本文整理汇总了Golang中github.com/coreos/dex/pkg/log.Fatalf函数的典型用法代码示例。如果您正苦于以下问题:Golang Fatalf函数的具体用法?Golang Fatalf怎么用?Golang Fatalf使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了Fatalf函数的13个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Golang代码示例。
示例1: NewClientHandler
func NewClientHandler(c *oidc.Client, issuer string, cbURL url.URL) http.Handler {
mux := http.NewServeMux()
oob := cbURL.String() == client.OOBRedirectURI
issuerURL, err := url.Parse(issuer)
if err != nil {
log.Fatalf("Could not parse issuer url: %v", err)
}
mux.HandleFunc("/", handleIndexFunc(oob))
mux.HandleFunc("/login", handleLoginFunc(c))
mux.HandleFunc("/register", handleRegisterFunc(c))
if cbURL.String() != client.OOBRedirectURI {
mux.HandleFunc(cbURL.Path, handleCallbackFunc(c))
} else {
mux.HandleFunc("/callback", handleCallbackFunc(c))
}
resendURL := *issuerURL
resendURL.Path = "/resend-verify-email"
mux.HandleFunc("/resend", handleResendFunc(c, *issuerURL, resendURL, cbURL))
return mux
}示例2: handleResendFunc
func handleResendFunc(c *oidc.Client, issuerURL, resendURL, cbURL url.URL) http.HandlerFunc {
trans := &oidc.AuthenticatedTransport{
TokenRefresher: &oidc.ClientCredsTokenRefresher{
Issuer: issuerURL.String(),
OIDCClient: c,
},
RoundTripper: http.DefaultTransport,
}
hc := &http.Client{Transport: trans}
return func(w http.ResponseWriter, r *http.Request) {
err := r.ParseForm()
if err != nil {
panic("unable to proceed")
}
tok := r.Form.Get("jwt")
q := struct {
Token string `json:"token"`
RedirectURI string `json:"redirectURI"`
}{
Token: tok,
RedirectURI: cbURL.String(),
}
qBytes, err := json.Marshal(&q)
res, err := hc.Post(resendURL.String(), "application/json", bytes.NewReader(qBytes))
if err != nil {
log.Fatalf("error requesting email resend:", err)
}
w.Write([]byte(fmt.Sprintf("Status from Dex: %v", res.Status)))
}
}示例3: ConnectToServices
func (c *OtsimoAccounts) ConnectToServices(dexServiceUrl, apiServiceUrl string) {
jwtCreds := NewOauthAccess(c.tm)
var opts []grpc.DialOption
if c.roots != nil {
opts = append(opts, grpc.WithTransportCredentials(credentials.NewClientTLSFromCert(c.roots, "")))
} else {
jwtCreds.RequireTLS = false
opts = append(opts, grpc.WithInsecure())
}
opts = append(opts, grpc.WithPerRPCCredentials(&jwtCreds))
conn, err := grpc.Dial(dexServiceUrl, opts...)
if err != nil {
log.Fatalf("Error while connection to dex service %v\n", err)
}
c.Dex = pb.NewDexServiceClient(conn)
apiConn, err := grpc.Dial(apiServiceUrl, opts...)
if err != nil {
log.Fatalf("Error while connection to api service %v\n", err)
}
c.Api = apipb.NewApiServiceClient(apiConn)
}示例4: ServeGrpc
func ServeGrpc(cfg *server.ServerConfig, srv *server.Server, grpcUrl string, certFile, keyFile string, tf repo.TransactionFactory) {
var opts []grpc.ServerOption
if certFile != "" && keyFile != "" {
creds, err := credentials.NewServerTLSFromFile(certFile, keyFile)
if err != nil {
log.Fatalf("grpc.go: Failed to generate credentials %v", err)
}
opts = []grpc.ServerOption{grpc.Creds(creds)}
}
s := grpc.NewServer(opts...)
