Switch to SQL instead of Neo4j for user information

Dockerfile

@@ -1,23 +1,13 @@
 # Dockerfile References: https://docs.docker.com/engine/reference/builder/
 
 # Start from golang v1.11 base image
-FROM golang:1.12-alpine
+FROM golang:1.14-alpine
 
 # Add Maintainer Info
 LABEL maintainer="The OpenSentry Team"
 
 RUN apk add --update --no-cache ca-certificates cmake make g++ openssl-dev git curl pkgconfig openssh
 
-# RUN apt install -y libssl1.0.0
-RUN git clone -b v1.7.4 https://github.com/neo4j-drivers/seabolt.git /seabolt
-
-# invoke cmake build and install artifacts - default location is /usr/local
-WORKDIR /seabolt/build
-
-# CMAKE_INSTALL_LIBDIR=lib is a hack where we override default lib64 to lib to workaround a defect
-# in our generated pkg-config file
-RUN cmake -D CMAKE_BUILD_TYPE=Release -D CMAKE_INSTALL_LIBDIR=lib .. && cmake --build . --target install
-
 # Set the Current Working Directory inside the container
 WORKDIR $GOPATH/src/github.com/opensentry/idp
 

Dockerfile.alpine

@@ -1,6 +1,6 @@
 # Build with: DOCKER_BUILDKIT=1 docker build -t opensentry/idp:`cat ./VERSION` -f Dockerfile.alpine .
 
-ARG GO_VERSION=1.12
+ARG GO_VERSION=1.14
 ARG ALPINE_VERSION=3.10.3
 
 FROM golang:${GO_VERSION}-alpine AS builder
@@ -9,7 +9,6 @@ ARG APP=idp
 ARG SEABOLT_VERSION="v1.7.4"
 
 RUN apk add --update --no-cache ca-certificates cmake make g++ openssl-dev git curl pkgconfig libcap
-RUN git clone -b "$SEABOLT_VERSION" https://github.com/neo4j-drivers/seabolt.git /seabolt
 RUN update-ca-certificates 2>/dev/null || true
 
 WORKDIR /seabolt/build
@@ -25,9 +24,7 @@ RUN rm -f application-build*
 
 RUN go get -d -v ./...
 
-RUN curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh
-RUN dep init && dep ensure -add github.com/neo4j/neo4j-go-driver/neo4j
-RUN CGO_ENABLED=1 GOOS=linux GOARCH=amd64 go build -ldflags="-s -w" -tags seabolt_static -o /app
+RUN CGO_ENABLED=1 GOOS=linux GOARCH=amd64 go build -o /app
 RUN cp -r ./model /model # /views is static data, which isnt built within the binary
 RUN cp -r ./emails /emails # default email templates, mount others to change
 RUN cp -r ./ban /ban # default ban lists (empty), mount others to change

Dockerfile.dev

@@ -1,11 +1,6 @@
-FROM golang:1.12-alpine
+FROM golang:1.14-alpine
 
 RUN apk add --update --no-cache ca-certificates cmake make g++ openssl-dev git curl pkgconfig
-RUN git clone -b v1.7.4 https://github.com/neo4j-drivers/seabolt.git /seabolt
-
-WORKDIR /seabolt/build
-
-RUN cmake -D CMAKE_BUILD_TYPE=Release -D CMAKE_INSTALL_LIBDIR=lib .. && cmake --build . --target install
 
 WORKDIR $GOPATH/src/github.com/opensentry/idp
 
@@ -15,11 +10,10 @@ COPY . .
 #go get: warning: modules disabled by GO111MODULE=auto in GOPATH/src;
 #	ignoring go.mod;
 #	see 'go help modules'
-RUN rm go.mod go.sum
+# RUN rm go.mod go.sum
 
 RUN go get -d -v ./...
 
-#RUN go get github.com/pilu/fresh
 RUN go get github.com/ivpusic/rerun
 
 EXPOSE 443
@@ -29,5 +23,4 @@ COPY entrypoint.sh /entrypoint.sh
 RUN chmod +x /entrypoint.sh
 
 ENTRYPOINT ["/entrypoint.sh"]
-#CMD ["fresh"]
 CMD ["rerun", "-a--serve"]

app/environment.go

@@ -3,7 +3,7 @@ package app
 import (
   "crypto/rsa"
   "github.com/sirupsen/logrus"
-  "github.com/neo4j/neo4j-go-driver/neo4j"
+  "database/sql"
   nats "github.com/nats-io/nats.go"
   "golang.org/x/oauth2/clientcredentials"
   oidc "github.com/coreos/go-oidc"
@@ -37,7 +37,7 @@ type Environment struct {
   HydraConfig *clientcredentials.Config
   AapConfig *clientcredentials.Config
 
-  Driver   neo4j.Driver
+  Driver   *sql.DB
   BannedUsernames map[string]bool
   IssuerSignKey *rsa.PrivateKey
   IssuerVerifyKey *rsa.PublicKey
@@ -49,4 +49,4 @@ type EmailTemplate struct {
   Sender idp.SMTPSender
   File string
   Subject string
-}
+}

endpoints/challenges/challenges.go

@@ -3,6 +3,7 @@ package challenges
 import (
   "errors"
   "time"
+  "context"
   "net/http"
   "github.com/sirupsen/logrus"
   "github.com/gin-gonic/gin"
@@ -31,6 +32,9 @@ type ConfirmTemplateData struct {
 
 func GetChallenges(env *app.Environment) gin.HandlerFunc {
   fn := func(c *gin.Context) {
+
+		ctx := context.TODO() // FIXME
+
     log := c.MustGet(env.Constants.LogKey).(*logrus.Entry)
     log = log.WithFields(logrus.Fields{
       "func": "GetChallenges",
@@ -45,19 +49,17 @@ func GetChallenges(env *app.Environment) gin.HandlerFunc {
 
     var handleRequests = func(iRequests []*bulky.Request) {
 
-      session, tx, err := idp.BeginReadTx(env.Driver)
+      tx, err := env.Driver.BeginTx(ctx, nil)
       if err != nil {
         bulky.FailAllRequestsWithInternalErrorResponse(iRequests)
         log.Debug(err.Error())
         return
       }
-      defer tx.Close() // rolls back if not already committed/rolled back
-      defer session.Close()
 
       // requestor := c.MustGet("sub").(string)
       // var requestedBy *idp.Identity
       // if requestor != "" {
-      //  identities, err := idp.FetchIdentities(tx, []idp.Identity{ {Id:requestor} })
+      //  identities, err := idp.FetchIdentities(ctx, tx, []idp.Identity{ {Id:requestor} })
       //  if err != nil {
       //    bulky.FailAllRequestsWithInternalErrorResponse(iRequests)
       //    log.Debug(err.Error())
@@ -75,11 +77,11 @@ func GetChallenges(env *app.Environment) gin.HandlerFunc {
         var ok client.ReadChallengesResponse
 
         if request.Input == nil {
-          dbChallenges, err = idp.FetchChallenges(tx, nil)
+          dbChallenges, err = idp.FetchChallenges(ctx, tx, nil)
         } else {
           r := request.Input.(client.ReadChallengesRequest)
           log = log.WithFields(logrus.Fields{"otp_challenge": r.OtpChallenge})
-          dbChallenges, err = idp.FetchChallenges(tx, []idp.Challenge{ {Id: r.OtpChallenge} })
+          dbChallenges, err = idp.FetchChallenges(ctx, tx, []idp.Challenge{ {Id: r.OtpChallenge} })
         }
         if err != nil {
           e := tx.Rollback()
@@ -133,6 +135,9 @@ func GetChallenges(env *app.Environment) gin.HandlerFunc {
 
 func PostChallenges(env *app.Environment) gin.HandlerFunc {
   fn := func(c *gin.Context) {
+
+		ctx := context.TODO() // FIXME
+
     log := c.MustGet(env.Constants.LogKey).(*logrus.Entry)
     log = log.WithFields(logrus.Fields{
       "func": "PostChallenges",
@@ -155,19 +160,17 @@ func PostChallenges(env *app.Environment) gin.HandlerFunc {
 
     var handleRequests = func(iRequests []*bulky.Request) {
 
-      session, tx, err := idp.BeginWriteTx(env.Driver)
+      tx, err := env.Driver.BeginTx(ctx, nil)
       if err != nil {
         bulky.FailAllRequestsWithInternalErrorResponse(iRequests)
         log.Debug(err.Error())
         return
       }
-      defer tx.Close() // rolls back if not already committed/rolled back
-      defer session.Close()
 
       // requestor := c.MustGet("sub").(string)
       // var requestedBy *idp.Identity
       // if requestor != "" {
-      //  identities, err := idp.FetchIdentities(tx, []idp.Identity{ {Id:requestor} })
+      //  identities, err := idp.FetchIdentities(ctx, tx, []idp.Identity{ {Id:requestor} })
       //  if err != nil {
       //    bulky.FailAllRequestsWithInternalErrorResponse(iRequests)
       //    log.Debug(err.Error())
@@ -237,9 +240,9 @@ func PostChallenges(env *app.Environment) gin.HandlerFunc {
         var otpCode idp.ChallengeCode
         var challenge idp.Challenge
         if client.OTPType(newChallenge.CodeType) == client.TOTP {
-          challenge, err = idp.CreateChallengeUsingTotp(tx, ct, newChallenge)
+          challenge, err = idp.CreateChallengeUsingTotp(ctx, tx, ct, newChallenge)
         } else {
-          challenge, otpCode, err = idp.CreateChallengeUsingOtp(tx, ct, newChallenge)
+          challenge, otpCode, err = idp.CreateChallengeUsingOtp(ctx, tx, ct, newChallenge)
         }
         if err == nil && challenge.Id != "" {
 
@@ -441,4 +444,3 @@ func translateChallengeTypeToConfirmationType(challengeType idp.ChallengeType) (
     return client.ConfirmationType(0)
   }
 }
-

endpoints/challenges/verify.go

@@ -2,6 +2,7 @@ package challenges
 
 import (
   "net/http"
+  "context"
   "github.com/sirupsen/logrus"
   "github.com/gin-gonic/gin"
 
@@ -16,6 +17,9 @@ import (
 
 func PutVerify(env *app.Environment) gin.HandlerFunc {
   fn := func(c *gin.Context) {
+
+		ctx := context.TODO()
+
     log := c.MustGet(env.Constants.LogKey).(*logrus.Entry)
     log = log.WithFields(logrus.Fields{
       "func": "PutVerify",
@@ -38,14 +42,12 @@ func PutVerify(env *app.Environment) gin.HandlerFunc {
 
     var handleRequests = func(iRequests []*bulky.Request) {
 
-      session, tx, err := idp.BeginWriteTx(env.Driver)
+      tx, err := env.Driver.BeginTx(c, nil)
       if err != nil {
         bulky.FailAllRequestsWithInternalErrorResponse(iRequests)
         log.Debug(err.Error())
         return
       }
-      defer tx.Close() // rolls back if not already committed/rolled back
-      defer session.Close()
 
       // requestor := c.MustGet("sub").(string)
       // var requestedBy *idp.Identity
@@ -69,7 +71,7 @@ func PutVerify(env *app.Environment) gin.HandlerFunc {
         // Sanity check. Challenge must exists
         var aChallenge []idp.Challenge
         aChallenge = append(aChallenge, idp.Challenge{Id: r.OtpChallenge})
-        dbChallenges, err := idp.FetchChallenges(tx, aChallenge)
+        dbChallenges, err := idp.FetchChallenges(ctx, tx, aChallenge)
         if err != nil {
           e := tx.Rollback()
           if e != nil {
@@ -99,7 +101,7 @@ func PutVerify(env *app.Environment) gin.HandlerFunc {
 
         if client.OTPType(challenge.CodeType) == client.TOTP {
 
-          humans, err := idp.FetchHumans(tx, []idp.Human{ {Identity:idp.Identity{Id:challenge.Subject}} })
+          humans, err := idp.FetchHumans(ctx, tx, []idp.Human{ {Identity:idp.Identity{Id:challenge.Subject}} })
           if err != nil {
             e := tx.Rollback()
             if e != nil {
@@ -155,7 +157,7 @@ func PutVerify(env *app.Environment) gin.HandlerFunc {
 
         if valid == true {
 
-          verifiedChallenge, err := idp.VerifyChallenge(tx, challenge)
+          verifiedChallenge, err := idp.VerifyChallenge(ctx, tx, challenge)
           if err != nil {
             e := tx.Rollback()
             if e != nil {