in lib/ic/ic.go [232:336]
func New(r *mux.Router, params *Options) *Service {
sh := &ServiceHandler{}
loginPageTmpl, err := httputils.TemplateFromFiles(loginPageFile, loginPageInfoFile)
if err != nil {
glog.Exitf("cannot create template for login page: %v", err)
}
clientLoginPageTmpl, err := httputils.TemplateFromFiles(clientLoginPageFile)
if err != nil {
glog.Exitf("cannot create template for client login page: %v", err)
}
infomationReleasePageTmpl, err := httputils.TemplateFromFiles(informationReleasePageFile)
if err != nil {
glog.Exitf("cannot create template for information release page: %v", err)
}
syncFreq := time.Minute
if params.HydraSyncFreq > 0 {
syncFreq = params.HydraSyncFreq
}
cliAcceptHandler, err := cli.NewAcceptHandler(params.Store, params.Encryption, "/identity")
if err != nil {
glog.Exitf("cli.NewAcceptHandler() failed: %v", err)
}
s := &Service{
store: params.Store,
Handler: sh,
httpClient: params.HTTPClient,
loginPageTmpl: loginPageTmpl,
clientLoginPageTmpl: clientLoginPageTmpl,
infomationReleasePageTmpl: infomationReleasePageTmpl,
startTime: time.Now().Unix(),
domain: params.Domain,
serviceName: params.ServiceName,
accountDomain: params.AccountDomain,
hydraAdminURL: params.HydraAdminURL,
hydraPublicURL: params.HydraPublicURL,
hydraPublicURLProxy: params.HydraPublicProxy,
encryption: params.Encryption,
signer: params.Signer,
logger: params.Logger,
skipInformationReleasePage: params.SkipInformationReleasePage,
useHydra: params.UseHydra,
hydraSyncFreq: syncFreq,
scim: scim.New(params.Store),
cliAcceptHandler: cliAcceptHandler,
consentDashboardURL: params.ConsentDashboardURL,
auditlogs: auditlogsapi.NewAuditLogs(params.SDLC, params.AuditLogProject, params.ServiceName),
}
if s.httpClient == nil {
s.httpClient = http.DefaultClient
}
if err := validateURLs(map[string]string{
"DOMAIN as URL": "https://" + params.Domain,
"ACCOUNT_DOMAIN as URL": "https://" + params.AccountDomain,
}); err != nil {
glog.Exitf(err.Error())
}
exists, err := configExists(params.Store)
if err != nil {
glog.Exitf("cannot use storage layer: %v", err)
}
if !exists {
if err = ImportConfig(params.Store, params.ServiceName, nil, true, true, true); err != nil {
glog.Exitf("cannot import configs to service %q: %v", params.ServiceName, err)
}
}
cfg, err := s.loadConfig(nil, storage.DefaultRealm)
if err != nil {
glog.Exitf("cannot load config: %v", err)
}
if err = s.checkConfigIntegrity(cfg); err != nil {
glog.Exitf("invalid config: %v", err)
}
secrets, err := s.loadSecrets(nil)
if err != nil {
glog.Exitf("cannot load client secrets: %v", err)
}
ctx := context.WithValue(context.Background(), oauth2.HTTPClient, s.httpClient)
for name, cfgIdp := range cfg.IdentityProviders {
_, err = s.getIssuerTranslator(ctx, cfgIdp.Issuer, cfg, secrets)
if err != nil {
glog.Infof("failed to create translator for issuer %q: %v", name, err)
}
}
if s.useHydra {
s.tokenProviders = append(s.tokenProviders, tokensapi.NewHydraTokenManager(s.hydraAdminURL, s.getIssuerString(), s.clients))
}
s.syncToHydra(cfg.Clients, secrets.ClientSecrets, 30*time.Second, nil)
a := authChecker{s: s}
checker := auth.NewChecker(s.logger, s.getIssuerString(), permissions.New(s.store), a.fetchClientSecrets, a.transformIdentity, false, nil)
s.checker = checker
sh.s = s
sh.Handler = r
registerHandlers(r, s)
return s
}