diff options
-rw-r--r-- | config.go | 18 | ||||
-rw-r--r-- | docs/cca.scfg.example | 5 | ||||
-rw-r--r-- | ws.go | 22 |
3 files changed, 30 insertions, 15 deletions
@@ -52,7 +52,7 @@ var configWithPointers struct { Conn *string `scfg:"conn"` } `scfg:"db"` Auth struct { - Fake *bool `scfg:"fake"` + Fake *int `scfg:"fake"` Client *string `scfg:"client"` Authorize *string `scfg:"authorize"` Jwks *string `scfg:"jwks"` @@ -84,7 +84,7 @@ var config struct { Conn string } Auth struct { - Fake bool + Fake int Client string Authorize string Jwks string @@ -121,7 +121,19 @@ func fetchConfig(path string) error { config.Listen.Addr = *(configWithPointers.Listen.Addr) config.DB.Type = *(configWithPointers.DB.Type) config.DB.Conn = *(configWithPointers.DB.Conn) - config.Auth.Fake = *(configWithPointers.Auth.Fake) + if configWithPointers.Auth.Fake == nil { + config.Auth.Fake = 0 + } else { + config.Auth.Fake = *(configWithPointers.Auth.Fake) + switch config.Auth.Fake { + case 0, 4712, 9080: /* Don't use them unless you know what you're doing */ + if config.Prod { + panic("auth.fake not allowed in production mode") + } + default: + panic("illegal auth.fake config option") + } + } config.Auth.Client = *(configWithPointers.Auth.Client) config.Auth.Authorize = *(configWithPointers.Auth.Authorize) config.Auth.Jwks = *(configWithPointers.Auth.Jwks) diff --git a/docs/cca.scfg.example b/docs/cca.scfg.example index 0a96299..02224b3 100644 --- a/docs/cca.scfg.example +++ b/docs/cca.scfg.example @@ -52,11 +52,6 @@ db { } auth { - # Should we allow fake authentication? This should only be enabled - # in development and never in production as it would allow connections - # to create fake users. - fake false - # What is our OAUTH2 client ID? client e8101cb5-84a3-49d7-860b-e5a75e63219a @@ -91,7 +91,7 @@ func handleWs(w http.ResponseWriter, req *http.Request) { sessionCookie, err := req.Cookie("session") if errors.Is(err, http.ErrNoCookie) { - if !config.Auth.Fake { + if config.Auth.Fake == 0 { err := writeText(req.Context(), c, "U") if err != nil { log.Println(err) @@ -112,12 +112,19 @@ func handleWs(w http.ResponseWriter, req *http.Request) { var expr int if fake { - _uuid, err := uuid.NewRandom() - if err != nil { - log.Println(err) - return + switch config.Auth.Fake { + case 9080: + _uuid, err := uuid.NewRandom() + if err != nil { + log.Println(err) + return + } + userID = _uuid.String() + case 4712: + userID = "fake" + default: + panic("not supposed to happen") } - userID = _uuid.String() session, err = randomString(20) if err != nil { log.Println(err) @@ -133,7 +140,8 @@ func handleWs(w http.ResponseWriter, req *http.Request) { session, time.Now().Add(time.Duration(config.Auth.Expr)*time.Second).Unix(), ) - if err != nil { + if err != nil && config.Auth.Fake != 4712 { + /* TODO check pgerr */ err := writeText(req.Context(), c, "E :Database error while writing fake account info") if err != nil { log.Println(err) |