost(w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
s.finishLoginAsUser(w, r, user)
|
||||
}
|
||||
|
||||
func (s *Service) finishLoginAsUser(w http.ResponseWriter, r *http.Request, user *models.UserRecord) {
|
||||
tok, err := s.buildTokenForUser(r.Context(), user)
|
||||
if err != nil {
|
||||
L.Error("Error constructing token", zap.Error(err))
|
||||
zap.S().Error("Error constructing token: %v", err)
|
||||
s.renderError(w)
|
||||
return
|
||||
}
|
||||
|
||||
serialized, err := s.serializeCookieToken(tok)
|
||||
if err != nil {
|
||||
L.Error("Error constructing token", zap.Error(err))
|
||||
zap.S().Error("Error constructing token: %v", err)
|
||||
s.renderError(w)
|
||||
return
|
||||
}
|
||||
|
@ -132,7 +136,7 @@ func (s *Service) getLoginNextURL(r *http.Request) (string, bool) {
|
|||
return nextURL.String(), true
|
||||
}
|
||||
|
||||
func (s *Service) tryLogin(ctx context.Context, username, password string) (*models.UserRecord, error) {
|
||||
func (s *Service) tryPasswordLogin(ctx context.Context, username, password string) (*models.UserRecord, error) {
|
||||
L := zap.L().With(zap.String("username", username))
|
||||
|
||||
if username == "" {
|
||||
|
@ -176,19 +180,27 @@ func (s *Service) tryLogin(ctx context.Context, username, password string) (*mod
|
|||
}
|
||||
|
||||
func (s *Service) showLoginPage(w http.ResponseWriter, r *http.Request, message string) {
|
||||
wa, err := s.webAuthnBeginDiscover()
|
||||
if err != nil {
|
||||
zap.L().Error("Error doing WebAuthn discovery", zap.Error(err))
|
||||
s.renderError(w)
|
||||
}
|
||||
|
||||
params := struct {
|
||||
ShowError bool
|
||||
ErrorMessage string
|
||||
CSRFField template.HTML
|
||||
Next string
|
||||
WA WebAuthnDiscoverRequest
|
||||
}{
|
||||
ShowError: message != "",
|
||||
ErrorMessage: message,
|
||||
CSRFField: csrf.TemplateField(r),
|
||||
Next: r.Form.Get("next"),
|
||||
WA: wa,
|
||||
}
|
||||
|
||||
err := s.templates.ExecuteTemplate(w, "login.tmpl", params)
|
||||
err = s.templates.ExecuteTemplate(w, "login.tmpl", params)
|
||||
if err != nil {
|
||||
zap.L().Error("Error rendering template", zap.Error(err))
|
||||
s.renderError(w)
|
||||
|
|
35
internal/webui/pg_login_webauthn.go
Normal file
35
internal/webui/pg_login_webauthn.go
Normal file
|
@ -0,0 +1,35 @@
|
|||
package webui
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
|
||||
"go.uber.org/zap"
|
||||
)
|
||||
|
||||
func (s *Service) loginWebauthnDiscoveredPost(w http.ResponseWriter, r *http.Request) {
|
||||
L := zap.L()
|
||||
if err := r.ParseForm(); err != nil {
|
||||
L.Error("Error parsing form data", zap.Error(err))
|
||||
s.renderError(w)
|
||||
return
|
||||
}
|
||||
|
||||
dr := WebAuthnDiscoverResponse{
|
||||
Session: r.PostForm.Get("session"),
|
||||
Response: r.PostForm.Get("response"),
|
||||
}
|
||||
|
||||
user, err := s.webauthnCompleteDiscover(r.Context(), dr)
|
||||
switch {
|
||||
case err != nil:
|
||||
L.Error("Error doing discoverable login", zap.Error(err))
|
||||
s.renderError(w)
|
||||
return
|
||||
|
||||
case user == nil:
|
||||
s.renderForbidden(w, r)
