From 368f6fc585c03dc63e470aa2168a79ccee44d764 Mon Sep 17 00:00:00 2001
From: Runxi Yu <me@runxiyu.org>
Date: Sun, 18 Aug 2024 08:00:00 +0800
Subject: [PATCH] Configuration changes

---
 config.go         |  6 +++---
 fbfp.scfg.example | 42 +++++++++++++++++++++++++++++++++++++-----
 main.go           |  8 +++++++-
 oidc.go           |  3 +--
 4 files changed, 48 insertions(+), 11 deletions(-)

diff --git a/config.go b/config.go
index e4bb0d1..255b44e 100644
--- a/config.go
+++ b/config.go
@@ -17,6 +17,7 @@ import (
 
 var config_with_pointers struct {
 	Url    *string `scfg:"url"`
+	Static *bool   `scfg:"static"`
 	Listen struct {
 		Addr  *string `scfg:"addr"`
 		Net   *string `scfg:"net"`
@@ -30,12 +31,12 @@ var config_with_pointers struct {
 		Client    *string `scfg:"client"`
 		Endpoint  *string `scfg:"endpoint"`
 		Authorize *string `scfg:"authorize"`
-		Redirect  *string `scfg:"redirect"`
 	} `scfg:"openid"`
 }
 
 var config struct {
 	Url    string
+	Static bool
 	Listen struct {
 		Addr  string
 		Net   string
@@ -49,7 +50,6 @@ var config struct {
 		Client    string
 		Endpoint  string
 		Authorize string
-		Redirect  string
 	}
 }
 
@@ -65,6 +65,7 @@ func fbfp_get_config(path string) {
 	 * There should be better ways to handle this.
 	 */
 	config.Url = *(config_with_pointers.Url)
+	config.Static = *(config_with_pointers.Static)
 	config.Listen.Addr = *(config_with_pointers.Listen.Addr)
 	config.Listen.Net = *(config_with_pointers.Listen.Net)
 	config.Listen.Proto = *(config_with_pointers.Listen.Proto)
@@ -72,7 +73,6 @@ func fbfp_get_config(path string) {
 	config.Db.Conn = *(config_with_pointers.Db.Conn)
 	config.Openid.Client = *(config_with_pointers.Openid.Client)
 	config.Openid.Endpoint = *(config_with_pointers.Openid.Endpoint)
-	config.Openid.Redirect = *(config_with_pointers.Openid.Redirect)
 
 	if config_with_pointers.Openid.Authorize != nil {
 		config.Openid.Authorize =
diff --git a/fbfp.scfg.example b/fbfp.scfg.example
index 7dc06d5..0c9236f 100644
--- a/fbfp.scfg.example
+++ b/fbfp.scfg.example
@@ -1,19 +1,51 @@
-url http://localhost:5555
+# Which URL are we accessible at? This is used to determine the redirect URL
+# and some user-accessible URLs.
+url  http://localhost
+
+# Should we serve /static ourself? This should usually be handled by the
+# upstream Web server such as nginx(8) or OpenBSD httpd(8). However, this might
+# be useful during development or when running behind relayd(8).
+static false
 
 listen {
-	proto http
-	net   tcp
-	addr  :5555
+	# Which protocol are we listening for? This may be set to "http" for
+	# plain HTTP, or "fcgi" for FastCGI. FastCGI is recommended for most
+	# purposes, and both nginx(8) and OpenBSD httpd(8) may easily be
+	# configured to serve FastCGI. However, if for any reason we need to
+	# run behind relayd(8) or another reverse proxy, http is available.
+	proto fcgi
+
+	# Which network backend should we use? This is usually set to "tcp"
+	# for plain TCP, and "unix" for UNIX domain sockets.
+	net   unix
+
+	# What is the address we should listen at? This is usually set to
+	# something like ":5555" for TCP, and a file path for UNIX domain
+	# sockets.
+	addr  test.socket
 }
 
 db {
+	# What type of database should we use? Currently, only "sqlite" is
+	# supported.
 	type sqlite
+
+	# What is the connection string to database? For SQLite, this is
+	# simply a path to the database file.
 	conn test.db
 }
 
 openid {
+	# What is our OAUTH2 client ID?
 	client    6d3106e1-a859-4e68-8115-8df599333fc6
+
+	# What is the OpenID Connect endpoint? The OpenID configuration is
+	# taken from this/.well-known/openid-configuration.
 	endpoint  https://login.microsoftonline.com/ddd3d26c-b197-4d00-a32d-1ffd84c0c295
+
+	# [optional] This option may be used to override the OpenID authorize
+	# endpoint. This is generally necessary when using Microsoft's OpenID
+	# because their openid-configuration gives us the OAUTH 1.0 endpoint,
+	# while we need the OAUTH 2.0 endpoint.
 	authorize https://login.microsoftonline.com/ddd3d26c-b197-4d00-a32d-1ffd84c0c295/oauth2/v2.0/authorize
-	redirect  /oidc
 }
diff --git a/main.go b/main.go
index b485d40..5cee9e9 100644
--- a/main.go
+++ b/main.go
@@ -42,10 +42,16 @@ func main() {
 	tmpl, err = template.ParseGlob("tmpl/*")
 	e(err)
 
+	if config.Static {
+		log.Printf("Registering static handle\n")
+		fs := http.FileServer(http.Dir("./static"))
+		http.Handle("/static/", http.StripPrefix("/static/", fs))
+	}
+
 	log.Printf("Registering handlers\n")
 	http.HandleFunc("/{$}", handle_index)
 	http.HandleFunc("/login", handle_login)
-	http.HandleFunc(config.Openid.Redirect, handle_oidc)
+	http.HandleFunc("/oidc", handle_oidc)
 
 	log.Printf(
 		"Establishing listener for net %s, addr %s\n",
diff --git a/oidc.go b/oidc.go
index 7bfbefb..f23381f 100644
--- a/oidc.go
+++ b/oidc.go
@@ -91,14 +91,13 @@ func generate_authorization_url() string {
 		"%s"+
 			"?client_id=%s"+
 			"&response_type=id_token"+
-			"&redirect_uri=%s%s"+
+			"&redirect_uri=%s/oidc"+
 			"&response_mode=form_post"+
 			"&scope=openid+profile+email"+
 			"&nonce=%s",
 		openid_configuration.AuthorizationEndpoint,
 		config.Openid.Client,
 		config.Url,
-		config.Openid.Redirect,
 		nonce,
 	)
 }
-- 
2.11.4.GIT