-
Notifications
You must be signed in to change notification settings - Fork 20
/
Copy pathconfig.rb
132 lines (108 loc) · 3.54 KB
/
config.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
# frozen_string_literal: true
require 'json'
require 'aws-sdk-secretsmanager'
require 'yaml'
module LoginGov
module OidcSinatra
# Class holding configuration for this sample app. Defaults come from
# .env via `#default_config`
class Config
def initialize()
@config = default_config
end
def idp_url
@config.fetch('idp_url')
end
def acr_values
@config.fetch('acr_values')
end
def redirect_uri
@config.fetch('redirect_uri')
end
def client_id
@config.fetch('client_id')
end
def client_id_pkce
@config.fetch('client_id_pkce')
end
def mock_irs_client_id
@config.fetch('mock_irs_client_id')
end
def redact_ssn?
@config.fetch('redact_ssn')
end
def cache_oidc_config?
@config.fetch('cache_oidc_config')
end
def vtr_disabled?
@config.fetch('vtr_disabled')
end
def vtr_enabled?
!vtr_disabled?
end
def eipp_allowed?
@config.fetch('eipp_allowed')
end
# @return [OpenSSL::PKey::RSA]
def sp_private_key
return @sp_private_key if @sp_private_key
key = ENV['sp_private_key'] || get_sp_private_key_raw(@config.fetch('sp_private_key_path'))
@sp_private_key = OpenSSL::PKey::RSA.new(key)
end
# Define the default configuration values.
#
# @return [Hash]
#
def default_config
data = {
'acr_values' => ENV['acr_values'] || 'http://idmanagement.gov/ns/assurance/ial/1',
'client_id' => ENV['client_id'] || 'urn:gov:gsa:openidconnect:sp:sinatra',
'client_id_pkce' => ENV['client_id_pkce'] || 'urn:gov:gsa:openidconnect:sp:sinatra_pkce',
'mock_irs_client_id' => ENV['mock_irs_client_id'] ||
'urn:gov:gsa:openidconnect:sp:mock_irs',
'redirect_uri' => ENV['redirect_uri'] || 'http://localhost:9292/',
'sp_private_key_path' => ENV['sp_private_key_path'] || './config/demo_sp.key',
'redact_ssn' => true,
'cache_oidc_config' => true,
'vtr_disabled' => ENV.fetch('vtr_disabled', 'false') == 'true',
'eipp_allowed' => ENV.fetch('eipp_allowed', 'false') == 'true',
}
# EC2 deployment defaults
env = ENV['idp_environment'] || 'int'
domain = ENV['idp_domain'] || 'identitysandbox.gov'
data['idp_url'] = ENV.fetch('idp_url', nil)
unless data['idp_url']
if env == 'prod'
data['idp_url'] = "https://secure.#{domain}"
else
data['idp_url'] = "https://idp.#{env}.#{domain}"
end
end
data['sp_private_key'] = ENV.fetch('sp_private_key', nil)
data
end
private
def get_sp_private_key_raw(path)
if path.start_with?('aws-secretsmanager:')
secret_id = path.split(':', 2).fetch(1)
opts = {}
smc = Aws::SecretsManager::Client.new(opts)
begin
return smc.get_secret_value(secret_id: secret_id).secret_string
rescue Aws::SecretsManager::Errors::ResourceNotFoundException
if ENV['deployed']
raise
end
end
warn "#{secret_id.inspect}: not found in AWS Secrets Manager, using demo key"
get_sp_private_key_raw(demo_private_key_path)
else
File.read(path)
end
end
def demo_private_key_path
"#{File.dirname(__FILE__)}/config/demo_sp.key"
end
end
end
end