go – icod.de Webentwicklung

19. April 2024

Beware of ent (entgo.io)

If you’re using Go, you’ve likely heard of ent. Some Ex-Facebook employee maintaining and developing an open source version of the public version of Meta’s entity framework for Go.

Well there’s a catch.
Migrations.

They sweet talk you in their documentation to use Atlas. Ariga’s Atlas, not the MongoDB one.
But Atlas is a proprietary cloud offering.
There might be a free tier, but who cares?
You have to give other parties access to your schema, if you want to containerize your binary or even if you’re not distributing your schema with your binary. Not just your schema, also your database.

To me that is a breach of trust.

That is “open source” software being used as bait for a lock-in cloud offering.

#go #golang #ent #scam #foss

7. July 20227. July 2022

Golang get openid-connect userinfo

It might not be news to you, but this will explain a little bit about Go, making http requests and parsing the result.

OpenID-Connect (oidc) is an identity protocol, you could call it an Oauth2 dialect. It manages your users per realm, well not the protocol but the server does.
Every oidc idp (identity provider aka server) should support the oidc discovery feature.
What is a good OIDC IDP? Keycloak for instance, because it’s free.
Essentially it’s a well known URI that provides information about this IDP or this IDP’s realm in JSON.
The “.well-known/openid-configuration” is appended to the IDP.
To see a live one you could navigate to https://connect.icod.de/auth/realms/testrealm/.well-known/openid-configuration

It lists all the endpoints this server handles and supported grant types and much much more.

I’ve been working with websockets lately and faced the challenge that websockets don’t support passing HTTP headers,
so I had to log in with the token my frontend received by the IDP. And for security reasons this had to be the raw token, not the parsed subject field, because it’s not cryptographically protected.
This means I had to ask the IDP if the token I had received was valid and extract the subject from it.

The below code is the 1st version of how I did it.
It queries the openid-connect discovery document, since the structure was unknown to me, I decoded the response body from the request into a map[string]interface{}.
However in retrospect, I could’ve defined a struct with only the single requested variable in it:

type DiscoveryDocument struct {
	UserinfoEndpoint string `json:"userinfo_endpoint"`
}

type DiscoveryDocument struct {

UserinfoEndpoint string `json:"userinfo_endpoint"`

}

Then this userinfo endpoint is queried with the Accesstoken passed as a Bearer token in the Authorization header.
The result is decoded into the UserInfo struct instance and returned by the function.

I use spew, which is a very helpful tool to display the content of the returned variable.

package main

import (
	"encoding/json"
	"fmt"
	"log"
	"net/http"
	
	"github.com/davecgh/go-spew/spew"
)

type UserInfo struct {
	Subject string `json:"sub"`
	Email string `json:"email"`
	EmailVerified bool `json:"email_verified"`
	Name string `json:"name"`
	FamilyName string `json:"family_name"`
	GivenName string `json:"given_name"`
	PreferredUsername string `json:"preferred_username"`
}

func main() {
		token := "ey...paste your token here"
		discoveryURL := "https://localhost:8080/auth/realms/testrealm/.well-known/openid-configuration"
		userInfo := getUserInfo(token, discoveryURL)
		spew.Dump(userInfo)
}

func getUserInfo(token, discoveryURL string) *UserInfo {
	rsp, e := http.Get(discoveryURL)
	if e != nil {
		log.Println("getUserInfo: could not connect to oidc idp", e.Error())
		return nil
	}
	rspbody := make(map[string]interface{})
	dec := json.NewDecoder(rsp.Body)
	if e := dec.Decode(&rspbody); e != nil {
		log.Println("getUserInfo: decode oidc response body", e.Error())
		return nil
	}
	uie := rspbody["userinfo_endpoint"].(string)
	client := http.DefaultClient
	uireq, e := http.NewRequest(http.MethodGet, uie, nil)
	if e != nil {
		log.Println("getUserInfo: NewRequest error", e.Error())
		return nil
	}
	uireq.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token))
	uirsp, e := client.Do(uireq)
	if e != nil {
		log.Println("getUserInfo: could not connect to oidc userinfo endpoint", e.Error())
		return nil
	}
	userinfo := new(UserInfo)
	uidec := json.NewDecoder(uirsp.Body)
	if e := uidec.Decode(userinfo); e != nil {
		log.Println("getUserInfo: could not connect decode userinfo endpoint response body", e.Error())
		return nil
	}
	return userinfo
}

package main

import (

"encoding/json"

"fmt"

"log"

"net/http"

"github.com/davecgh/go-spew/spew"

)

type UserInfo struct {

Subject string `json:"sub"`

Email string `json:"email"`

EmailVerified bool `json:"email_verified"`

Name string `json:"name"`

FamilyName string `json:"family_name"`

GivenName string `json:"given_name"`

PreferredUsername string `json:"preferred_username"`

}

func main() {

token := "ey...paste your token here"

discoveryURL := "https://localhost:8080/auth/realms/testrealm/.well-known/openid-configuration"

userInfo := getUserInfo(token, discoveryURL)

spew.Dump(userInfo)

}

func getUserInfo(token, discoveryURL string) *UserInfo {

rsp, e := http.Get(discoveryURL)

if e != nil {

log.Println("getUserInfo: could not connect to oidc idp", e.Error())

return nil

}

rspbody := make(map[string]interface{})

dec := json.NewDecoder(rsp.Body)

if e := dec.Decode(&rspbody); e != nil {

log.Println("getUserInfo: decode oidc response body", e.Error())

return nil

}

uie := rspbody["userinfo_endpoint"].(string)

client := http.DefaultClient

uireq, e := http.NewRequest(http.MethodGet, uie, nil)

if e != nil {

log.Println("getUserInfo: NewRequest error", e.Error())

return nil

}

uireq.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token))

uirsp, e := client.Do(uireq)

if e != nil {

log.Println("getUserInfo: could not connect to oidc userinfo endpoint", e.Error())

return nil

}

userinfo := new(UserInfo)

uidec := json.NewDecoder(uirsp.Body)

if e := uidec.Decode(userinfo); e != nil {

log.Println("getUserInfo: could not connect decode userinfo endpoint response body", e.Error())

return nil

}

return userinfo

}

14. November 202118. October 2022

Using gin with pongo2/v4 or v5 and embedded templates

You’d like to use pongo2/v4 with gin and embed templates with go:embed.

I’m using cobra for my cli parsing and commands.
So

mkdir -p ~/go/src/git.icod.de/dalu/ui
cd ~/go/src/git.icod.de/dalu/ui
cobra init --pkg-name git.icod.de/dalu/ui
cobra add ui

mkdir -p ~/go/src/git.icod.de/dalu/ui

cd ~/go/src/git.icod.de/dalu/ui

cobra init --pkg-name git.icod.de/dalu/ui

cobra add ui

edit cmd/ui.go

package cmd

import (
	"errors"
	"fmt"
	"io/fs"
	"os"
	"strings"

	"<your pkg path>/ui"
	"code.icod.de/dalu/ginpongo2/v5"
	"github.com/flosch/pongo2/v5"
	"github.com/gin-gonic/gin"
	"github.com/spf13/cobra"
)

const (
	prefixTCP  = "tcp:"
	prefixUNIX = "unix:"
)

var (
	uiDebug bool
	uiAddr  string
)

// uiCmd represents the ui command
var uiCmd = &cobra.Command{
	Use:   "ui",
	Short: "serves the management ui over http",
	RunE: func(cmd *cobra.Command, args []string) error {
		if !uiDebug {
			gin.SetMode(gin.ReleaseMode)
		}
		r := gin.Default()
		r.SecureJsonPrefix(")]}',\n")
		r.MaxMultipartMemory = 8 << 20
		if uiDebug {
			fmt.Println("debug mode")
			fl, e := pongo2.NewLocalFileSystemLoader("ui/templates/")
			if e != nil {
				return e
			}
			hr := ginpongo2.New(true, fl)
			r.HTMLRender = hr
		} else {
			fmt.Println("release mode")
			subFS, e := fs.Sub(ui.Templates, "templates")
			if e != nil {
				return e
			}
			fl := pongo2.NewFSLoader(subFS)
			hr := ginpongo2.New(false, fl)
			r.HTMLRender = hr
		}

