Merge branch 'main' of https://git.tronnet.net/tronnet/ProxmoxAAS-LDAP

update go version,
update dependencies
2025-02-11 07:07:10 +00:00 · 2025-02-11 07:06:58 +00:00 · 2025-02-11 07:06:58 +00:00 · 2025-02-11 07:06:58 +00:00 · 2025-02-11 07:06:58 +00:00 · 2025-02-11 07:06:58 +00:00
10 changed files with 51 additions and 38 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,3 @@
-**/go.sum
-**/config.json
+go.sum
 dist/*
+**/config.json
--- a/4
+++ b/4
@@ -1,10 +1,10 @@
-.PHONY: build test clean dev-init
+.PHONY: build test clean dev-init dev-reinit

 build: clean
 	@echo "======================== Building Binary ======================="
 	CGO_ENABLED=0 go build -ldflags="-s -w" -v -o dist/ .

-tests: dev-reinit
+test: dev-reinit
 	@echo "======================== Running Tests ========================="
 	go test -v -cover -coverpkg=./app/ -coverprofile coverage ./test/
 	@echo "======================= Coverage Report ========================"
--- a/README.md
+++ b/README.md
@@ -30,9 +30,16 @@ ProxmoxAAS LDAP provides a simple API for managing users and groups in a simplif

 1. Download `proxmoxaas-ldap` binary and `template.config.json` file from [releases](https://git.tronnet.net/tronnet/ProxmoxAAS-LDAP/releases)
 2. Rename `template.config.json` to `config.json` and modify:
+    - listenPort: port for PAAS-LDAP to bind and listen on 
    - ldapURL: url to the ldap server ie. `ldap://ldap.domain.net`
-    - baseDN: base DN ie. `dc=domain,dc=net`
-    - sessionSecretKey: random value used to randomize cookie values, replace with any sufficiently large random string
+    - startTLS: true if backend LDAP supports StartTLS
+    - basedn: base DN ie. `dc=domain,dc=net`
+    - sessionCookieName: name of the session cookie
+    - sessionCookie: specific cookie properties
+        - path: cookie path
+        - httpOnly: cookie http-only
+        - secure: cookie secure
+        - maxAge: cookie max-age
 3. Run the binary

 ## Building and Testing from Source
@@ -50,4 +57,4 @@ Building requires the go toolchain. Testing requires the go toolchain, make, and
 1. Clone the repository
 2. Run `go get` to get requirements
 3. Run `make dev-init` to install test requirements including openldap (slapd), ldap-utils, debconf-utils
-4. Run `make tests` to run all tests
+4. Run `make test` to run all tests
--- a/app/app.go
+++ b/app/app.go
@@ -1,6 +1,7 @@
 package app

 import (
+	"crypto/rand"
 	"encoding/gob"
 	"flag"
 	"log"
@@ -15,11 +16,12 @@ import (
 )

 var LDAPSessions map[string]*LDAPClient
-var AppVersion = "1.0.5"
+var AppVersion = "1.0.6"
 var APIVersion = "1.0.4"

 func Run() {
 	gob.Register(LDAPClient{})
+	gin.SetMode(gin.ReleaseMode)

 	log.Printf("Starting ProxmoxAAS-LDAP version %s\n", APIVersion)

@@ -28,13 +30,19 @@ func Run() {

 	config, err := GetConfig(*configPath)
 	if err != nil {
-		log.Fatal("Error when reading config file: ", err)
+		log.Fatalf("Error when reading config file: %s\n", err)
 	}
 	log.Printf("Read in config from %s\n", *configPath)

-	gin.SetMode(gin.ReleaseMode)
+	secretKey := make([]byte, 256)
+	n, err := rand.Read(secretKey)
+	if err != nil {
+		log.Fatalf("Error when generating session secret key: %s\n", err.Error())
+	}
+	log.Printf("Generated session secret key of length %d\n", n)
+
 	router := gin.Default()
-	store := cookie.NewStore([]byte(config.SessionSecretKey))
+	store := cookie.NewStore(secretKey)
 	store.Options(sessions.Options{
 		Path:     config.SessionCookie.Path,
 		HttpOnly: config.SessionCookie.HttpOnly,
@@ -310,5 +318,8 @@ func Run() {

 	log.Printf("Starting LDAP API on port %s\n", strconv.Itoa(config.ListenPort))

