From 02e384f99eb10ab299805073c37ac2f4ed3f2cdc Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Fri, 15 Sep 2023 13:59:48 +0200 Subject: extract "build DN logic" --- main.go | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) (limited to 'main.go') diff --git a/main.go b/main.go index ae8fe06..92fd2dc 100644 --- a/main.go +++ b/main.go @@ -198,6 +198,9 @@ func logRequest(handler http.Handler) http.Handler { func checkLogin(w http.ResponseWriter, r *http.Request) *LoginStatus { var login_info *LoginInfo + //@FIXME check authentication header + + session, err := store.Get(r, SESSION_NAME) if err == nil { username, ok := session.Values["login_username"] @@ -364,6 +367,15 @@ type LoginFormData struct { ErrorMessage string } +func buildUserDN(username string) string { + user_dn := fmt.Sprintf("%s=%s,%s", config.UserNameAttr, username, config.UserBaseDN) + if strings.EqualFold(username, config.AdminAccount) { + user_dn = username + } + + return user_dn +} + func handleLogin(w http.ResponseWriter, r *http.Request) *LoginInfo { templateLogin := getTemplate("login.html") @@ -375,10 +387,7 @@ func handleLogin(w http.ResponseWriter, r *http.Request) *LoginInfo { username := strings.Join(r.Form["username"], "") password := strings.Join(r.Form["password"], "") - user_dn := fmt.Sprintf("%s=%s,%s", config.UserNameAttr, username, config.UserBaseDN) - if strings.EqualFold(username, config.AdminAccount) { - user_dn = username - } + user_dn := buildUserDN(username) l := ldapOpen(w) if l == nil { -- cgit v1.2.3 From 74113fad490ccdaa00961c5818eaa107781dfd79 Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Fri, 15 Sep 2023 14:32:44 +0200 Subject: WIP auth API --- main.go | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'main.go') diff --git a/main.go b/main.go index 92fd2dc..1402ff2 100644 --- a/main.go +++ b/main.go @@ -130,6 +130,8 @@ func main() { r.HandleFunc("/", handleHome) r.HandleFunc("/logout", handleLogout) + r.HandleFunc("/api/unstable/garage/bucket/{b}", handleAPIGarageBucket) + r.HandleFunc("/profile", handleProfile) r.HandleFunc("/passwd", handlePasswd) r.HandleFunc("/picture/{name}", handleDownloadPicture) @@ -198,9 +200,6 @@ func logRequest(handler http.Handler) http.Handler { func checkLogin(w http.ResponseWriter, r *http.Request) *LoginStatus { var login_info *LoginInfo - //@FIXME check authentication header - - session, err := store.Get(r, SESSION_NAME) if err == nil { username, ok := session.Values["login_username"] -- cgit v1.2.3 From 5b246ec86bc3eee768da2347f031b349d1e1553d Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Fri, 15 Sep 2023 18:25:37 +0200 Subject: basic logic for switching alias from local/global --- main.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'main.go') diff --git a/main.go b/main.go index 1402ff2..8bfb2f8 100644 --- a/main.go +++ b/main.go @@ -130,7 +130,7 @@ func main() { r.HandleFunc("/", handleHome) r.HandleFunc("/logout", handleLogout) - r.HandleFunc("/api/unstable/garage/bucket/{b}", handleAPIGarageBucket) + r.HandleFunc("/api/unstable/garage/bucket/{bucket}", handleAPIGarageBucket) r.HandleFunc("/profile", handleProfile) r.HandleFunc("/passwd", handlePasswd) -- cgit v1.2.3 From d0ed765be72f80034fa530ba037e488c35abdd9e Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Mon, 25 Sep 2023 10:27:49 +0200 Subject: add a cli feature --- main.go | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) (limited to 'main.go') diff --git a/main.go b/main.go index 8bfb2f8..c809d25 100644 --- a/main.go +++ b/main.go @@ -58,7 +58,8 @@ type ConfigFile struct { S3Bucket string `json:"s3_bucket"` } -var configFlag = flag.String("config", "./config.json", "Configuration file path") +var fsServer = flag.NewFlagSet("server", flag.ContinueOnError) +var configFlag = fsServer.String("config", "./config.json", "Configuration