1 files changed, 11 insertions, 106 deletions
diff --git a/api.go b/api.go
index 6bff15d..7d9c2cd 100644
--- a/api.go
+++ b/api.go
@@ -2,115 +2,14 @@ package main
 
 import (
 	//"context"
-	"encoding/json"
 	"errors"
-	"fmt"
+	"encoding/json"
 	garage "git.deuxfleurs.fr/garage-sdk/garage-admin-sdk-golang"
-	"github.com/go-ldap/ldap/v3"
 	"github.com/gorilla/mux"
 	"log"
 	"net/http"
-	"strings"
 )
 
-func checkLoginAPI(w http.ResponseWriter, r *http.Request) (*LoginStatus, error) {
-	username, password, ok := r.BasicAuth()
-	if !ok {
-		w.Header().Set("WWW-Authenticate", `Basic realm="restricted", charset="UTF-8"`)
-		http.Error(w, "Unauthorized", http.StatusUnauthorized)
-		return nil, errors.New("Missing or invalid 'Authenticate: Basic' field")
-	}
-	user_dn := buildUserDN(username)
-
-	login_info := &LoginInfo{
-		DN:       user_dn,
-		Username: username,
-		Password: password,
-	}
-
-	l := ldapOpen(w)
-	if l == nil {
-		log.Println("Unable to open LDAP connection")
-		return nil, errors.New("Unable to open LDAP connection")
-	}
-
-	err := l.Bind(login_info.DN, login_info.Password)
-	if err != nil {
-		w.Header().Set("WWW-Authenticate", `Basic realm="restricted", charset="UTF-8"`)
-		http.Error(w, "Unauthorized", http.StatusUnauthorized)
-		return nil, errors.New("Unable to bind this user+password combination on the LDAP server")
-	}
-
-	loginStatus := &LoginStatus{
-		Info: login_info,
-		conn: l,
-	}
-
-	requestKind := "(objectClass=organizationalPerson)"
-
-	if strings.EqualFold(login_info.DN, config.AdminAccount) {
-		requestKind = "(objectclass=*)"
-	}
-	searchRequest := ldap.NewSearchRequest(
-		login_info.DN,
-		ldap.ScopeBaseObject, ldap.NeverDerefAliases, 0, 0, false,
-		requestKind,
-		[]string{
-			"dn",
-			"displayname",
-			"givenname",
-			"sn",
-			"mail",
-			"memberof",
-			"description",
-			"garage_s3_access_key",
-			FIELD_NAME_DIRECTORY_VISIBILITY,
-			FIELD_NAME_PROFILE_PICTURE,
-		},
-		nil)
-
-	sr, err := l.Search(searchRequest)
-	if err != nil {
-		log.Println(err)
-		http.Error(w, "Internal server error", http.StatusInternalServerError)
-		return nil, errors.New("Unable to search essential information about the logged user on LDAP")
-	}
-
-	if len(sr.Entries) != 1 {
-		log.Println(fmt.Sprintf("Unable to find entry for %s", login_info.DN))
-		http.Error(w, "Internal server error", http.StatusInternalServerError)
-		return nil, errors.New("Not enough or too many entries for this user in the LDAP directory (expect a unique result)")
-	}
-
-	loginStatus.UserEntry = sr.Entries[0]
-
-	loginStatus.CanAdmin = strings.EqualFold(loginStatus.Info.DN, config.AdminAccount)
-	loginStatus.CanInvite = false
-	for _, attr := range loginStatus.UserEntry.Attributes {
-		if strings.EqualFold(attr.Name, "memberof") {
-			for _, group := range attr.Values {
-				if config.GroupCanInvite != "" && strings.EqualFold(group, config.GroupCanInvite) {
-					loginStatus.CanInvite = true
-				}
-				if config.GroupCanAdmin != "" && strings.EqualFold(group, config.GroupCanAdmin) {
-					loginStatus.CanAdmin = true
-				}
-			}
-		}
-	}
-
-	return loginStatus, nil
-}
-
-func checkLoginAndS3API(w http.ResponseWriter, r *http.Request) (*LoginStatus, *garage.KeyInfo, error) {
-	login, err := checkLoginAPI(w, r)
-	if err != nil {
-		return nil, nil, err
-	}
-	keyPair, err := checkS3(login)
-	return login, keyPair, err
-}
-
 type ApiQuotaView struct {
 	files *uint64
 	size  *uint64
@@ -131,6 +30,7 @@ type BucketRequest struct {
 }
 
 func handleAPIGarageBucket(w http.ResponseWriter, r *http.Request) {
+	
 	br, err := buildBucketRequest(w, r)
 	if err != nil {
 		return
@@ -151,10 +51,9 @@ func handleAPIGarageBucket(w http.ResponseWriter, r *http.Request) {
 }
 
 func buildBucketRequest(w http.ResponseWriter, r *http.Request) (*BucketRequest, error) {
-	_, s3key, err := checkLoginAndS3API(w, r)
-	if err != nil {
-		//http.Error(w, "Unable to connect on LDAP", http.StatusUnauthorized)
-		return nil, err
+	user := RequireUserApi(w, r)
+	if user == nil {
+		return nil, errors.New("Unable to fetch user")
 	}
 
 	// FETCH BUCKET ID by iterating over buckets owned by this key
@@ -162,6 +61,11 @@ func buildBucketRequest(w http.ResponseWriter, r *http.Request) (*BucketRequest,
 	var bucketId *string
 	var global *bool
 
+	s3key, err := user.S3KeyInfo()
+	if err != nil {
+		return nil, err
+	}
+
 findBucketIdLoop:
 	for _, bucket := range s3key.Buckets {
 		for _, localAlias := range bucket.LocalAliases {
@@ -192,6 +96,7 @@ findBucketIdLoop:
 		global:     *global,
 		http:       r,
 	}, nil
+	
 }
 
 func patchGarageBucket(w http.ResponseWriter, br *BucketRequest) {