From 31ed8c52629fb1e7d6c7e67a7f2d7eed2e48a4ae Mon Sep 17 00:00:00 2001 From: Vishal Dalwadi <51291657+VishalDalwadi@users.noreply.github.com> Date: Sun, 27 Jul 2025 08:29:14 +0530 Subject: [PATCH] Netmaker Desktop Session Duration (#3543) * feat(go): allow different session durations for client apps; * feat(go): assume call is from netdesk app if header absent; * feat(go): allow header; * feat(go): set client jwt validity duration on migration. --- auth/host_session.go | 2 +- config/config.go | 1 + controllers/controller.go | 1 + controllers/user.go | 13 +++++- logic/auth.go | 16 ++++++-- logic/jwts.go | 10 +++-- logic/settings.go | 32 ++++++++++----- migrate/migrate.go | 3 ++ models/settings.go | 75 ++++++++++++++++++---------------- models/ssocache.go | 1 + pro/auth/azure-ad.go | 19 +++++++-- pro/auth/github.go | 19 +++++++-- pro/auth/google.go | 19 +++++++-- pro/auth/headless_callback.go | 2 +- pro/auth/oidc.go | 18 ++++++-- servercfg/serverconf.go | 77 +---------------------------------- 16 files changed, 159 insertions(+), 149 deletions(-) diff --git a/auth/host_session.go b/auth/host_session.go index 6e01f7e9..128ad2c6 100644 --- a/auth/host_session.go +++ b/auth/host_session.go @@ -77,7 +77,7 @@ func SessionHandler(conn *websocket.Conn) { _, err := logic.VerifyAuthRequest(models.UserAuthParams{ UserName: registerMessage.User, Password: registerMessage.Password, - }) + }, logic.NetclientApp) if err != nil { err = conn.WriteMessage(websocket.CloseMessage, websocket.FormatCloseMessage(websocket.CloseNormalClosure, "")) if err != nil { diff --git a/config/config.go b/config/config.go index f39f77c3..e4bf7543 100644 --- a/config/config.go +++ b/config/config.go @@ -89,6 +89,7 @@ type ServerConfig struct { DeployedByOperator bool `yaml:"deployed_by_operator"` Environment string `yaml:"environment"` JwtValidityDuration time.Duration `yaml:"jwt_validity_duration" swaggertype:"primitive,integer" format:"int64"` + JwtValidityDurationClients time.Duration `yaml:"jwt_validity_duration_clients" swaggertype:"primitive,integer" format:"int64"` RacRestrictToSingleNetwork bool `yaml:"rac_restrict_to_single_network"` CacheEnabled string `yaml:"caching_enabled"` EndpointDetection bool `yaml:"endpoint_detection"` diff --git a/controllers/controller.go b/controllers/controller.go index 6b891ced..d5b6e215 100644 --- a/controllers/controller.go +++ b/controllers/controller.go @@ -56,6 +56,7 @@ func HandleRESTRequests(wg *sync.WaitGroup, ctx context.Context) { "Content-Type", "authorization", "From-Ui", + "X-Application-Name", }, ) originsOk := handlers.AllowedOrigins(strings.Split(servercfg.GetAllowedOrigin(), ",")) diff --git a/controllers/user.go b/controllers/user.go index 01e5fac1..852767c9 100644 --- a/controllers/user.go +++ b/controllers/user.go @@ -253,6 +253,10 @@ func deleteUserAccessTokens(w http.ResponseWriter, r *http.Request) { // @Failure 401 {object} models.ErrorResponse // @Failure 500 {object} models.ErrorResponse func authenticateUser(response http.ResponseWriter, request *http.Request) { + appName := request.Header.Get("X-Application-Name") + if appName == "" { + appName = logic.NetmakerDesktopApp + } // Auth request consists of Mac Address and Password (from node that is authorizing // in case of Master, auth is ignored and mac is set to "mastermac" @@ -343,7 +347,7 @@ func authenticateUser(response http.ResponseWriter, request *http.Request) { } username := authRequest.UserName - jwt, err := logic.VerifyAuthRequest(authRequest) + jwt, err := logic.VerifyAuthRequest(authRequest, appName) if err != nil { logger.Log(0, username, "user validation failed: ", err.Error()) @@ -576,6 +580,11 @@ func completeTOTPSetup(w http.ResponseWriter, r *http.Request) { func verifyTOTP(w http.ResponseWriter, r *http.Request) { username := r.Header.Get("user") + appName := r.Header.Get("X-Application-Name") + if appName == "" { + appName = logic.NetmakerDesktopApp + } + var req models.UserTOTPVerificationParams err := json.NewDecoder(r.Body).Decode(&req) if err != nil { @@ -601,7 +610,7 @@ func verifyTOTP(w http.ResponseWriter, r *http.Request) { } if totp.Validate(req.TOTP, user.TOTPSecret) { - jwt, err := logic.CreateUserJWT(user.UserName, user.PlatformRoleID) + jwt, err := logic.CreateUserJWT(user.UserName, user.PlatformRoleID, appName) if err != nil { err = fmt.Errorf("error creating token: %v", err) logger.Log(0, err.Error()) diff --git a/logic/auth.go b/logic/auth.go index c8c0709a..d7ad94d8 100644 --- a/logic/auth.go +++ b/logic/auth.go @@ -24,6 +24,12 @@ const ( auth_key = "netmaker_auth" ) +const ( + DashboardApp = "dashboard" + NetclientApp = "netclient" + NetmakerDesktopApp = "netmaker-desktop" +) + var ( superUser = models.User{} ) @@ -178,7 +184,8 @@ func CreateUser(user *models.User) error { user.AuthType = models.OAuth } AddGlobalNetRolesToAdmins(user) - _, err = CreateUserJWT(user.UserName, user.PlatformRoleID) + // create user will always be called either from API or Dashboard. + _, err = CreateUserJWT(user.UserName, user.PlatformRoleID, DashboardApp) if err != nil { logger.Log(0, "failed to generate token", err.Error()) return err @@ -212,7 +219,7 @@ func CreateSuperAdmin(u *models.User) error { } // VerifyAuthRequest - verifies an auth request -func VerifyAuthRequest(authRequest models.UserAuthParams) (string, error) { +func VerifyAuthRequest(authRequest models.UserAuthParams, appName string) (string, error) { var result models.User if authRequest.UserName == "" { return "", errors.New("username can't be empty") @@ -245,7 +252,7 @@ func VerifyAuthRequest(authRequest models.UserAuthParams) (string, error) { return tokenString, nil } else { // Create a new JWT for the node - tokenString, err := CreateUserJWT(authRequest.UserName, result.PlatformRoleID) + tokenString, err := CreateUserJWT(authRequest.UserName, result.PlatformRoleID, appName) if err != nil { slog.Error("error creating jwt", "error", err) return "", err @@ -483,8 +490,9 @@ func GetState(state string) (*models.SsoState, error) { } // SetState - sets a state with new expiration -func SetState(state string) error { +func SetState(appName, state string) error { s := models.SsoState{ + AppName: appName, Value: state, Expiration: time.Now().Add(models.DefaultExpDuration), } diff --git a/logic/jwts.go b/logic/jwts.go index 784ae49b..d5315efd 100644 --- a/logic/jwts.go +++ b/logic/jwts.go @@ -83,9 +83,13 @@ func CreateUserAccessJwtToken(username string, role models.UserRoleID, d time.Ti } // CreateUserJWT - creates a user jwt token -func CreateUserJWT(username string, role models.UserRoleID) (response string, err error) { - settings := GetServerSettings() - expirationTime := time.Now().Add(time.Duration(settings.JwtValidityDuration) * time.Minute) +func CreateUserJWT(username string, role models.UserRoleID, appName string) (response string, err error) { + duration := GetJwtValidityDuration() + if appName == NetclientApp || appName == NetmakerDesktopApp { + duration = GetJwtValidityDurationForClients() + } + + expirationTime := time.Now().Add(duration) claims := &models.UserClaims{ UserName: username, Role: role, diff --git a/logic/settings.go b/logic/settings.go index 632e5c39..961aca1e 100644 --- a/logic/settings.go +++ b/logic/settings.go @@ -52,16 +52,19 @@ func ValidateNewSettings(req models.ServerSettings) bool { func GetServerSettingsFromEnv() (s models.ServerSettings) { s = models.ServerSettings{ - NetclientAutoUpdate: servercfg.AutoUpdateEnabled(), - Verbosity: servercfg.GetVerbosity(), - AuthProvider: os.Getenv("AUTH_PROVIDER"), - OIDCIssuer: os.Getenv("OIDC_ISSUER"), - ClientID: os.Getenv("CLIENT_ID"), - ClientSecret: os.Getenv("CLIENT_SECRET"), - AzureTenant: servercfg.GetAzureTenant(), - Telemetry: servercfg.Telemetry(), - BasicAuth: servercfg.IsBasicAuthEnabled(), - JwtValidityDuration: servercfg.GetJwtValidityDurationFromEnv() / 60, + NetclientAutoUpdate: servercfg.AutoUpdateEnabled(), + Verbosity: servercfg.GetVerbosity(), + AuthProvider: os.Getenv("AUTH_PROVIDER"), + OIDCIssuer: os.Getenv("OIDC_ISSUER"), + ClientID: os.Getenv("CLIENT_ID"), + ClientSecret: os.Getenv("CLIENT_SECRET"), + AzureTenant: servercfg.GetAzureTenant(), + Telemetry: servercfg.Telemetry(), + BasicAuth: servercfg.IsBasicAuthEnabled(), + JwtValidityDuration: servercfg.GetJwtValidityDurationFromEnv() / 60, + // setting client's jwt validity duration to be the same as that of + // dashboard. + JwtValidityDurationClients: servercfg.GetJwtValidityDurationFromEnv() / 60, RacRestrictToSingleNetwork: servercfg.GetRacRestrictToSingleNetwork(), EndpointDetection: servercfg.IsEndpointDetectionEnabled(), AllowedEmailDomains: servercfg.GetAllowedEmailDomains(), @@ -139,6 +142,7 @@ func GetServerConfig() config.ServerConfig { cfg.IsPro = "yes" } cfg.JwtValidityDuration = time.Duration(settings.JwtValidityDuration) * time.Minute + cfg.JwtValidityDurationClients = time.Duration(settings.JwtValidityDurationClients) * time.Minute cfg.RacRestrictToSingleNetwork = settings.RacRestrictToSingleNetwork cfg.MetricInterval = settings.MetricInterval cfg.ManageDNS = settings.ManageDNS @@ -201,7 +205,13 @@ func Telemetry() string { // GetJwtValidityDuration - returns the JWT validity duration in minutes func GetJwtValidityDuration() time.Duration { - return GetServerConfig().JwtValidityDuration + return time.Duration(GetServerSettings().JwtValidityDuration) * time.Minute +} + +// GetJwtValidityDurationForClients returns the JWT validity duration in +// minutes for clients. +func GetJwtValidityDurationForClients() time.Duration { + return time.Duration(GetServerSettings().JwtValidityDurationClients) * time.Minute } // GetRacRestrictToSingleNetwork - returns whether the feature to allow simultaneous network connections via RAC is enabled diff --git a/migrate/migrate.go b/migrate/migrate.go index 2e156ef6..27ef8a00 100644 --- a/migrate/migrate.go +++ b/migrate/migrate.go @@ -641,5 +641,8 @@ func settings() { if settings.DefaultDomain == "" { settings.DefaultDomain = servercfg.GetDefaultDomain() } + if settings.JwtValidityDurationClients == 0 { + settings.JwtValidityDurationClients = servercfg.GetJwtValidityDurationFromEnv() / 60 + } logic.UpsertServerSettings(settings) } diff --git a/models/settings.go b/models/settings.go index 8e5f7781..0328886a 100644 --- a/models/settings.go +++ b/models/settings.go @@ -9,39 +9,44 @@ const ( ) type ServerSettings struct { - NetclientAutoUpdate bool `json:"netclientautoupdate"` - Verbosity int32 `json:"verbosity"` - AuthProvider string `json:"authprovider"` - OIDCIssuer string `json:"oidcissuer"` - ClientID string `json:"client_id"` - ClientSecret string `json:"client_secret"` - SyncEnabled bool `json:"sync_enabled"` - GoogleAdminEmail string `json:"google_admin_email"` - GoogleSACredsJson string `json:"google_sa_creds_json"` - AzureTenant string `json:"azure_tenant"` - UserFilters []string `json:"user_filters"` - GroupFilters []string `json:"group_filters"` - IDPSyncInterval string `json:"idp_sync_interval"` - Telemetry string `json:"telemetry"` - BasicAuth bool `json:"basic_auth"` - JwtValidityDuration int `json:"jwt_validity_duration"` - MFAEnforced bool `json:"mfa_enforced"` - RacRestrictToSingleNetwork bool `json:"rac_restrict_to_single_network"` - EndpointDetection bool `json:"endpoint_detection"` - AllowedEmailDomains string `json:"allowed_email_domains"` - EmailSenderAddr string `json:"email_sender_addr"` - EmailSenderUser string `json:"email_sender_user"` - EmailSenderPassword string `json:"email_sender_password"` - SmtpHost string `json:"smtp_host"` - SmtpPort int `json:"smtp_port"` - MetricInterval string `json:"metric_interval"` - MetricsPort int `json:"metrics_port"` - ManageDNS bool `json:"manage_dns"` - DefaultDomain string `json:"default_domain"` - Stun bool `json:"stun"` - StunServers string `json:"stun_servers"` - Theme Theme `json:"theme"` - TextSize string `json:"text_size"` - ReducedMotion bool `json:"reduced_motion"` - AuditLogsRetentionPeriodInDays int `json:"audit_logs_retention_period"` + NetclientAutoUpdate bool `json:"netclientautoupdate"` + Verbosity int32 `json:"verbosity"` + AuthProvider string `json:"authprovider"` + OIDCIssuer string `json:"oidcissuer"` + ClientID string `json:"client_id"` + ClientSecret string `json:"client_secret"` + SyncEnabled bool `json:"sync_enabled"` + GoogleAdminEmail string `json:"google_admin_email"` + GoogleSACredsJson string `json:"google_sa_creds_json"` + AzureTenant string `json:"azure_tenant"` + UserFilters []string `json:"user_filters"` + GroupFilters []string `json:"group_filters"` + IDPSyncInterval string `json:"idp_sync_interval"` + Telemetry string `json:"telemetry"` + BasicAuth bool `json:"basic_auth"` + // JwtValidityDuration is the validity duration of auth tokens for users + // on the dashboard (NMUI). + JwtValidityDuration int `json:"jwt_validity_duration"` + // JwtValidityDurationClients is the validity duration of auth tokens for + // users on the clients (NetDesk). + JwtValidityDurationClients int `json:"jwt_validity_duration_clients"` + MFAEnforced bool `json:"mfa_enforced"` + RacRestrictToSingleNetwork bool `json:"rac_restrict_to_single_network"` + EndpointDetection bool `json:"endpoint_detection"` + AllowedEmailDomains string `json:"allowed_email_domains"` + EmailSenderAddr string `json:"email_sender_addr"` + EmailSenderUser string `json:"email_sender_user"` + EmailSenderPassword string `json:"email_sender_password"` + SmtpHost string `json:"smtp_host"` + SmtpPort int `json:"smtp_port"` + MetricInterval string `json:"metric_interval"` + MetricsPort int `json:"metrics_port"` + ManageDNS bool `json:"manage_dns"` + DefaultDomain string `json:"default_domain"` + Stun bool `json:"stun"` + StunServers string `json:"stun_servers"` + Theme Theme `json:"theme"` + TextSize string `json:"text_size"` + ReducedMotion bool `json:"reduced_motion"` + AuditLogsRetentionPeriodInDays int `json:"audit_logs_retention_period"` } diff --git a/models/ssocache.go b/models/ssocache.go index 90e61285..e71f1be9 100644 --- a/models/ssocache.go +++ b/models/ssocache.go @@ -7,6 +7,7 @@ const DefaultExpDuration = time.Minute * 5 // SsoState - holds SSO sign-in session data type SsoState struct { + AppName string `json:"app_name"` Value string `json:"value"` Expiration time.Time `json:"expiration"` } diff --git a/pro/auth/azure-ad.go b/pro/auth/azure-ad.go index e5d9d4a8..ff5c1191 100644 --- a/pro/auth/azure-ad.go +++ b/pro/auth/azure-ad.go @@ -40,13 +40,18 @@ func initAzureAD(redirectURL string, clientID string, clientSecret string) { } func handleAzureLogin(w http.ResponseWriter, r *http.Request) { + appName := r.Header.Get("X-Application-Name") + if appName == "" { + appName = logic.NetmakerDesktopApp + } + var oauth_state_string = logic.RandomString(user_signin_length) if auth_provider == nil { handleOauthNotConfigured(w) return } - if err := logic.SetState(oauth_state_string); err != nil { + if err := logic.SetState(appName, oauth_state_string); err != nil { handleOauthNotConfigured(w) return } @@ -56,9 +61,15 @@ func handleAzureLogin(w http.ResponseWriter, r *http.Request) { } func handleAzureCallback(w http.ResponseWriter, r *http.Request) { - var rState, rCode = getStateAndCode(r) - var content, err = getAzureUserInfo(rState, rCode) + + state, err := logic.GetState(rState) + if err != nil { + handleOauthNotValid(w) + return + } + + content, err := getAzureUserInfo(rState, rCode) if err != nil { logger.Log(1, "error when getting user info from azure:", err.Error()) if strings.Contains(err.Error(), "invalid oauth state") || strings.Contains(err.Error(), "failed to fetch user email from SSO state") { @@ -179,7 +190,7 @@ func handleAzureCallback(w http.ResponseWriter, r *http.Request) { Password: newPass, } - var jwt, jwtErr = logic.VerifyAuthRequest(authRequest) + var jwt, jwtErr = logic.VerifyAuthRequest(authRequest, state.AppName) if jwtErr != nil { logger.Log(1, "could not parse jwt for user", authRequest.UserName) return diff --git a/pro/auth/github.go b/pro/auth/github.go index 1bd8cc63..4147b1e8 100644 --- a/pro/auth/github.go +++ b/pro/auth/github.go @@ -40,13 +40,18 @@ func initGithub(redirectURL string, clientID string, clientSecret string) { } func handleGithubLogin(w http.ResponseWriter, r *http.Request) { + appName := r.Header.Get("X-Application-Name") + if appName == "" { + appName = logic.NetmakerDesktopApp + } + var oauth_state_string = logic.RandomString(user_signin_length) if auth_provider == nil { handleOauthNotConfigured(w) return } - if err := logic.SetState(oauth_state_string); err != nil { + if err := logic.SetState(appName, oauth_state_string); err != nil { handleOauthNotConfigured(w) return } @@ -56,9 +61,15 @@ func handleGithubLogin(w http.ResponseWriter, r *http.Request) { } func handleGithubCallback(w http.ResponseWriter, r *http.Request) { - var rState, rCode = getStateAndCode(r) - var content, err = getGithubUserInfo(rState, rCode) + + state, err := logic.GetState(rState) + if err != nil { + handleOauthNotValid(w) + return + } + + content, err := getGithubUserInfo(rState, rCode) if err != nil { logger.Log(1, "error when getting user info from github:", err.Error()) if