file path") var config *ConfigFile @@ -114,8 +115,25 @@ func getTemplate(name string) *template.Template { } func main() { - flag.Parse() + if len(os.Args) < 2 { + server(os.Args[1:]) + return + } + + switch os.Args[1] { + case "cli": + cliMain(os.Args[2:]) + case "server": + server(os.Args[2:]) + default: + log.Println("Usage: guichet [server|cli] --help") + os.Exit(1) + } +} +func server(args []string) { + log.Println("Starting Guichet Server") + fsServer.Parse(args) config_file := readConfig() config = &config_file -- cgit v1.2.3 From c06f52837e5b4aab5335e5a66885c48c24a148a2 Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Mon, 25 Sep 2023 15:35:54 +0200 Subject: WIP refactor (broken templates) --- main.go | 198 +++++++--------------------------------------------------------- 1 file changed, 21 insertions(+), 177 deletions(-) (limited to 'main.go') diff --git a/main.go b/main.go index c809d25..ee1863c 100644 --- a/main.go +++ b/main.go @@ -2,10 +2,8 @@ package main import ( "crypto/rand" - "crypto/tls" "encoding/json" "flag" - "fmt" "html/template" "io/ioutil" "log" @@ -146,6 +144,7 @@ func server(args []string) { r := mux.NewRouter() r.HandleFunc("/", handleHome) + r.HandleFunc("/login", handleLogin) r.HandleFunc("/logout", handleLogout) r.HandleFunc("/api/unstable/garage/bucket/{bucket}", handleAPIGarageBucket) @@ -183,31 +182,6 @@ func server(args []string) { } } -type LoginInfo struct { - Username string - DN string - Password string -} - -type LoginStatus struct { - Info *LoginInfo - conn *ldap.Conn - UserEntry *ldap.Entry - CanAdmin bool - CanInvite bool -} - -func (login *LoginStatus) WelcomeName() string { - ret := login.UserEntry.GetAttributeValue("givenname") - if ret == "" { - ret = login.UserEntry.GetAttributeValue("displayname") - } - if ret == "" { - ret = login.Info.Username - } - return ret -} - func logRequest(handler http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { log.Printf("%s %s %s\n", r.RemoteAddr, r.Method, r.URL) @@ -215,149 +189,32 @@ func logRequest(handler http.Handler) http.Handler { }) } -func checkLogin(w http.ResponseWriter, r *http.Request) *LoginStatus { - var login_info *LoginInfo - - session, err := store.Get(r, SESSION_NAME) - if err == nil { - username, ok := session.Values["login_username"] - password, ok2 := session.Values["login_password"] - user_dn, ok3 := session.Values["login_dn"] - - if ok && ok2 && ok3 { - login_info = &LoginInfo{ - DN: user_dn.(string), - Username: username.(string), - Password: password.(string), - } - } - } - - if login_info == nil { - login_info = handleLogin(w, r) - if login_info == nil { - return nil - } - } - - l := ldapOpen(w) - if l == nil { - return nil - } - - err = l.Bind(login_info.DN, login_info.Password) - if err != nil { - delete(session.Values, "login_username") - delete(session.Values, "login_password") - delete(session.Values, "login_dn") - - err = session.Save(r, w) - if err != nil { - http.Error(w, err.Error(), http.StatusInternalServerError) - return nil - } - return checkLogin(w, r) - } - - loginStatus := &LoginStatus{ - Info: login_info, - conn: l, - } - - requestKind := "(objectClass=organizationalPerson)" - if strings.EqualFold(login_info.DN, config.AdminAccount) { - requestKind = "(objectclass=*)" - } - searchRequest := ldap.NewSearchRequest( - login_info.DN, - ldap.ScopeBaseObject, ldap.NeverDerefAliases, 0, 0, false, - requestKind, - []string{ - "dn", - "displayname", - "givenname", - "sn", - "mail", - "memberof", - "description", - "garage_s3_access_key", - FIELD_NAME_DIRECTORY_VISIBILITY, - FIELD_NAME_PROFILE_PICTURE, - }, - nil) - - sr, err := l.Search(searchRequest) - if err != nil { - http.Error(w, err.Error(), http.StatusInternalServerError) - return nil - } - - if len(sr.Entries) != 1 { - http.Error(w, fmt.Sprintf("Unable to find entry for %s", login_info.DN), http.StatusInternalServerError) - return nil - } - - loginStatus.UserEntry = sr.Entries[0] - - loginStatus.CanAdmin = strings.EqualFold(loginStatus.Info.DN, config.AdminAccount) - loginStatus.CanInvite = false - for _, attr := range loginStatus.UserEntry.Attributes { - if strings.EqualFold(attr.Name, "memberof") { - for _, group := range attr.Values { - if config.GroupCanInvite != "" && strings.EqualFold(group, config.GroupCanInvite) { - loginStatus.CanInvite = true - } - if config.GroupCanAdmin != "" && strings.EqualFold(group, config.GroupCanAdmin) { - loginStatus.CanAdmin = true - } - } - } - } - - return loginStatus -} - -func ldapOpen(w http.ResponseWriter) *ldap.Conn { - l, err := ldap.DialURL(config.LdapServerAddr) - if err != nil { - http.Error(w, err.Error(), http.StatusInternalServerError) - return nil - } - - if config.LdapTLS { - err = l.StartTLS(&tls.Config{InsecureSkipVerify: true}) - if err != nil { - http.Error(w, err.Error(), http.StatusInternalServerError) - return nil - } - } - - return l -} - // Page handlers ---- + +// --- Home Controller type HomePageData struct { - Login *LoginStatus + User *LoggedUser BaseDN string } func handleHome(w http.ResponseWriter, r *http.Request) { templateHome := getTemplate("home.html") - login := checkLogin(w, r) - if login == nil { + user := RequireUserHtml(w, r) + if user == nil { return } data := &HomePageData{ - Login: login, + User: user, BaseDN: config.BaseDN, } templateHome.Execute(w, data) } +// --- Logout Controller func handleLogout(w http.ResponseWriter, r *http.Request) { session, err := store.Get(r, SESSION_NAME) if err != nil { @@ -374,9 +231,10 @@ func handleLogout(w http.ResponseWriter, r *http.Request) { return } - http.Redirect(w, r, "/", http.StatusFound) + http.Redirect(w, r, "/login", http.StatusFound) } +// --- Login Controller --- type LoginFormData struct { Username string WrongUser bool @@ -384,34 +242,26 @@ type LoginFormData struct { ErrorMessage string } -func buildUserDN(username string) string { - user_dn := fmt.Sprintf("%s=%s,%s", config.UserNameAttr, username, config.UserBaseDN) - if strings.EqualFold(username, config.AdminAccount) { - user_dn = username - } - - return user_dn -} - -func handleLogin(w http.ResponseWriter, r *http.Request) *LoginInfo { +func handleLogin(w http.ResponseWriter, r *http.Request) { templateLogin := getTemplate("login.html") if r.Method == "GET" { templateLogin.Execute(w, LoginFormData{}) - return nil + return } else if r.Method == "POST" { r.ParseForm() username := strings.Join(r.Form["username"], "") password := strings.Join(r.Form["password"], "") - user_dn := buildUserDN(username) + loginInfo := LoginInfo { username, password } - l := ldapOpen(w) - if l == nil { - return nil + l, err := NewLdapCon() + if err != nil { + http.Error(w, err.Error(), http.StatusInternalServerError) + return } - err := l.Bind(user_dn, password) + err = l.Bind(loginInfo.DN(), loginInfo.Password) if err != nil { data := &LoginFormData{ Username: username, @@ -424,7 +274,7 @@ func handleLogin(w http.ResponseWriter, r *http.Request) *LoginInfo { data.ErrorMessage = err.Error() } templateLogin.Execute(w, data) - return nil + return } // Successfully logged in, save it to session @@ -435,21 +285,15 @@ func handleLogin(w http.ResponseWriter, r *http.Request) *LoginInfo { session.Values["login_username"] = username session.Values["login_password"] = password - session.Values["login_dn"] = user_dn err = session.Save(r, w) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) - return nil + return } - return &LoginInfo{ - DN: user_dn, - Username: username, - Password: password, - } + http.Redirect(w, r, "/", http.StatusFound) } else { http.Error(w, "Unsupported method", http.StatusBadRequest) - return nil } } -- cgit v1.2.3 From bc368943a4c0853718b8a53b1caadc297412ef32 Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Mon, 25 Sep 2023 19:07:07 +0200 Subject: heavy refactor in progress --- main.