fix(casdoor): use certificate path instead to address env issue #584

0xJacky · Oct 6, 2024 · 20e55e7 · 20e55e7
1 parent 4d1adac
commit 20e55e7
Show file tree

Hide file tree

Showing 9 changed files with 62 additions and 52 deletions.
diff --git a/api/user/casdoor.go b/api/user/casdoor.go
@@ -11,6 +11,7 @@ import (
 	"gorm.io/gorm"
 	"net/http"
 	"net/url"
+	"os"
 )
 
 type CasdoorLoginUser struct {
@@ -29,17 +30,24 @@ func CasdoorCallback(c *gin.Context) {
 	endpoint := settings.CasdoorSettings.Endpoint
 	clientId := settings.CasdoorSettings.ClientId
 	clientSecret := settings.CasdoorSettings.ClientSecret
-	certificate := settings.CasdoorSettings.Certificate
+	certificatePath := settings.CasdoorSettings.CertificatePath
 	organization := settings.CasdoorSettings.Organization
 	application := settings.CasdoorSettings.Application
-	if endpoint == "" || clientId == "" || clientSecret == "" || certificate == "" || organization == "" || application == "" {
+	if endpoint == "" || clientId == "" || clientSecret == "" || certificatePath == "" ||
+		organization == "" || application == "" {
 		c.JSON(http.StatusInternalServerError, gin.H{
 			"message": "Casdoor is not configured",
 		})
 		return
 	}
 
-	casdoorsdk.InitConfig(endpoint, clientId, clientSecret, certificate, organization, application)
+	certBytes, err := os.ReadFile(certificatePath)
+	if err != nil {
+		api.ErrHandler(c, err)
+		return
+	}
+
+	casdoorsdk.InitConfig(endpoint, clientId, clientSecret, string(certBytes), organization, application)
 
 	token, err := casdoorsdk.GetOAuthToken(loginUser.Code, loginUser.State)
 	if err != nil {
@@ -93,6 +101,8 @@ func GetCasdoorUri(c *gin.Context) {
 	encodedRedirectUri := url.QueryEscape(redirectUri)
 
 	c.JSON(http.StatusOK, gin.H{
-		"uri": fmt.Sprintf("%s/login/oauth/authorize?client_id=%s&response_type=code&redirect_uri=%s&state=%s&scope=read", endpoint, clientId, encodedRedirectUri, state),
+		"uri": fmt.Sprintf(
+			"%s/login/oauth/authorize?client_id=%s&response_type=code&redirect_uri=%s&state=%s&scope=read",
+			endpoint, clientId, encodedRedirectUri, state),
 	})
 }
diff --git a/docs/guide/config-casdoor.md b/docs/guide/config-casdoor.md
@@ -21,10 +21,10 @@ It is used to identify your application during the authentication process.
 This is the Client Secret generated by Casdoor for your application.
 It is necessary to keep your application secure.
 
-## Certificate
+## CertificatePath
 - Type: `string`
 
-This is the certificate used during the authentication process.
+This is the path of the certificate used during the authentication process.
 Make sure it is valid and trusted.
 
 ## Organization

diff --git a/docs/guide/env.md b/docs/guide/env.md
@@ -47,15 +47,15 @@ Applicable for version v2.0.0-beta.23 and above.
 
 ## Casdoor
 
-| Configuration Setting | Environment Variable           |
-|-----------------------|--------------------------------|
-| Endpoint              | NGINX_UI_CASDOOR_ENDPOINT      |
-| ClientId              | NGINX_UI_CASDOOR_CLIENT_ID     |
-| ClientSecret          | NGINX_UI_CASDOOR_CLIENT_SECRET |
-| Certificate           | NGINX_UI_CASDOOR_CERTIFICATE   |
-| Organization          | NGINX_UI_CASDOOR_ORGANIZATION  |
-| Application           | NGINX_UI_CASDOOR_APPLICATION   |
-| RedirectUri           | NGINX_UI_CASDOOR_REDIRECT_URI  |
+| Configuration Setting | Environment Variable              |
+|-----------------------|-----------------------------------|
+| Endpoint              | NGINX_UI_CASDOOR_ENDPOINT         |
+| ClientId              | NGINX_UI_CASDOOR_CLIENT_ID        |
+| ClientSecret          | NGINX_UI_CASDOOR_CLIENT_SECRET    |
+| CertificatePath       | NGINX_UI_CASDOOR_CERTIFICATE_PATH |
+| Organization          | NGINX_UI_CASDOOR_ORGANIZATION     |
+| Application           | NGINX_UI_CASDOOR_APPLICATION      |
+| RedirectUri           | NGINX_UI_CASDOOR_REDIRECT_URI     |
 
 ## Logrotate
 

diff --git a/docs/zh_CN/guide/config-casdoor.md b/docs/zh_CN/guide/config-casdoor.md
@@ -18,10 +18,10 @@ Casdoor 是一个强大的、全面的身份认证解决方案，支持 OAuth 2.
 
 这是 Casdoor 为您的应用生成的客户端密钥。它是保持您的应用安全所必需的。
 
-## Certificate
+## CertificatePath
 - 类型：`string`
 
-这是用于身份验证过程中的证书。确保它是有效和可信的。
+这是用于身份验证过程中的证书的路径。确保它是有效和可信的。
 
 ## Organization
 - 类型：`string`

diff --git a/docs/zh_CN/guide/env.md b/docs/zh_CN/guide/env.md
@@ -46,15 +46,15 @@
 
 ## Casdoor
 
-| Configuration Setting         | Environment Variable                  |
-| ----------------------------- | ------------------------------------- |
-| Endpoint                      | NGINX_UI_CASDOOR_ENDPOINT             |
-| ClientId                      | NGINX_UI_CASDOOR_CLIENT_ID            |
-| ClientSecret                  | NGINX_UI_CASDOOR_CLIENT_SECRET        |
-| Certificate                   | NGINX_UI_CASDOOR_CERTIFICATE          |
-| Organization                  | NGINX_UI_CASDOOR_ORGANIZATION         |
-| Application                   | NGINX_UI_CASDOOR_APPLICATION          |
-| RedirectUri                   | NGINX_UI_CASDOOR_REDIRECT_URI         |
+| Configuration Setting | Environment Variable              |
+|-----------------------|-----------------------------------|
+| Endpoint              | NGINX_UI_CASDOOR_ENDPOINT         |
+| ClientId              | NGINX_UI_CASDOOR_CLIENT_ID        |
+| ClientSecret          | NGINX_UI_CASDOOR_CLIENT_SECRET    |
+| CertificatePath       | NGINX_UI_CASDOOR_CERTIFICATE_PATH |
+| Organization          | NGINX_UI_CASDOOR_ORGANIZATION     |
+| Application           | NGINX_UI_CASDOOR_APPLICATION      |
+| RedirectUri           | NGINX_UI_CASDOOR_REDIRECT_URI     |
 
 ## Logrotate
 

diff --git a/docs/zh_TW/guide/config-casdoor.md b/docs/zh_TW/guide/config-casdoor.md
@@ -21,7 +21,7 @@ Casdoor 是一個強大的、全面的身份認證解決方案，支持 OAuth 2.
 ## Certificate
 - 類型：`string`
 
-這是用於身份驗證過程中的證書。確保它是有效和可信的。
+這是用於身份驗證過程中的證書的路徑。確保它是有效和可信的。
 
 ## Organization
 - 類型：`string`

diff --git a/docs/zh_TW/guide/env.md b/docs/zh_TW/guide/env.md
@@ -46,15 +46,15 @@
 
