aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorQuentin Dufour <quentin@deuxfleurs.fr>2023-04-19 11:36:13 +0200
committerQuentin Dufour <quentin@deuxfleurs.fr>2023-04-19 11:36:13 +0200
commitbdb9af5a26f49799cb1feec866d289513eb09e7b (patch)
tree4cc3e618813091316a8d0bf6d7570e830c231271
parent24600c8787f949d0de2596a9c6b54a38474e461a (diff)
downloadguichet-bdb9af5a26f49799cb1feec866d289513eb09e7b.tar.gz
guichet-bdb9af5a26f49799cb1feec866d289513eb09e7b.zip
Garage key page info
-rw-r--r--garage.go78
-rw-r--r--main.go1
-rw-r--r--templates/garage_key.html16
3 files changed, 81 insertions, 14 deletions
diff --git a/garage.go b/garage.go
index 4e23e8f..e8962ae 100644
--- a/garage.go
+++ b/garage.go
@@ -1,9 +1,12 @@
package main
import (
+ "errors"
+ "log"
"net/http"
"context"
"fmt"
+ "github.com/go-ldap/ldap/v3"
garage "git.deuxfleurs.fr/garage-sdk/garage-admin-sdk-golang"
)
@@ -21,26 +24,82 @@ func gadmin() (*garage.APIClient, context.Context) {
}
-func createKey(name string) error {
+func grgCreateKey(name string) (*garage.KeyInfo, error) {
client, ctx := gadmin()
kr := garage.AddKeyRequest{Name: &name}
resp, _, err := client.KeyApi.AddKey(ctx).AddKeyRequest(kr).Execute()
if err != nil {
fmt.Printf("%+v\n", err)
- return err
+ return nil, err
}
- fmt.Printf("%+v\n", resp)
- return nil
+ return resp, nil
+}
+
+func grgGetKey(accessKey string) (*garage.KeyInfo, error) {
+ client, ctx := gadmin()
+
+ resp, _, err := client.KeyApi.GetKey(ctx, accessKey).Execute()
+ if err != nil {
+ fmt.Printf("%+v\n", err)
+ return nil, err
+ }
+ return resp, nil
+}
+
+
+func checkLoginAndS3(w http.ResponseWriter, r *http.Request) (*LoginStatus, *garage.KeyInfo, error) {
+ login := checkLogin(w, r)
+ if login == nil {
+ return nil, nil, errors.New("LDAP login failed")
+ }
+
+ keyID := login.UserEntry.GetAttributeValue("garage_s3_access_key")
+ if keyID == "" {
+ keyPair, err := grgCreateKey(login.Info.Username)
+ if err != nil {
+ return login, nil, err
+ }
+ modify_request := ldap.NewModifyRequest(login.Info.DN, nil)
+ modify_request.Replace("garage_s3_access_key", []string{*keyPair.AccessKeyId})
+ // @FIXME compatibility feature for bagage (SFTP+webdav)
+ // you can remove it once bagage will be updated to fetch the key from garage directly
+ // or when bottin will be able to dynamically fetch it.
+ modify_request.Replace("garage_s3_secret_key", []string{*keyPair.SecretAccessKey})
+ err = login.conn.Modify(modify_request)
+ return login, keyPair, err
+ }
+ // Note: we could simply return the login info, but LX asked we do not
+ // store the secrets in LDAP in the future.
+ keyPair, err := grgGetKey(keyID)
+ return login, keyPair, err
+}
+
+type keyView struct {
+ Status *LoginStatus
+ Key *garage.KeyInfo
}
func handleGarageKey(w http.ResponseWriter, r *http.Request) {
- createKey("toto")
+ login, s3key, err := checkLoginAndS3(w, r)
+ if err != nil {
+ log.Println(err)
+ return
+ }
+ view := keyView{Status: login, Key: s3key}
+
tKey := getTemplate("garage_key.html")
- tKey.Execute(w, nil)
+ tKey.Execute(w, &view)
}
func handleGarageWebsiteList(w http.ResponseWriter, r *http.Request) {
+ login, s3key, err := checkLoginAndS3(w, r)
+ if err != nil {
+ log.Println(err)
+ return
+ }
+ log.Println(login, s3key)
+
tWebsiteList := getTemplate("garage_website_list.html")
tWebsiteList.Execute(w, nil)
}
@@ -51,6 +110,13 @@ func handleGarageWebsiteNew(w http.ResponseWriter, r *http.Request) {
}
func handleGarageWebsiteInspect(w http.ResponseWriter, r *http.Request) {
+ login, s3key, err := checkLoginAndS3(w, r)
+ if err != nil {
+ log.Println(err)
+ return
+ }
+ log.Println(login, s3key)
+
tWebsiteInspect := getTemplate("garage_website_inspect.html")
tWebsiteInspect.Execute(w, nil)
}
diff --git a/main.go b/main.go
index 89051f5..0e47e73 100644
--- a/main.go
+++ b/main.go
@@ -255,6 +255,7 @@ func checkLogin(w http.ResponseWriter, r *http.Request) *LoginStatus {
"mail",
"memberof",
"description",
+ "garage_s3_access_key",
FIELD_NAME_DIRECTORY_VISIBILITY,
FIELD_NAME_PROFILE_PICTURE,
},
diff --git a/templates/garage_key.html b/templates/garage_key.html
index 862aabd..b839fcb 100644
--- a/templates/garage_key.html
+++ b/templates/garage_key.html
@@ -22,11 +22,11 @@
<tbody>
<tr>
<th scope="row">Identifiant de clé</th>
- <td>GKxxx</td>
+ <td>{{ .Key.AccessKeyId }}</td>
</tr>
<tr>
<th scope="row">Clé secrète</th>
- <td>...</td>
+ <td>{{ .Key.SecretAccessKey }}</td>
</tr>
<tr>
<th scope="row">Région</th>
@@ -62,8 +62,8 @@
<div class="card-body">
<p>Créez un fichier nommé <code>~/.awsrc</code> :</p>
<pre>
-export AWS_ACCESS_KEY_ID=GK...
-export AWS_SECRET_ACCESS_KEY=...
+export AWS_ACCESS_KEY_ID={{ .Key.AccessKeyId }}
+export AWS_SECRET_ACCESS_KEY={{ .Key.SecretAccessKey }}
export AWS_DEFAULT_REGION='garage'
function aws { command aws --endpoint-url https://garage.deuxfleurs.fr $@ ; }
@@ -97,8 +97,8 @@ aws s3 cp /tmp/a.txt s3://my-bucket
mc alias set \
garage \
https://garage.deuxfleurs.fr \
- GK... \
- ... \
+ {{ .Key.AccessKeyId }} \
+ {{ .Key.SecretAccessKey }} \
--api S3v4
</pre>
<p>Et ensuite pour utiliser Minio CLI avec :</p>
@@ -176,7 +176,7 @@ hugo deploy
<tbody>
<tr>
<th scope="row">Nom d'utilisateur-ice</th>
- <td>(votre username guichet)</td>
+ <td>{{ .Status.Info.Username }}</td>
</tr>
<tr>
<th scope="row">Mot de passe</th>
@@ -207,7 +207,7 @@ hugo deploy
<div class="card-body">
<p>Un exemple avec SCP :</p>
<pre>
-scp -oHostKeyAlgorithms=+ssh-rsa -P2222 -r ./public bagage.deuxfleurs.fr:mon_bucket/
+scp -oHostKeyAlgorithms=+ssh-rsa -P2222 -r ./public {{ .Status.Info.Username }}@bagage.deuxfleurs.fr:mon_bucket/
</pre>
</div>
</div>