rpcSrv := &grpcServer{
server: srv,
idp: &connector.LocalIdentityProvider{
UserRepo: srv.UserRepo,
PasswordInfoRepo: srv.PasswordInfoRepo,
},
begin: tf,
}
for _, c := range srv.Connectors {
if cc, ok := c.(*connector.LocalConnector); ok {
rpcSrv.localConnectorID = cc.ID()
break
}
}
grpclog.SetLogger(golog.New(os.Stdout, "", 0))
pb.RegisterDexServiceServer(s, rpcSrv)
lis, err := net.Listen("tcp", grpcUrl)
if err != nil {
log.Fatalf("grpc.go: failed to listen: %v", err)
}
log.Infof("grpc: Grpc server starting on %s", grpcUrl)
s.Serve(lis)
}示例5: NewClientHandler
func NewClientHandler(c *oidc.Client, issuer string, cbURL url.URL) http.Handler {
mux := http.NewServeMux()
issuerURL, err := url.Parse(issuer)
if err != nil {
log.Fatalf("Could not parse issuer url: %v", err)
}
mux.HandleFunc("/", handleIndex)
mux.HandleFunc("/login", handleLoginFunc(c))
mux.HandleFunc("/register", handleRegisterFunc(c))
mux.HandleFunc(pathCallback, handleCallbackFunc(c))
resendURL := *issuerURL
resendURL.Path = "/resend-verify-email"
mux.HandleFunc("/resend", handleResendFunc(c, *issuerURL, resendURL, cbURL))
return mux
}示例6: NewClient
func NewClient(clientID, clientSecret, discovery, redirectURL string, tlsConfig *tls.Config) (*Client, *ClientCredsTokenManager) {
cc := oidc.ClientCredentials{
ID: clientID,
Secret: clientSecret,
}
httpClient := &http.Client{Transport: &http.Transport{TLSClientConfig: tlsConfig}}
var cfg oidc.ProviderConfig
var err error
for {
cfg, err = oidc.FetchProviderConfig(httpClient, discovery)
if err == nil {
break
}
sleep := 3 * time.Second
log.Errorf("Failed fetching provider config, trying again in %v: %v", sleep, err)
time.Sleep(sleep)
}
log.Infof("Fetched provider config from %s", discovery)
ccfg := oidc.ClientConfig{
HTTPClient: httpClient,
ProviderConfig: cfg,
Credentials: cc,
RedirectURL: redirectURL,
}
client, err := NewOIDCClient(ccfg)
if err != nil {
log.Fatalf("Unable to create Client: %v", err)
}
client.SyncProviderConfig(discovery)
tm := NewClientCredsTokenManager(client, discovery)
tm.Run()
tm.WaitUntilInitialSync()
return client, tm
}示例7: Emailer
func (cfg OtsimoEmailerConfig) Emailer() (email.Emailer, error) {
var opts []grpc.DialOption
if cfg.Fake {
return &otsimoEmailer{fake: true}, nil
} else {
if cfg.UseTls {
auth, err := credentials.NewClientTLSFromFile(cfg.CaCert, "")
if err != nil {
panic(err)
} else {
opts = append(opts, grpc.WithTransportCredentials(auth))
}
} else {
opts = append(opts, grpc.WithInsecure())
}
conn, err := grpc.Dial(cfg.GrpcUrl, opts...)