strings.Contains(err.Error(), "invalid oauth state") || strings.Contains(err.Error(), "failed to fetch user email from SSO state") { @@ -170,7 +181,7 @@ func handleGithubCallback(w http.ResponseWriter, r *http.Request) { Password: newPass, } - var jwt, jwtErr = logic.VerifyAuthRequest(authRequest) + var jwt, jwtErr = logic.VerifyAuthRequest(authRequest, state.AppName) if jwtErr != nil { logger.Log(1, "could not parse jwt for user", authRequest.UserName) return diff --git a/pro/auth/google.go b/pro/auth/google.go index e127edee..c132af44 100644 --- a/pro/auth/google.go +++ b/pro/auth/google.go @@ -40,13 +40,18 @@ func initGoogle(redirectURL string, clientID string, clientSecret string) { } func handleGoogleLogin(w http.ResponseWriter, r *http.Request) { + appName := r.Header.Get("X-Application-Name") + if appName == "" { + appName = logic.NetmakerDesktopApp + } + var oauth_state_string = logic.RandomString(user_signin_length) if auth_provider == nil { handleOauthNotConfigured(w) return } logger.Log(0, "Setting OAuth State ", oauth_state_string) - if err := logic.SetState(oauth_state_string); err != nil { + if err := logic.SetState(appName, oauth_state_string); err != nil { handleOauthNotConfigured(w) return } @@ -56,10 +61,16 @@ func handleGoogleLogin(w http.ResponseWriter, r *http.Request) { } func handleGoogleCallback(w http.ResponseWriter, r *http.Request) { - var rState, rCode = getStateAndCode(r) logger.Log(0, "Fetched OAuth State ", rState) - var content, err = getGoogleUserInfo(rState, rCode) + + state, err := logic.GetState(rState) + if err != nil { + handleOauthNotValid(w) + return + } + + content, err := getGoogleUserInfo(rState, rCode) if err != nil { logger.Log(1, "error when getting user info from google:", err.Error()) if strings.Contains(err.Error(), "invalid oauth state") { @@ -162,7 +173,7 @@ func handleGoogleCallback(w http.ResponseWriter, r *http.Request) { Password: newPass, } - var jwt, jwtErr = logic.VerifyAuthRequest(authRequest) + var jwt, jwtErr = logic.VerifyAuthRequest(authRequest, state.AppName) if jwtErr != nil { logger.Log(1, "could not parse jwt for user", authRequest.UserName) return diff --git a/pro/auth/headless_callback.go b/pro/auth/headless_callback.go index c039a54a..bf1fcfff 100644 --- a/pro/auth/headless_callback.go +++ b/pro/auth/headless_callback.go @@ -86,7 +86,7 @@ func HandleHeadlessSSOCallback(w http.ResponseWriter, r *http.Request) { jwt, jwtErr := logic.VerifyAuthRequest(models.UserAuthParams{ UserName: user.UserName, Password: newPass, - }) + }, logic.NetclientApp) if jwtErr != nil { logger.Log(1, "could not parse jwt for user", userClaims.getUserName()) return diff --git a/pro/auth/oidc.go b/pro/auth/oidc.go index d88cb4eb..feb58dfd 100644 --- a/pro/auth/oidc.go +++ b/pro/auth/oidc.go @@ -52,13 +52,18 @@ func initOIDC(redirectURL string, clientID string, clientSecret string, issuer s } func handleOIDCLogin(w http.ResponseWriter, r *http.Request) { + appName := r.Header.Get("X-Application-Name") + if appName == "" { + appName = logic.NetmakerDesktopApp + } + var oauth_state_string = logic.RandomString(user_signin_length) if auth_provider == nil { handleOauthNotConfigured(w) return } - if err := logic.SetState(oauth_state_string); err != nil { + if err := logic.SetState(appName, oauth_state_string); err != nil { handleOauthNotConfigured(w) return } @@ -67,10 +72,15 @@ func handleOIDCLogin(w http.ResponseWriter, r *http.Request) { } func handleOIDCCallback(w http.ResponseWriter, r *http.Request) { - var rState, rCode = getStateAndCode(r) - var content, err = getOIDCUserInfo(rState, rCode) + state, err := logic.GetState(rState) + if err != nil { + handleOauthNotValid(w) + return + } + + content, err := getOIDCUserInfo(rState, rCode) if err != nil { logger.Log(1, "error when getting user info from callback:", err.Error()) if strings.Contains(err.Error(), "invalid oauth state") { @@ -170,7 +180,7 @@ func handleOIDCCallback(w http.ResponseWriter, r *http.Request) { Password: newPass, } - var jwt, jwtErr = logic.VerifyAuthRequest(authRequest) + var jwt, jwtErr = logic.VerifyAuthRequest(authRequest, state.AppName) if jwtErr != nil { logger.Log(1, "could not parse jwt for user", authRequest.UserName, jwtErr.Error()) return diff --git a/servercfg/serverconf.go b/servercfg/serverconf.go index ab78cbb9..e77583e6 100644 --- a/servercfg/serverconf.go +++ b/servercfg/serverconf.go @@ -38,82 +38,7 @@ func SetHost() error { return nil } -// GetServerConfig - gets the server config into memory from file or env -func GetServerConfig() config.ServerConfig { - var cfg config.ServerConfig - cfg.APIConnString = GetAPIConnString() - cfg.CoreDNSAddr = GetCoreDNSAddr() - cfg.APIHost = GetAPIHost() - cfg.APIPort = GetAPIPort() - cfg.MasterKey = "(hidden)" - cfg.DNSKey = "(hidden)" - cfg.AllowedOrigin = GetAllowedOrigin() - cfg.RestBackend = "off" - cfg.NodeID = GetNodeID() - cfg.BrokerType = GetBrokerType() - cfg.EmqxRestEndpoint = GetEmqxRestEndpoint() - if AutoUpdateEnabled() { - cfg.NetclientAutoUpdate = "enabled" - } else { - cfg.NetclientAutoUpdate = "disabled" - } - if IsRestBackend() { - cfg.RestBackend = "on" - } - cfg.DNSMode = "off" - if IsDNSMode() { - cfg.DNSMode = "on" - } - cfg.DisplayKeys = "off" - if IsDisplayKeys() { - cfg.DisplayKeys = "on" - } - cfg.DisableRemoteIPCheck = "off" - if DisableRemoteIPCheck() { - cfg.DisableRemoteIPCheck = "on" - } - cfg.Database = GetDB() - cfg.Platform = GetPlatform() - cfg.Version = GetVersion() - cfg.PublicIp = GetServerHostIP() - - // == auth config == - var authInfo = GetAuthProviderInfo() - cfg.AuthProvider = authInfo[0] - cfg.ClientID = authInfo[1] - cfg.ClientSecret = authInfo[2] - cfg.FrontendURL = GetFrontendURL() - cfg.Telemetry = Telemetry() - cfg.Server = GetServer() - cfg.Verbosity = GetVerbosity() - cfg.IsPro = "no" - if IsPro { - cfg.IsPro = "yes" - } - cfg.JwtValidityDuration = GetJwtValidityDuration() - cfg.RacRestrictToSingleNetwork = GetRacRestrictToSingleNetwork() - cfg.MetricInterval = GetMetricInterval() - cfg.ManageDNS = GetManageDNS() - cfg.Stun = IsStunEnabled() - cfg.StunServers = GetStunServers() - cfg.DefaultDomain = GetDefaultDomain() - return cfg -} - -// GetJwtValidityDuration - returns the JWT validity duration in seconds -func GetJwtValidityDuration() time.Duration { - var defaultDuration = time.Duration(24) * time.Hour - if os.Getenv("JWT_VALIDITY_DURATION") != "" { - t, err := strconv.Atoi(os.Getenv("JWT_VALIDITY_DURATION")) - if err != nil { - return defaultDuration - } - return time.Duration(t) * time.Second - } - return defaultDuration -} - -// GetJwtValidityDuration - returns the JWT validity duration in seconds +// GetJwtValidityDurationFromEnv - returns the JWT validity duration in seconds func GetJwtValidityDurationFromEnv() int { var defaultDuration = 43200 if os.Getenv("JWT_VALIDITY_DURATION") != "" {