|
||||
return
|
||||
}
|
||||
|
||||
s.finishLoginAsUser(w, r, user)
|
||||
}
|
|
@ -2,10 +2,12 @@ package webui
|
|||
|
||||
import (
|
||||
"crypto/rand"
|
||||
"crypto/sha256"
|
||||
"embed"
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"html/template"
|
||||
"io"
|
||||
"io/fs"
|
||||
"net/http"
|
||||
"os"
|
||||
|
@ -13,6 +15,7 @@ import (
|
|||
|
||||
"github.com/go-chi/chi/v5"
|
||||
"github.com/go-chi/chi/v5/middleware"
|
||||
"github.com/go-webauthn/webauthn/webauthn"
|
||||
"github.com/google/uuid"
|
||||
"github.com/gorilla/csrf"
|
||||
"github.com/lestrrat-go/jwx/v2/jwa"
|
||||
|
@ -20,6 +23,7 @@ import (
|
|||
"github.com/lestrrat-go/jwx/v2/jwk"
|
||||
"go.e43.eu/authentricity/internal/store"
|
||||
"go.uber.org/zap"
|
||||
"golang.org/x/crypto/hkdf"
|
||||
)
|
||||
|
||||
//go:embed content
|
||||
|
@ -29,11 +33,14 @@ type Service struct {
|
|||
router *chi.Mux
|
||||
templates *template.Template
|
||||
store store.WritableStore
|
||||
masterKey []byte
|
||||
webAuthnKey []byte
|
||||
cookieKey jwk.Key
|
||||
tokenCookie string
|
||||
cookieDomain string
|
||||
cookieSecure bool
|
||||
adminGroup uuid.UUID
|
||||
wa *webauthn.WebAuthn
|
||||
}
|
||||
|
||||
func buildService(cfg Config, st store.WritableStore) *Service {
|
||||
|
@ -58,8 +65,10 @@ func buildService(cfg Config, st store.WritableStore) *Service {
|
|||
adminGroup: cfg.AdminGroupID,
|
||||
}
|
||||
|
||||
s.setupMasterKey(cfg)
|
||||
csrf := s.setupCSRFMiddleware(cfg)
|
||||
s.setupCookieSecret(cfg)
|
||||
s.setupWebAuthn(cfg)
|
||||
|
||||
r.Use(logMiddleware(zap.L().Named("http")))
|
||||
r.Use(middleware.Recoverer)
|
||||
|
@ -70,6 +79,7 @@ func buildService(cfg Config, st store.WritableStore) *Service {
|
|||
r.Get("/", s.indexGet)
|
||||
r.Get("/login", s.loginGet)
|
||||
r.Post("/login", s.loginPost)
|
||||
r.Post("/login/webauthn-discovered", s.loginWebauthnDiscoveredPost)
|
||||
r.Post("/logout", s.logoutPost)
|
||||
r.Get("/entity", s.entitySearch)
|
||||
r.Get("/entity/{id}", s.entityGet)
|
||||
|
@ -127,15 +137,15 @@ func (s *Service) setupCookieSecret(cfg Config) {
|
|||
}
|
||||
}
|
||||
|
||||
func (s *Service) setupCSRFMiddleware(cfg Config) func(http.Handler) http.Handler {
|
||||
keyPath := path.Join(cfg.SecretsDir, "csrf.key")
|
||||
func (s *Service) setupMasterKey(cfg Config) {
|
||||
keyPath := path.Join(cfg.SecretsDir, "web.key")
|
||||
data, err := os.ReadFile(keyPath)
|
||||
if err != nil {
|
||||
if !errors.Is(err, fs.ErrNotExist) {
|
||||
zap.S().Fatalf("Error loading CSRF key: %v", err)
|
||||
zap.S().Fatalf("Error loading web master key: %v", err)
|
||||
}
|
||||
|
||||
zap.S().Info("No CSRF key found, generating new key")
|
||||
zap.S().Info("No web master key found, generating new key")
|
||||
|
||||
var raw [32]byte
|
||||
_, err := rand.Read(raw[:])
|
||||
|
@ -150,7 +160,47 @@ func (s *Service) setupCSRFMiddleware(cfg Config) func(http.Handler) http.Handle
|
|||
data = raw[:]
|
||||
}
|
||||
|
||||
return csrf.Protect(data,
|
||||
if len(data) != 32 {
|
||||
zap.S().Fatalf("Web master key %s too short (must be at least 32B)", keyPath)
