1
0
mirror of https://github.com/bitwarden/server.git synced 2024-12-28 17:57:37 +01:00
bitwarden-server/util/Setup/NginxConfigBuilder.cs
Chad Scharf 19b8d8281a
[EC-261] SCIM (#2105)
* scim project stub

* some scim models and v2 controllers

* implement some v2 scim endpoints

* fix spacing

* api key auth

* EC-261 - SCIM Org API Key and connection type config

* EC-261 - Fix lint errors/formatting

* updates for okta implementation testing

* fix var ref

* updates from testing with Okta

* implement scim context via provider parsing

* support single and list of ids for add/remove groups

* log ops not handled

* touch up scim context

* group list filtering

* EC-261 - Additional SCIM provider types

* EC-265 - UseScim flag and license update

* EC-265 - SCIM provider type of default (0)

* EC-265 - Add Scim URL and update connection validation

* EC-265 - Model validation and cleanup for SCIM keys

* implement scim org connection

* EC-265 - Ensure ServiceUrl is not persisted to DB

* EC-265 - Exclude provider type from DB if not configured

* EC-261 - EF Migrations for SCIM

* add docker builds for scim

* EC-261 - Fix failing permissions tests

* EC-261 - Fix unit tests and pgsql migrations

* Formatting fixes from linter

* EC-265 - Remove service URL from scim config

* EC-265 - Fix unit tests, removed wayward validation

* EC-265 - Require self-hosted for billing sync org conn

* EC-265 - Fix formatting issues - whitespace

* EC-261 - PR feedback and cleanup

* scim constants rename

* no scim settings right now

* update project name

* delete package lock

* update appsettings configs for scim

* use default scim provider for context

Co-authored-by: Kyle Spearrin <kyle.spearrin@gmail.com>
2022-07-14 15:58:48 -04:00

134 lines
5.1 KiB
C#

namespace Bit.Setup
{
public class NginxConfigBuilder
{
private const string ConfFile = "/bitwarden/nginx/default.conf";
private readonly Context _context;
public NginxConfigBuilder(Context context)
{
_context = context;
}
public void BuildForInstaller()
{
var model = new TemplateModel(_context);
if (model.Ssl && !_context.Config.SslManagedLetsEncrypt)
{
var sslPath = _context.Install.SelfSignedCert ?
$"/etc/ssl/self/{model.Domain}" : $"/etc/ssl/{model.Domain}";
_context.Config.SslCertificatePath = model.CertificatePath =
string.Concat(sslPath, "/", "certificate.crt");
_context.Config.SslKeyPath = model.KeyPath =
string.Concat(sslPath, "/", "private.key");
if (_context.Install.Trusted)
{
_context.Config.SslCaPath = model.CaPath =
string.Concat(sslPath, "/", "ca.crt");
}
if (_context.Install.DiffieHellman)
{
_context.Config.SslDiffieHellmanPath = model.DiffieHellmanPath =
string.Concat(sslPath, "/", "dhparam.pem");
}
}
Build(model);
}
public void BuildForUpdater()
{
var model = new TemplateModel(_context);
Build(model);
}
private void Build(TemplateModel model)
{
Directory.CreateDirectory("/bitwarden/nginx/");
Helpers.WriteLine(_context, "Building nginx config.");
if (!_context.Config.GenerateNginxConfig)
{
Helpers.WriteLine(_context, "...skipped");
return;
}
var template = Helpers.ReadTemplate("NginxConfig");
using (var sw = File.CreateText(ConfFile))
{
sw.WriteLine(template(model));
}
}
public class TemplateModel
{
public TemplateModel() { }
public TemplateModel(Context context)
{
Captcha = context.Config.Captcha;
Ssl = context.Config.Ssl;
EnableKeyConnector = context.Config.EnableKeyConnector;
EnableScim = context.Config.EnableScim;
Domain = context.Config.Domain;
Url = context.Config.Url;
RealIps = context.Config.RealIps;
ContentSecurityPolicy = string.Format(context.Config.NginxHeaderContentSecurityPolicy, Domain);
if (Ssl)
{
if (context.Config.SslManagedLetsEncrypt)
{
var sslPath = $"/etc/letsencrypt/live/{Domain}";
CertificatePath = CaPath = string.Concat(sslPath, "/", "fullchain.pem");
KeyPath = string.Concat(sslPath, "/", "privkey.pem");
DiffieHellmanPath = string.Concat(sslPath, "/", "dhparam.pem");
}
else
{
CertificatePath = context.Config.SslCertificatePath;
KeyPath = context.Config.SslKeyPath;
CaPath = context.Config.SslCaPath;
DiffieHellmanPath = context.Config.SslDiffieHellmanPath;
}
}
if (!string.IsNullOrWhiteSpace(context.Config.SslCiphersuites))
{
SslCiphers = context.Config.SslCiphersuites;
}
else
{
SslCiphers = "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:" +
"ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:" +
"ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:" +
"ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256";
}
if (!string.IsNullOrWhiteSpace(context.Config.SslVersions))
{
SslProtocols = context.Config.SslVersions;
}
else
{
SslProtocols = "TLSv1.2";
}
}
public bool Captcha { get; set; }
public bool Ssl { get; set; }
public bool EnableKeyConnector { get; set; }
public bool EnableScim { get; set; }
public string Domain { get; set; }
public string Url { get; set; }
public string CertificatePath { get; set; }
public string KeyPath { get; set; }
public string CaPath { get; set; }
public string DiffieHellmanPath { get; set; }
public string SslCiphers { get; set; }
public string SslProtocols { get; set; }
public string ContentSecurityPolicy { get; set; }
public List<string> RealIps { get; set; }
}
}
}