diff options
Diffstat (limited to 'pkg/atlas')
-rw-r--r-- | pkg/atlas/config.go | 35 | ||||
-rw-r--r-- | pkg/atlas/server.go | 138 |
2 files changed, 3 insertions, 170 deletions
diff --git a/pkg/atlas/config.go b/pkg/atlas/config.go index ed108c1..07c88ac 100644 --- a/pkg/atlas/config.go +++ b/pkg/atlas/config.go @@ -168,41 +168,12 @@ type Config struct { // Sets the source used for resolving usernames. If not specified, "origin" // is used if OriginEmail is provided, otherwise, "none" is used. // - none (don't get usernames) - // - origin (get the username from the Origin API) - // - origin-eax (get the username from the Origin API, but fall back to EAX on failure) - // - origin-eax-debug (get the username from the Origin API, but also check EAX and warn if it's different) // - eax (get the username from EAX) - // - eax-origin (get the username from EAX, but fall back to the Origin API on failure) + // - stryder (get the username from Stryder) + // - stryder-eax (get the username from Stryder, but fall back to EAX on failure) + // - stryder-eax-debug (get the username from Stryder, but also check EAX and warn if it's different) UsernameSource string `env:"ATLAS_USERNAMESOURCE"` - // The email address to use for Origin login. If not provided, the Origin - // API will not be used. If it begins with @, it is treated as the name of a - // systemd credential to load. - OriginEmail string `env:"ATLAS_ORIGIN_EMAIL" sdcreds:"load,trimspace"` - - // The password for Origin login. If it begins with @, it is treated as the - // name of a systemd credential to load. - OriginPassword string `env:"ATLAS_ORIGIN_PASSWORD" sdcreds:"load,trimspace"` - - // The base32 TOTP secret for Origin login. If it begins with @, it is - // treated as the name of a systemd credential to load. - OriginTOTP string `env:"ATLAS_ORIGIN_TOTP" sdcreds:"load,trimspace"` - - // OriginHARGzip controls whether to compress saved HAR archives. - OriginHARGzip bool `env:"ATLAS_ORIGIN_HAR_GZIP"` - - // OriginHARSuccess is the path to a directory to save HAR archives of - // successful Origin auth attempts. - OriginHARSuccess string `env:"ATLAS_ORIGIN_HAR_SUCCESS"` - - // OriginHARError is the path to a directory to save HAR archives of - // successful Origin auth attempts. - OriginHARError string `env:"ATLAS_ORIGIN_HAR_ERROR"` - - // The JSON file to save Origin login info to so tokens are preserved across - // restarts. Highly recommended. - OriginPersist string `env:"ATLAS_ORIGIN_PERSIST"` - // Override the EAX EA App version. If specified, updates will not be // checked automatically. EAXUpdateVersion string `env:"EAX_UPDATE_VERSION"` diff --git a/pkg/atlas/server.go b/pkg/atlas/server.go index 4b450c2..7ad8fce 100644 --- a/pkg/atlas/server.go +++ b/pkg/atlas/server.go @@ -20,7 +20,6 @@ import ( "time" "github.com/VictoriaMetrics/metrics" - "github.com/klauspost/compress/gzip" "github.com/pg9182/ip2x" "github.com/r2northstar/atlas/db/atlasdb" "github.com/r2northstar/atlas/db/pdatadb" @@ -29,7 +28,6 @@ import ( "github.com/r2northstar/atlas/pkg/eax" "github.com/r2northstar/atlas/pkg/memstore" "github.com/r2northstar/atlas/pkg/nspkt" - "github.com/r2northstar/atlas/pkg/origin" "github.com/r2northstar/atlas/pkg/regionmap" "github.com/rs/zerolog" "github.com/rs/zerolog/hlog" @@ -300,11 +298,6 @@ func NewServer(c *Config) (*Server, error) { Add(hlog.RequestIDHandler("rid", "")). Then(http.HandlerFunc(s.serveRest)) - if org, err := configureOrigin(c, s.Logger.With().Str("component", "origin").Logger()); err == nil { - s.API0.OriginAuthMgr = org - } else { - return nil, fmt.Errorf("initialize origin auth: %w", err) - } if exc, err := configureEAX(c, s.Logger.With().Str("component", "eax").Logger()); err == nil { s.API0.EAXClient = exc } else { @@ -498,125 +491,6 @@ func configureLogging(c *Config) (l zerolog.Logger, reopen func(), err error) { return } -func configureOrigin(c *Config, l zerolog.Logger) (*origin.AuthMgr, error) { - if