bugfix: Unmarshal non-bound environment variables

theadell · Nov 13, 2023 · 92c9a94 · 92c9a94
1 parent 3b40193
commit 92c9a94
Show file tree

Hide file tree

Showing 6 changed files with 45 additions and 11 deletions.
diff --git a/cmd/dashboard/config.go b/cmd/dashboard/config.go
@@ -32,6 +32,12 @@ func loadConfig() (*Config, error) {
 	v.AutomaticEnv()
 	v.SetEnvKeyReplacer(strings.NewReplacer(".", "_"))
 	v.SetEnvPrefix("DNSIFY")
+
+	// TODO: Unmarshal non-bound environment variables
+	// adjust when viper provides a solution to https://github.com/spf13/viper/issues/761
+	// workaround: manual binding for commented out feilds in config.yaml
+	bindEnvVars(v)
+
 	if err := v.ReadInConfig(); err != nil {
 		if _, ok := err.(viper.ConfigFileNotFoundError); ok {
 			slog.Error("Config file not found", "Error", err)
@@ -46,3 +52,32 @@ func loadConfig() (*Config, error) {
 	}
 	return &config, nil
 }
+
+func bindEnvVars(v *viper.Viper) {
+	v.BindEnv("dns.server.addr", "DNS_SERVER_ADDR")
+	v.BindEnv("dns.server.zone", "DNS_SERVER_ZONE")
+	v.BindEnv("dns.server.tsigKey", "DNS_SERVER_TSIGKEY")
+	v.BindEnv("dns.server.tsigSecret", "DNS_SERVER_TSIGSECRET")
+	v.BindEnv("dns.client.syncInterval", "DNS_CLIENT_SYNCINTERVAL")
+	v.BindEnv("dns.client.healthCheckInterval", "DNS_CLIENT_HEALTHCHECKINTERVAL")
+	v.BindEnv("dns.client.ipv4", "DNS_CLIENT_IPV4")
+	v.BindEnv("dns.client.ipv6", "DNS_CLIENT_IPV6")
+	v.BindEnv("dns.client.guards.immutable", "DNS_CLIENT_GUARDS_IMMUTABLE")
+	v.BindEnv("dns.client.guards.admin_only", "DNS_CLIENT_GUARDS_ADMIN_ONLY")
+
+	v.BindEnv("httpServer.host", "HTTPSERVER_HOST")
+	v.BindEnv("httpServer.port", "HTTPSERVER_PORT")
+	v.BindEnv("httpServer.secureCookie", "HTTPSERVER_SECURECOOKIE")
+
+	v.BindEnv("oauth2Client.provider", "OAUTH2CLIENT_PROVIDER")
+	v.BindEnv("oauth2Client.authURL", "OAUTH2CLIENT_AUTHURL")
+	v.BindEnv("oauth2Client.tokenURL", "OAUTH2CLIENT_TOKENURL")
+	v.BindEnv("oauth2Client.clientID", "OAUTH2CLIENT_CLIENTID")
+	v.BindEnv("oauth2Client.clientSecret", "OAUTH2CLIENT_CLIENTSECRET")
+	v.BindEnv("oauth2Client.scopes", "OAUTH2CLIENT_SCOPES")
+	v.BindEnv("oauth2Client.redirectURL", "OAUTH2CLIENT_REDIRECTURL")
+	v.BindEnv("oauth2Client.tenant", "OAUTH2CLIENT_TENANT")
+	v.BindEnv("oauth2Client.domain", "OAUTH2CLIENT_DOMAIN")
+	v.BindEnv("oauth2Client.authorizedDomains", "OAUTH2CLIENT_AUTHORIZEDDOMAINS")
+	v.BindEnv("oauth2Client.loginText", "OAUTH2CLIENT_LOGINTEXT")
+}
diff --git a/cmd/dashboard/handlers.go b/cmd/dashboard/handlers.go
@@ -253,7 +253,6 @@ func (app *App) StatusSSEHandler(w http.ResponseWriter, r *http.Request) {
 		case <-ticker.C:
 			sendUpdate()
 		case <-r.Context().Done():
-			slog.Info("Client closed connection", "ip", r.RemoteAddr)
 			return
 		}
 

