From 2ce3b86e0ff69538935db3149d1ed2f24aea09a3 Mon Sep 17 00:00:00 2001
From: Ben Burwell <ben@benburwell.com>
Date: Mon, 13 Apr 2020 23:57:13 -0400
Subject: Simplify

---
 server/config/config.go | 100 +++++++++---------------------------------------
 1 file changed, 18 insertions(+), 82 deletions(-)

(limited to 'server/config/config.go')

diff --git a/server/config/config.go b/server/config/config.go
index 1985800..82ddfec 100644
--- a/server/config/config.go
+++ b/server/config/config.go
@@ -3,51 +3,37 @@ package config
 import (
 	"os"
 	"strconv"
-	"strings"
 
 	"github.com/hashicorp/go-multierror"
 	"github.com/homemade/scl"
-	"github.com/nsheridan/cashier/server/helpers/vault"
 	"github.com/pkg/errors"
 )
 
 // Config holds the final server configuration.
 type Config struct {
 	Server *Server `hcl:"server"`
-	Auth   *Auth   `hcl:"auth"`
+	Github *Github `hcl:"github"`
 	SSH    *SSH    `hcl:"ssh"`
-	AWS    *AWS    `hcl:"aws"`
-	Vault  *Vault  `hcl:"vault"`
 }
 
-// Database holds database configuration.
-type Database map[string]string
-
 // Server holds the configuration specific to the web server and sessions.
 type Server struct {
-	UseTLS                bool     `hcl:"use_tls"`
-	TLSKey                string   `hcl:"tls_key"`
-	TLSCert               string   `hcl:"tls_cert"`
-	LetsEncryptServername string   `hcl:"letsencrypt_servername"`
-	LetsEncryptCache      string   `hcl:"letsencrypt_cachedir"`
-	Addr                  string   `hcl:"address"`
-	Port                  int      `hcl:"port"`
-	User                  string   `hcl:"user"`
-	CookieSecret          string   `hcl:"cookie_secret"`
-	CSRFSecret            string   `hcl:"csrf_secret"`
-	HTTPLogFile           string   `hcl:"http_logfile"`
-	Database              Database `hcl:"database"`
-	RequireReason         bool     `hcl:"require_reason"`
+	Addr         string `hcl:"address"`
+	Port         int    `hcl:"port"`
+	User         string `hcl:"user"`
+	CookieSecret string `hcl:"cookie_secret"`
+	SecureCookie bool   `hcl:"secure_cookie"`
+	CSRFSecret   string `hcl:"csrf_secret"`
+	HTTPLogFile  string `hcl:"http_logfile"`
 }
 
 // Auth holds the configuration specific to the OAuth provider.
-type Auth struct {
-	OauthClientID     string            `hcl:"oauth_client_id"`
-	OauthClientSecret string            `hcl:"oauth_client_secret"`
-	OauthCallbackURL  string            `hcl:"oauth_callback_url"`
-	Provider          string            `hcl:"provider"`
-	ProviderOpts      map[string]string `hcl:"provider_opts"`
-	UsersWhitelist    []string          `hcl:"users_whitelist"`
+type Github struct {
+	OauthClientID     string   `hcl:"oauth_client_id"`
+	OauthClientSecret string   `hcl:"oauth_client_secret"`
+	OauthCallbackURL  string   `hcl:"oauth_callback_url"`
+	UsersWhitelist    []string `hcl:"users_whitelist"`
+	OrgsWhitelist     []string `hcl:"orgs_whitelist"`
 }
 
 // SSH holds the configuration specific to signing ssh keys.
@@ -58,27 +44,13 @@ type SSH struct {
 	Permissions          []string `hcl:"permissions"`
 }
 
-// AWS holds Amazon AWS configuration.
-// AWS can also be configured using SDK methods.
-type AWS struct {
-	Region    string `hcl:"region"`
-	AccessKey string `hcl:"access_key"`
-	SecretKey string `hcl:"secret_key"`
-}
-
-// Vault holds Hashicorp Vault configuration.
-type Vault struct {
-	Address string `hcl:"address"`
-	Token   string `hcl:"token"`
-}
-
 func verifyConfig(c *Config) error {
 	var err error
 	if c.SSH == nil {
 		err = multierror.Append(err, errors.New("missing ssh config section"))
 	}
-	if c.Auth == nil {
-		err = multierror.Append(err, errors.New("missing auth config section"))
+	if c.Github == nil {
+		err = multierror.Append(err, errors.New("missing github config section"))
 	}
 	if c.Server == nil {
 		err = multierror.Append(err, errors.New("missing server config section"))
@@ -92,10 +64,10 @@ func setFromEnvironment(c *Config) {
 		c.Server.Port = port
 	}
 	if os.Getenv("OAUTH_CLIENT_ID") != "" {
-		c.Auth.OauthClientID = os.Getenv("OAUTH_CLIENT_ID")
+		c.Github.OauthClientID = os.Getenv("OAUTH_CLIENT_ID")
 	}
 	if os.Getenv("OAUTH_CLIENT_SECRET") != "" {
-		c.Auth.OauthClientSecret = os.Getenv("OAUTH_CLIENT_SECRET")
+		c.Github.OauthClientSecret = os.Getenv("OAUTH_CLIENT_SECRET")
 	}
 	if os.Getenv("CSRF_SECRET") != "" {
 		c.Server.CSRFSecret = os.Getenv("CSRF_SECRET")
@@ -105,48 +77,12 @@ func setFromEnvironment(c *Config) {
 	}
 }
 
-func setFromVault(c *Config) error {
-	if c.Vault == nil || c.Vault.Token == "" || c.Vault.Address == "" {
-		return nil
-	}
-	v, err := vault.NewClient(c.Vault.Address, c.Vault.Token)
-	if err != nil {
-		return errors.Wrap(err, "vault error")
-	}
-	var errs error
-	get := func(value string) string {
-		if strings.HasPrefix(value, "/vault/") {
-			s, err := v.Read(value)
-			if err != nil {
-				errs = multierror.Append(errs, err)
-			}
-			return s
-		}
-		return value
-	}
-	c.Auth.OauthClientID = get(c.Auth.OauthClientID)
-	c.Auth.OauthClientSecret = get(c.Auth.OauthClientSecret)
-	c.Server.CSRFSecret = get(c.Server.CSRFSecret)
-	c.Server.CookieSecret = get(c.Server.CookieSecret)
-	if len(c.Server.Database) != 0 {
-		c.Server.Database["password"] = get(c.Server.Database["password"])
-	}
-	if c.AWS != nil {
-		c.AWS.AccessKey = get(c.AWS.AccessKey)
-		c.AWS.SecretKey = get(c.AWS.SecretKey)
-	}
-	return errors.Wrap(errs, "errors reading from vault")
-}
-
 // ReadConfig parses a hcl configuration file into a Config struct.
 func ReadConfig(f string) (*Config, error) {
 	config := &Config{}
 	if err := scl.DecodeFile(config, f); err != nil {
 		return nil, errors.Wrapf(err, "unable to load config from file %s", f)
 	}
-	if err := setFromVault(config); err != nil {
-		return nil, err
-	}
 	setFromEnvironment(config)
 	if err := verifyConfig(config); err != nil {
 		return nil, errors.Wrap(err, "unable to verify config")
-- 
cgit v1.2.3