if err != nil {
log.Fatalf("email.go: Error while connection to notification service %v\n", err)
}
client := pb.NewNotificationServiceClient(conn)
return &otsimoEmailer{client: client, fake: false}, nil
}
}示例8: main
func main() {
fs := flag.NewFlagSet("oidc-app", flag.ExitOnError)
listen := fs.String("listen", "http://127.0.0.1:5555", "")
redirectURL := fs.String("redirect-url", "http://127.0.0.1:5555/callback", "")
clientID := fs.String("client-id", "example-app", "")
clientSecret := fs.String("client-secret", "ZXhhbXBsZS1hcHAtc2VjcmV0", "")
caFile := fs.String("trusted-ca-file", "", "the TLS CA file, if empty then the host's root CA will be used")
certFile := fs.String("tls-cert-file", "", "the TLS cert file. If empty, the app will listen on HTTP")
keyFile := fs.String("tls-key-file", "", "the TLS key file. If empty, the app will listen on HTTP")
discovery := fs.String("discovery", "http://127.0.0.1:5556", "")
logDebug := fs.Bool("log-debug", false, "log debug-level information")
logTimestamps := fs.Bool("log-timestamps", false, "prefix log lines with timestamps")
if err := fs.Parse(os.Args[1:]); err != nil {
fmt.Fprintln(os.Stderr, err.Error())
os.Exit(1)
}
if err := pflag.SetFlagsFromEnv(fs, "EXAMPLE_APP"); err != nil {
fmt.Fprintln(os.Stderr, err.Error())
os.Exit(1)
}
if *logDebug {
log.EnableDebug()
}
if *logTimestamps {
log.EnableTimestamps()
}
if *clientID == "" {
log.Fatal("--client-id must be set")
}
if *clientSecret == "" {
log.Fatal("--client-secret must be set")
}
l, err := url.Parse(*listen)
if err != nil {
log.Fatalf("Unable to use --listen flag: %v", err)
}
_, p, err := net.SplitHostPort(l.Host)
if err != nil {
log.Fatalf("Unable to parse host from --listen flag: %v", err)
}
redirectURLParsed, err := url.Parse(*redirectURL)
if err != nil {
log.Fatalf("Unable to parse url from --redirect-url flag: %v", err)
}
useTLS := *keyFile != "" && *certFile != ""
if useTLS && (redirectURLParsed.Scheme != "https" || l.Scheme != "https") {
log.Fatalf(`TLS Cert File and Key File were provided. Ensure listen and redirect URLs are using the "https://" scheme.`)
}
cc := oidc.ClientCredentials{
ID: *clientID,
Secret: *clientSecret,
}
var tlsConfig tls.Config
if *caFile != "" {
roots := x509.NewCertPool()
pemBlock, err := ioutil.ReadFile(*caFile)
if err != nil {
log.Fatalf("Unable to read ca file: %v", err)
}
roots.AppendCertsFromPEM(pemBlock)
tlsConfig.RootCAs = roots
}
httpClient := &http.Client{Transport: &http.Transport{TLSClientConfig: &tlsConfig}}
var cfg oidc.ProviderConfig
for {
cfg, err = oidc.FetchProviderConfig(httpClient, *discovery)
if err == nil {
break
}
sleep := 3 * time.Second
log.Errorf("Failed fetching provider config, trying again in %v: %v", sleep, err)
time.Sleep(sleep)
}
log.Infof("Fetched provider config from %s: %#v", *discovery, cfg)
ccfg := oidc.ClientConfig{
HTTPClient: httpClient,
ProviderConfig: cfg,
Credentials: cc,
RedirectURL: *redirectURL,
Scope: append(oidc.DefaultScope, "offline_access"),
}
//.........这里部分代码省略.........
