improve ModGroup to perform NOP

update go mod
add better ldap response error handling
2024-10-15 21:34:34 +00:00 · 2024-10-14 22:21:44 +00:00 · 2024-10-14 22:21:10 +00:00 · 2024-10-12 22:33:34 +00:00 · 2024-10-10 20:59:01 +00:00 · 2024-10-10 20:57:29 +00:00
4 changed files with 94 additions and 40 deletions
--- a/app/app.go
+++ b/app/app.go
@@ -15,16 +15,21 @@ import (
 )

 var LDAPSessions map[string]*LDAPClient
-var APIVersion = "1.0.2"
+var APIVersion = "1.0.4"

 func Run() {
 	gob.Register(LDAPClient{})

+	log.Printf("Starting ProxmoxAAS-LDAP version %s\n", APIVersion)
+
 	configPath := flag.String("config", "config.json", "path to config.json file")
 	flag.Parse()

-	config := GetConfig(*configPath)
-	log.Println("Initialized config from " + *configPath)
+	config, err := GetConfig(*configPath)
+	if err != nil {
+		log.Fatal("Error when reading config file: ", err)
+	}
+	log.Printf("Read in config from %s\n", *configPath)

 	gin.SetMode(gin.ReleaseMode)
 	router := gin.Default()
@@ -37,6 +42,8 @@ func Run() {
 	})
 	router.Use(sessions.Sessions(config.SessionCookieName, store))

+	log.Printf("Started API router and cookie store (Name: %s Params: %+v)\n", config.SessionCookieName, config.SessionCookie)
+
 	LDAPSessions = make(map[string]*LDAPClient)

 	router.GET("/version", func(c *gin.Context) {
@@ -105,7 +112,7 @@ func Run() {
 		}

 		status, res := LDAPSession.GetAllUsers()
-		c.JSON(status, res)
+		c.JSON(status, HandleResponse(res))
 	})

 	router.POST("/users/:userid", func(c *gin.Context) {
@@ -131,7 +138,7 @@ func Run() {
 				return
 			}
 			status, res = LDAPSession.AddUser(c.Param("userid"), body)
-			c.JSON(status, res)
+			c.JSON(status, HandleResponse(res))
 		} else { // user already exists, attempt to modify user
 			var body UserOptional                       // all user attributes optional for new users
 			if err := c.ShouldBind(&body); err != nil { // attempt to bind user data
@@ -139,7 +146,7 @@ func Run() {
 				return
 			}
 			status, res = LDAPSession.ModUser(c.Param("userid"), body)
-			c.JSON(status, res)
+			c.JSON(status, HandleResponse(res))
 		}
 	})

@@ -158,7 +165,7 @@ func Run() {
 		}

 		status, res := LDAPSession.GetUser(c.Param("userid"))
-		c.JSON(status, res)
+		c.JSON(status, HandleResponse(res))
 	})

 	router.DELETE("/users/:userid", func(c *gin.Context) {
@@ -176,7 +183,7 @@ func Run() {
 		}

 		status, res := LDAPSession.DelUser(c.Param("userid"))
-		c.JSON(status, res)
+		c.JSON(status, HandleResponse(res))
 	})

 	router.GET("/groups", func(c *gin.Context) {
@@ -194,7 +201,7 @@ func Run() {
 		}

 		status, res := LDAPSession.GetAllGroups()
-		c.JSON(status, res)
+		c.JSON(status, HandleResponse(res))
 	})

 	router.GET("/groups/:groupid", func(c *gin.Context) {
@@ -212,7 +219,7 @@ func Run() {
 		}

 		status, res := LDAPSession.GetGroup(c.Param("groupid"))
-		c.JSON(status, res)
+		c.JSON(status, HandleResponse(res))
 	})

 	router.POST("/groups/:groupid", func(c *gin.Context) {
@@ -239,10 +246,10 @@ func Run() {
 		status, res := LDAPSession.GetGroup(c.Param("groupid"))
 		if status != 200 && ldap.IsErrorWithCode(res["error"].(error), ldap.LDAPResultNoSuchObject) { // group does not already exist, create new group
 			status, res = LDAPSession.AddGroup(c.Param("groupid"), body)
-			c.JSON(status, res)
+			c.JSON(status, HandleResponse(res))
 		} else { // group already exists, attempt to modify group
 			status, res = LDAPSession.ModGroup(c.Param("groupid"), body)
-			c.JSON(status, res)
+			c.JSON(status, HandleResponse(res))
 		}
 	})

