mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
3c81e75d79
This adds an access-control command that checks the policy enforcement for a given criteria using a configuration file and refactors the configuration validation command to include all configuration sources.
120 lines
3.8 KiB
Go
120 lines
3.8 KiB
Go
package validator
|
|
|
|
import (
|
|
"errors"
|
|
"fmt"
|
|
"strings"
|
|
|
|
"github.com/authelia/authelia/v4/internal/configuration/schema"
|
|
"github.com/authelia/authelia/v4/internal/utils"
|
|
)
|
|
|
|
// ValidateSession validates and update session configuration.
|
|
func ValidateSession(config *schema.SessionConfiguration, validator *schema.StructValidator) {
|
|
if config.Name == "" {
|
|
config.Name = schema.DefaultSessionConfiguration.Name
|
|
}
|
|
|
|
if config.Redis != nil {
|
|
if config.Redis.HighAvailability != nil {
|
|
validateRedisSentinel(config, validator)
|
|
} else {
|
|
validateRedis(config, validator)
|
|
}
|
|
}
|
|
|
|
validateSession(config, validator)
|
|
}
|
|
|
|
func validateSession(config *schema.SessionConfiguration, validator *schema.StructValidator) {
|
|
if config.Expiration == "" {
|
|
config.Expiration = schema.DefaultSessionConfiguration.Expiration // 1 hour.
|
|
} else if _, err := utils.ParseDurationString(config.Expiration); err != nil {
|
|
validator.Push(fmt.Errorf(errFmtSessionCouldNotParseDuration, "expiriation", err))
|
|
}
|
|
|
|
if config.Inactivity == "" {
|
|
config.Inactivity = schema.DefaultSessionConfiguration.Inactivity // 5 min.
|
|
} else if _, err := utils.ParseDurationString(config.Inactivity); err != nil {
|
|
validator.Push(fmt.Errorf(errFmtSessionCouldNotParseDuration, "inactivity", err))
|
|
}
|
|
|
|
if config.RememberMeDuration == "" {
|
|
config.RememberMeDuration = schema.DefaultSessionConfiguration.RememberMeDuration // 1 month.
|
|
} else if _, err := utils.ParseDurationString(config.RememberMeDuration); err != nil {
|
|
validator.Push(fmt.Errorf(errFmtSessionCouldNotParseDuration, "remember_me_duration", err))
|
|
}
|
|
|
|
if config.Domain == "" {
|
|
validator.Push(fmt.Errorf(errFmtSessionOptionRequired, "domain"))
|
|
}
|
|
|
|
if strings.HasPrefix(config.Domain, "*.") {
|
|
validator.Push(fmt.Errorf(errFmtSessionDomainMustBeRoot, config.Domain))
|
|
}
|
|
|
|
if config.SameSite == "" {
|
|
config.SameSite = schema.DefaultSessionConfiguration.SameSite
|
|
} else if !utils.IsStringInSlice(config.SameSite, validSessionSameSiteValues) {
|
|
validator.Push(fmt.Errorf(errFmtSessionSameSite, strings.Join(validSessionSameSiteValues, "', '"), config.SameSite))
|
|
}
|
|
}
|
|
|
|
func validateRedisCommon(config *schema.SessionConfiguration, validator *schema.StructValidator) {
|
|
if config.Secret == "" {
|
|
validator.Push(fmt.Errorf(errFmtSessionSecretRequired, "redis"))
|
|
}
|
|
}
|
|
|
|
func validateRedis(config *schema.SessionConfiguration, validator *schema.StructValidator) {
|
|
if config.Redis.Host == "" {
|
|
validator.Push(fmt.Errorf(errFmtSessionRedisHostRequired))
|
|
}
|
|
|
|
validateRedisCommon(config, validator)
|
|
|
|
if !strings.HasPrefix(config.Redis.Host, "/") && config.Redis.Port == 0 {
|
|
validator.Push(errors.New("A redis port different than 0 must be provided"))
|
|
} else if config.Redis.Port < 0 || config.Redis.Port > 65535 {
|
|
validator.Push(fmt.Errorf(errFmtSessionRedisPortRange, config.Redis.Port))
|
|
}
|
|
|
|
if config.Redis.MaximumActiveConnections <= 0 {
|
|
config.Redis.MaximumActiveConnections = 8
|
|
}
|
|
}
|
|
|
|
func validateRedisSentinel(config *schema.SessionConfiguration, validator *schema.StructValidator) {
|
|
if config.Redis.HighAvailability.SentinelName == "" {
|
|
validator.Push(fmt.Errorf(errFmtSessionRedisSentinelMissingName))
|
|
}
|
|
|
|
if config.Redis.Port == 0 {
|
|
config.Redis.Port = 26379
|
|
} else if config.Redis.Port < 0 || config.Redis.Port > 65535 {
|
|
validator.Push(fmt.Errorf(errFmtSessionRedisPortRange, config.Redis.Port))
|
|
}
|
|
|
|
if config.Redis.Host == "" && len(config.Redis.HighAvailability.Nodes) == 0 {
|
|
validator.Push(fmt.Errorf(errFmtSessionRedisHostOrNodesRequired))
|
|
}
|
|
|
|
validateRedisCommon(config, validator)
|
|
|
|
hostMissing := false
|
|
|
|
for i, node := range config.Redis.HighAvailability.Nodes {
|
|
if node.Host == "" {
|
|
hostMissing = true
|
|
}
|
|
|
|
if node.Port == 0 {
|
|
config.Redis.HighAvailability.Nodes[i].Port = 26379
|
|
}
|
|
}
|
|
|
|
if hostMissing {
|
|
validator.Push(fmt.Errorf(errFmtSessionRedisSentinelNodeHostMissing))
|
|
}
|
|
}
|