mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
347bd1be77
This adds an AES-GCM 256bit encryption layer for storage for sensitive items. This is only TOTP secrets for the time being but this may be expanded later. This will require a configuration change as per https://www.authelia.com/docs/configuration/migration.html#4330. Closes #682
85 lines
2.8 KiB
Go
85 lines
2.8 KiB
Go
package commands
|
|
|
|
import (
|
|
"github.com/authelia/authelia/v4/internal/authentication"
|
|
"github.com/authelia/authelia/v4/internal/authorization"
|
|
"github.com/authelia/authelia/v4/internal/middlewares"
|
|
"github.com/authelia/authelia/v4/internal/notification"
|
|
"github.com/authelia/authelia/v4/internal/ntp"
|
|
"github.com/authelia/authelia/v4/internal/oidc"
|
|
"github.com/authelia/authelia/v4/internal/regulation"
|
|
"github.com/authelia/authelia/v4/internal/session"
|
|
"github.com/authelia/authelia/v4/internal/storage"
|
|
"github.com/authelia/authelia/v4/internal/utils"
|
|
)
|
|
|
|
func getStorageProvider() (provider storage.Provider) {
|
|
switch {
|
|
case config.Storage.PostgreSQL != nil:
|
|
return storage.NewPostgreSQLProvider(*config.Storage.PostgreSQL, config.Storage.EncryptionKey)
|
|
case config.Storage.MySQL != nil:
|
|
return storage.NewMySQLProvider(*config.Storage.MySQL, config.Storage.EncryptionKey)
|
|
case config.Storage.Local != nil:
|
|
return storage.NewSQLiteProvider(config.Storage.Local.Path, config.Storage.EncryptionKey)
|
|
default:
|
|
return nil
|
|
}
|
|
}
|
|
|
|
func getProviders() (providers middlewares.Providers, warnings []error, errors []error) {
|
|
// TODO: Adjust this so the CertPool can be used like a provider.
|
|
autheliaCertPool, warnings, errors := utils.NewX509CertPool(config.CertificatesDirectory)
|
|
if len(warnings) != 0 || len(errors) != 0 {
|
|
return providers, warnings, errors
|
|
}
|
|
|
|
storageProvider := getStorageProvider()
|
|
|
|
var (
|
|
userProvider authentication.UserProvider
|
|
err error
|
|
)
|
|
|
|
switch {
|
|
case config.AuthenticationBackend.File != nil:
|
|
userProvider = authentication.NewFileUserProvider(config.AuthenticationBackend.File)
|
|
case config.AuthenticationBackend.LDAP != nil:
|
|
userProvider = authentication.NewLDAPUserProvider(config.AuthenticationBackend, autheliaCertPool)
|
|
}
|
|
|
|
var notifier notification.Notifier
|
|
|
|
switch {
|
|
case config.Notifier.SMTP != nil:
|
|
notifier = notification.NewSMTPNotifier(config.Notifier.SMTP, autheliaCertPool)
|
|
case config.Notifier.FileSystem != nil:
|
|
notifier = notification.NewFileNotifier(*config.Notifier.FileSystem)
|
|
}
|
|
|
|
var ntpProvider *ntp.Provider
|
|
if config.NTP != nil {
|
|
ntpProvider = ntp.NewProvider(config.NTP)
|
|
}
|
|
|
|
clock := utils.RealClock{}
|
|
authorizer := authorization.NewAuthorizer(config)
|
|
sessionProvider := session.NewProvider(config.Session, autheliaCertPool)
|
|
regulator := regulation.NewRegulator(config.Regulation, storageProvider, clock)
|
|
|
|
oidcProvider, err := oidc.NewOpenIDConnectProvider(config.IdentityProviders.OIDC)
|
|
if err != nil {
|
|
errors = append(errors, err)
|
|
}
|
|
|
|
return middlewares.Providers{
|
|
Authorizer: authorizer,
|
|
UserProvider: userProvider,
|
|
Regulator: regulator,
|
|
OpenIDConnect: oidcProvider,
|
|
StorageProvider: storageProvider,
|
|
NTP: ntpProvider,
|
|
Notifier: notifier,
|
|
SessionProvider: sessionProvider,
|
|
}, warnings, errors
|
|
}
|