1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
|
package server
import (
"github.com/eduvpn/eduvpn-common/internal/discovery"
"github.com/eduvpn/eduvpn-common/internal/oauth"
"github.com/eduvpn/eduvpn-common/internal/util"
"github.com/eduvpn/eduvpn-common/types"
"github.com/go-errors/errors"
)
// SecureInternetHomeServer secure internet server which has its own OAuth tokens
// It specifies the current location url it is connected to.
type SecureInternetHomeServer struct {
Auth oauth.OAuth `json:"oauth"`
DisplayName map[string]string `json:"display_name"`
// The home server has a list of info for each configured server location
BaseMap map[string]*Base `json:"base_map"`
// We have the authorization URL template, the home organization ID and the current location
AuthorizationTemplate string `json:"authorization_template"`
HomeOrganizationID string `json:"home_organization_id"`
CurrentLocation string `json:"current_location"`
}
func (ss *Servers) GetSecureInternetHomeServer() (*SecureInternetHomeServer, error) {
if !ss.HasSecureLocation() {
return nil, errors.Errorf("no secure internet home server")
}
return &ss.SecureInternetHomeServer, nil
}
func (ss *Servers) SetSecureInternet(server Server) error {
b, err := server.Base()
if err != nil {
return err
}
if b.Type != "secure_internet" {
return errors.Errorf("not a secure internet server")
}
// The location should already be configured
// TODO: check for location?
ss.IsType = SecureInternetServerType
return nil
}
func (ss *Servers) RemoveSecureInternet() {
// Empty out the struct
ss.SecureInternetHomeServer = SecureInternetHomeServer{}
// If the current server is secure internet, default to custom server
if ss.IsType == SecureInternetServerType {
ss.IsType = CustomServerType
}
}
func (s *SecureInternetHomeServer) TemplateAuth() func(string) string {
return func(authURL string) string {
return util.ReplaceWAYF(s.AuthorizationTemplate, authURL, s.HomeOrganizationID)
}
}
func (s *SecureInternetHomeServer) Base() (*Base, error) {
if s.BaseMap == nil {
return nil, errors.Errorf("secure internet map not found")
}
b, ok := s.BaseMap[s.CurrentLocation]
if !ok {
return nil, errors.Errorf("secure internet base with location '%s' not found", s.CurrentLocation)
}
return b, nil
}
func (s *SecureInternetHomeServer) OAuth() *oauth.OAuth {
return &s.Auth
}
func (ss *Servers) HasSecureLocation() bool {
return ss.SecureInternetHomeServer.CurrentLocation != ""
}
func (s *SecureInternetHomeServer) addLocation(locSrv *types.DiscoveryServer) (*Base, error) {
// Initialize the base map if it is non-nil
if s.BaseMap == nil {
s.BaseMap = make(map[string]*Base)
}
// Add the location to the base map
b, ok := s.BaseMap[locSrv.CountryCode]
if !ok || b == nil {
// Create the base to be added to the map
b = &Base{}
b.URL = locSrv.BaseURL
b.DisplayName = s.DisplayName
b.SupportContact = locSrv.SupportContact
b.Type = "secure_internet"
if err := b.InitializeEndpoints(); err != nil {
return nil, err
}
}
// Ensure it is in the map
s.BaseMap[locSrv.CountryCode] = b
return b, nil
}
// Initializes the home server and adds its own location.
func (s *SecureInternetHomeServer) init(
homeOrg *types.DiscoveryOrganization, homeLoc *types.DiscoveryServer,
) error {
if s.HomeOrganizationID != homeOrg.OrgID {
// New home organisation, clear everything
*s = SecureInternetHomeServer{}
}
// Make sure to set the organization ID
s.HomeOrganizationID = homeOrg.OrgID
s.DisplayName = homeOrg.DisplayName
// Make sure to set the authorization URL template
s.AuthorizationTemplate = homeLoc.AuthenticationURLTemplate
b, err := s.addLocation(homeLoc)
if err != nil {
return err
}
// Set the current location to the home location if there is none
if s.CurrentLocation == "" {
s.CurrentLocation = homeLoc.CountryCode
}
// Make sure oauth contains our endpoints
s.Auth.Init(b.Endpoints.API.V3.Authorization, b.Endpoints.API.V3.Token)
return nil
}
func (s *SecureInternetHomeServer) RefreshEndpoints(disco *discovery.Discovery) error {
// update OAuth for home server
auth := s.OAuth()
if auth != nil && s.HomeOrganizationID != "" {
_, srv, err := disco.SecureHomeArgs(s.HomeOrganizationID)
if err != nil {
return err
}
if hb, ok := s.BaseMap[srv.CountryCode]; ok && hb != nil {
err := hb.InitializeEndpoints()
if err != nil {
return err
}
auth.BaseAuthorizationURL = hb.Endpoints.API.V3.Authorization
auth.TokenURL = hb.Endpoints.API.V3.Token
}
// already updated, return
if srv.CountryCode == s.CurrentLocation {
return nil
}
}
// refresh the current location endpoints
// Re-initialize the endpoints
b, err := s.Base()
if err != nil {
return err
}
err = b.InitializeEndpoints()
if err != nil {
return err
}
return nil
}
|
