From 4f1b2bf3100b1e054fd0caa49eae5d0b8dff3131 Mon Sep 17 00:00:00 2001
From: Per Larsson <p3rl@protonmail.com>
Date: Mon, 14 Nov 2022 09:44:02 +0100
Subject: Configure OpenID providers from cmd line and Lua cfg. (#189)

---
 zenserver/config.cpp | 42 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)

(limited to 'zenserver/config.cpp')

diff --git a/zenserver/config.cpp b/zenserver/config.cpp
index 7728ae670..9531a5251 100644
--- a/zenserver/config.cpp
+++ b/zenserver/config.cpp
@@ -155,6 +155,21 @@ ParseCliOptions(int argc, char* argv[], ZenServerOptions& ServerOptions)
 					   "128 bit AES encryption initialization vector",
 					   cxxopts::value<std::string>(ServerOptions.EncryptionIV),
 					   "");
+
+	std::string OpenIdProviderName;
+	options.add_option("security",
+					   "",
+					   "openid-provider-name",
+					   "Open ID provider name",
+					   cxxopts::value<std::string>(OpenIdProviderName),
+					   "Default");
+
+	std::string OpenIdProviderUrl;
+	options.add_option("security", "", "openid-provider-url", "Open ID provider URL", cxxopts::value<std::string>(OpenIdProviderUrl), "");
+
+	std::string OpenIdClientId;
+	options.add_option("security", "", "openid-client-id", "Open ID client ID", cxxopts::value<std::string>(OpenIdClientId), "");
+
 	options
 		.add_option("lifetime", "", "owner-pid", "Specify owning process id", cxxopts::value<int>(ServerOptions.OwnerPid), "<identifier>");
 	options.add_option("lifetime",
@@ -520,6 +535,17 @@ ParseCliOptions(int argc, char* argv[], ZenServerOptions& ServerOptions)
 		ServerOptions.ConfigFile					  = MakeSafePath(ConfigFile);
 		ServerOptions.UpstreamCacheConfig.CachePolicy = ParseUpstreamCachePolicy(UpstreamCachePolicyOptions);
 
+		if (OpenIdProviderUrl.empty() == false)
+		{
+			if (OpenIdClientId.empty())
+			{
+				throw cxxopts::OptionParseException("Invalid OpenID client ID");
+			}
+
+			ServerOptions.AuthConfig.OpenIdProviders.push_back(
+				{.Name = OpenIdProviderName, .Url = OpenIdProviderUrl, .ClientId = OpenIdClientId});
+		}
+
 		if (!ServerOptions.ConfigFile.empty())
 		{
 			ParseConfigFile(ServerOptions.ConfigFile, ServerOptions);
@@ -811,6 +837,22 @@ ParseConfigFile(const std::filesystem::path& Path, ZenServerOptions& ServerOptio
 
 		if (sol::optional<sol::table> SecurityConfig = lua["security"])
 		{
+			if (sol::optional<sol::table> OpenIdProviders = SecurityConfig.value()["openidproviders"])
+			{
+				for (const auto& Kv : OpenIdProviders.value())
+				{
+					if (sol::optional<sol::table> OpenIdProvider = Kv.second.as<sol::table>())
+					{
+						std::string Name	 = OpenIdProvider.value().get_or("name", std::string("Default"));
+						std::string Url		 = OpenIdProvider.value().get_or("url", std::string());
+						std::string ClientId = OpenIdProvider.value().get_or("clientid", std::string());
+
+						ServerOptions.AuthConfig.OpenIdProviders.push_back(
+							{.Name = std::move(Name), .Url = std::move(Url), .ClientId = std::move(ClientId)});
+					}
+				}
+			}
+
 			ServerOptions.EncryptionKey = SecurityConfig.value().get_or("encryptionaeskey", std::string());
 			ServerOptions.EncryptionIV	= SecurityConfig.value().get_or("encryptionaesiv", std::string());
 		}
-- 
cgit v1.2.3