|
||||
}
|
||||
|
||||
s.masterKey = data
|
||||
}
|
||||
|
||||
func (s *Service) deriveKey(label string) io.Reader {
|
||||
return hkdf.Expand(sha256.New, s.masterKey, []byte(label))
|
||||
}
|
||||
|
||||
func (s *Service) setupWebAuthn(cfg Config) {
|
||||
s.webAuthnKey = make([]byte, 16)
|
||||
_, err := s.deriveKey("WebAuthn").Read(s.webAuthnKey)
|
||||
if err != nil {
|
||||
zap.S().Fatalf("Error deriving WebAuthn key: %v", err)
|
||||
}
|
||||
|
||||
wc := &webauthn.Config{
|
||||
RPID: cfg.CookieDomain,
|
||||
// TODO: Make configurable
|
||||
RPDisplayName: cfg.CookieDomain,
|
||||
RPOrigins: []string{cfg.WebAuthnOrigin},
|
||||
Debug: true,
|
||||
}
|
||||
wa, err := webauthn.New(wc)
|
||||
if err != nil {
|
||||
zap.S().Fatalf("Error setting up webauthn: %v", err)
|
||||
}
|
||||
|
||||
s.wa = wa
|
||||
}
|
||||
|
||||
func (s *Service) setupCSRFMiddleware(cfg Config) func(http.Handler) http.Handler {
|
||||
var key [32]byte
|
||||
_, err := s.deriveKey("CSRF").Read(key[:])
|
||||
if err != nil {
|
||||
zap.S().Fatalf("Error deriving CSRF key: %v", err)
|
||||
}
|
||||
|
||||
return csrf.Protect(key[:],
|
||||
csrf.Path("/"),
|
||||
csrf.Secure(!cfg.NoHTTPS))
|
||||
}
|
||||
|
|
236
internal/webui/webauthn.go
Normal file
236
internal/webui/webauthn.go
Normal file
|
@ -0,0 +1,236 @@
|
|||
package webui
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"context"
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"fmt"
|
||||
|
||||
"github.com/go-webauthn/webauthn/protocol"
|
||||
"github.com/go-webauthn/webauthn/webauthn"
|
||||
"github.com/google/uuid"
|
||||
"github.com/lestrrat-go/jwx/v2/jwa"
|
||||
"github.com/lestrrat-go/jwx/v2/jwe"
|
||||
"go.e43.eu/authentricity/internal/models"
|
||||
"go.e43.eu/authentricity/internal/store"
|
||||
)
|
||||
|
||||
type WebAuthnUser struct {
|
||||
*models.UserRecord
|
||||
}
|
||||
|
||||
func (u WebAuthnUser) WebAuthnID() []byte {
|
||||
return u.UUID[:]
|
||||
}
|
||||
|
||||
func (u WebAuthnUser) WebAuthnName() string {
|
||||
switch {
|
||||
case u.UserName != "":
|
||||
return u.UserName
|
||||
case u.EmailAddress != "":
|
||||
return u.EmailAddress
|
||||
default:
|
||||
return u.UUID.String()
|
||||
}
|
||||
}
|
||||
|
||||
func (u WebAuthnUser) WebAuthnDisplayName() string {
|
||||
switch {
|
||||
case u.RealName != "":
|
||||
return u.RealName
|
||||
case u.UserName != "":
|
||||
return u.UserName
|
||||
case u.EmailAddress != "":
|
||||
return u.EmailAddress
|
||||
default:
|
||||
return u.UUID.String()
|
||||
}
|
||||
}
|
||||
|
||||
func (u WebAuthnUser) WebAuthnCredentials() []webauthn.Credential {
|
||||
if u.Privileged == nil {
|
||||
return nil
|
||||
}
|
||||
|
||||
creds := make([]webauthn.Credential, len(u.Privileged.PublicKeyCredentials))
|
||||
for i, c := range u.Privileged.PublicKeyCredentials {
|
||||
creds[i] = webauthn.Credential{
|
||||
ID: c.Credential,
|
||||
PublicKey: c.PublicKey,
|
||||
Flags: webauthn.CredentialFlags{
|
||||
UserPresent: c.UserPresent,
|
||||
UserVerified: c.UserVerified,
|
||||
},
|
||||
}
|
||||
}
|
||||
return creds