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'main.go') diff --git a/main.go b/main.go index ee1863c..34a1630 100644 --- a/main.go +++ b/main.go @@ -147,7 +147,7 @@ func server(args []string) { r.HandleFunc("/login", handleLogin) r.HandleFunc("/logout", handleLogout) - r.HandleFunc("/api/unstable/garage/bucket/{bucket}", handleAPIGarageBucket) + r.HandleFunc("/api/unstable/website/{bucket}", handleAPIWebsite) r.HandleFunc("/profile", handleProfile) r.HandleFunc("/passwd", handlePasswd) @@ -156,10 +156,10 @@ func server(args []string) { r.HandleFunc("/directory/search", handleDirectorySearch) r.HandleFunc("/directory", handleDirectory) - r.HandleFunc("/garage/key", handleGarageKey) - r.HandleFunc("/garage/website", handleGarageWebsiteList) - r.HandleFunc("/garage/website/new", handleGarageWebsiteNew) - r.HandleFunc("/garage/website/b/{bucket}", handleGarageWebsiteInspect) + r.HandleFunc("/website", handleWebsiteList) + r.HandleFunc("/website/new", handleWebsiteNew) + r.HandleFunc("/website/configure", handleWebsiteConfigure) + r.HandleFunc("/website/inspect/{bucket}", handleWebsiteInspect) r.HandleFunc("/invite/new_account", handleInviteNewAccount) r.HandleFunc("/invite/send_code", handleInviteSendCode) -- cgit v1.2.3 From 982bd8a43c50bb5845b694dbd0b3e0ffbf43dad7 Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Mon, 25 Sep 2023 23:00:57 +0200 Subject: done with API --- main.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'main.go') diff --git a/main.go b/main.go index 34a1630..9763f53 100644 --- a/main.go +++ b/main.go @@ -147,7 +147,8 @@ func server(args []string) { r.HandleFunc("/login", handleLogin) r.HandleFunc("/logout", handleLogout) - r.HandleFunc("/api/unstable/website/{bucket}", handleAPIWebsite) + r.HandleFunc("/api/unstable/website", handleAPIWebsiteList) + r.HandleFunc("/api/unstable/website/{bucket}", handleAPIWebsiteInspect) r.HandleFunc("/profile", handleProfile) r.HandleFunc("/passwd", handlePasswd) -- cgit v1.2.3 From 706ff58a6f6608719feda15075d50f978df39c5b Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Tue, 26 Sep 2023 08:40:41 +0200 Subject: format --- main.go | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) (limited to 'main.go') diff --git a/main.go b/main.go index 9763f53..6553bef 100644 --- a/main.go +++ b/main.go @@ -119,13 +119,13 @@ func main() { } switch os.Args[1] { - case "cli": - cliMain(os.Args[2:]) - case "server": - server(os.Args[2:]) - default: - log.Println("Usage: guichet [server|cli] --help") - os.Exit(1) + case "cli": + cliMain(os.Args[2:]) + case "server": + server(os.Args[2:]) + default: + log.Println("Usage: guichet [server|cli] --help") + os.Exit(1) } } @@ -192,10 +192,9 @@ func logRequest(handler http.Handler) http.Handler { // Page handlers ---- - // --- Home Controller type HomePageData struct { - User *LoggedUser + User *LoggedUser BaseDN string } @@ -208,7 +207,7 @@ func handleHome(w http.ResponseWriter, r *http.Request) { } data := &HomePageData{ - User: user, + User: user, BaseDN: config.BaseDN, } @@ -235,7 +234,7 @@ func handleLogout(w http.ResponseWriter, r *http.Request) { http.Redirect(w, r, "/login", http.StatusFound) } -// --- Login Controller --- +// --- Login Controller --- type LoginFormData struct { Username string WrongUser bool @@ -254,7 +253,7 @@ func handleLogin(w http.ResponseWriter, r *http.Request) { username := strings.Join(r.Form["username"], "") password := strings.Join(r.Form["password"], "") - loginInfo := LoginInfo { username, password } + loginInfo := LoginInfo{username, password} l, err := NewLdapCon() if err != nil { -- cgit v1.2.3