@@ -261,7 +268,7 @@ func Run() {
 		}

 		status, res := LDAPSession.DelGroup(c.Param("groupid"))
-		c.JSON(status, res)
+		c.JSON(status, HandleResponse(res))
 	})

 	router.POST("/groups/:groupid/members/:userid", func(c *gin.Context) {
@@ -279,7 +286,7 @@ func Run() {
 		}

 		status, res := LDAPSession.AddUserToGroup(c.Param("userid"), c.Param("groupid"))
-		c.JSON(status, res)
+		c.JSON(status, HandleResponse(res))
 	})

 	router.DELETE("/groups/:groupid/members/:userid", func(c *gin.Context) {
@@ -297,8 +304,10 @@ func Run() {
 		}

 		status, res := LDAPSession.DelUserFromGroup(c.Param("userid"), c.Param("groupid"))
-		c.JSON(status, res)
+		c.JSON(status, HandleResponse(res))
 	})

+	log.Printf("Starting LDAP API on port %s\n", strconv.Itoa(config.ListenPort))
+
 	router.Run("0.0.0.0:" + strconv.Itoa(config.ListenPort))
 }
--- a/app/ldap.go
+++ b/app/ldap.go
@@ -1,6 +1,7 @@
 package app

 import (
+	"errors"
 	"fmt"
 	"net/http"

@@ -94,10 +95,13 @@ func (l LDAPClient) GetUser(uid string) (int, gin.H) {
 }

 func (l LDAPClient) AddUser(uid string, user UserRequired) (int, gin.H) {
-	if user.CN == "" || user.SN == "" || user.UserPassword == "" {
+	if user.CN == "" || user.SN == "" || user.UserPassword == "" || user.Mail == "" {
 		return http.StatusBadRequest, gin.H{
 			"ok": false,
-			"error": "Missing one of required fields: cn, sn, userpassword",
+			"error": ldap.NewError(
+				ldap.LDAPResultUnwillingToPerform,
+				errors.New("missing one of required fields: cn, sn, mail, userpassword"),
+			),
 		}
 	}

@@ -107,6 +111,7 @@ func (l LDAPClient) AddUser(uid string, user UserRequired) (int, gin.H) {
 	)
 	addRequest.Attribute("sn", []string{user.SN})
 	addRequest.Attribute("cn", []string{user.CN})
+	addRequest.Attribute("mail", []string{user.Mail})
 	addRequest.Attribute("userPassword", []string{user.UserPassword})
 	addRequest.Attribute("objectClass", []string{"inetOrgPerson"})

@@ -125,10 +130,13 @@ func (l LDAPClient) AddUser(uid string, user UserRequired) (int, gin.H) {
 }

 func (l LDAPClient) ModUser(uid string, user UserOptional) (int, gin.H) {
-	if user.CN == "" && user.SN == "" && user.UserPassword == "" {
+	if user.CN == "" && user.SN == "" && user.UserPassword == "" && user.Mail == "" {
 		return http.StatusBadRequest, gin.H{
 			"ok": false,
-			"error": "Requires one of fields: cn, sn, userpassword",
+			"error": ldap.NewError(
+				ldap.LDAPResultUnwillingToPerform,
+				errors.New("requires one of fields: cn, sn, mail, userpassword"),
+			),
 		}
 	}

@@ -142,6 +150,9 @@ func (l LDAPClient) ModUser(uid string, user UserOptional) (int, gin.H) {
 	if user.SN != "" {
 		modifyRequest.Replace("sn", []string{user.SN})
 	}
+	if user.Mail != "" {
+		modifyRequest.Replace("mail", []string{user.Mail})
+	}
 	if user.UserPassword != "" {
 		modifyRequest.Replace("userPassword", []string{user.UserPassword})
 	}
@@ -267,7 +278,22 @@ func (l LDAPClient) AddGroup(gid string, group Group) (int, gin.H) {
 }

 func (l LDAPClient) ModGroup(gid string, group Group) (int, gin.H) {
-	return 200, gin.H{
+	modifyRequest := ldap.NewModifyRequest(
+		fmt.Sprintf("cn=%s,%s", gid, l.groupsdn),
+		nil,
+	)
+
+	modifyRequest.Replace("cn", []string{gid})
+
+	err := l.client.Modify(modifyRequest)
+	if err != nil {
+		return http.StatusBadRequest, gin.H{
+			"ok":    false,
+			"error": err,
+		}
+	}
+
+	return http.StatusOK, gin.H{
 		"ok":    true,
 		"error": nil,
 	}
--- a/app/utils.go
+++ b/app/utils.go
@@ -2,7 +2,6 @@ package app

 import (
 	"encoding/json"
-	"log"
 	"os"