|
||||
}
|
||||
|
||||
func (u WebAuthnUser) WebAuthnCredentialDescriptors() []protocol.CredentialDescriptor {
|
||||
if u.Privileged == nil {
|
||||
return nil
|
||||
}
|
||||
|
||||
creds := make([]protocol.CredentialDescriptor, len(u.Privileged.PublicKeyCredentials))
|
||||
for i, c := range u.Privileged.PublicKeyCredentials {
|
||||
creds[i] = protocol.CredentialDescriptor{
|
||||
Type: protocol.PublicKeyCredentialType,
|
||||
CredentialID: protocol.URLEncodedBase64(c.Credential),
|
||||
}
|
||||
}
|
||||
return creds
|
||||
}
|
||||
|
||||
func (u WebAuthnUser) WebAuthnIcon() string {
|
||||
return ""
|
||||
}
|
||||
|
||||
func (s *Service) webAuthnMarshalSession(sd *webauthn.SessionData) (string, error) {
|
||||
data, err := json.Marshal(sd)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
||||
data, err = jwe.Encrypt(data,
|
||||
jwe.WithKey(jwa.DIRECT, s.webAuthnKey),
|
||||
jwe.WithContentEncryption(jwa.A128GCM))
|
||||
|
||||
return string(data), err
|
||||
}
|
||||
|
||||
func (s *Service) webAuthnUnmarshalSession(session string) (*webauthn.SessionData, error) {
|
||||
body, err := jwe.Decrypt([]byte(session),
|
||||
jwe.WithKey(jwa.DIRECT, s.webAuthnKey))
|
||||
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("Decrypting WebAuthn session: %v", err)
|
||||
}
|
||||
|
||||
sess := new(webauthn.SessionData)
|
||||
err = json.Unmarshal(body, sess)
|
||||
return sess, err
|
||||
}
|
||||
|
||||
type WebAuthnRegistrationRequest struct {
|
||||
Request string
|
||||
Session string
|
||||
}
|
||||
|
||||
type WebAuthnRegistrationResponse struct {
|
||||
Response string
|
||||
Session string
|
||||
}
|
||||
|
||||
func (s *Service) webAuthnRegister(user *models.UserRecord) (WebAuthnRegistrationRequest, error) {
|
||||
waUser := WebAuthnUser{user}
|
||||
waReq, waSess, err := s.wa.BeginRegistration(waUser,
|
||||
webauthn.WithExclusions(waUser.WebAuthnCredentialDescriptors()),
|
||||
webauthn.WithResidentKeyRequirement(protocol.ResidentKeyRequirementRequired))
|
||||
if err != nil {
|
||||
return WebAuthnRegistrationRequest{}, err
|
||||
}
|
||||
|
||||
req, err := json.Marshal(waReq)
|
||||
if err != nil {
|
||||
return WebAuthnRegistrationRequest{}, err
|
||||
}
|
||||
|
||||
sess, err := s.webAuthnMarshalSession(waSess)
|
||||
if err != nil {
|
||||
return WebAuthnRegistrationRequest{}, err
|
||||
}
|
||||
|
||||
return WebAuthnRegistrationRequest{
|
||||
Request: string(req),
|
||||
Session: sess,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (s *Service) webAuthnCreateCredential(user *models.UserRecord, regResp WebAuthnRegistrationResponse) (*webauthn.Credential, error) {
|
||||
waUser := WebAuthnUser{user}
|
||||
|
||||
sess, err := s.webAuthnUnmarshalSession(regResp.Session)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
pcc, err := protocol.ParseCredentialCreationResponseBody(bytes.NewReader([]byte(regResp.Response)))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
cred, err := s.wa.CreateCredential(waUser, *sess, pcc)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return cred, nil
|
||||
}
|
