mirror of
https://github.com/bitwarden/server.git
synced 2024-11-25 12:45:18 +01:00
19b8d8281a
* scim project stub * some scim models and v2 controllers * implement some v2 scim endpoints * fix spacing * api key auth * EC-261 - SCIM Org API Key and connection type config * EC-261 - Fix lint errors/formatting * updates for okta implementation testing * fix var ref * updates from testing with Okta * implement scim context via provider parsing * support single and list of ids for add/remove groups * log ops not handled * touch up scim context * group list filtering * EC-261 - Additional SCIM provider types * EC-265 - UseScim flag and license update * EC-265 - SCIM provider type of default (0) * EC-265 - Add Scim URL and update connection validation * EC-265 - Model validation and cleanup for SCIM keys * implement scim org connection * EC-265 - Ensure ServiceUrl is not persisted to DB * EC-265 - Exclude provider type from DB if not configured * EC-261 - EF Migrations for SCIM * add docker builds for scim * EC-261 - Fix failing permissions tests * EC-261 - Fix unit tests and pgsql migrations * Formatting fixes from linter * EC-265 - Remove service URL from scim config * EC-265 - Fix unit tests, removed wayward validation * EC-265 - Require self-hosted for billing sync org conn * EC-265 - Fix formatting issues - whitespace * EC-261 - PR feedback and cleanup * scim constants rename * no scim settings right now * update project name * delete package lock * update appsettings configs for scim * use default scim provider for context Co-authored-by: Kyle Spearrin <kyle.spearrin@gmail.com>
134 lines
5.1 KiB
C#
134 lines
5.1 KiB
C#
namespace Bit.Setup
|
|
{
|
|
public class NginxConfigBuilder
|
|
{
|
|
private const string ConfFile = "/bitwarden/nginx/default.conf";
|
|
|
|
private readonly Context _context;
|
|
|
|
public NginxConfigBuilder(Context context)
|
|
{
|
|
_context = context;
|
|
}
|
|
|
|
public void BuildForInstaller()
|
|
{
|
|
var model = new TemplateModel(_context);
|
|
if (model.Ssl && !_context.Config.SslManagedLetsEncrypt)
|
|
{
|
|
var sslPath = _context.Install.SelfSignedCert ?
|
|
$"/etc/ssl/self/{model.Domain}" : $"/etc/ssl/{model.Domain}";
|
|
_context.Config.SslCertificatePath = model.CertificatePath =
|
|
string.Concat(sslPath, "/", "certificate.crt");
|
|
_context.Config.SslKeyPath = model.KeyPath =
|
|
string.Concat(sslPath, "/", "private.key");
|
|
if (_context.Install.Trusted)
|
|
{
|
|
_context.Config.SslCaPath = model.CaPath =
|
|
string.Concat(sslPath, "/", "ca.crt");
|
|
}
|
|
if (_context.Install.DiffieHellman)
|
|
{
|
|
_context.Config.SslDiffieHellmanPath = model.DiffieHellmanPath =
|
|
string.Concat(sslPath, "/", "dhparam.pem");
|
|
}
|
|
}
|
|
Build(model);
|
|
}
|
|
|
|
public void BuildForUpdater()
|
|
{
|
|
var model = new TemplateModel(_context);
|
|
Build(model);
|
|
}
|
|
|
|
private void Build(TemplateModel model)
|
|
{
|
|
Directory.CreateDirectory("/bitwarden/nginx/");
|
|
Helpers.WriteLine(_context, "Building nginx config.");
|
|
if (!_context.Config.GenerateNginxConfig)
|
|
{
|
|
Helpers.WriteLine(_context, "...skipped");
|
|
return;
|
|
}
|
|
|
|
var template = Helpers.ReadTemplate("NginxConfig");
|
|
using (var sw = File.CreateText(ConfFile))
|
|
{
|
|
sw.WriteLine(template(model));
|
|
}
|
|
}
|
|
|
|
public class TemplateModel
|
|
{
|
|
public TemplateModel() { }
|
|
|
|
public TemplateModel(Context context)
|
|
{
|
|
Captcha = context.Config.Captcha;
|
|
Ssl = context.Config.Ssl;
|
|
EnableKeyConnector = context.Config.EnableKeyConnector;
|
|
EnableScim = context.Config.EnableScim;
|
|
Domain = context.Config.Domain;
|
|
Url = context.Config.Url;
|
|
RealIps = context.Config.RealIps;
|
|
ContentSecurityPolicy = string.Format(context.Config.NginxHeaderContentSecurityPolicy, Domain);
|
|
|
|
if (Ssl)
|
|
{
|
|
if (context.Config.SslManagedLetsEncrypt)
|
|
{
|
|
var sslPath = $"/etc/letsencrypt/live/{Domain}";
|
|
CertificatePath = CaPath = string.Concat(sslPath, "/", "fullchain.pem");
|
|
KeyPath = string.Concat(sslPath, "/", "privkey.pem");
|
|
DiffieHellmanPath = string.Concat(sslPath, "/", "dhparam.pem");
|
|
}
|
|
else
|
|
{
|
|
CertificatePath = context.Config.SslCertificatePath;
|
|
KeyPath = context.Config.SslKeyPath;
|
|
CaPath = context.Config.SslCaPath;
|
|
DiffieHellmanPath = context.Config.SslDiffieHellmanPath;
|
|
}
|
|
}
|
|
|
|
if (!string.IsNullOrWhiteSpace(context.Config.SslCiphersuites))
|
|
{
|
|
SslCiphers = context.Config.SslCiphersuites;
|
|
}
|
|
else
|
|
{
|
|
SslCiphers = "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:" +
|
|
"ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:" +
|
|
"ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:" +
|
|
"ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256";
|
|
}
|
|
|
|
if (!string.IsNullOrWhiteSpace(context.Config.SslVersions))
|
|
{
|
|
SslProtocols = context.Config.SslVersions;
|
|
}
|
|
else
|
|
{
|
|
SslProtocols = "TLSv1.2";
|
|
}
|
|
}
|
|
|
|
public bool Captcha { get; set; }
|
|
public bool Ssl { get; set; }
|
|
public bool EnableKeyConnector { get; set; }
|
|
public bool EnableScim { get; set; }
|
|
public string Domain { get; set; }
|
|
public string Url { get; set; }
|
|
public string CertificatePath { get; set; }
|
|
public string KeyPath { get; set; }
|
|
public string CaPath { get; set; }
|
|
public string DiffieHellmanPath { get; set; }
|
|
public string SslCiphers { get; set; }
|
|
public string SslProtocols { get; set; }
|
|
public string ContentSecurityPolicy { get; set; }
|
|
public List<string> RealIps { get; set; }
|
|
}
|
|
}
|
|
}
|