feat: add bearer-authenticated password change API
All checks were successful
continuous-integration/drone/push Build is passing

Add POST /api/v1/password endpoint accepting a JSON body
(username, old_password, new_password) protected by a shared
Bearer token (CHANGE_API_SECRET / -change-api-secret). It verifies
the current password via an LDAP bind before applying the change,
matching the alps "password" plugin bearer flow.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
nemunaire 2026-07-02 22:45:52 +08:00
commit 37edbbb9b6
3 changed files with 262 additions and 0 deletions

View file

@ -241,6 +241,7 @@ func main() {
http.HandleFunc(fmt.Sprintf("GET %s/style.css", baseURL), serveStyleCSS)
http.HandleFunc(fmt.Sprintf("GET %s/altcha-challenge", baseURL), serveAltchaChallenge)
http.HandleFunc(fmt.Sprintf("%s/{$}", baseURL), changePassword)
http.HandleFunc(fmt.Sprintf("POST %s/api/v1/password", baseURL), changePasswordAPI)
http.HandleFunc(fmt.Sprintf("POST %s/api/v1/aliases", baseURL), addyAliasAPI)
http.HandleFunc(fmt.Sprintf("DELETE %s/api/v1/aliases/{alias}", baseURL), addyAliasAPIDelete)
http.HandleFunc(fmt.Sprintf("%s/auth", baseURL), httpBasicAuth)