 ## Casdoor
 
-| Configuration Setting         | Environment Variable                  |
-| ----------------------------- | ------------------------------------- |
-| Endpoint                      | NGINX_UI_CASDOOR_ENDPOINT             |
-| ClientId                      | NGINX_UI_CASDOOR_CLIENT_ID            |
-| ClientSecret                  | NGINX_UI_CASDOOR_CLIENT_SECRET        |
-| Certificate                   | NGINX_UI_CASDOOR_CERTIFICATE          |
-| Organization                  | NGINX_UI_CASDOOR_ORGANIZATION         |
-| Application                   | NGINX_UI_CASDOOR_APPLICATION          |
-| RedirectUri                   | NGINX_UI_CASDOOR_REDIRECT_URI         |
+| Configuration Setting | Environment Variable              |
+|-----------------------|-----------------------------------|
+| Endpoint              | NGINX_UI_CASDOOR_ENDPOINT         |
+| ClientId              | NGINX_UI_CASDOOR_CLIENT_ID        |
+| ClientSecret          | NGINX_UI_CASDOOR_CLIENT_SECRET    |
+| CertificatePath       | NGINX_UI_CASDOOR_CERTIFICATE_PATH |
+| Organization          | NGINX_UI_CASDOOR_ORGANIZATION     |
+| Application           | NGINX_UI_CASDOOR_APPLICATION      |
+| RedirectUri           | NGINX_UI_CASDOOR_REDIRECT_URI     |
 
 ## Logrotate
 

diff --git a/settings/casdoor.go b/settings/casdoor.go
@@ -1,21 +1,21 @@
 package settings
 
 type Casdoor struct {
-	Endpoint     string `json:"endpoint" protected:"true"`
-	ClientId     string `json:"client_id" protected:"true"`
-	ClientSecret string `json:"client_secret" protected:"true"`
-	Certificate  string `json:"certificate" protected:"true"`
-	Organization string `json:"organization" protected:"true"`
-	Application  string `json:"application" protected:"true"`
-	RedirectUri  string `json:"redirect_uri" protected:"true"`
+	Endpoint        string `json:"endpoint" protected:"true"`
+	ClientId        string `json:"client_id" protected:"true"`
+	ClientSecret    string `json:"client_secret" protected:"true"`
+	CertificatePath string `json:"certificate_path" protected:"true"`
+	Organization    string `json:"organization" protected:"true"`
+	Application     string `json:"application" protected:"true"`
+	RedirectUri     string `json:"redirect_uri" protected:"true"`
 }
 
 var CasdoorSettings = Casdoor{
-	Endpoint:     "",
-	ClientId:     "",
-	ClientSecret: "",
-	Certificate:  "",
-	Organization: "",
-	Application:  "",
-	RedirectUri:  "",
+	Endpoint:        "",
+	ClientId:        "",
+	ClientSecret:    "",
+	CertificatePath: "",
+	Organization:    "",
+	Application:     "",
+	RedirectUri:     "",
 }
diff --git a/settings/settings_test.go b/settings/settings_test.go
@@ -44,7 +44,7 @@ func TestSetup(t *testing.T) {
 	_ = os.Setenv("NGINX_UI_CASDOOR_ENDPOINT", "https://casdoor.example.com")
 	_ = os.Setenv("NGINX_UI_CASDOOR_CLIENT_ID", "clientId")
 	_ = os.Setenv("NGINX_UI_CASDOOR_CLIENT_SECRET", "clientSecret")
-	_ = os.Setenv("NGINX_UI_CASDOOR_CERTIFICATE", "cert.pem")
+	_ = os.Setenv("NGINX_UI_CASDOOR_CERTIFICATE_PATH", "cert.pem")
 	_ = os.Setenv("NGINX_UI_CASDOOR_ORGANIZATION", "org1")
 	_ = os.Setenv("NGINX_UI_CASDOOR_APPLICATION", "app1")
 	_ = os.Setenv("NGINX_UI_CASDOOR_REDIRECT_URI", "https://redirect.example.com")
@@ -93,7 +93,7 @@ func TestSetup(t *testing.T) {
 	assert.Equal(t, "https://casdoor.example.com", CasdoorSettings.Endpoint)
 	assert.Equal(t, "clientId", CasdoorSettings.ClientId)
 	assert.Equal(t, "clientSecret", CasdoorSettings.ClientSecret)
-	assert.Equal(t, "cert.pem", CasdoorSettings.Certificate)
+	assert.Equal(t, "cert.pem", CasdoorSettings.CertificatePath)
 	assert.Equal(t, "org1", CasdoorSettings.Organization)
 	assert.Equal(t, "app1", CasdoorSettings.Application)
 	assert.Equal(t, "https://redirect.example.com", CasdoorSettings.RedirectUri)