		// Static
		r.Static("/assets/", "./assets/")

		r.GET("/", func(cx *gin.Context) {
			ctx := make(pongo2.Context)
			type Data struct {
				Target  string
				Message string
			}
			ctx["data"] = &Data{
				Target:  "World",
				Message: "It's a great day to be alive",
			}
			cx.HTML(200, "index", ctx)
		})

		// serve
		if strings.HasPrefix(uiAddr, prefixTCP) {
			addr := strings.TrimPrefix(uiAddr, prefixTCP)
			fmt.Println("listening on", addr)
			return r.Run(addr)
		} else if strings.HasPrefix(uiAddr, prefixUNIX) {
			addr := strings.TrimPrefix(uiAddr, prefixUNIX)
			if _, e := os.Stat(addr); errors.Is(e, os.ErrNotExist) {
				fmt.Println("listening on", addr)
				return r.RunUnix(addr)
			} else {
				if e := os.Remove(addr); e != nil {
					return e
				} else {
					fmt.Println("listening on", addr)
					return r.RunUnix(addr)
				}
			}
		} else {
			return nil
		}
	},
}

func init() {
	rootCmd.AddCommand(uiCmd)
	uiCmd.Flags().BoolVar(&uiDebug, "debug", false, "enable dev mode")
	uiCmd.Flags().StringVar(
		&uiAddr,
		"addr",
		"tcp:localhost:8080",
		"either tcp: or unix: e.g. tcp:localhost:3030 unix:/tmp/listen.sock",
	)
}

100

101

102

103

104

105

106

package cmd

import (

"errors"

"fmt"

"io/fs"

"os"

"strings"

"<your pkg path>/ui"

"code.icod.de/dalu/ginpongo2/v5"

"github.com/flosch/pongo2/v5"

"github.com/gin-gonic/gin"

"github.com/spf13/cobra"

)

const (

prefixTCP = "tcp:"

prefixUNIX = "unix:"

)

var (

uiDebug bool

uiAddr string

)

// uiCmd represents the ui command

var uiCmd = &cobra.Command{

Use: "ui",

Short: "serves the management ui over http",

RunE: func(cmd *cobra.Command, args []string) error {

if !uiDebug {

gin.SetMode(gin.ReleaseMode)

}

r := gin.Default()

r.SecureJsonPrefix(")]}',\n")

r.MaxMultipartMemory = 8 << 20

if uiDebug {

fmt.Println("debug mode")

fl, e := pongo2.NewLocalFileSystemLoader("ui/templates/")

if e != nil {

return e

}

hr := ginpongo2.New(true, fl)

r.HTMLRender = hr

} else {

fmt.Println("release mode")

subFS, e := fs.Sub(ui.Templates, "templates")

if e != nil {

return e

}

fl := pongo2.NewFSLoader(subFS)

hr := ginpongo2.New(false, fl)

r.HTMLRender = hr

}

// Static

r.Static("/assets/", "./assets/")

r.GET("/", func(cx *gin.Context) {

ctx := make(pongo2.Context)

type Data struct {

Target string

Message string

}

ctx["data"] = &Data{

Target: "World",

Message: "It's a great day to be alive",

}

cx.HTML(200, "index", ctx)

})

// serve

if strings.HasPrefix(uiAddr, prefixTCP) {

addr := strings.TrimPrefix(uiAddr, prefixTCP)

fmt.Println("listening on", addr)

return r.Run(addr)

} else if strings.HasPrefix(uiAddr, prefixUNIX) {

addr := strings.TrimPrefix(uiAddr, prefixUNIX)

if _, e := os.Stat(addr); errors.Is(e, os.ErrNotExist) {

fmt.Println("listening on", addr)

return r.RunUnix(addr)

} else {

if e := os.Remove(addr); e != nil {

return e

} else {

fmt.Println("listening on", addr)

return r.RunUnix(addr)