c.OriginEmail == "" { - return nil, nil - } - var mu sync.Mutex - mgr := &origin.AuthMgr{ - Credentials: func() (email, password, otpsecret string, err error) { - return c.OriginEmail, c.OriginPassword, c.OriginTOTP, nil - }, - Backoff: expbackoff, - Updated: func(as origin.AuthState, err error) { - mu.Lock() - defer mu.Unlock() - - if fn := c.OriginPersist; fn != "" { - if buf, err := json.Marshal(as); err != nil { - l.Err(err).Msg("failed to save origin auth json") - return - } else if err = os.WriteFile(fn, buf, 0666); err != nil { - l.Err(err).Msg("failed to save origin auth json") - return - } - } - if err != nil { - l.Err(err).Msg("origin auth error; using old token") - } else { - l.Info().Msg("got new origin token") - } - }, - } - if fn := c.OriginPersist; fn != "" { - var as origin.AuthState - if buf, err := os.ReadFile(fn); err != nil { - if !os.IsNotExist(err) { - l.Err(err).Msg("failed to load origin auth json") - } - } else if err := json.Unmarshal(buf, &as); err != nil { - l.Err(err).Msg("failed to load origin auth json") - } else { - mgr.SetAuth(as) - } - } - if c.OriginHARError != "" || c.OriginHARSuccess != "" { - var errPath, successPath string - if v := c.OriginHARError; v != "" { - if p, err := filepath.Abs(v); err != nil { - return nil, fmt.Errorf("resolve error har path: %w", err) - } else if err := os.MkdirAll(v, 0777); err != nil { - return nil, fmt.Errorf("mkdir error har path: %w", err) - } else { - errPath = p - } - } - if v := c.OriginHARSuccess; v != "" { - if p, err := filepath.Abs(v); err != nil { - return nil, fmt.Errorf("resolve success har path: %w", err) - } else if err := os.MkdirAll(v, 0777); err != nil { - return nil, fmt.Errorf("mkdir success har path: %w", err) - } else { - successPath = p - } - } - var harMu sync.Mutex - harZ := gzip.NewWriter(io.Discard) - mgr.SaveHAR = func(write func(w io.Writer) error, err error) { - harMu.Lock() - defer harMu.Unlock() - - var p string - if err != nil { - if errPath != "" { - p = filepath.Join(errPath, "origin-auth-error-") - } - } else { - if successPath != "" { - p = filepath.Join(successPath, "origin-auth-success-") - } - } - if p != "" { - p = p + strconv.FormatInt(time.Now().Unix(), 10) + ".har" - - if c.OriginHARGzip { - p += ".gz" - } - - f, err := os.OpenFile(p, os.O_CREATE|os.O_WRONLY, 0600) - if err != nil { - l.Err(err).Msg("failed to save origin auth har") - return - } - defer f.Close() - - if c.OriginHARGzip { - harZ.Reset(f) - if err := write(harZ); err != nil { - l.Err(err).Msg("failed to save origin auth har") - return - } - if err := harZ.Close(); err != nil { - l.Err(err).Msg("failed to save origin auth har") - return - } - } else { - if err := write(f); err != nil { - l.Err(err).Msg("failed to save origin auth har") - return - } - } - - if err := f.Close(); err != nil { - l.Err(err).Msg("failed to save origin auth har") - return - } - } - } - } - return mgr, nil -} - func configureEAX(c *Config, l zerolog.Logger) (*eax.Client, error) { mgr := &eax.UpdateMgr{ AutoUpdateBackoff: expbackoff, @@ -656,16 +530,8 @@ func configureUsernameSource(c *Config) (api0.UsernameSource, error) { switch typ := c.UsernameSource; typ { case "none": return api0.UsernameSourceNone, nil - case "origin": - return api0.UsernameSourceOrigin, nil - case "origin-eax": - return api0.UsernameSourceOriginEAX, nil - case "origin-eax-debug": - return api0.UsernameSourceOriginEAXDebug, nil case "eax": return api0.UsernameSourceEAX, nil - case "eax-origin": - return api0.UsernameSourceEAXOrigin, nil case "stryder": return api0.UsernameSourceStryder, nil case "stryder-eax": @@ -673,10 +539,6 @@ func configureUsernameSource(c *Config) (api0.UsernameSource, error) { case "stryder-eax-debug": return api0.UsernameSourceStryderEAXDebug, nil case "": - // backwards compat - if c.OriginEmail != "" { - return api0.UsernameSourceOrigin, nil - } return api0.UsernameSourceNone, nil default: return "", fmt.Errorf("unknown source %q", typ) |