From 04936a09d2db6c4722989288af617d789d33646a Mon Sep 17 00:00:00 2001 From: aeneasr Date: Fri, 2 Nov 2018 18:04:33 +0100 Subject: [PATCH 1/2] cmd: Add https option to token user command Closes #1147 Signed-off-by: aeneasr --- cmd/token_user.go | 31 ++++++++++++++++++++++++++++--- go.mod | 2 +- go.sum | 3 +++ 3 files changed, 32 insertions(+), 4 deletions(-) diff --git a/cmd/token_user.go b/cmd/token_user.go index a0a306e8c70..156f17b0d25 100644 --- a/cmd/token_user.go +++ b/cmd/token_user.go @@ -22,8 +22,11 @@ package cmd import ( "context" + "crypto/rand" + "crypto/rsa" "crypto/tls" "fmt" + "github.com/ory/x/tlsx" "net/http" "net/url" "os" @@ -56,6 +59,7 @@ var tokenUserCmd = &cobra.Command{ }}) } + isSSL := flagx.MustGetBool(cmd, "https") port := flagx.MustGetInt(cmd, "port") scopes := flagx.MustGetStringSlice(cmd, "scope") prompt := flagx.MustGetStringSlice(cmd, "prompt") @@ -73,7 +77,12 @@ var tokenUserCmd = &cobra.Command{ return } - serverLocation := fmt.Sprintf("http://127.0.0.1:%d/", port) + proto := "http" + if isSSL { + proto = "https" + } + + serverLocation := fmt.Sprintf("%s://127.0.0.1:%d/", proto, port) if redirectUrl == "" { redirectUrl = serverLocation + "callback" } @@ -124,7 +133,16 @@ var tokenUserCmd = &cobra.Command{ fmt.Printf("If your browser does not open automatically, navigate to:\n\n\t%s\n\n", serverLocation) r := httprouter.New() - server := &http.Server{Addr: fmt.Sprintf(":%d", port), Handler: r} + var tlsc *tls.Config + if isSSL { + key, err := rsa.GenerateKey(rand.Reader, 2048) + cmdx.Must(err, "Unable to generate RSA key pair: %s", err) + cert, err := tlsx.CreateSelfSignedTLSCertificate(key) + cmdx.Must(err, "Unable to generate self-signed TLS Certificate: %s", err) + tlsc = &tls.Config{Certificates: []tls.Certificate{*cert}} + } + + server := &http.Server{Addr: fmt.Sprintf(":%d", port), Handler: r, TLSConfig: tlsc} var shutdown = func() { time.Sleep(time.Second * 1) ctx, cancel := context.WithTimeout(context.Background(), time.Second*5) @@ -196,7 +214,13 @@ To initiate the flow, click the "Authorize Application" button.

go shutdown() }) - server.ListenAndServe() + + if isSSL { + server.ListenAndServeTLS("", "") + } else { + server.ListenAndServe() + } + }, } @@ -216,4 +240,5 @@ func init() { tokenUserCmd.Flags().String("auth-url", "", "Usually it is enough to specify the `endpoint` flag, but if you want to force the authorization url, use this flag") tokenUserCmd.Flags().String("token-url", "", "Usually it is enough to specify the `endpoint` flag, but if you want to force the token url, use this flag") tokenUserCmd.Flags().String("endpoint", os.Getenv("HYDRA_URL"), "Set the URL where ORY Hydra is hosted, defaults to environment variable HYDRA_URL") + tokenUserCmd.Flags().Bool("https", false, "Sets up HTTPS for the endpoint using a self-signed certificate which is re-generated every time you start this command") } diff --git a/go.mod b/go.mod index aeab2fcbccc..f563d20b6c0 100644 --- a/go.mod +++ b/go.mod @@ -24,7 +24,7 @@ require ( github.com/ory/graceful v0.1.0 github.com/ory/herodot v0.4.1 github.com/ory/sqlcon v0.0.7 - github.com/ory/x v0.0.27 + github.com/ory/x v0.0.28 github.com/pborman/uuid v1.2.0 github.com/phayes/freeport v0.0.0-20171002181615-b8543db493a5 github.com/pkg/errors v0.8.0 diff --git a/go.sum b/go.sum index f9d3c0674ac..67a1bd987a0 100644 --- a/go.sum +++ b/go.sum @@ -142,6 +142,7 @@ github.com/ory/fosite v0.26.2-0.20181031085642-2da976477fcd41493103ea478541d68ca github.com/ory/fosite v0.26.2-0.20181031085642-2da976477fcd41493103ea478541d68ca04083ae/go.mod h1:uttCRNB0lM7+BJFX7CC8Bqo9gAPrcpmA9Ezc80Trwuw= github.com/ory/fosite v0.26.2-0.20181031085642-e2441d231a19 h1:8jQrkb3nO4nG5Dzpb2fj1ksaSDE2DGhFIhPt1jFgK74= github.com/ory/fosite v0.26.2-0.20181031085642-e2441d231a19/go.mod h1:uttCRNB0lM7+BJFX7CC8Bqo9gAPrcpmA9Ezc80Trwuw= +github.com/ory/fosite v0.27.0 h1:QYHW+asgRRIw5uk8a42/VpiwMQqQMPwZ4TP4xKNIMEA= github.com/ory/fosite v0.27.0/go.mod h1:uttCRNB0lM7+BJFX7CC8Bqo9gAPrcpmA9Ezc80Trwuw= github.com/ory/go-convenience v0.1.0 h1:zouLKfF2GoSGnJwGq+PE/nJAE6dj2Zj5QlTgmMTsTS8= github.com/ory/go-convenience v0.1.0/go.mod h1:uEY/a60PL5c12nYz4V5cHY03IBmwIAEm8TWB0yn9KNs= @@ -160,6 +161,8 @@ github.com/ory/x v0.0.25/go.mod h1:ARp3iXjJhOEErlXHwUtfgVtEN1VnmW1ZxBZ0bw8eARk= github.com/ory/x v0.0.26/go.mod h1:ARp3iXjJhOEErlXHwUtfgVtEN1VnmW1ZxBZ0bw8eARk= github.com/ory/x v0.0.27 h1:Dk/vlehXkf7LJbg9Y9tw2tRp/dBmywWAIcJJtTQbchU= github.com/ory/x v0.0.27/go.mod h1:ARp3iXjJhOEErlXHwUtfgVtEN1VnmW1ZxBZ0bw8eARk= +github.com/ory/x v0.0.28 h1:clBcMxMu/c7pLQhoioliRlJ7y8te73BCQmdMHdG2DAE= +github.com/ory/x v0.0.28/go.mod h1:ARp3iXjJhOEErlXHwUtfgVtEN1VnmW1ZxBZ0bw8eARk= github.com/parnurzeal/gorequest v0.2.15/go.mod h1:3Kh2QUMJoqw3icWAecsyzkpY7UzRfDhbRdTjtNwNiUE= github.com/pborman/uuid v1.2.0 h1:J7Q5mO4ysT1dv8hyrUGHb9+ooztCXu1D8MY8DZYsu3g= github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= From 4a1f890ae275e32c9b7aa2a8e879a6851924e8ab Mon Sep 17 00:00:00 2001 From: aeneasr Date: Fri, 2 Nov 2018 18:07:25 +0100 Subject: [PATCH 2/2] u --- cmd/token_user.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/token_user.go b/cmd/token_user.go index 156f17b0d25..b5aadf31278 100644 --- a/cmd/token_user.go +++ b/cmd/token_user.go @@ -26,7 +26,6 @@ import ( "crypto/rsa" "crypto/tls" "fmt" - "github.com/ory/x/tlsx" "net/http" "net/url" "os" @@ -43,6 +42,7 @@ import ( "github.com/ory/x/cmdx" "github.com/ory/x/flagx" "github.com/ory/x/randx" + "github.com/ory/x/tlsx" ) // tokenUserCmd represents the token command