 	"github.com/gin-gonic/gin"
@@ -23,17 +22,17 @@ type Config struct {
 	}
 }

-func GetConfig(configPath string) Config {
+func GetConfig(configPath string) (Config, error) {
 	content, err := os.ReadFile(configPath)
 	if err != nil {
-		log.Fatal("Error when opening config file: ", err)
+		return Config{}, err
 	}
 	var config Config
 	err = json.Unmarshal(content, &config)
 	if err != nil {
-		log.Fatal("Error during parsing config file: ", err)
+		return Config{}, err
 	}
-	return config
+	return config, nil
 }

 type Login struct { // login body struct
@@ -113,14 +112,31 @@ func LDAPGroupToGin(group LDAPGroup) gin.H {
 type UserOptional struct { // add or modify user body struct
 	CN           string `form:"cn"`
 	SN           string `form:"sn"`
+	Mail         string `form:"mail"`
 	UserPassword string `form:"userpassword"`
 }

 type UserRequired struct { // add or modify user body struct
 	CN           string `form:"cn" binding:"required"`
 	SN           string `form:"sn" binding:"required"`
+	Mail         string `form:"mail" binding:"required"`
 	UserPassword string `form:"userpassword" binding:"required"`
 }

 type Group struct { // add or modify group body struct
 }
+
+func HandleResponse(response gin.H) gin.H {
+	if response["error"] != nil {
+		err := response["error"].(error)
+		LDAPerr := err.(*ldap.Error)
+		response["error"] = gin.H{
+			"code":    LDAPerr.ResultCode,
+			"result":  ldap.LDAPResultCodeMap[LDAPerr.ResultCode],
+			"message": LDAPerr.Err.Error(),
+		}
+		return response
+	} else {
+		return response
+	}
+}
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,8 @@
 module proxmoxaas-ldap

-go 1.22.4
+go 1.23
+
+toolchain go1.23.2

 require (
 	github.com/gin-contrib/sessions v1.0.1
@@ -11,35 +13,36 @@ require (

 require (
 	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect
-	github.com/bytedance/sonic v1.11.8 // indirect
-	github.com/bytedance/sonic/loader v0.1.1 // indirect
+	github.com/bytedance/sonic v1.12.3 // indirect
+	github.com/bytedance/sonic/loader v0.2.0 // indirect
 	github.com/cloudwego/base64x v0.1.4 // indirect
 	github.com/cloudwego/iasm v0.2.0 // indirect
-	github.com/gabriel-vasile/mimetype v1.4.4 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.6 // indirect
 	github.com/gin-contrib/sse v0.1.0 // indirect
 	github.com/go-asn1-ber/asn1-ber v1.5.7 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
-	github.com/go-playground/validator/v10 v10.22.0 // indirect
+	github.com/go-playground/validator/v10 v10.22.1 // indirect
 	github.com/goccy/go-json v0.10.3 // indirect
+	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/gorilla/context v1.1.2 // indirect
 	github.com/gorilla/securecookie v1.1.2 // indirect
-	github.com/gorilla/sessions v1.3.0 // indirect
+	github.com/gorilla/sessions v1.4.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/klauspost/cpuid/v2 v2.2.8 // indirect
 	github.com/leodido/go-urn v1.4.0 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
-	github.com/pelletier/go-toml/v2 v2.2.2 // indirect
+	github.com/pelletier/go-toml/v2 v2.2.3 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
 	github.com/ugorji/go/codec v1.2.12 // indirect
-	golang.org/x/arch v0.8.0 // indirect
-	golang.org/x/crypto v0.24.0 // indirect
-	golang.org/x/net v0.26.0 // indirect
-	golang.org/x/sys v0.21.0 // indirect
-	golang.org/x/text v0.16.0 // indirect
-	google.golang.org/protobuf v1.34.2 // indirect
+	golang.org/x/arch v0.11.0 // indirect
+	golang.org/x/crypto v0.28.0 // indirect
+	golang.org/x/net v0.30.0 // indirect
+	golang.org/x/sys v0.26.0 // indirect
+	golang.org/x/text v0.19.0 // indirect
+	google.golang.org/protobuf v1.35.1 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
Author	SHA1	Message	Date
Arthur Lu	0689ee46fd	improve ModGroup to perform NOP	2024-10-15 21:34:34 +00:00
Arthur Lu	ca0832a010	update go mod	2024-10-14 22:21:44 +00:00
Arthur Lu	5d41b605b9	add better ldap response error handling	2024-10-14 22:21:10 +00:00
Arthur Lu	03177eb4d9	add mail attribute to user, bump API version to 1.0.3	2024-10-12 22:33:34 +00:00
Arthur Lu	95ad75b20d	go mod tidy	2024-10-10 20:59:01 +00:00
Arthur Lu	8cefdb0b01	update go version and dependencies	2024-10-10 20:57:29 +00:00