2025-02-11 07:09:47 +00:00
package app
import (
uuid "github.com/nu7hatch/gouuid"
var LDAPSessions map[string]*LDAPClient
2025-02-11 07:09:48 +00:00
var APIVersion = "1.0.1"
2025-02-11 07:09:47 +00:00
func Run() {
configPath := flag.String("config", "config.json", "path to config.json file")
config := GetConfig(*configPath)
log.Println("Initialized config from " + *configPath)
router := gin.Default()
store := cookie.NewStore([]byte(config.SessionSecretKey))
Path: config.SessionCookie.Path,
HttpOnly: config.SessionCookie.HttpOnly,
Secure: config.SessionCookie.Secure,
MaxAge: config.SessionCookie.MaxAge,
router.Use(sessions.Sessions(config.SessionCookieName, store))
LDAPSessions = make(map[string]*LDAPClient)
2025-02-11 07:09:48 +00:00
router.GET("/version", func(c *gin.Context) {
c.JSON(http.StatusOK, gin.H{"version": APIVersion})
2025-02-11 07:09:47 +00:00
router.POST("/ticket", func(c *gin.Context) {
var body Login
if err := c.ShouldBind(&body); err != nil { // bad request from binding
c.JSON(http.StatusBadRequest, gin.H{"auth": false, "error": err.Error()})
newLDAPClient, err := NewLDAPClient(config)
if err != nil { // failed to dial ldap server, considered a server error
c.JSON(http.StatusInternalServerError, gin.H{"auth": false, "error": err.Error()})
err = newLDAPClient.BindUser(body.Username, body.Password)
if err != nil { // failed to authenticate, return error
c.JSON(http.StatusBadRequest, gin.H{"auth": false, "error": err.Error()})
// successful binding at this point
// create new session
session := sessions.Default(c)
// create (hopefully) safe uuid to map to ldap session
uuid, _ := uuid.NewV4()
// set uuid mapping in session
session.Set("SessionUUID", uuid.String())
// set uuid mapping in LDAPSessions
LDAPSessions[uuid.String()] = newLDAPClient
// save the session
// return successful auth
c.JSON(http.StatusOK, gin.H{"auth": true})
router.DELETE("/ticket", func(c *gin.Context) {
session := sessions.Default(c)
SessionUUID := session.Get("SessionUUID")
if SessionUUID == nil {
c.JSON(http.StatusUnauthorized, gin.H{"auth": false})
uuid := SessionUUID.(string)
delete(LDAPSessions, uuid)
session.Options(sessions.Options{MaxAge: -1}) // set max age to -1 so it is deleted
_ = session.Save()
c.JSON(http.StatusUnauthorized, gin.H{"auth": false})
router.GET("/users", func(c *gin.Context) {
session := sessions.Default(c)
SessionUUID := session.Get("SessionUUID")
if SessionUUID == nil {
c.JSON(http.StatusUnauthorized, gin.H{"auth": false})
uuid := SessionUUID.(string)
LDAPSession := LDAPSessions[uuid]
if LDAPSession == nil { // does not have registered ldap session associated with cookie session
c.JSON(http.StatusUnauthorized, gin.H{"auth": false})
status, res := LDAPSession.GetAllUsers()
c.JSON(status, res)
router.POST("/users/:userid", func(c *gin.Context) {
session := sessions.Default(c)
SessionUUID := session.Get("SessionUUID")
if SessionUUID == nil {
c.JSON(http.StatusUnauthorized, gin.H{"auth": false})
uuid := SessionUUID.(string)
LDAPSession := LDAPSessions[uuid]
if LDAPSession == nil { // does not have registered ldap session associated with cookie session
c.JSON(http.StatusUnauthorized, gin.H{"auth": false})
var body User
if err := c.ShouldBind(&body); err != nil { // bad request from binding
c.JSON(http.StatusBadRequest, gin.H{"auth": false, "error": err.Error()})
// check if user already exists
status, res := LDAPSession.GetUser(c.Param("userid"))
if status != 200 && ldap.IsErrorWithCode(res["error"].(error), ldap.LDAPResultNoSuchObject) { // user does not already exist, create new user
status, res = LDAPSession.AddUser(c.Param("userid"), body)
c.JSON(status, res)
} else { // user already exists, attempt to modify user
status, res = LDAPSession.ModUser(c.Param("userid"), body)
c.JSON(status, res)
router.GET("/users/:userid", func(c *gin.Context) {
session := sessions.Default(c)
SessionUUID := session.Get("SessionUUID")
if SessionUUID == nil {
c.JSON(http.StatusUnauthorized, gin.H{"auth": false})
uuid := SessionUUID.(string)
LDAPSession := LDAPSessions[uuid]
if LDAPSession == nil { // does not have registered ldap session associated with cookie session
c.JSON(http.StatusUnauthorized, gin.H{"auth": false})
