rewrite api in go/gin

2025-02-11 07:09:47 +00:00
parent 8f2489df47
commit 9412bd57cb
12 changed files with 768 additions and 710 deletions
--- a/app/app.go
+++ b/app/app.go
@@ -0,0 +1,295 @@
+package app
+
+import (
+	"encoding/gob"
+	"flag"
+	"log"
+	"net/http"
+	"strconv"
+
+	"github.com/gin-contrib/sessions"
+	"github.com/gin-contrib/sessions/cookie"
+	"github.com/gin-gonic/gin"
+	"github.com/go-ldap/ldap/v3"
+	uuid "github.com/nu7hatch/gouuid"
+)
+
+var LDAPSessions map[string]*LDAPClient
+
+func Run() {
+	gob.Register(LDAPClient{})
+
+	configPath := flag.String("config", "config.json", "path to config.json file")
+	flag.Parse()
+
+	config := GetConfig(*configPath)
+	log.Println("Initialized config from " + *configPath)
+
+	gin.SetMode(gin.ReleaseMode)
+	router := gin.Default()
+	store := cookie.NewStore([]byte(config.SessionSecretKey))
+	store.Options(sessions.Options{
+		Path:     config.SessionCookie.Path,
+		HttpOnly: config.SessionCookie.HttpOnly,
+		Secure:   config.SessionCookie.Secure,
+		MaxAge:   config.SessionCookie.MaxAge,
+	})
+	router.Use(sessions.Sessions(config.SessionCookieName, store))
+
+	LDAPSessions = make(map[string]*LDAPClient)
+
+	router.POST("/ticket", func(c *gin.Context) {
+		var body Login
+		if err := c.ShouldBind(&body); err != nil { // bad request from binding
+			c.JSON(http.StatusBadRequest, gin.H{"auth": false, "error": err.Error()})
+			return
+		}
+
+		newLDAPClient, err := NewLDAPClient(config)
+		if err != nil { // failed to dial ldap server, considered a server error
+			c.JSON(http.StatusInternalServerError, gin.H{"auth": false, "error": err.Error()})
+			return
+		}
+		err = newLDAPClient.BindUser(body.Username, body.Password)
+		if err != nil { // failed to authenticate, return error
+			c.JSON(http.StatusBadRequest, gin.H{"auth": false, "error": err.Error()})
+			return
+		}
+
+		// successful binding at this point
+		// create new session
+		session := sessions.Default(c)
+		// create (hopefully) safe uuid to map to ldap session
+		uuid, _ := uuid.NewV4()
+		// set uuid mapping in session
+		session.Set("SessionUUID", uuid.String())
+		// set uuid mapping in LDAPSessions
+		LDAPSessions[uuid.String()] = newLDAPClient
+		// save the session
+		session.Save()
+		// return successful auth
+		c.JSON(http.StatusOK, gin.H{"auth": true})
+	})
+
+	router.DELETE("/ticket", func(c *gin.Context) {
+		session := sessions.Default(c)
+		SessionUUID := session.Get("SessionUUID")
+		if SessionUUID == nil {
+			c.JSON(http.StatusUnauthorized, gin.H{"auth": false})
+			return
+		}
+		uuid := SessionUUID.(string)
+		delete(LDAPSessions, uuid)
+		session.Options(sessions.Options{MaxAge: -1}) // set max age to -1 so it is deleted
+		_ = session.Save()
+		c.JSON(http.StatusUnauthorized, gin.H{"auth": false})
+	})
+
+	router.GET("/users", func(c *gin.Context) {
+		session := sessions.Default(c)
+		SessionUUID := session.Get("SessionUUID")
+		if SessionUUID == nil {
+			c.JSON(http.StatusUnauthorized, gin.H{"auth": false})
+			return
+		}
+		uuid := SessionUUID.(string)
+		LDAPSession := LDAPSessions[uuid]
+		if LDAPSession == nil { // does not have registered ldap session associated with cookie session
+			c.JSON(http.StatusUnauthorized, gin.H{"auth": false})
+			return
+		}
+
+		status, res := LDAPSession.GetAllUsers()
+		c.JSON(status, res)
+	})
+
+	router.POST("/users/:userid", func(c *gin.Context) {
+		session := sessions.Default(c)
+		SessionUUID := session.Get("SessionUUID")
+		if SessionUUID == nil {
+			c.JSON(http.StatusUnauthorized, gin.H{"auth": false})
+			return
+		}
+		uuid := SessionUUID.(string)
+		LDAPSession := LDAPSessions[uuid]
+		if LDAPSession == nil { // does not have registered ldap session associated with cookie session
+			c.JSON(http.StatusUnauthorized, gin.H{"auth": false})
+			return
+		}
+
+		var body User
+		if err := c.ShouldBind(&body); err != nil { // bad request from binding
+			c.JSON(http.StatusBadRequest, gin.H{"auth": false, "error": err.Error()})
+			return
+		}
+
+		// check if user already exists
+		status, res := LDAPSession.GetUser(c.Param("userid"))
+		if status != 200 && ldap.IsErrorWithCode(res["error"].(error), ldap.LDAPResultNoSuchObject) { // user does not already exist, create new user
+			status, res = LDAPSession.AddUser(c.Param("userid"), body)
+			c.JSON(status, res)
+		} else { // user already exists, attempt to modify user
+			status, res = LDAPSession.ModUser(c.Param("userid"), body)
+			c.JSON(status, res)
+		}
+	})
+
+	router.GET("/users/:userid", func(c *gin.Context) {
+		session := sessions.Default(c)
+		SessionUUID := session.Get("SessionUUID")
+		if SessionUUID == nil {
+			c.JSON(http.StatusUnauthorized, gin.H{"auth": false})
+			return
+		}
+		uuid := SessionUUID.(string)
+		LDAPSession := LDAPSessions[uuid]
+		if LDAPSession == nil { // does not have registered ldap session associated with cookie session
+			c.JSON(http.StatusUnauthorized, gin.H{"auth": false})
+			return
+		}
+
+		status, res := LDAPSession.GetUser(c.Param("userid"))
+		c.JSON(status, res)
+	})
+
+	router.DELETE("/users/:userid", func(c *gin.Context) {
+		session := sessions.Default(c)
+		SessionUUID := session.Get("SessionUUID")
+		if SessionUUID == nil {
+			c.JSON(http.StatusUnauthorized, gin.H{"auth": false})
+			return
+		}
+		uuid := SessionUUID.(string)
+		LDAPSession := LDAPSessions[uuid]
+		if LDAPSession == nil { // does not have registered ldap session associated with cookie session
+			c.JSON(http.StatusUnauthorized, gin.H{"auth": false})
+			return
+		}
+
+		status, res := LDAPSession.DelUser(c.Param("userid"))
+		c.JSON(status, res)
+	})
+
+	router.GET("/groups", func(c *gin.Context) {
+		session := sessions.Default(c)
+		SessionUUID := session.Get("SessionUUID")
+		if SessionUUID == nil {
+			c.JSON(http.StatusUnauthorized, gin.H{"auth": false})
+			return
+		}
+		uuid := SessionUUID.(string)
+		LDAPSession := LDAPSessions[uuid]
+		if LDAPSession == nil { // does not have registered ldap session associated with cookie session
+			c.JSON(http.StatusUnauthorized, gin.H{"auth": false})
+			return
+		}
+
+		status, res := LDAPSession.GetAllGroups()
+		c.JSON(status, res)
+	})
+
+	router.GET("/groups/:groupid", func(c *gin.Context) {
+		session := sessions.Default(c)
+		SessionUUID := session.Get("SessionUUID")
+		if SessionUUID == nil {
+			c.JSON(http.StatusUnauthorized, gin.H{"auth": false})
+			return
+		}
+		uuid := SessionUUID.(string)
+		LDAPSession := LDAPSessions[uuid]