示例9: main
func main() {
fs := flag.NewFlagSet("oidc-app", flag.ExitOnError)
listen := fs.String("listen", "http://127.0.0.1:5555", "")
redirectURL := fs.String("redirect-url", "http://127.0.0.1:5555/callback", "")
clientID := fs.String("client-id", "", "")
clientSecret := fs.String("client-secret", "", "")
caFile := fs.String("trusted-ca-file", "", "the TLS CA file, if empty then the host's root CA will be used")
discovery := fs.String("discovery", "https://accounts.google.com", "")
logDebug := fs.Bool("log-debug", false, "log debug-level information")
logTimestamps := fs.Bool("log-timestamps", false, "prefix log lines with timestamps")
if err := fs.Parse(os.Args[1:]); err != nil {
fmt.Fprintln(os.Stderr, err.Error())
os.Exit(1)
}
if err := pflag.SetFlagsFromEnv(fs, "EXAMPLE_APP"); err != nil {
fmt.Fprintln(os.Stderr, err.Error())
os.Exit(1)
}
if *logDebug {
log.EnableDebug()
}
if *logTimestamps {
log.EnableTimestamps()
}
if *clientID == "" {
log.Fatal("--client-id must be set")
}
if *clientSecret == "" {
log.Fatal("--client-secret must be set")
}
l, err := url.Parse(*listen)
if err != nil {
log.Fatalf("Unable to use --listen flag: %v", err)
}
_, p, err := net.SplitHostPort(l.Host)
if err != nil {
log.Fatalf("Unable to parse host from --listen flag: %v", err)
}
cc := oidc.ClientCredentials{
ID: *clientID,
Secret: *clientSecret,
}
var tlsConfig tls.Config
if *caFile != "" {
roots := x509.NewCertPool()
pemBlock, err := ioutil.ReadFile(*caFile)
if err != nil {
log.Fatalf("Unable to read ca file: %v", err)
}
roots.AppendCertsFromPEM(pemBlock)
tlsConfig.RootCAs = roots
}
httpClient := &http.Client{Transport: &http.Transport{TLSClientConfig: &tlsConfig}}
var cfg oidc.ProviderConfig
for {
cfg, err = oidc.FetchProviderConfig(httpClient, *discovery)
if err == nil {
break
}
sleep := 3 * time.Second
log.Errorf("Failed fetching provider config, trying again in %v: %v", sleep, err)
time.Sleep(sleep)
}
log.Infof("Fetched provider config from %s: %#v", *discovery, cfg)
ccfg := oidc.ClientConfig{
HTTPClient: httpClient,
ProviderConfig: cfg,
Credentials: cc,
RedirectURL: *redirectURL,
}
client, err := oidc.NewClient(ccfg)
if err != nil {
log.Fatalf("Unable to create Client: %v", err)
}
client.SyncProviderConfig(*discovery)
redirectURLParsed, err := url.Parse(*redirectURL)
if err != nil {
log.Fatalf("Unable to parse url from --redirect-url flag: %v", err)
}
hdlr := NewClientHandler(client, *discovery, *redirectURLParsed)
httpsrv := &http.Server{
Addr: fmt.Sprintf(":%s", p),
//.........这里部分代码省略.........
示例10: main
func main() {
fs := flag.NewFlagSet("otsimo-accounts", flag.ExitOnError)
listen := fs.String("listen", "http://127.0.0.1:18856", "")
redirectURL := fs.String("redirect-url", "http://127.0.0.1:18856/callback", "")
clientID := fs.String("client-id", "", "")
clientSecret := fs.String("client-secret", "", "")
caFile := fs.String("trusted-ca-file", "", "the TLS CA file, if empty then the host's root CA will be used")
discovery := fs.String("discovery", "https://connect.otsimo.com", "")
connectService := fs.String("dex", "127.0.0.1:18849", "Otsimo connect grpc url")
apiService := fs.String("api", "127.0.0.1:18854", "Otsimo api grpc url")
logDebug := fs.Bool("log-debug", false, "log debug-level information")
logTimestamps := fs.Bool("log-timestamps", false, "prefix log lines with timestamps")
if err := fs.Parse(os.Args[1:]); err != nil {
fmt.Fprintln(os.Stderr, err.Error())
os.Exit(1)
}
if err := pflag.SetFlagsFromEnv(fs, "OTSIMO_ACCOUNTS"); err != nil {
fmt.Fprintln(os.Stderr, err.Error())
os.Exit(1)
}
if *logDebug {
log.EnableDebug()
}
if *logTimestamps {
log.EnableTimestamps()
}
if *clientID == "" {
