1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
|
package main
import (
"errors"
"log"
"net/http"
"context"
"fmt"
"github.com/go-ldap/ldap/v3"
garage "git.deuxfleurs.fr/garage-sdk/garage-admin-sdk-golang"
)
func gadmin() (*garage.APIClient, context.Context) {
// Set Host and other parameters
configuration := garage.NewConfiguration()
configuration.Host = config.S3AdminEndpoint
// We can now generate a client
client := garage.NewAPIClient(configuration)
// Authentication is handled through the context pattern
ctx := context.WithValue(context.Background(), garage.ContextAccessToken, config.S3AdminToken)
return client, ctx
}
func grgCreateKey(name string) (*garage.KeyInfo, error) {
client, ctx := gadmin()
kr := garage.AddKeyRequest{Name: &name}
resp, _, err := client.KeyApi.AddKey(ctx).AddKeyRequest(kr).Execute()
if err != nil {
fmt.Printf("%+v\n", err)
return nil, err
}
return resp, nil
}
func grgGetKey(accessKey string) (*garage.KeyInfo, error) {
client, ctx := gadmin()
resp, _, err := client.KeyApi.GetKey(ctx, accessKey).Execute()
if err != nil {
fmt.Printf("%+v\n", err)
return nil, err
}
return resp, nil
}
func checkLoginAndS3(w http.ResponseWriter, r *http.Request) (*LoginStatus, *garage.KeyInfo, error) {
login := checkLogin(w, r)
if login == nil {
return nil, nil, errors.New("LDAP login failed")
}
keyID := login.UserEntry.GetAttributeValue("garage_s3_access_key")
if keyID == "" {
keyPair, err := grgCreateKey(login.Info.Username)
if err != nil {
return login, nil, err
}
modify_request := ldap.NewModifyRequest(login.Info.DN, nil)
modify_request.Replace("garage_s3_access_key", []string{*keyPair.AccessKeyId})
// @FIXME compatibility feature for bagage (SFTP+webdav)
// you can remove it once bagage will be updated to fetch the key from garage directly
// or when bottin will be able to dynamically fetch it.
modify_request.Replace("garage_s3_secret_key", []string{*keyPair.SecretAccessKey})
err = login.conn.Modify(modify_request)
return login, keyPair, err
}
// Note: we could simply return the login info, but LX asked we do not
// store the secrets in LDAP in the future.
keyPair, err := grgGetKey(keyID)
return login, keyPair, err
}
type keyView struct {
Status *LoginStatus
Key *garage.KeyInfo
}
func handleGarageKey(w http.ResponseWriter, r *http.Request) {
login, s3key, err := checkLoginAndS3(w, r)
if err != nil {
log.Println(err)
return
}
view := keyView{Status: login, Key: s3key}
tKey := getTemplate("garage_key.html")
tKey.Execute(w, &view)
}
func handleGarageWebsiteList(w http.ResponseWriter, r *http.Request) {
login, s3key, err := checkLoginAndS3(w, r)
if err != nil {
log.Println(err)
return
}
log.Println(login, s3key)
tWebsiteList := getTemplate("garage_website_list.html")
tWebsiteList.Execute(w, nil)
}
func handleGarageWebsiteNew(w http.ResponseWriter, r *http.Request) {
tWebsiteNew := getTemplate("garage_website_new.html")
tWebsiteNew.Execute(w, nil)
}
func handleGarageWebsiteInspect(w http.ResponseWriter, r *http.Request) {
login, s3key, err := checkLoginAndS3(w, r)
if err != nil {
log.Println(err)
return
}
log.Println(login, s3key)
tWebsiteInspect := getTemplate("garage_website_inspect.html")
tWebsiteInspect.Execute(w, nil)
}
|
