Add --public-url CLI option to support google oauth redirect uri

oauth2/google.go

@@ -21,6 +21,7 @@ var _ Provider = &Google{}
 type Google struct {
 	ClientID     string
 	ClientSecret string
+	RedirectURL  string
 	Domains      []string // Optional google email domain checking
 	Logger       chronograf.Logger
 }
@@ -56,7 +57,7 @@ func (g *Google) Config() *oauth2.Config {
 		ClientSecret: g.Secret(),
 		Scopes:       g.Scopes(),
 		Endpoint:     GoogleEndpoint,
-		RedirectURL:  "http://localhost:8888/oauth/google/callback", // TODO: we are required to have a redirect_uri from google
+		RedirectURL:  g.RedirectURL,
 	}
 }
 

server/mux.go

@@ -22,6 +22,7 @@ const (
 type MuxOpts struct {
 	Logger             chronograf.Logger
 	Develop            bool     // Develop loads assets from filesystem instead of bindata
+	Basepath           string   // URL path prefix under which all chronograf routes will be mounted
 	UseAuth            bool     // UseAuth turns on Github OAuth and JWT
 	TokenSecret        string   // TokenSecret is the JWT secret
 	GithubClientID     string   // GithubClientID is the GH OAuth id
@@ -29,7 +30,8 @@ type MuxOpts struct {
 	GithubOrgs         []string // GithubOrgs is the list of organizations a user may be a member of
 	GoogleClientID     string   // GoogleClientID is the Google OAuth id
 	GoogleClientSecret string   // GoogleClientSecret is the Google OAuth secret
-	GoogleDomains      []string // GoogleOrgs is the list of domains a user may be a member of
+	GoogleDomains      []string // GoogleDomains is the list of domains a user may be a member of
+	PublicURL          string   // PublicURL is the public facing URL for the server
 }
 
 // NewMux attaches all the route handlers; handler returned servers chronograf.
@@ -148,10 +150,12 @@ func AuthAPI(opts MuxOpts, router *httprouter.Router) http.Handler {
 	router.Handler("GET", "/oauth/github/logout", ghMux.Logout())
 	router.Handler("GET", "/oauth/github/callback", ghMux.Callback())
 
+	redirectURL := opts.PublicURL + opts.Basepath + "/oauth/google/callback"
 	google := oauth2.Google{
 		ClientID:     opts.GoogleClientID,
 		ClientSecret: opts.GoogleClientSecret,
 		Domains:      opts.GoogleDomains,
+		RedirectURL:  redirectURL,
 		Logger:       opts.Logger,
 	}
 

server/server.go

@@ -50,6 +50,7 @@ type Server struct {
 	GoogleClientID     string   `long:"google-client-id" description:"Google Client ID for OAuth 2 support" env:"GOOGLE_CLIENT_ID"`
 	GoogleClientSecret string   `long:"google-client-secret" description:"Google Client Secret for OAuth 2 support" env:"GOGGLE_CLIENT_SECRET"`
 	GoogleDomains      []string `long:"google-domains" description:"Google email domain user is required to have active membership" env:"GOOGLE_DOMAINS" env-delim:","`
+	PublicURL          string   `long:"public-url" description:"Full public URL used to access Chronograf from a web browser. Used for Google OAuth2 authentication. (http://localhost:8888)" env:"PUBLIC_URL"`
 
 	ReportingDisabled bool   `short:"r" long:"reporting-disabled" description:"Disable reporting of usage stats (os,arch,version,cluster_id,uptime) once every 24hr" env:"REPORTING_DISABLED"`
 	LogLevel          string `short:"l" long:"log-level" value-name:"choice" choice:"debug" choice:"info" choice:"warn" choice:"error" choice:"fatal" choice:"panic" default:"info" description:"Set the logging level" env:"LOG_LEVEL"`
@@ -68,7 +69,7 @@ type BuildInfo struct {
 
 func (s *Server) useAuth() bool {
 	gh := s.TokenSecret != "" && s.GithubClientID != "" && s.GithubClientSecret != ""
-	google := s.TokenSecret != "" && s.GoogleClientID != "" && s.GoogleClientSecret != ""
+	google := s.TokenSecret != "" && s.GoogleClientID != "" && s.GoogleClientSecret != "" && s.PublicURL != ""
 	return gh || google
 }
 
@@ -86,6 +87,7 @@ func (s *Server) Serve() error {
 		GoogleClientID:     s.GoogleClientID,
 		GoogleClientSecret: s.GoogleClientSecret,
 		GoogleDomains:      s.GoogleDomains,
+		PublicURL:          s.PublicURL,
 		Logger:             logger,
 		UseAuth:            s.useAuth(),
 	}, service)