}

} else {

return nil

}

func init() {

rootCmd.AddCommand(uiCmd)

uiCmd.Flags().BoolVar(&uiDebug, "debug", false, "enable dev mode")

uiCmd.Flags().StringVar(

&uiAddr,

"addr",

"tcp:localhost:8080",

"either tcp: or unix: e.g. tcp:localhost:3030 unix:/tmp/listen.sock",

)

}

ui/templates.go

package ui

import "embed"

//go:embed templates/*
var Templates embed.FS

package ui

import "embed"

//go:embed templates/*

var Templates embed.FS

ui/templates/base.html.twig

<!doctype html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport"
          content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0">
    <meta http-equiv="X-UA-Compatible" content="ie=edge">
    {%- block meta %}{% endblock -%}
    <title>{{ title }}</title>
    {%- block js %}{% endblock -%}
    {%- block css %}{% endblock -%}
</head>
<body>
{%- block body %}{% endblock -%}
{%- block jsbottom %}{% endblock -%}
</body>
</html>

<!doctype html>

<head>

content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0">

{%- block meta %}{% endblock -%}

<title>{{ title }}</title>

{%- block js %}{% endblock -%}

{%- block css %}{% endblock -%}

</head>

<body>

{%- block body %}{% endblock -%}

{%- block jsbottom %}{% endblock -%}

</body>

</html>

ui/templates/layout.html.twig

{% extends "base.html.twig" %}
{%- block css %}
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-1BmE4kWBq78iYhFldvKuhfTAU6auU8tT94WrHftjDbrCEXSU1oBoqyl2QvZ6jIW3" crossorigin="anonymous">
{% endblock -%}
{%- block js %}
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js" integrity="sha384-ka7Sk0Gln4gmtz2MlQnikT1wXgYsOg+OMhuP+IlRH9sENBO0LRn5q+8nbTov4+1p" crossorigin="anonymous"></script>
{% endblock -%}
{%- block body %}
<div class="container">
  <div class="row">
    <div class="col-2">
      {%- block left -%}{% endblock -%}
    </div>
    <div class="col-8">
      {%- block middle -%}{% endblock -%}
    </div>
    <div class="col-2">
      {%- block right -%}{% endblock -%}
    </div>
  </div>
</div>
{% endblock -%}

{% extends "base.html.twig" %}

{%- block css %}

{% endblock -%}

{%- block js %}

{% endblock -%}

{%- block body %}

{%- block left -%}{% endblock -%}

</div>

{%- block middle -%}{% endblock -%}

</div>

{%- block right -%}{% endblock -%}

</div>

{% endblock -%}

ui/templates/index.html.twig

{% extends "layout.html.twig" %}
{%- block middle %}
  <div class="px-4 py-5 my-5 text-center">
    <h1 class="display-5 fw-bold">Hello {{data.Target}}</h1>
    <div class="col-lg-6 mx-auto">
      <p class="lead mb-4">{{data.Message}}</p>
      <div class="d-grid gap-2 d-sm-flex justify-content-sm-center">
        <button type="button" class="btn btn-primary btn-lg px-4 gap-3">You got it</button>
        <button type="button" class="btn btn-outline-secondary btn-lg px-4">Huh?</button>
      </div>
    </div>
  </div>
{% endblock -%}

{% extends "layout.html.twig" %}

{%- block middle %}

<h1 class="display-5 fw-bold">Hello {{data.Target}}</h1>

<p class="lead mb-4">{{data.Message}}</p>

</div>

{% endblock -%}

and finally run

go mod tidy

1	go mod tidy

to download packages

Any questions -> leave a comment

24. March 202122. March 2022

Go/Golang Run embedded bash script or node/js,python,php,ruby etc

Since Go v1.16 there’s the embed package, a simple tool to embed files as filesystems of simple strings or []bytes.

While it has its downsides, I was recently met with a challenge. I’d like to run bash scripts I wrote because it’s more efficient to just run a bash script than breaking my fingers writing os/exec stuff.

Anyhow it’s pretty simple really. Any shell command has a standard input and output. You just assign the file pointer (aka the Reader) to the os.Command’s Stdin.
Continue reading “Go/Golang Run embedded bash script or node/js,python,php,ruby etc”