-	router.Run("0.0.0.0:" + strconv.Itoa(config.ListenPort))
+	err = router.Run("0.0.0.0:" + strconv.Itoa(config.ListenPort))
+	if err != nil {
+		log.Fatalf("Error starting router: %s", err.Error())
+	}
 }
--- a/app/utils.go
+++ b/app/utils.go
@@ -13,7 +13,6 @@ type Config struct {
 	LdapURL           string `json:"ldapURL"`
 	StartTLS          bool   `json:"startTLS"`
 	BaseDN            string `json:"baseDN"`
-	SessionSecretKey  string `json:"sessionSecretKey"`
 	SessionCookieName string `json:"sessionCookieName"`
 	SessionCookie     struct {
 		Path     string `json:"path"`
--- a/configs/template.config.json
+++ b/configs/template.config.json
@@ -3,7 +3,6 @@
    "ldapURL": "ldap://localhost",
    "startTLS": true,
    "basedn": "dc=example,dc=com",
-    "sessionSecretKey": "super secret key",
    "sessionCookieName": "PAASLDAPAuthTicket",
    "sessionCookie": {
        "path": "/",
--- a/go.mod
+++ b/go.mod
@@ -1,36 +1,35 @@
 module proxmoxaas-ldap

-go 1.23
-
-toolchain go1.23.2
+go 1.23.6

 require (
-	github.com/gin-contrib/sessions v1.0.1
+	github.com/gin-contrib/sessions v1.0.2
 	github.com/gin-gonic/gin v1.10.0
-	github.com/go-ldap/ldap/v3 v3.4.8
+	github.com/go-ldap/ldap/v3 v3.4.10
 	github.com/nu7hatch/gouuid v0.0.0-20131221200532-179d4d0c4d8d
 )

 require (
 	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect
-	github.com/bytedance/sonic v1.12.3 // indirect
-	github.com/bytedance/sonic/loader v0.2.0 // indirect
-	github.com/cloudwego/base64x v0.1.4 // indirect
+	github.com/bytedance/sonic v1.12.8 // indirect
+	github.com/bytedance/sonic/loader v0.2.3 // indirect
+	github.com/cloudwego/base64x v0.1.5 // indirect
 	github.com/cloudwego/iasm v0.2.0 // indirect
-	github.com/gabriel-vasile/mimetype v1.4.6 // indirect
-	github.com/gin-contrib/sse v0.1.0 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.8 // indirect
+	github.com/gin-contrib/sse v1.0.0 // indirect
 	github.com/go-asn1-ber/asn1-ber v1.5.7 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
-	github.com/go-playground/validator/v10 v10.22.1 // indirect
-	github.com/goccy/go-json v0.10.3 // indirect
+	github.com/go-playground/validator/v10 v10.24.0 // indirect
+	github.com/goccy/go-json v0.10.5 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/gorilla/context v1.1.2 // indirect
 	github.com/gorilla/securecookie v1.1.2 // indirect
 	github.com/gorilla/sessions v1.4.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/klauspost/cpuid/v2 v2.2.8 // indirect
+	github.com/klauspost/cpuid/v2 v2.2.9 // indirect
+	github.com/knz/go-libedit v1.10.1 // indirect
 	github.com/leodido/go-urn v1.4.0 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
@@ -38,11 +37,11 @@ require (
 	github.com/pelletier/go-toml/v2 v2.2.3 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
 	github.com/ugorji/go/codec v1.2.12 // indirect
-	golang.org/x/arch v0.11.0 // indirect
-	golang.org/x/crypto v0.28.0 // indirect
-	golang.org/x/net v0.30.0 // indirect
-	golang.org/x/sys v0.26.0 // indirect
-	golang.org/x/text v0.19.0 // indirect
-	google.golang.org/protobuf v1.35.1 // indirect
+	golang.org/x/arch v0.14.0 // indirect
+	golang.org/x/crypto v0.33.0 // indirect
+	golang.org/x/net v0.35.0 // indirect
+	golang.org/x/sys v0.30.0 // indirect
+	golang.org/x/text v0.22.0 // indirect
+	google.golang.org/protobuf v1.36.5 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
--- a/scripts/Makefile
+++ b/scripts/Makefile
@@ -1,8 +1,8 @@
-.PHONY: dev-init
+.PHONY: prerequisites dev-init dev-reinit

