Skip to content

Commit a443b9d

Browse files
author
Robert Schuh
committed
support additional parameters
1 parent 9f63124 commit a443b9d

File tree

1 file changed

+30
-12
lines changed

1 file changed

+30
-12
lines changed

main.go

Lines changed: 30 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -47,21 +47,40 @@ func init() {
4747
}
4848

4949
func main() {
50-
ll := logger.NewLogger(getenv("LOG_LEVEL", "info")) // "debug", "info", "warn", "error", "fatal"
50+
ll := logger.NewLogger(getEnv("LOG_LEVEL", "info")) // "debug", "info", "warn", "error", "fatal"
51+
52+
insecureSkipVerify := getEnv("INSECURE_SKIP_VERIFY", "false")
53+
caCertPath := os.Getenv("CACERT_PATH")
54+
55+
config := &tls.Config{}
5156

52-
insecureSkipVerify := getenv("INSECURE_SKIP_VERIFY", "false")
5357
if insecureSkipVerify == "true" {
54-
http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
58+
config.InsecureSkipVerify = true
5559
}
5660

57-
jwksPath := getenv("JWKS_PATH", "")
58-
jwksUrl := getenv("JWKS_URL", "")
61+
if len(caCertPath) > 0 {
62+
caCertPaths := strings.Split(caCertPath, ",")
63+
caCertPool := x509.NewCertPool()
64+
for _, path := range caCertPaths {
65+
caCert, err := os.ReadFile(path)
66+
if err != nil {
67+
continue
68+
}
69+
caCertPool.AppendCertsFromPEM(caCert)
70+
}
71+
config.RootCAs = caCertPool
72+
}
73+
74+
http.DefaultTransport.(*http.Transport).TLSClientConfig = config
75+
76+
jwksPath := getEnv("JWKS_PATH", "")
77+
jwksUrl := getEnv("JWKS_URL", "")
5978
if jwksUrl == "" && jwksPath == "" {
6079
ll.Fatalw("no JWKS_URL or JWKS_PATH")
6180
return
6281
}
6382

64-
server, err := newServer(ll, jwksPath, jwksUrl, getenv("COOKIE_NAME", ""), getenv("ALLOW_NO_QUERY_REQUIREMENTS", "false") == "true")
83+
server, err := newServer(ll, jwksPath, jwksUrl, getEnv("COOKIE_NAME", ""), getEnv("ALLOW_NO_QUERY_REQUIREMENTS", "false") == "true")
6584
if err != nil {
6685
ll.Fatalw("Couldn't initialize server", "err", err)
6786
}
@@ -70,7 +89,7 @@ func main() {
7089
http.HandleFunc("/validate", server.validate)
7190
http.HandleFunc("/healthz", func(w http.ResponseWriter, r *http.Request) { _, _ = fmt.Fprint(w, "OK") })
7291

73-
bindAddr := ":" + getenv("PORT", "8080")
92+
bindAddr := ":" + getEnv("PORT", "8080")
7493

7594
ll.Infow("Starting server", "addr", bindAddr)
7695
err = http.ListenAndServe(bindAddr, nil)
@@ -122,12 +141,11 @@ func newServer(logger logger.Logger, jwksPath string, jwksUrl string, cookieName
122141
}, nil
123142
}
124143

125-
func getenv(key, fallback string) string {
126-
value := os.Getenv(key)
127-
if len(value) == 0 {
128-
return fallback
144+
func getEnv(key, fallback string) string {
145+
if value, ok := os.LookupEnv(key); ok {
146+
return value
129147
}
130-
return value
148+
return fallback
131149
}
132150

133151
type statusWriter struct {

0 commit comments

Comments
 (0)