From 99242b70a081941abfe35a85e87386dc1c05a9bf Mon Sep 17 00:00:00 2001
From: Arthur Lu <root@tronnet.net>
Date: Fri, 18 Oct 2024 04:38:26 +0000
Subject: [PATCH] add starttls support, add starttls option to config

---
 app/app.go                   |  5 +++--
 app/ldap.go                  | 12 ++++++++++++
 app/utils.go                 |  1 +
 configs/template.config.json |  1 +
 4 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/app/app.go b/app/app.go
index b9b0898..a729329 100644
--- a/app/app.go
+++ b/app/app.go
@@ -15,6 +15,7 @@ import (
 )
 
 var LDAPSessions map[string]*LDAPClient
+var AppVersion = "1.0.5"
 var APIVersion = "1.0.4"
 
 func Run() {
@@ -47,7 +48,7 @@ func Run() {
 	LDAPSessions = make(map[string]*LDAPClient)
 
 	router.GET("/version", func(c *gin.Context) {
-		c.JSON(http.StatusOK, gin.H{"version": APIVersion})
+		c.JSON(http.StatusOK, gin.H{"version": APIVersion, "app-version": AppVersion})
 	})
 
 	router.POST("/ticket", func(c *gin.Context) {
@@ -93,7 +94,7 @@ func Run() {
 		uuid := SessionUUID.(string)
 		delete(LDAPSessions, uuid)
 		session.Options(sessions.Options{MaxAge: -1}) // set max age to -1 so it is deleted
-		_ = session.Save()
+		session.Save()
 		c.JSON(http.StatusUnauthorized, gin.H{"auth": false})
 	})
 
diff --git a/app/ldap.go b/app/ldap.go
index efe84b1..dc44770 100644
--- a/app/ldap.go
+++ b/app/ldap.go
@@ -1,6 +1,7 @@
 package app
 
 import (
+	"crypto/tls"
 	"errors"
 	"fmt"
 	"net/http"
@@ -20,6 +21,17 @@ type LDAPClient struct {
 // returns a new LDAPClient from the config
 func NewLDAPClient(config Config) (*LDAPClient, error) {
 	LDAPConn, err := ldap.DialURL(config.LdapURL)
+	if err != nil {
+		return nil, err
+	}
+
+	if config.StartTLS {
+		err = LDAPConn.StartTLS(&tls.Config{InsecureSkipVerify: true})
+		if err != nil {
+			return nil, err
+		}
+	}
+
 	return &LDAPClient{
 		client:   LDAPConn,
 		basedn:   config.BaseDN,
diff --git a/app/utils.go b/app/utils.go
index 341b407..d1b9e71 100644
--- a/app/utils.go
+++ b/app/utils.go
@@ -11,6 +11,7 @@ import (
 type Config struct {
 	ListenPort        int    `json:"listenPort"`
 	LdapURL           string `json:"ldapURL"`
+	StartTLS          bool   `json:"startTLS"`
 	BaseDN            string `json:"baseDN"`
 	SessionSecretKey  string `json:"sessionSecretKey"`
 	SessionCookieName string `json:"sessionCookieName"`
diff --git a/configs/template.config.json b/configs/template.config.json
index d0f3c5c..cfda43d 100644
--- a/configs/template.config.json
+++ b/configs/template.config.json
@@ -1,6 +1,7 @@
 {
     "listenPort": 80,
     "ldapURL": "ldap://localhost",
+    "startTLS": true,
     "basedn": "dc=example,dc=com",
     "sessionSecretKey": "super secret key",
     "sessionCookieName": "PAASLDAPAuthTicket",