docs: add README and dex custom theme
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
parent
12fd2f2e70
commit
69c307e7d6
12 changed files with 508 additions and 33 deletions
63
main.go
63
main.go
|
|
@ -17,7 +17,7 @@ import (
|
|||
"syscall"
|
||||
)
|
||||
|
||||
var myPublicURL = "https://ldap.nemunai.re"
|
||||
var myPublicURL = ""
|
||||
var devMode bool
|
||||
var brandName = "chldapasswd"
|
||||
var brandLogo = ""
|
||||
|
|
@ -35,7 +35,7 @@ var myLDAP = LDAP{
|
|||
Port: 389,
|
||||
BaseDN: "dc=example,dc=com",
|
||||
MailPort: 587,
|
||||
MailFrom: "noreply@nemunai.re",
|
||||
MailFrom: "noreply@example.com",
|
||||
}
|
||||
|
||||
type ResponseWriterPrefix struct {
|
||||
|
|
@ -79,37 +79,34 @@ func StripPrefix(prefix string, h http.Handler) http.Handler {
|
|||
}
|
||||
|
||||
func main() {
|
||||
var bind = flag.String("bind", "127.0.0.1:8080", "Bind port/socket")
|
||||
var baseURL = flag.String("baseurl", "/", "URL prepended to each URL")
|
||||
var configfile = flag.String("config", "", "path to the configuration file")
|
||||
var publicURL = flag.String("public-url", myPublicURL, "Public base URL used in password reset emails")
|
||||
var dev = flag.Bool("dev", false, "Development mode: disables HSTS and cookie Secure flag for local HTTP testing")
|
||||
var bname = flag.String("brand-name", "chldapasswd", "Brand name displayed in the UI")
|
||||
var blogo = flag.String("brand-logo", "", "URL of brand logo displayed in the UI (added to CSP img-src)")
|
||||
flag.Parse()
|
||||
baseURL := "/"
|
||||
bind := "127.0.0.1:8080"
|
||||
|
||||
myPublicURL = *publicURL
|
||||
devMode = *dev
|
||||
brandName = *bname
|
||||
brandLogo = *blogo
|
||||
if val, ok := os.LookupEnv("BRAND_NAME"); ok {
|
||||
brandName = val
|
||||
}
|
||||
if val, ok := os.LookupEnv("BRAND_LOGO"); ok {
|
||||
brandLogo = val
|
||||
}
|
||||
|
||||
var configfile = flag.String("config", "", "path to the configuration file")
|
||||
flag.StringVar(&baseURL, "baseurl", baseURL, "URL prepended to each URL")
|
||||
flag.StringVar(&bind, "bind", bind, "Bind port/socket")
|
||||
flag.StringVar(&brandName, "brand-name", brandName, "Brand name displayed in the UI")
|
||||
flag.StringVar(&brandLogo, "brand-logo", brandLogo, "URL of brand logo displayed in the UI (added to CSP img-src)")
|
||||
flag.BoolVar(&devMode, "dev", devMode, "Development mode: disables HSTS and cookie Secure flag for local HTTP testing")
|
||||
flag.StringVar(&myPublicURL, "public-url", myPublicURL, "Public base URL used in password reset emails")
|
||||
flag.Parse()
|
||||
|
||||
if devMode {
|
||||
log.Println("WARNING: running in development mode — security features relaxed, do not use in production")
|
||||
}
|
||||
|
||||
// Sanitize options
|
||||
log.Println("Checking paths...")
|
||||
if *baseURL != "/" {
|
||||
tmp := path.Clean(*baseURL)
|
||||
baseURL = &tmp
|
||||
if baseURL != "/" {
|
||||
baseURL = path.Clean(baseURL)
|
||||
} else {
|
||||
tmp := ""
|
||||
baseURL = &tmp
|
||||
baseURL = ""
|
||||
}
|
||||
|
||||
// Load config file
|
||||
|
|
@ -231,20 +228,20 @@ func main() {
|
|||
signal.Notify(interrupt, os.Interrupt, syscall.SIGTERM)
|
||||
|
||||
// Register handlers
|
||||
http.HandleFunc(fmt.Sprintf("GET %s/altcha.min.js", *baseURL), serveAltchaJS)
|
||||
http.HandleFunc(fmt.Sprintf("GET %s/style.css", *baseURL), serveStyleCSS)
|
||||
http.HandleFunc(fmt.Sprintf("GET %s/altcha-challenge", *baseURL), serveAltchaChallenge)
|
||||
http.HandleFunc(fmt.Sprintf("%s/{$}", *baseURL), changePassword)
|
||||
http.HandleFunc(fmt.Sprintf("POST %s/api/v1/aliases", *baseURL), addyAliasAPI)
|
||||
http.HandleFunc(fmt.Sprintf("DELETE %s/api/v1/aliases/{alias}", *baseURL), addyAliasAPIDelete)
|
||||
http.HandleFunc(fmt.Sprintf("%s/auth", *baseURL), httpBasicAuth)
|
||||
http.HandleFunc(fmt.Sprintf("%s/login", *baseURL), tryLogin)
|
||||
http.HandleFunc(fmt.Sprintf("%s/change", *baseURL), changePassword)
|
||||
http.HandleFunc(fmt.Sprintf("%s/reset", *baseURL), resetPassword)
|
||||
http.HandleFunc(fmt.Sprintf("%s/lost", *baseURL), lostPassword)
|
||||
http.HandleFunc(fmt.Sprintf("GET %s/altcha.min.js", baseURL), serveAltchaJS)
|
||||
http.HandleFunc(fmt.Sprintf("GET %s/style.css", baseURL), serveStyleCSS)
|
||||
http.HandleFunc(fmt.Sprintf("GET %s/altcha-challenge", baseURL), serveAltchaChallenge)
|
||||
http.HandleFunc(fmt.Sprintf("%s/{$}", baseURL), changePassword)
|
||||
http.HandleFunc(fmt.Sprintf("POST %s/api/v1/aliases", baseURL), addyAliasAPI)
|
||||
http.HandleFunc(fmt.Sprintf("DELETE %s/api/v1/aliases/{alias}", baseURL), addyAliasAPIDelete)
|
||||
http.HandleFunc(fmt.Sprintf("%s/auth", baseURL), httpBasicAuth)
|
||||
http.HandleFunc(fmt.Sprintf("%s/login", baseURL), tryLogin)
|
||||
http.HandleFunc(fmt.Sprintf("%s/change", baseURL), changePassword)
|
||||
http.HandleFunc(fmt.Sprintf("%s/reset", baseURL), resetPassword)
|
||||
http.HandleFunc(fmt.Sprintf("%s/lost", baseURL), lostPassword)
|
||||
|
||||
srv := &http.Server{
|
||||
Addr: *bind,
|
||||
Addr: bind,
|
||||
Handler: securityHeaders(http.DefaultServeMux),
|
||||
}
|
||||
|
||||
|
|
@ -253,7 +250,7 @@ func main() {
|
|||
log.Fatal(srv.ListenAndServe())
|
||||
}()
|
||||
log.Printf("Using LDAP server at %s:%d (baseDN: %s)", myLDAP.Host, myLDAP.Port, myLDAP.BaseDN)
|
||||
log.Printf("Ready, listening on %s", *bind)
|
||||
log.Printf("Ready, listening on %s", bind)
|
||||
|
||||
// Wait shutdown signal
|
||||
<-interrupt
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue