Add OIDC auth

1 files changed, 18 insertions, 62 deletions

diff --git a/main.go b/main.go
index 7b6362d..6852463 100644
--- a/main.go
+++ b/main.go
@@ -2,9 +2,11 @@ package main
 
 import (
 	"context"
+	_ "embed"
 	"log/slog"
 	"net/http"
 
+	"git.leonardobishop.net/instancer/pkg/auth"
 	"git.leonardobishop.net/instancer/pkg/deployer"
 	"git.leonardobishop.net/instancer/pkg/janitor"
 	"git.leonardobishop.net/instancer/pkg/registry"
@@ -21,71 +23,18 @@ type Config struct {
 
 	ImagePrefix        string `env:"IMAGE_PREFIX"`
 	ProxyContainerName string `env:"PROXY_CONTAINER_NAME"`
-}
-
-const startupMessage = `
- ,               .
-     ,   .                  .              .
-  .         .                     .       .
-  what's the worst that i can say?...
-        .                             .
-         .              .                  .
-                 .          .
-     .     ...things are better if i stay...
- .                   .              .
-      .         ,
-   .          ,     .                 .    ,
-   .              .                 .
-                     !       ,
-                     !                    .
-  ,           .      ^
-                    / \      .
- .                 /___\                ,
-        .         |=   =|           ,
-                . |     |
-                  |     |    ,
-,                 |     |
-                  |     |               .
-                  |     |
-  .      .        |     |       ,
-               ,  |     |                 .
-                  |     |
-                  |     |       .
-                 /|##!##|\
-  .             / |##!##| \
-               /  |##!##|  \     ,
-              |  / ^ | ^ \  |
-         .    | /  ( | )  \ |            ,
- ,    .       |/   ( | )   \|
-                  ((   ))
-                 ((  :  ))         .
-                 ((  :  ))
-           ,      ((   ))              .
-    .              (( ))       ,
-                    ( )
-                     .
-             .       .                    .
- ,                   .                 ,
-
-                    _    __
-                ___| |_ / _|
-               / __| __| |_
-  _           | (__| |_|  _|
- (_)_ __  ___| \___|\__|_|_   ___ ___ _ __
- | | '_ \/ __| __/ _` + "`" + ` | '_ \ / __/ _ \ '__|
- | | | | \__ \ || (_| | | | | (_|  __/ |
- |_|_| |_|___/\__\__,_|_| |_|\___\___|_|
 
-____^/\___^--____/\____O______________/\/\--
-   /\^   ^  ^    ^                  ^^ ^  '\
-         --           -            --  -
-   --  __                      ___--  ^  ^
+	OidcClientId          string `env:"OIDC_CLIENT_ID"`
+	OidcClientSecret      string `env:"OIDC_CLIENT_SECRET"`
+	OidcDiscoveryEndpoint string `env:"OIDC_DISCOVERY_ENDPOINT"`
+	OidcIdPName           string `env:"OIDC_IDP_NAME" envDefault:"OIDC"`
+	OidcCallbackProtocol  string `env:"OIDC_CALLBACK_PROTOCOL" envDefault:"https"`
+}
 
-`
+//go:embed startup.txt
+var startupMessage string
 
 func main() {
-	slog.Info(startupMessage)
-
 	var config Config
 
 	if err := env.Parse(&config); err != nil {
@@ -110,11 +59,18 @@ func main() {
 		panic(err)
 	}
 
+	oidcAuthProvider, err := auth.NewOIDCAuthProvider(config.OidcIdPName, config.OidcClientId, config.OidcClientSecret, config.OidcDiscoveryEndpoint, config.OidcCallbackProtocol+"://"+config.InstancerDomain+"/auth/callback")
+	if err != nil {
+		panic(err)
+	}
+
+	slog.Info(startupMessage)
+
 	slog.Info("staring janitor job")
 	go janitor.StartJanitor(context.Background(), &dockerDeployer)
 
 	slog.Info("starting http server")
-	err = http.ListenAndServe(":8080", web.NewMux(&registryClient, &dockerDeployer))
+	err = http.ListenAndServe(":8080", web.NewMux(&registryClient, &dockerDeployer, &oidcAuthProvider))
 	slog.Error("http server closing", "reason", err.Error())
 	slog.Info("so long and goodnight; so long and goodnight...")
 }