status, res := LDAPSession.GetUser(c.Param("userid"))
c.JSON(status, res)
router.DELETE("/users/:userid", func(c *gin.Context) {
session := sessions.Default(c)
SessionUUID := session.Get("SessionUUID")
if SessionUUID == nil {
c.JSON(http.StatusUnauthorized, gin.H{"auth": false})
uuid := SessionUUID.(string)
LDAPSession := LDAPSessions[uuid]
if LDAPSession == nil { // does not have registered ldap session associated with cookie session
c.JSON(http.StatusUnauthorized, gin.H{"auth": false})
status, res := LDAPSession.DelUser(c.Param("userid"))
c.JSON(status, res)
router.GET("/groups", func(c *gin.Context) {
session := sessions.Default(c)
SessionUUID := session.Get("SessionUUID")
if SessionUUID == nil {
c.JSON(http.StatusUnauthorized, gin.H{"auth": false})
uuid := SessionUUID.(string)
LDAPSession := LDAPSessions[uuid]
if LDAPSession == nil { // does not have registered ldap session associated with cookie session
c.JSON(http.StatusUnauthorized, gin.H{"auth": false})
status, res := LDAPSession.GetAllGroups()
c.JSON(status, res)
router.GET("/groups/:groupid", func(c *gin.Context) {
session := sessions.Default(c)
SessionUUID := session.Get("SessionUUID")
if SessionUUID == nil {
c.JSON(http.StatusUnauthorized, gin.H{"auth": false})
uuid := SessionUUID.(string)
LDAPSession := LDAPSessions[uuid]
if LDAPSession == nil { // does not have registered ldap session associated with cookie session
c.JSON(http.StatusUnauthorized, gin.H{"auth": false})
status, res := LDAPSession.GetGroup(c.Param("groupid"))
c.JSON(status, res)
router.POST("/groups/:groupid", func(c *gin.Context) {
session := sessions.Default(c)
SessionUUID := session.Get("SessionUUID")
if SessionUUID == nil {
c.JSON(http.StatusUnauthorized, gin.H{"auth": false})
uuid := SessionUUID.(string)
LDAPSession := LDAPSessions[uuid]
if LDAPSession == nil { // does not have registered ldap session associated with cookie session
c.JSON(http.StatusUnauthorized, gin.H{"auth": false})
var body Group
if err := c.ShouldBind(&body); err != nil { // bad request from binding
c.JSON(http.StatusBadRequest, gin.H{"auth": false, "error": err.Error()})
// check if user already exists
status, res := LDAPSession.GetGroup(c.Param("groupid"))
if status != 200 && ldap.IsErrorWithCode(res["error"].(error), ldap.LDAPResultNoSuchObject) { // user does not already exist, create new user
status, res = LDAPSession.AddGroup(c.Param("groupid"), body)
c.JSON(status, res)
} else { // user already exists, attempt to modify user
status, res = LDAPSession.ModGroup(c.Param("groupid"), body)
c.JSON(status, res)
router.DELETE("/groups/:groupid", func(c *gin.Context) {
session := sessions.Default(c)
SessionUUID := session.Get("SessionUUID")
if SessionUUID == nil {
c.JSON(http.StatusUnauthorized, gin.H{"auth": false})
uuid := SessionUUID.(string)
LDAPSession := LDAPSessions[uuid]
if LDAPSession == nil { // does not have registered ldap session associated with cookie session
c.JSON(http.StatusUnauthorized, gin.H{"auth": false})
status, res := LDAPSession.DelGroup(c.Param("groupid"))
c.JSON(status, res)
router.POST("/groups/:groupid/members/:userid", func(c *gin.Context) {
session := sessions.Default(c)
SessionUUID := session.Get("SessionUUID")
if SessionUUID == nil {
c.JSON(http.StatusUnauthorized, gin.H{"auth": false})
uuid := SessionUUID.(string)
LDAPSession := LDAPSessions[uuid]
if LDAPSession == nil { // does not have registered ldap session associated with cookie session
c.JSON(http.StatusUnauthorized, gin.H{"auth": false})
status, res := LDAPSession.AddUserToGroup(c.Param("userid"), c.Param("groupid"))
c.JSON(status, res)
router.DELETE("/groups/:groupid/members/:userid", func(c *gin.Context) {
session := sessions.Default(c)
SessionUUID := session.Get("SessionUUID")
if SessionUUID == nil {
c.JSON(http.StatusUnauthorized, gin.H{"auth": false})
uuid := SessionUUID.(string)
LDAPSession := LDAPSessions[uuid]
if LDAPSession == nil { // does not have registered ldap session associated with cookie session
c.JSON(http.StatusUnauthorized, gin.H{"auth": false})
status, res := LDAPSession.DelUserFromGroup(c.Param("userid"), c.Param("groupid"))
c.JSON(status, res)
router.Run("" + strconv.Itoa(config.ListenPort))