+		if LDAPSession == nil { // does not have registered ldap session associated with cookie session
+			c.JSON(http.StatusUnauthorized, gin.H{"auth": false})
+			return
+		}
+
+		status, res := LDAPSession.GetGroup(c.Param("groupid"))
+		c.JSON(status, res)
+	})
+
+	router.POST("/groups/:groupid", func(c *gin.Context) {
+		session := sessions.Default(c)
+		SessionUUID := session.Get("SessionUUID")
+		if SessionUUID == nil {
+			c.JSON(http.StatusUnauthorized, gin.H{"auth": false})
+			return
+		}
+		uuid := SessionUUID.(string)
+		LDAPSession := LDAPSessions[uuid]
+		if LDAPSession == nil { // does not have registered ldap session associated with cookie session
+			c.JSON(http.StatusUnauthorized, gin.H{"auth": false})
+			return
+		}
+
+		var body Group
+		if err := c.ShouldBind(&body); err != nil { // bad request from binding
+			c.JSON(http.StatusBadRequest, gin.H{"auth": false, "error": err.Error()})
+			return
+		}
+
+		// check if user already exists
+		status, res := LDAPSession.GetGroup(c.Param("groupid"))
+		if status != 200 && ldap.IsErrorWithCode(res["error"].(error), ldap.LDAPResultNoSuchObject) { // user does not already exist, create new user
+			status, res = LDAPSession.AddGroup(c.Param("groupid"), body)
+			c.JSON(status, res)
+		} else { // user already exists, attempt to modify user
+			status, res = LDAPSession.ModGroup(c.Param("groupid"), body)
+			c.JSON(status, res)
+		}
+	})
+
+	router.DELETE("/groups/:groupid", func(c *gin.Context) {
+		session := sessions.Default(c)
+		SessionUUID := session.Get("SessionUUID")
+		if SessionUUID == nil {
+			c.JSON(http.StatusUnauthorized, gin.H{"auth": false})
+			return
+		}
+		uuid := SessionUUID.(string)
+		LDAPSession := LDAPSessions[uuid]
+		if LDAPSession == nil { // does not have registered ldap session associated with cookie session
+			c.JSON(http.StatusUnauthorized, gin.H{"auth": false})
+			return
+		}
+
+		status, res := LDAPSession.DelGroup(c.Param("groupid"))
+		c.JSON(status, res)
+	})
+
+	router.POST("/groups/:groupid/members/:userid", func(c *gin.Context) {
+		session := sessions.Default(c)
+		SessionUUID := session.Get("SessionUUID")
+		if SessionUUID == nil {
+			c.JSON(http.StatusUnauthorized, gin.H{"auth": false})
+			return
+		}
+		uuid := SessionUUID.(string)
+		LDAPSession := LDAPSessions[uuid]
+		if LDAPSession == nil { // does not have registered ldap session associated with cookie session
+			c.JSON(http.StatusUnauthorized, gin.H{"auth": false})
+			return
+		}
+
+		status, res := LDAPSession.AddUserToGroup(c.Param("userid"), c.Param("groupid"))
+		c.JSON(status, res)
+	})
+
+	router.DELETE("/groups/:groupid/members/:userid", func(c *gin.Context) {
+		session := sessions.Default(c)
+		SessionUUID := session.Get("SessionUUID")
+		if SessionUUID == nil {
+			c.JSON(http.StatusUnauthorized, gin.H{"auth": false})
+			return
+		}
+		uuid := SessionUUID.(string)
+		LDAPSession := LDAPSessions[uuid]
+		if LDAPSession == nil { // does not have registered ldap session associated with cookie session
+			c.JSON(http.StatusUnauthorized, gin.H{"auth": false})
+			return
+		}
+
+		status, res := LDAPSession.DelUserFromGroup(c.Param("userid"), c.Param("groupid"))
+		c.JSON(status, res)
+	})
+
+	router.Run("0.0.0.0:" + strconv.Itoa(config.ListenPort))
+}