 prerequisites:
 	@echo "=================== Installing Prerequisites ==================="
-	apt install debconf-utils slapd ldap-utils sudo gettext
+	apt install debconf-utils slapd ldap-utils sudo gettext gnutls-bin
 	git clone https://git.tronnet.net/tronnet/open-ldap-setup
 	cd open-ldap-setup/; bash gencert.sh < ../gencert.conf;
 	rm -rf open-ldap-setup/
--- a/test/test_config.json
+++ b/test/test_config.json
@@ -3,7 +3,6 @@
    "ldapURL": "ldap://localhost",
    "startTLS": true,
    "basedn": "dc=test,dc=paasldap",
-    "sessionSecretKey": "test",
    "sessionCookieName": "PAASLDAPAuthTicket",
    "sessionCookie": {
        "path": "/",
--- a/test/unit_test.go
+++ b/test/unit_test.go
@@ -18,7 +18,6 @@ func TestConfig_ValidPath(t *testing.T) {
 	AssertEquals(t, "config.ListenPort", config.ListenPort, 80)
 	AssertEquals(t, "config.LdapURL", config.LdapURL, "ldap://localhost")
 	AssertEquals(t, "config.BaseDN", config.BaseDN, "dc=test,dc=paasldap")
-	AssertEquals(t, "config.SessionSecretKey", config.SessionSecretKey, "test")
 	AssertEquals(t, "config.SessionCookieName", config.SessionCookieName, "PAASLDAPAuthTicket")
 	AssertEquals(t, "config.SessionCookie.Path", config.SessionCookie.Path, "/")
 	AssertEquals(t, "config.SessionCookie.HttpOnly", config.SessionCookie.HttpOnly, true)
Author	SHA1	Message	Date
Arthur Lu	16a70beb4c	Merge branch 'main' of https://git.tronnet.net/tronnet/ProxmoxAAS-LDAP	2025-02-11 07:07:10 +00:00
Arthur Lu	aab78cc262	update go version, update dependencies	2025-02-11 07:06:58 +00:00
Arthur Lu	dd75e3cdb6	add missing prerequisite gnutls-bin to dev-init make target	2025-02-11 07:06:58 +00:00
Arthur Lu	891c6c85b0	update README	2025-02-11 07:06:58 +00:00
Arthur Lu	849b05a707	generate session secret key randomly each application start, bump app version 1.0.6	2025-02-11 07:06:58 +00:00
Arthur Lu	d424e6dde0	update go.mod	2025-02-11 07:06:58 +00:00
Arthur Lu	9bce28767f	rename make testsd target to test	2025-02-11 07:06:58 +00:00
Arthur Lu	16af2bfc84	cleanup gitignore	2025-02-11 07:06:58 +00:00
Arthur Lu	8d5e2b4b86	fix make PHONY targets	2025-02-11 07:06:58 +00:00
Arthur Lu	5fdd48a946	update go.mod	2025-02-11 07:06:58 +00:00
Arthur Lu	49ae5b912c	add unit tests for various utility functions, add integration test for LDAPClient, add aiutomatic openldap configuration for testing through make, add make targets for tests improve make targets for build/clean, update README with build and test instructions	2025-02-11 07:06:58 +00:00
Arthur Lu	9d6b35c9a2	add starttls support, add starttls option to config	2025-02-11 07:06:58 +00:00
Arthur Lu	6fea43f1b3	Update README.md	2025-02-11 07:06:58 +00:00
Arthur Lu	6739d9b014	improve ModGroup to perform NOP	2025-02-11 07:06:58 +00:00
Arthur Lu	ae181116d1	update go mod	2025-02-11 07:06:58 +00:00
Arthur Lu	7a9516e276	add better ldap response error handling	2025-02-11 07:06:58 +00:00
Arthur Lu	eb4d9548c2	add mail attribute to user, bump API version to 1.0.3	2025-02-11 07:06:58 +00:00
Arthur Lu	82a326c11e	go mod tidy	2025-02-11 07:06:58 +00:00
Arthur Lu	487c83f163	update go version and dependencies	2025-02-11 07:06:58 +00:00
Arthur Lu	c2749a573e	fix critical userPassword bug, improve ldap user/group data handling	2025-02-11 07:06:58 +00:00
Arthur Lu	eec5343c07	add memberOf attribute to users, bump version to 1.0.1	2025-02-11 07:06:58 +00:00
Arthur Lu	b3a6ed5c4c	fix default session cookie max age, disable cgo in build	2025-02-11 07:06:58 +00:00
Arthur Lu	72e6d38c84	add installation instructions to README	2025-02-11 07:06:58 +00:00
Arthur Lu	877d018b60	add version route	2025-02-11 07:06:58 +00:00
Arthur Lu	1864200690	rename config.template,json to template.config.json	2025-02-11 07:06:58 +00:00
Arthur Lu	929c381cc8	update go version, update dependencies	2025-02-11 06:54:15 +00:00
Arthur Lu	105b11cae5	add missing prerequisite gnutls-bin to dev-init make target	2025-01-15 05:58:12 +00:00
Arthur Lu	222864868d	update README	2024-11-15 00:47:29 +00:00
Arthur Lu	33566572fb	generate session secret key randomly each application start, bump app version 1.0.6	2024-11-15 00:35:57 +00:00
Arthur Lu	7da5c22313	update go.mod	2024-11-14 07:26:45 +00:00
Arthur Lu	bf80945168	rename make testsd target to test	2024-10-24 18:08:43 +00:00
Arthur Lu	e18737c043	cleanup gitignore	2024-10-23 22:46:43 +00:00
Arthur Lu	162eda70b9	fix make PHONY targets	2024-10-23 18:58:06 +00:00
Arthur Lu	0d1dd540c0	update go.mod	2024-10-21 19:56:01 +00:00