fix: auth config not loaded expectedly

internal/app/app.go

@@ -84,16 +84,20 @@ func initEcho(ctx context.Context, cfg *ServerConfig) *echo.Echo {
 	}))
 
 	// auth srv
-	auth := e.Group("")
-	authEndPoints(ctx, e, auth, cfg)
+	if !cfg.Config.AuthSrv.Disabled {
+		auth := e.Group("")
+		authEndPoints(ctx, e, auth, cfg)
+	}
 
 	// apis
 	api := e.Group("/api")
 	api.GET("/ping", Ping())
-	api.POST("/signup", Signup())
-	api.POST("/signup/verify", StartSignupVerify())
-	api.POST("/signup/verify/:code", SignupVerify())
-	api.POST("/password-reset", PasswordReset())
+	if cfg.Config.AuthSrv.Disabled {
+		api.POST("/signup", Signup())
+		api.POST("/signup/verify", StartSignupVerify())
+		api.POST("/signup/verify/:code", SignupVerify())
+		api.POST("/password-reset", PasswordReset())
+	}
 	api.GET("/published/:name", PublishedMetadata())
 	api.GET("/published_data/:name", PublishedData())
 
@@ -107,7 +111,7 @@ func initEcho(ctx context.Context, cfg *ServerConfig) *echo.Echo {
 	published.GET("/:name/", PublishedIndex())
 
 	serveFiles(e, cfg.Gateways.File)
-	web(e, cfg.Config.Web, cfg.Config.Auth0)
+	web(e, cfg.Config.Web, cfg.Config.Auths())
 
 	return e
 }

internal/app/config.go

@@ -10,32 +10,40 @@ import (
 	"github.com/caos/oidc/pkg/op"
 	"github.com/joho/godotenv"
 	"github.com/kelseyhightower/envconfig"
+	"github.com/reearth/reearth-backend/pkg/auth"
 	"github.com/reearth/reearth-backend/pkg/log"
 )
 
 const configPrefix = "reearth"
 
 type Config struct {
-	Port         string `default:"8080" envconfig:"PORT"`
-	Dev          bool
-	DB           string `default:"mongodb://localhost"`
-	Auth0        Auth0Config
-	AuthSrv      AuthSrvConfig
-	Auth         AuthConfigs
-	Mailer       string
-	SMTP         SMTPConfig
-	SendGrid     SendGridConfig
-	GraphQL      GraphQLConfig
-	Published    PublishedConfig
-	GCPProject   string `envconfig:"GOOGLE_CLOUD_PROJECT"`
-	Profiler     string
-	Tracer       string
-	TracerSample float64
-	GCS          GCSConfig
-	AssetBaseURL string `default:"http://localhost:8080/assets"`
-	Origins      []string
-	Web          WebConfig
-	SignupSecret string
+	Port           string `default:"8080" envconfig:"PORT"`
+	Dev            bool
+	DB             string `default:"mongodb://localhost"`
+	Mailer         string
+	SMTP           SMTPConfig
+	SendGrid       SendGridConfig
+	GraphQL        GraphQLConfig
+	Published      PublishedConfig
+	GCPProject     string `envconfig:"GOOGLE_CLOUD_PROJECT"`
+	Profiler       string
+	Tracer         string
+	TracerSample   float64
+	GCS            GCSConfig
+	AssetBaseURL   string `default:"http://localhost:8080/assets"`
+	Origins        []string
+	Web            WebConfig
+	SignupSecret   string
+	SignupDisabled bool
+	// auth
+	Auth          AuthConfigs
+	Auth0         Auth0Config
+	AuthSrv       AuthSrvConfig
+	Auth_ISS      string
+	Auth_AUD      string
+	Auth_ALG      *string
+	Auth_TTL      *int
+	Auth_ClientID *string
 }
 
 type Auth0Config struct {
@@ -47,13 +55,32 @@ type Auth0Config struct {
 }
 
 type AuthSrvConfig struct {
+	Disabled bool
 	Domain   string `default:"http://localhost:8080"`
 	UIDomain string `default:"http://localhost:8080"`
 	Key      string
-	DN       *AuthDNConfig
+	DN       *AuthSrvDNConfig
 }
 
-type AuthDNConfig struct {
+func (c AuthSrvConfig) AuthConfig(debug bool) *AuthConfig {
+	if c.Disabled {
+		return nil
+	}
+	var aud []string
+	if debug {
+		aud = []string{"http://localhost:8080", c.Domain}
+	} else {
+		aud = []string{c.Domain}
+	}
+	clientID := auth.ClientID
+	return &AuthConfig{
+		ISS:      c.Domain,
+		AUD:      aud,
+		ClientID: &clientID,
+	}
+}
+
+type AuthSrvDNConfig struct {
 	CN         string
 	O          []string
 	OU         []string
@@ -123,11 +150,27 @@ func (c Config) Print() string {
 	return s
 }
 