log.Fatal("--client-id must be set")
}
if *clientSecret == "" {
log.Fatal("--client-secret must be set")
}
l, err := url.Parse(*listen)
if err != nil {
log.Fatalf("Unable to use --listen flag: %v", err)
}
_, p, err := net.SplitHostPort(l.Host)
if err != nil {
log.Fatalf("Unable to parse host from --listen flag: %v", err)
}
var tlsConfig tls.Config
var roots *x509.CertPool
if *caFile != "" {
roots = x509.NewCertPool()
pemBlock, err := ioutil.ReadFile(*caFile)
if err != nil {
log.Fatalf("Unable to read ca file: %v", err)
}
roots.AppendCertsFromPEM(pemBlock)
tlsConfig.RootCAs = roots
}
client, tokenMan := NewClient(*clientID, *clientSecret, *discovery, *redirectURL, &tlsConfig)
redirectURLParsed, err := url.Parse(*redirectURL)
if err != nil {
log.Fatalf("Unable to parse url from --redirect-url flag: %v", err)
}
accounts := NewOtsimoAccounts(client, tokenMan, roots)
accounts.ConnectToServices(*connectService, *apiService)
mux := NewClientHandler(accounts, *discovery, *redirectURLParsed)
mux.Handle("/update/password", negroni.New(
newTokenValidator(accounts),
negroni.Wrap(handleChangePasswordFunc(accounts)),
))
mux.Handle("/update/email", negroni.New(
newTokenValidator(accounts),
negroni.Wrap(handleChangeEmailFunc(accounts)),
))
n := negroni.New(negroni.NewRecovery(), NewLogger())
n.UseHandler(mux)
log.Infof("Binding to :%s...", p)
//TODO(sercan) add TLS option
log.Fatal(http.ListenAndServe(fmt.Sprintf(":%s", p), n))
}示例11: main
func main() {
fs := flag.NewFlagSet("example-cli", flag.ExitOnError)
clientID := fs.String("client-id", "", "")
clientSecret := fs.String("client-secret", "", "")
discovery := fs.String("discovery", "http://localhost:5556", "")
logDebug := fs.Bool("log-debug", false, "log debug-level information")
logTimestamps := fs.Bool("log-timestamps", false, "prefix log lines with timestamps")
if err := fs.Parse(os.Args[1:]); err != nil {
fmt.Fprintln(os.Stderr, err.Error())
os.Exit(1)
}
if err := pflag.SetFlagsFromEnv(fs, "EXAMPLE_CLI"); err != nil {
fmt.Fprintln(os.Stderr, err.Error())
os.Exit(1)
}
if *logDebug {
log.EnableDebug()
}
if *logTimestamps {
log.EnableTimestamps()
}
if *clientID == "" {
fmt.Println("--client-id must be set")
os.Exit(2)
}
if *clientSecret == "" {
fmt.Println("--client-secret must be set")
os.Exit(2)
}
cc := oidc.ClientCredentials{
ID: *clientID,
Secret: *clientSecret,
}
// NOTE: A real CLI would cache this config, or provide it via flags/config file.
var cfg oidc.ProviderConfig
var err error
for {
cfg, err = oidc.FetchProviderConfig(http.DefaultClient, *discovery)
if err == nil {
break
}
sleep := 1 * time.Second
fmt.Printf("Failed fetching provider config, trying again in %v: %v\n", sleep, err)
time.Sleep(sleep)
}
fmt.Printf("Fetched provider config from %s: %#v\n\n", *discovery, cfg)
ccfg := oidc.ClientConfig{
ProviderConfig: cfg,
Credentials: cc,
}
client, err := oidc.NewClient(ccfg)
if err != nil {
log.Fatalf("Unable to create Client: %v", err)
}
tok, err := client.ClientCredsToken([]string{"openid"})
if err != nil {
fmt.Printf("unable to verify auth code with issuer: %v\n", err)
os.Exit(1)
}
fmt.Printf("got jwt: %v\n\n", tok.Encode())
claims, err := tok.Claims()
if err != nil {
fmt.Printf("unable to construct claims: %v\n", err)
os.Exit(1)
}
fmt.Printf("got claims %#v...\n", claims)
}示例12: main
func main() {
fs := flag.NewFlagSet("dex-overlord", flag.ExitOnError)
keySecrets := pflag.NewBase64List(32)
fs.Var(keySecrets, "key-secrets", "A comma-separated list of base64 encoded 32 byte strings used as symmetric keys used to encrypt/decrypt signing key data in DB. The first key is considered the active key and used for encryption, while the others are used to decrypt.")
