diff options
Diffstat (limited to 'api.go')
| -rw-r--r-- | api.go | 114 |
1 files changed, 114 insertions, 0 deletions
@@ -0,0 +1,114 @@ +package main + +import ( + //"context" + //"errors" + "fmt" + //garage "git.deuxfleurs.fr/garage-sdk/garage-admin-sdk-golang" + "github.com/go-ldap/ldap/v3" + //"github.com/gorilla/mux" + "log" + "net/http" + "strings" +) + +func checkLoginAPI(w http.ResponseWriter, r *http.Request) *LoginStatus { + username, password, ok := r.BasicAuth() + if !ok { + w.Header().Set("WWW-Authenticate", `Basic realm="restricted", charset="UTF-8"`) + http.Error(w, "Unauthorized", http.StatusUnauthorized) + return nil + } + user_dn := buildUserDN(username) + + login_info := &LoginInfo{ + DN: user_dn, + Username: username, + Password: password, + } + + l := ldapOpen(w) + if l == nil { + log.Println(l) + http.Error(w, "Internal server error", http.StatusInternalServerError) + return nil + } + + err := l.Bind(login_info.DN, login_info.Password) + if err != nil { + w.Header().Set("WWW-Authenticate", `Basic realm="restricted", charset="UTF-8"`) + http.Error(w, "Unauthorized", http.StatusUnauthorized) + return nil + } + + loginStatus := &LoginStatus{ + Info: login_info, + conn: l, + } + + requestKind := "(objectClass=organizationalPerson)" + + if strings.EqualFold(login_info.DN, config.AdminAccount) { + requestKind = "(objectclass=*)" + } + searchRequest := ldap.NewSearchRequest( + login_info.DN, + ldap.ScopeBaseObject, ldap.NeverDerefAliases, 0, 0, false, + requestKind, + []string{ + "dn", + "displayname", + "givenname", + "sn", + "mail", + "memberof", + "description", + "garage_s3_access_key", + FIELD_NAME_DIRECTORY_VISIBILITY, + FIELD_NAME_PROFILE_PICTURE, + }, + nil) + + sr, err := l.Search(searchRequest) + if err != nil { + log.Println(err) + http.Error(w, "Internal server error", http.StatusInternalServerError) + return nil + } + + if len(sr.Entries) != 1 { + log.Println(fmt.Sprintf("Unable to find entry for %s", login_info.DN)) + http.Error(w, "Internal server error", http.StatusInternalServerError) + return nil + } + + loginStatus.UserEntry = sr.Entries[0] + + loginStatus.CanAdmin = strings.EqualFold(loginStatus.Info.DN, config.AdminAccount) + loginStatus.CanInvite = false + for _, attr := range loginStatus.UserEntry.Attributes { + if strings.EqualFold(attr.Name, "memberof") { + for _, group := range attr.Values { + if config.GroupCanInvite != "" && strings.EqualFold(group, config.GroupCanInvite) { + loginStatus.CanInvite = true + } + if config.GroupCanAdmin != "" && strings.EqualFold(group, config.GroupCanAdmin) { + loginStatus.CanAdmin = true + } + } + } + } + + return loginStatus +} + +func handleAPIGarageBucket(w http.ResponseWriter, r *http.Request) { + login, s3key, err := checkLoginAndS3(w, r) + if err != nil { + log.Println(err) + return + } + log.Println(login,s3key) + + return +} |