package main import ( //"context" //"errors" "fmt" //garage "git.deuxfleurs.fr/garage-sdk/garage-admin-sdk-golang" "github.com/go-ldap/ldap/v3" //"github.com/gorilla/mux" "log" "net/http" "strings" ) func checkLoginAPI(w http.ResponseWriter, r *http.Request) *LoginStatus { username, password, ok := r.BasicAuth() if !ok { w.Header().Set("WWW-Authenticate", `Basic realm="restricted", charset="UTF-8"`) http.Error(w, "Unauthorized", http.StatusUnauthorized) return nil } user_dn := buildUserDN(username) login_info := &LoginInfo{ DN: user_dn, Username: username, Password: password, } l := ldapOpen(w) if l == nil { log.Println(l) http.Error(w, "Internal server error", http.StatusInternalServerError) return nil } err := l.Bind(login_info.DN, login_info.Password) if err != nil { w.Header().Set("WWW-Authenticate", `Basic realm="restricted", charset="UTF-8"`) http.Error(w, "Unauthorized", http.StatusUnauthorized) return nil } loginStatus := &LoginStatus{ Info: login_info, conn: l, } requestKind := "(objectClass=organizationalPerson)" if strings.EqualFold(login_info.DN, config.AdminAccount) { requestKind = "(objectclass=*)" } searchRequest := ldap.NewSearchRequest( login_info.DN, ldap.ScopeBaseObject, ldap.NeverDerefAliases, 0, 0, false, requestKind, []string{ "dn", "displayname", "givenname", "sn", "mail", "memberof", "description", "garage_s3_access_key", FIELD_NAME_DIRECTORY_VISIBILITY, FIELD_NAME_PROFILE_PICTURE, }, nil) sr, err := l.Search(searchRequest) if err != nil { log.Println(err) http.Error(w, "Internal server error", http.StatusInternalServerError) return nil } if len(sr.Entries) != 1 { log.Println(fmt.Sprintf("Unable to find entry for %s", login_info.DN)) http.Error(w, "Internal server error", http.StatusInternalServerError) return nil } loginStatus.UserEntry = sr.Entries[0] loginStatus.CanAdmin = strings.EqualFold(loginStatus.Info.DN, config.AdminAccount) loginStatus.CanInvite = false for _, attr := range loginStatus.UserEntry.Attributes { if strings.EqualFold(attr.Name, "memberof") { for _, group := range attr.Values { if config.GroupCanInvite != "" && strings.EqualFold(group, config.GroupCanInvite) { loginStatus.CanInvite = true } if config.GroupCanAdmin != "" && strings.EqualFold(group, config.GroupCanAdmin) { loginStatus.CanAdmin = true } } } } return loginStatus } func handleAPIGarageBucket(w http.ResponseWriter, r *http.Request) { login, s3key, err := checkLoginAndS3(w, r) if err != nil { log.Println(err) return } log.Println(login,s3key) return }