useOldFormat := fs.Bool("use-deprecated-secret-format", false, "In prior releases, the database used AES-CBC to encrypt keys. New deployments should use the default AES-GCM encryption.")
dbURL := fs.String("db-url", "", "DSN-formatted database connection string")
dbMigrate := fs.Bool("db-migrate", true, "perform database migrations when starting up overlord. This includes the initial DB objects creation.")
keyPeriod := fs.Duration("key-period", 24*time.Hour, "length of time for-which a given key will be valid")
gcInterval := fs.Duration("gc-interval", time.Hour, "length of time between garbage collection runs")
adminListen := fs.String("admin-listen", "http://127.0.0.1:5557", "scheme, host and port for listening for administrative operation requests ")
adminAPISecret := pflag.NewBase64(server.AdminAPISecretLength)
fs.Var(adminAPISecret, "admin-api-secret", fmt.Sprintf("A base64-encoded %d byte string which is used to protect the Admin API.", server.AdminAPISecretLength))
localConnectorID := fs.String("local-connector", "local", "ID of the local connector")
logDebug := fs.Bool("log-debug", false, "log debug-level information")
logTimestamps := fs.Bool("log-timestamps", false, "prefix log lines with timestamps")
printVersion := fs.Bool("version", false, "Print the version and exit")
if err := fs.Parse(os.Args[1:]); err != nil {
fmt.Fprintln(os.Stderr, err.Error())
os.Exit(1)
}
if err := pflag.SetFlagsFromEnv(fs, "DEX_OVERLORD"); err != nil {
fmt.Fprintln(os.Stderr, err.Error())
os.Exit(1)
}
if *printVersion {
fmt.Printf("dex version %s\ngo version %s\n", strings.TrimPrefix(version, "v"), strings.TrimPrefix(runtime.Version(), "go"))
os.Exit(0)
}
if *logDebug {
log.EnableDebug()
}
if *logTimestamps {
log.EnableTimestamps()
}
adminURL, err := url.Parse(*adminListen)
if err != nil {
log.Fatalf("Unable to use --admin-listen flag: %v", err)
}
if len(keySecrets.BytesSlice()) == 0 {
log.Fatalf("Must specify at least one key secret")
}
dbCfg := db.Config{
DSN: *dbURL,
MaxIdleConnections: 1,
MaxOpenConnections: 1,
}
dbc, err := db.NewConnection(dbCfg)
if err != nil {
log.Fatalf(err.Error())
}
if *dbMigrate {
var sleep time.Duration
for {
var err error
var migrations int
if migrations, err = db.MigrateToLatest(dbc); err == nil {
log.Infof("Performed %d db migrations", migrations)
break
}
sleep = ptime.ExpBackoff(sleep, time.Minute)
log.Errorf("Unable to migrate database, retrying in %v: %v", sleep, err)
time.Sleep(sleep)
}
}
userRepo := db.NewUserRepo(dbc)
pwiRepo := db.NewPasswordInfoRepo(dbc)
connCfgRepo := db.NewConnectorConfigRepo(dbc)
userManager := manager.NewUserManager(userRepo,
pwiRepo, connCfgRepo, db.TransactionFactory(dbc), manager.ManagerOptions{})
adminAPI := admin.NewAdminAPI(userManager, userRepo, pwiRepo, *localConnectorID)
kRepo, err := db.NewPrivateKeySetRepo(dbc, *useOldFormat, keySecrets.BytesSlice()...)
if err != nil {
log.Fatalf(err.Error())
}
var sleep time.Duration
for {
var done bool
_, err := kRepo.Get()
switch err {
case nil:
done = true
//.........这里部分代码省略.........
示例13: main
func main() {
fs := flag.NewFlagSet("dex-worker", flag.ExitOnError)
listen := fs.String("listen", "http://127.0.0.1:5556", "the address that the server will listen on")
issuer := fs.String("issuer", "http://127.0.0.1:5556", "the issuer's location")
certFile := fs.String("tls-cert-file", "", "the server's certificate file for TLS connection")
keyFile := fs.String("tls-key-file", "", "the server's private key file for TLS connection")
templates := fs.String("html-assets", "./static/html", "directory of html template files")
emailTemplateDirs := flagutil.StringSliceFlag{"./static/email"}
fs.Var(&emailTemplateDirs, "email-templates", "comma separated list of directories of email template files")
emailFrom := fs.String("email-from", "", "emails sent from dex will come from this address")
emailConfig := fs.String("email-cfg", "./static/fixtures/emailer.json", "configures emailer.")
enableRegistration := fs.Bool("enable-registration", false, "Allows users to self-register")
noDB := fs.Bool("no-db", false, "manage entities in-process w/o any encryption, used only for single-node testing")
// UI-related:
issuerName := fs.String("issuer-name", "dex", "The name of this dex installation; will appear on most pages.")
issuerLogoURL := fs.String("issuer-logo-url", "https://coreos.com/assets/images/brand/coreos-wordmark-135x40px.png", "URL of an image representing the issuer")
// ignored if --no-db is set
dbURL := fs.String("db-url", "", "DSN-formatted database connection string")
keySecrets := pflag.NewBase64List(32)
fs.Var(keySecrets, "key-secrets", "A comma-separated list of base64 encoded 32 byte strings used as symmetric keys used to encrypt/decrypt signing key data in DB. The first key is considered the active key and used for encryption, while the others are used to decrypt.")
useOldFormat := fs.Bool("use-deprecated-secret-format", false, "In prior releases, the database used AES-CBC to encrypt keys. New deployments should use the default AES-GCM encryption.")
dbMaxIdleConns := fs.Int("db-max-idle-conns", 0, "maximum number of connections in the idle connection pool")
dbMaxOpenConns := fs.Int("db-max-open-conns", 0, "maximum number of open connections to the database")
// used only if --no-db is set
connectors := fs.String("connectors", "./static/fixtures/connectors.json", "JSON file containg set of IDPC configs")
clients := fs.String("clients", "./static/fixtures/clients.json", "json file containing set of clients")
users := fs.String("users", "./static/fixtures/users.json", "json file containing set of users")
logDebug := fs.Bool("log-debug", false, "log debug-level information")
logTimestamps := fs.Bool("log-timestamps", false, "prefix log lines with timestamps")
if err := fs.Parse(os.Args[1:]); err != nil {
fmt.Fprintln(os.Stderr, err.Error())
os.Exit(1)
}
if err := pflag.SetFlagsFromEnv(fs, "DEX_WORKER"); err != nil {
fmt.Fprintln(os.Stderr, err.Error())
os.Exit(1)
}
if *logDebug {
log.EnableDebug()
log.Infof("Debug logging enabled.")
log.Debugf("Debug logging enabled.")
}
if *logTimestamps {
log.EnableTimestamps()
}
// Validate listen address.
lu, err := url.Parse(*listen)
if err != nil {
log.Fatalf("Invalid listen address %q: %v", *listen, err)
}
switch lu.Scheme {
case "http":
case "https":
if *certFile == "" || *keyFile == "" {
log.Fatalf("Must provide certificate file and private key file")
}
default:
log.Fatalf("Only 'http' and 'https' schemes are supported")
}
// Validate issuer address.
iu, err := url.Parse(*issuer)
if err != nil {
log.Fatalf("Invalid issuer URL %q: %v", *issuer, err)
}
if iu.Scheme != "http" && iu.Scheme != "https" {
log.Fatalf("Only 'http' and 'https' schemes are supported")
}
scfg := server.ServerConfig{
IssuerURL: *issuer,
TemplateDir: *templates,
EmailTemplateDirs: emailTemplateDirs,
EmailFromAddress: *emailFrom,
EmailerConfigFile: *emailConfig,
IssuerName: *issuerName,
IssuerLogoURL: *issuerLogoURL,
EnableRegistration: *enableRegistration,
}
//.........这里部分代码省略.........