aboutsummaryrefslogblamecommitdiff
path: root/api.go
blob: bce99939ec6ff702e16606bb688c52898ceec839 (plain) (tree) 
74113fa




f8f4179

74113fa

f8f4179

74113fa







f8f4179

74113fa




f8f4179

74113fa













f8f4179

74113fa






f8f4179

74113fa


































f8f4179

74113fa





f8f4179

74113fa



















f8f4179










74113fa



f8f4179

74113fa




f8f4179

e876bdd





























f8f4179

74113fa



1
2
3
4

5

6

7

8
9
10
11
12
13
14

15

16
17
18
19

20

21
22
23
24
25
26
27
28
29
30
31
32
33

34

35
36
37
38
39
40

41

42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75

76

77
78
79
80
81

82

83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101

102
103
104
105
106
107
108
109
110
111

112
113
114

115

116
117
118
119

120

121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149

150

151
152
153




                   
                
             
                                                                     






                                    
                                                                                  



                                                                                               
                                                                                        












                                                                                      
                                                                        





                                                                                               
                                                                                                          

































                                                                                      
                                                                                                              




                                                                                      
                                                                                                                                     


















                                                                                                                   









                                                                                                        


                                                                    
                                                     



                                
 




























                                                                                                                     
                                 


              
package main

import (
	//"context"
	"errors"
	"fmt"
	garage "git.deuxfleurs.fr/garage-sdk/garage-admin-sdk-golang"
	"github.com/go-ldap/ldap/v3"
	//"github.com/gorilla/mux"
	"log"
	"net/http"
	"strings"
)

func checkLoginAPI(w http.ResponseWriter, r *http.Request) (*LoginStatus, error) {
	username, password, ok := r.BasicAuth()
	if !ok {
		w.Header().Set("WWW-Authenticate", `Basic realm="restricted", charset="UTF-8"`)
		http.Error(w, "Unauthorized", http.StatusUnauthorized)
		return nil, errors.New("Missing or invalid 'Authenticate: Basic' field")
	}
	user_dn := buildUserDN(username)

	login_info := &LoginInfo{
		DN:       user_dn,
		Username: username,
		Password: password,
	}

	l := ldapOpen(w)
	if l == nil {
		log.Println(l)
		http.Error(w, "Internal server error", http.StatusInternalServerError)
		return nil, errors.New("Unable to open LDAP connection")
	}

	err := l.Bind(login_info.DN, login_info.Password)
	if err != nil {
		w.Header().Set("WWW-Authenticate", `Basic realm="restricted", charset="UTF-8"`)
		http.Error(w, "Unauthorized", http.StatusUnauthorized)
		return nil, errors.New("Unable to bind this user+password combination on the LDAP server")
	}

	loginStatus := &LoginStatus{
		Info: login_info,
		conn: l,
	}

	requestKind := "(objectClass=organizationalPerson)"

	if strings.EqualFold(login_info.DN, config.AdminAccount) {
		requestKind = "(objectclass=*)"
	}
	searchRequest := ldap.NewSearchRequest(
		login_info.DN,
		ldap.ScopeBaseObject, ldap.NeverDerefAliases, 0, 0, false,
		requestKind,
		[]string{
			"dn",
			"displayname",
			"givenname",
			"sn",
			"mail",
			"memberof",
			"description",
			"garage_s3_access_key",
			FIELD_NAME_DIRECTORY_VISIBILITY,
			FIELD_NAME_PROFILE_PICTURE,
		},
		nil)

	sr, err := l.Search(searchRequest)
	if err != nil {
		log.Println(err)
		http.Error(w, "Internal server error", http.StatusInternalServerError)
		return nil, errors.New("Unable to search essential information about the logged user on LDAP")
	}

	if len(sr.Entries) != 1 {
		log.Println(fmt.Sprintf("Unable to find entry for %s", login_info.DN))
		http.Error(w, "Internal server error", http.StatusInternalServerError)
		return nil, errors.New("Not enough or too many entries for this user in the LDAP directory (expect a unique result)")
	}

	loginStatus.UserEntry = sr.Entries[0]

	loginStatus.CanAdmin = strings.EqualFold(loginStatus.Info.DN, config.AdminAccount)
	loginStatus.CanInvite = false
	for _, attr := range loginStatus.UserEntry.Attributes {
		if strings.EqualFold(attr.Name, "memberof") {
			for _, group := range attr.Values {
				if config.GroupCanInvite != "" && strings.EqualFold(group, config.GroupCanInvite) {
					loginStatus.CanInvite = true
				}
				if config.GroupCanAdmin != "" && strings.EqualFold(group, config.GroupCanAdmin) {
					loginStatus.CanAdmin = true
				}
			}
		}
	}

	return loginStatus, nil
}

func checkLoginAndS3API(w http.ResponseWriter, r *http.Request) (*LoginStatus, *garage.KeyInfo, error) {
	login, err := checkLoginAPI(w, r)
	if err != nil {
		return nil, nil, err
	}
	keyPair, err := checkS3(login)
	return login, keyPair, err
}

func handleAPIGarageBucket(w http.ResponseWriter, r *http.Request) {
	login, s3key, err := checkLoginAndS3API(w, r)
	if err != nil {
		log.Println(err)
		return
	}

	// CHECK PATCH REQUEST

	// READ BODY JSON

	// VALIDATE OBJECT
	// --- bucket query parameter ---
	// 1. bucket must be owned by the key with owner permission, otherwise throw "unauthorized" (401)
	// 2. must not end with deuxfleurs.fr or deuxfleurs.org, otherwise throw "forbidden" (403)
	// --- global ---
	// 1. can be true, false, or nil (use pointers)
	// 2. if nil do nothing
	// 3. if false, throw "not yet implemented" (501)
	// 4. if true, check that the bucket name does not exist yet in the global namespace, throw "forbidden" (403)
	// --- quota.size ---
	// 1. if no quota on the bucket + this field is none, set to 50MB
	// 2. if lower than 50MB, set to 50MB. If higher than 200MB, set to 200MB
	// --- quota.files ---
	// 1. if no quota on the bucket + this field is none, set to 10k
	// 2. if lower than 10k, set to 10k. If higher than 40k, set to 40k

	// IF BODY.GLOBAL is not NONE
	// Add an alias

	// IF BODY.QUOTA.SIZE is not NONE
	// Change quota

	// IF BODY.QUOTA.FILE is not NONE
	// Change quota

	log.Println(login, s3key)

	return
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-12 22:33:43 +0000