2018-11-12 22:31:10 +00:00
package main
import (
2020-09-05 10:09:49 +00:00
"fmt"
2018-11-12 22:31:10 +00:00
"html/template"
"log"
"net/http"
2021-09-13 11:07:31 +00:00
"strings"
2020-09-05 10:09:49 +00:00
2021-08-03 10:12:24 +00:00
"github.com/go-ldap/ldap/v3"
2018-11-12 22:31:10 +00:00
)
2020-09-05 10:09:49 +00:00
func login ( login string , password string ) ( [ ] * ldap . EntryAttribute , error ) {
conn , err := myLDAP . Connect ( )
if err != nil || conn == nil {
return nil , err
2021-09-15 10:13:09 +00:00
}
if err = conn . ServiceBind ( ) ; err != nil {
2020-09-05 10:09:49 +00:00
return nil , err
2021-09-15 10:13:09 +00:00
}
var dn string
dn , err = conn . SearchDN ( login , true )
if err != nil {
dn , err = conn . SearchDN ( login , false )
if err != nil {
return nil , err
}
}
if err := conn . Bind ( dn , password ) ; err != nil {
2020-09-05 10:09:49 +00:00
return nil , err
2021-09-15 10:13:09 +00:00
}
if entries , err := conn . GetEntry ( dn ) ; err != nil {
2020-09-05 10:09:49 +00:00
return nil , err
} else {
return entries , nil
}
}
2018-11-12 22:31:10 +00:00
func tryLogin ( w http . ResponseWriter , r * http . Request ) {
if r . Method != "POST" {
displayTmpl ( w , "login.html" , map [ string ] interface { } { } )
return
}
2020-09-05 10:09:49 +00:00
if entries , err := login ( r . PostFormValue ( "login" ) , r . PostFormValue ( "password" ) ) ; err != nil {
2018-11-12 22:31:10 +00:00
log . Println ( err )
displayTmplError ( w , http . StatusInternalServerError , "login.html" , map [ string ] interface { } { "error" : err . Error ( ) } )
} else {
2024-05-31 15:08:15 +00:00
apiToken := AddyAPIToken ( r . PostFormValue ( "login" ) )
2018-11-12 22:31:10 +00:00
cnt := "<ul>"
for _ , e := range entries {
2024-05-31 15:08:15 +00:00
for i , v := range e . Values {
2018-11-12 22:31:10 +00:00
if e . Name == "userPassword" {
cnt += "<li><strong>" + e . Name + ":</strong> <em>[...]</em></li>"
2024-05-31 15:08:15 +00:00
} else if e . Name == "mailAlias" && len ( strings . SplitN ( v , "@" , 2 ) [ 0 ] ) == 10 {
cnt += "<li id='" + fmt . Sprintf ( "mailAlias-%d" , i ) + "'><strong>" + e . Name + ":</strong> " + v + ` <button type="button" class="mx-1 btn btn-sm btn-danger" onclick="fetch('/api/v1/aliases/ ` + v + ` ', { 'method': 'delete', 'headers': { 'Authorization': 'Bearer ` + apiToken + ` '}}).then((res) => { if (res.ok) document.getElementById(' ` + fmt . Sprintf ( "mailAlias-%d" , i ) + ` ').remove(); });">Supprimer</a></li> `
2018-11-12 22:31:10 +00:00
} else {
cnt += "<li><strong>" + e . Name + ":</strong> " + v + "</li>"
}
}
}
2024-05-31 15:08:15 +00:00
displayTmpl ( w , "message.html" , map [ string ] interface { } { "details" : template . HTML ( ` Login ok<br><br>Here are the information we have about you: ` + cnt + "</ul><p>To use our Addy.io compatible API, use the following token: <code>" + apiToken + "</code></p>" ) } )
2018-11-12 22:31:10 +00:00
}
}
2020-09-05 10:09:49 +00:00
func httpBasicAuth ( w http . ResponseWriter , r * http . Request ) {
if user , pass , ok := r . BasicAuth ( ) ; ok {
if entries , err := login ( user , pass ) ; err != nil {
w . Header ( ) . Set ( "WWW-Authenticate" , ` Basic realm="nemunai.re restricted" ` )
w . WriteHeader ( http . StatusUnauthorized )
w . Write ( [ ] byte ( err . Error ( ) ) )
2021-09-13 11:07:31 +00:00
return
2020-09-05 10:09:49 +00:00
} else {
2021-08-11 16:32:37 +00:00
w . Header ( ) . Set ( "X-Remote-User" , user )
2020-09-05 10:09:49 +00:00
w . WriteHeader ( http . StatusOK )
for _ , e := range entries {
for _ , v := range e . Values {
if e . Name != "userPassword" {
w . Write ( [ ] byte ( fmt . Sprintf ( "%s: %s" , e . Name , v ) ) )
}
}
}
2021-09-13 11:07:31 +00:00
return
}
} else if v := r . Header . Get ( "X-Special-Auth" ) ; v == "docker-registry" {
method := r . Header . Get ( "X-Original-Method" )
uri := r . Header . Get ( "X-Original-URI" )
2020-09-05 10:09:49 +00:00
2021-11-28 15:36:39 +00:00
if ( method == "GET" || method == "HEAD" ) && uri != "" && uri != "/" && uri != "/v2/" && ! strings . HasPrefix ( uri , "/v2/_" ) {
2021-09-13 11:07:31 +00:00
log . Printf ( "docker-registry: Permit anonymous login for URL %s" , uri )
w . Header ( ) . Set ( "X-Remote-User" , "anonymous" )
w . WriteHeader ( http . StatusOK )
return
2020-09-05 10:09:49 +00:00
}
}
2021-09-13 11:07:31 +00:00
w . Header ( ) . Set ( "WWW-Authenticate" , ` Basic realm="nemunai.re restricted" ` )
w . WriteHeader ( http . StatusUnauthorized )
w . Write ( [ ] byte ( "Please login" ) )
2020-09-05 10:09:49 +00:00
}