diff --git a/config.yaml b/config.yaml
@@ -12,15 +12,10 @@ dns:
     guards:
       immutable: # Optional: make certain domains/subdomains immutable
         - A/dnsify # IPV4 Records for `dnsify.[zone]`
-        - A/dns # IPV4 Records for `dns.[zone]`
         - "*/ns1" # All record types for `ns1.[zone]`
         - "*/ns2"
         - "*/ns3"
-        - NS/@ # NS Records for the zone
-        - A/@
-        - AAAA/@
-        - A/www
-        - AAAA/www
+        - "*/@"
 
 httpServer:
   host: "localhost"

diff --git a/internal/auth/handlers.go b/internal/auth/handlers.go
@@ -46,7 +46,6 @@ func (idp *Idp) handleLoginErr(w http.ResponseWriter, r *http.Request, clientMsg
 }
 
 func (idp *Idp) RequestSignIn(w http.ResponseWriter, r *http.Request) {
-
 	state, err := generateSecureRandom(32)
 	if err != nil {
 		idp.handleLoginErr(w, r, genericLoginErrMsg, errors.Join(err, errStateGenerationFailed))
@@ -60,7 +59,12 @@ func (idp *Idp) RequestSignIn(w http.ResponseWriter, r *http.Request) {
 	}
 	idp.sessionManager.Put(r.Context(), codeVerifierKey, codeVerifier)
 	codeChallenge := generateCodeChallenge(codeVerifier)
-	url := idp.AuthCodeURL(state, oauth2.SetAuthURLParam(codeChallengeKey, codeChallenge), oauth2.SetAuthURLParam(codeChallengeMethodKey, codeChallengeMethod))
+	url := idp.AuthCodeURL(state, oauth2.AccessTypeOnline,
+		oauth2.SetAuthURLParam(codeChallengeKey, codeChallenge),
+		oauth2.SetAuthURLParam(codeChallengeMethodKey, codeChallengeMethod),
+		oauth2.SetAuthURLParam("prompt", "select_account"),
+		oauth2.SetAuthURLParam("hd", "*"),
+	)
 	http.Redirect(w, r, url, http.StatusSeeOther)
 }
 
@@ -70,7 +74,6 @@ func (idp *Idp) HandleSignInCallback(w http.ResponseWriter, r *http.Request) {
 		idp.handleLoginErr(w, r, genericLoginErrMsg, errStateNotFound)
 		return
 	}
-
 	queryState := r.URL.Query().Get(stateKey)
 
 	if state != queryState {

diff --git a/internal/auth/idp.go b/internal/auth/idp.go
@@ -64,7 +64,7 @@ func NewIdp(config *OAuth2ClientConfig, sessionManager *scs.SessionManager) *Idp
 		endpoint = endpoints.AWSCognito(config.Domain)
 	default:
 		endpoint.AuthURL = config.AuthURL
-		endpoint.TokenURL = config.AuthURL
+		endpoint.TokenURL = config.TokenURL
 		text = "Sign in with your DNSify account"
 		lpd.Provider = "default"
 	}

diff --git a/internal/dnsservice/guards.go b/internal/dnsservice/guards.go
@@ -39,6 +39,7 @@ func parseGuards(guardList RecordGuards, zone string) GuardMap {
 	guardMap.AdminOnly = make(map[RecordGuard]bool)
 
 	for _, guardStr := range guardList.Immutable {
+		guardStr = strings.TrimSpace(guardStr)
 		guard, ok := parseGuardString(guardStr, zone)
 		if !ok {
 			slog.Debug("Guard is invalid", "guard", guardStr, "pattern", guardPattern)
@@ -48,6 +49,7 @@ func parseGuards(guardList RecordGuards, zone string) GuardMap {
 	}
 
 	for _, guardStr := range guardList.AdminEditable {
+		guardStr = strings.TrimSpace(guardStr)
 		guard, ok := parseGuardString(guardStr, zone)
 		if !ok {
 			slog.Debug("Guard is invalid", "guard", guardStr, "pattern", guardPattern)