||||
|
||||
type WebAuthnDiscoverRequest struct {
|
||||
Request string
|
||||
Session string
|
||||
}
|
||||
|
||||
type WebAuthnDiscoverResponse struct {
|
||||
Response string
|
||||
Session string
|
||||
}
|
||||
|
||||
func (s *Service) webAuthnBeginDiscover() (WebAuthnDiscoverRequest, error) {
|
||||
waReq, waSess, err := s.wa.BeginDiscoverableLogin(webauthn.WithUserVerification(protocol.VerificationRequired))
|
||||
|
||||
req, err := json.Marshal(waReq)
|
||||
if err != nil {
|
||||
return WebAuthnDiscoverRequest{}, err
|
||||
}
|
||||
|
||||
sess, err := s.webAuthnMarshalSession(waSess)
|
||||
if err != nil {
|
||||
return WebAuthnDiscoverRequest{}, err
|
||||
}
|
||||
|
||||
return WebAuthnDiscoverRequest{
|
||||
Request: string(req),
|
||||
Session: sess,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (s *Service) webauthnCompleteDiscover(
|
||||
ctx context.Context,
|
||||
resp WebAuthnDiscoverResponse,
|
||||
) (*models.UserRecord, error) {
|
||||
sess, err := s.webAuthnUnmarshalSession(resp.Session)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
pcr, err := protocol.ParseCredentialRequestResponseBody(bytes.NewReader([]byte(resp.Response)))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if len(pcr.Response.UserHandle) != 16 {
|
||||
return nil, errors.New("Invalid user handle")
|
||||
}
|
||||
|
||||
userID, err := uuid.FromBytes(pcr.Response.UserHandle)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
user, _, err := store.GetUser(ctx, s.store, userID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
_, err = s.wa.ValidateDiscoverableLogin(func(_, _ []byte) (webauthn.User, error) {
|
||||
return WebAuthnUser{user}, nil
|
||||
}, *sess, pcr)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return user, nil
|
||||
}
|
18
module.nix
18
module.nix
|
@ -54,6 +54,14 @@ with lib;
|
|||
description = "Disable SecureOnly cookie flag";
|
||||
default = false;
|
||||
};
|
||||
|
||||
webauthnOrigin = mkOption {
|
||||
type = with types; str;
|
||||
description = "Domain to use as WebAuthn RPID";
|
||||
default = config.services.authentricity.webui.cookieDomain;
|
||||
defaultText = "config.services.authentricity.webui.cookieDomain";
|
||||
example = "example.com";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -116,9 +124,11 @@ with lib;
|
|||
description = "Authentricity Web UI";
|
||||
|
||||
environment = {
|
||||
AUTHENTRICITY_WEBUI_ADMIN_GROUP_ID = cfg.webui.adminGroupID;
|
||||
AUTHENTRICITY_WEBUI_COOKIE_DOMAIN = cfg.webui.cookieDomain;
|
||||
AUTHENTRICITY_WEBUI_NO_HTTPS = mkIf cfg.webui.noHTTPS "true";
|
||||
AUTHENTRICITY_WEBUI_ADMIN_GROUP_ID = cfg.webui.adminGroupID;
|
||||
AUTHENTRICITY_WEBUI_COOKIE_DOMAIN = cfg.webui.cookieDomain;
|
||||
AUTHENTRICITY_WEBUI_WEBAUTHN_ORIGIN = cfg.webui.webauthnOrigin;
|
||||
AUTHENTRICITY_WEBUI_NO_HTTPS = mkIf cfg.webui.noHTTPS "true";
|
||||
|
||||
};
|
||||
|
||||
serviceConfig = {
|
||||
|
@ -160,4 +170,4 @@ with lib;
|
|||
};
|
||||
users.groups.authentricity-webui = mkIf cfg.webui.enable {};
|
||||
};
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue