aboutsummaryrefslogblamecommitdiff
path: root/api.go
blob: 1ddb4ea86a6af2c5ddde4228e314d82365363dce (plain) (tree) 
74113fa




5b246ec

f8f4179

74113fa

f8f4179

74113fa

5b246ec

74113fa





f8f4179

74113fa




f8f4179

74113fa













f8f4179

74113fa






f8f4179

74113fa


































f8f4179

74113fa





f8f4179

74113fa



















f8f4179










74113fa


5b246ec



















74113fa

5b246ec






































































74113fa


5b246ec

74113fa


f8f4179

5b246ec


























e876bdd

5b246ec

e876bdd

5b246ec

e876bdd











5b246ec

e876bdd


5b246ec

e876bdd


5b246ec

e876bdd


5b246ec

e876bdd

5b246ec


74113fa

5b246ec










74113fa

1
2
3
4

5

6

7

8

9

10

11
12
13
14
15

16

17
18
19
20

21

22
23
24
25
26
27
28
29
30
31
32
33
34

35

36
37
38
39
40
41

42

43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76

77

78
79
80
81
82

83

84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102

103
104
105
106
107
108
109
110
111
112

113
114

115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133

134

135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204

205
206

207

208
209

210

211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236

237

238

239

240

241
242
243
244
245
246
247
248
249
250
251

252

253
254

255

256
257

258

259
260

261

262

263
264

265

266
267
268
269
270
271
272
273
274
275

276




                   
                       
                
             
                                                                     
                                    
                                




                  
                                                                                  



                                                                                               
                                                                                        












                                                                                      
                                                                        





                                                                                               
                                                                                                          

































                                                                                      
                                                                                                              




                                                                                      
                                                                                                                                     


















                                                                                                                   









                                                                                                        

 


















                                  
                                                                    





































































                                                                                                    

                                
                                                                                 

                      
 

























                                                                                                                                                 
 
                                                      
 
                      










                                                                                                                     
                         

                                     
                           

                                         
                           

                                         
                           
 

                              
 









                                                                                               
 
package main

import (
	//"context"
	"encoding/json"
	"errors"
	"fmt"
	garage "git.deuxfleurs.fr/garage-sdk/garage-admin-sdk-golang"
	"github.com/go-ldap/ldap/v3"
	"github.com/gorilla/mux"
	"log"
	"net/http"
	"strings"
)

func checkLoginAPI(w http.ResponseWriter, r *http.Request) (*LoginStatus, error) {
	username, password, ok := r.BasicAuth()
	if !ok {
		w.Header().Set("WWW-Authenticate", `Basic realm="restricted", charset="UTF-8"`)
		http.Error(w, "Unauthorized", http.StatusUnauthorized)
		return nil, errors.New("Missing or invalid 'Authenticate: Basic' field")
	}
	user_dn := buildUserDN(username)

	login_info := &LoginInfo{
		DN:       user_dn,
		Username: username,
		Password: password,
	}

	l := ldapOpen(w)
	if l == nil {
		log.Println(l)
		http.Error(w, "Internal server error", http.StatusInternalServerError)
		return nil, errors.New("Unable to open LDAP connection")
	}

	err := l.Bind(login_info.DN, login_info.Password)
	if err != nil {
		w.Header().Set("WWW-Authenticate", `Basic realm="restricted", charset="UTF-8"`)
		http.Error(w, "Unauthorized", http.StatusUnauthorized)
		return nil, errors.New("Unable to bind this user+password combination on the LDAP server")
	}

	loginStatus := &LoginStatus{
		Info: login_info,
		conn: l,
	}

	requestKind := "(objectClass=organizationalPerson)"

	if strings.EqualFold(login_info.DN, config.AdminAccount) {
		requestKind = "(objectclass=*)"
	}
	searchRequest := ldap.NewSearchRequest(
		login_info.DN,
		ldap.ScopeBaseObject, ldap.NeverDerefAliases, 0, 0, false,
		requestKind,
		[]string{
			"dn",
			"displayname",
			"givenname",
			"sn",
			"mail",
			"memberof",
			"description",
			"garage_s3_access_key",
			FIELD_NAME_DIRECTORY_VISIBILITY,
			FIELD_NAME_PROFILE_PICTURE,
		},
		nil)

	sr, err := l.Search(searchRequest)
	if err != nil {
		log.Println(err)
		http.Error(w, "Internal server error", http.StatusInternalServerError)
		return nil, errors.New("Unable to search essential information about the logged user on LDAP")
	}

	if len(sr.Entries) != 1 {
		log.Println(fmt.Sprintf("Unable to find entry for %s", login_info.DN))
		http.Error(w, "Internal server error", http.StatusInternalServerError)
		return nil, errors.New("Not enough or too many entries for this user in the LDAP directory (expect a unique result)")
	}

	loginStatus.UserEntry = sr.Entries[0]

	loginStatus.CanAdmin = strings.EqualFold(loginStatus.Info.DN, config.AdminAccount)
	loginStatus.CanInvite = false
	for _, attr := range loginStatus.UserEntry.Attributes {
		if strings.EqualFold(attr.Name, "memberof") {
			for _, group := range attr.Values {
				if config.GroupCanInvite != "" && strings.EqualFold(group, config.GroupCanInvite) {
					loginStatus.CanInvite = true
				}
				if config.GroupCanAdmin != "" && strings.EqualFold(group, config.GroupCanAdmin) {
					loginStatus.CanAdmin = true
				}
			}
		}
	}

	return loginStatus, nil
}

func checkLoginAndS3API(w http.ResponseWriter, r *http.Request) (*LoginStatus, *garage.KeyInfo, error) {
	login, err := checkLoginAPI(w, r)
	if err != nil {
		return nil, nil, err
	}
	keyPair, err := checkS3(login)
	return login, keyPair, err
}

type ApiQuotaView struct {
	files *uint64
	size  *uint64
}

type ApiBucketView struct {
	global *bool
	max    *ApiQuotaView
	used   *ApiQuotaView
}

type BucketRequest struct {
	s3key      *garage.KeyInfo
	bucketName string
	bucketId   string
	global     bool
	http       *http.Request
}

func handleAPIGarageBucket(w http.ResponseWriter, r *http.Request) {
	br, err := buildBucketRequest(w, r)
	if err != nil {
		return
	}

	if r.Method == http.MethodPatch {
		patchGarageBucket(w, br)
		return
	}

	if r.Method == http.MethodGet {
		getGarageBucket(w, br)
		return
	}

	http.Error(w, "This method is not implemented for this endpoint", http.StatusNotImplemented)
	return
}

func buildBucketRequest(w http.ResponseWriter, r *http.Request) (*BucketRequest, error) {
	_, s3key, err := checkLoginAndS3API(w, r)
	if err != nil {
		http.Error(w, "Unable to connect on LDAP", http.StatusUnauthorized)
		return nil, err
	}

	// FETCH BUCKET ID by iterating over buckets owned by this key
	bucketName := mux.Vars(r)["bucket"]
	var bucketId *string
	var global *bool

findBucketIdLoop:
	for _, bucket := range s3key.Buckets {
		for _, localAlias := range bucket.LocalAliases {
			if localAlias == bucketName {
				bucketId = bucket.Id
				*global = false
				break findBucketIdLoop
			}
		}
		for _, globalAlias := range bucket.GlobalAliases {
			if globalAlias == bucketName {
				bucketId = bucket.Id
				*global = true
				break findBucketIdLoop
			}
		}
	}

	if bucketId == nil || global == nil {
		http.Error(w, "Bucket not found in this account", http.StatusNotFound)
		return nil, errors.New("Unable to fetch bucket ID")
	}

	return &BucketRequest{
		s3key:      s3key,
		bucketName: bucketName,
		bucketId:   *bucketId,
		global:     *global,
		http:       r,
	}, nil
}

func patchGarageBucket(w http.ResponseWriter, br *BucketRequest) {
	var err error

	// DECODE BODY
	var queuedChange ApiBucketView
	decoder := json.NewDecoder(br.http.Body)
	err = decoder.Decode(&queuedChange)
	if err != nil {
		log.Println(err)
		http.Error(w, "Unable to decode the body", http.StatusBadRequest)
		return
	}

	// SET THE GLOBAL FLAG
	if queuedChange.global != nil {
		if *queuedChange.global && !br.global {
			_, err = grgAddGlobalAlias(br.bucketId, br.bucketName)
			if err != nil {
				http.Error(w, "Unable to add the requested name as global alias for this bucket", http.StatusInternalServerError)
				return
			}
			_, err = grgDelLocalAlias(br.bucketId, *br.s3key.AccessKeyId, br.bucketName)
			if err != nil {
				http.Error(w, "Unable to remove the local alias for this bucket", http.StatusInternalServerError)
				return
			}
		} else if !*queuedChange.global && br.global {
			grgAddLocalAlias(br.bucketId, *br.s3key.AccessKeyId, br.bucketName)
			if err != nil {
				http.Error(w, "Unable to add the requested name as local alias for this bucket", http.StatusInternalServerError)
				return
			}
			grgDelGlobalAlias(br.bucketId, br.bucketName)
			if err != nil {
				http.Error(w, "Unable to remove the global alias for this bucket", http.StatusInternalServerError)
				return
			}
		}
	}

	// CHECK IF QUOTA MUST BE ADDED TO THIS BUCKET

	// VALIDATE IT
	// --- global ---
	// 1. can be true, false, or nil (use pointers)
	// 2. if nil do nothing
	// 3. if false, throw "not yet implemented" (501)
	// 4. if true, check that the bucket name does not exist yet in the global namespace, throw "forbidden" (403)
	// --- quota.size ---
	// 1. if no quota on the bucket + this field is none, set to 50MB
	// 2. if lower than 50MB, set to 50MB. If higher than 200MB, set to 200MB
	// --- quota.files ---
	// 1. if no quota on the bucket + this field is none, set to 10k
	// 2. if lower than 10k, set to 10k. If higher than 40k, set to 40k
	// READ BODY JSON

	// IF BODY.GLOBAL is not NONE
	// DO: Add an alias

	// IF BODY.QUOTA.SIZE is not NONE
	// DO: Change quota

	// IF BODY.QUOTA.FILE is not NONE
	// DO: Change quota

	getGarageBucket(w, br)
}

func getGarageBucket(w http.ResponseWriter, br *BucketRequest) {
	// FETCH AN UPDATED BUCKET VIEW
	bucket, err := grgGetBucket(br.bucketId)
	if err != nil {
		http.Error(w, "Unable to fetch bucket details", http.StatusInternalServerError)
		return
	}

	// BUILD A VIEW
	log.Println(bucket)
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-25 08:19:08 +0000