-func (c Config) Auths() []AuthConfig {
+func (c Config) Auths() (res []AuthConfig) {
 	if ac := c.Auth0.AuthConfig(); ac != nil {
-		return append(c.Auth, *ac)
+		res = append(res, *ac)
+	}
+	if c.Auth_ISS != "" {
+		var aud []string
+		if len(c.Auth_AUD) > 0 {
+			aud = append(aud, c.Auth_AUD)
+		}
+		res = append(res, AuthConfig{
+			ISS:      c.Auth_ISS,
+			AUD:      aud,
+			ALG:      c.Auth_ALG,
+			TTL:      c.Auth_TTL,
+			ClientID: c.Auth_ClientID,
+		})
+	}
+	if ac := c.AuthSrv.AuthConfig(c.Dev); ac != nil {
+		res = append(res, *ac)
 	}
-	return c.Auth
+	return append(res, c.Auth...)
 }
 
 func (c Auth0Config) AuthConfig() *AuthConfig {
@@ -152,16 +195,21 @@ func (c Auth0Config) AuthConfig() *AuthConfig {
 }
 
 type AuthConfig struct {
-	ISS string
-	AUD []string
-	ALG *string
-	TTL *int
+	ISS      string
+	AUD      []string
+	ALG      *string
+	TTL      *int
+	ClientID *string
 }
 
 type AuthConfigs []AuthConfig
 
 // Decode is a custom decoder for AuthConfigs
 func (ipd *AuthConfigs) Decode(value string) error {
+	if value == "" {
+		return nil
+	}
+
 	var providers []AuthConfig
 
 	err := json.Unmarshal([]byte(value), &providers)

internal/app/config_test.go

@@ -19,3 +19,14 @@ func TestAuth0Config_AuthConfig(t *testing.T) {
 		Audience: "xxx",
 	}.AuthConfig())
 }
+
+func TestReadConfig(t *testing.T) {
+	t.Setenv("REEARTH_AUTH", `[{"iss":"bar"}]`)
+	t.Setenv("REEARTH_AUTH_ISS", "hoge")
+	t.Setenv("REEARTH_AUTH_AUD", "foo")
+	cfg, err := ReadConfig(false)
+	assert.NoError(t, err)
+	assert.Equal(t, AuthConfigs([]AuthConfig{{ISS: "bar"}}), cfg.Auth)
+	assert.Equal(t, "hoge", cfg.Auth_ISS)
+	assert.Equal(t, "foo", cfg.Auth_AUD)
+}

internal/app/web.go

@@ -10,22 +10,25 @@ import (
 
 type WebConfig map[string]string
 
-func web(e *echo.Echo, wc WebConfig, ac Auth0Config) {
+func web(e *echo.Echo, wc WebConfig, a []AuthConfig) {
 	if _, err := os.Stat("web"); err != nil {
 		return // web won't be delivered
 	}
 
 	e.Logger.Info("web: web directory will be delivered\n")
 
 	config := map[string]string{}
-	if ac.Domain != "" {
-		config["auth0Domain"] = ac.Domain
-	}
-	if ac.WebClientID != "" {
-		config["auth0ClientId"] = ac.WebClientID
-	}
-	if ac.Audience != "" {
-		config["auth0Audience"] = ac.Audience
+	if len(a) > 0 {
+		ac := a[0]
+		if ac.ISS != "" {
+			config["auth0Domain"] = ac.ISS
+		}
+		if ac.ClientID != nil {
+			config["auth0ClientId"] = *ac.ClientID
+		}
+		if len(ac.AUD) > 0 {
+			config["auth0Audience"] = ac.AUD[0]
+		}
 	}
 	for k, v := range wc {
 		config[k] = v

internal/usecase/interactor/auth.go

@@ -63,7 +63,6 @@ var dummyName = pkix.Name{
 }
 
 func NewAuthStorage(ctx context.Context, cfg *StorageConfig, request repo.AuthRequest, config repo.Config, getUserBySubject func(context.Context, string) (*user.User, error)) (op.Storage, error) {
-
 	client := auth.NewLocalClient(cfg.Debug, cfg.ClientDomain)
 
 	name := dummyName
@@ -127,7 +126,6 @@ func NewAuthStorage(ctx context.Context, cfg *StorageConfig, request repo.AuthRe
 }
 
 func initKeys(keyBytes, certBytes []byte) (*rsa.PrivateKey, *jose.SigningKey, *jose.JSONWebKeySet, error) {
-
 	block, _ := pem.Decode(keyBytes)
 	if block == nil {
 		return nil, nil, nil, fmt.Errorf("failed to decode the key bytes")
@@ -255,7 +253,6 @@ func (s *AuthStorage) AuthRequestBySubject(ctx context.Context, subject string)
 }
 
 func (s *AuthStorage) SaveAuthCode(ctx context.Context, requestID, code string) error {
-
 	request, err := s.AuthRequestByID(ctx, requestID)
 	if err != nil {
 		return err

pkg/auth/client.go

@@ -8,6 +8,8 @@ import (
 	"github.com/caos/oidc/pkg/op"
 )
 
+const ClientID = "01FH69GFQ4DFCXS5XD91JK4HZ1"
+
 type Client struct {
 	id                 string
 	applicationType    op.ApplicationType
@@ -26,7 +28,7 @@ type Client struct {
 
 func NewLocalClient(devMode bool, clientDomain string) op.Client {
 	return &Client{
-		id:              "01FH69GFQ4DFCXS5XD91JK4HZ1",
+		id:              ClientID,
 		applicationType: op.ApplicationTypeWeb,
 		authMethod:      oidc.AuthMethodNone,
 		accessTokenType: op.AccessTokenTypeJWT,