update README

generate session secret key randomly each application start,
bump app version 1.0.6
2024-11-15 00:47:29 +00:00 · 2024-11-15 00:35:57 +00:00 · 2024-11-14 07:26:45 +00:00 · 2024-10-24 18:08:43 +00:00 · 2024-10-23 22:46:43 +00:00 · 2024-10-23 18:58:06 +00:00
10 changed files with 41 additions and 28 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,3 @@
-**/go.sum
-**/config.json
+go.sum
 dist/*
+**/config.json
--- a/4
+++ b/4
@ -1,10 +1,10 @@
-.PHONY: build test clean dev-init
+.PHONY: build test clean dev-init dev-reinit

 build: clean
 	@echo "======================== Building Binary ======================="
 	CGO_ENABLED=0 go build -ldflags="-s -w" -v -o dist/ .

-tests: dev-reinit
+test: dev-reinit
 	@echo "======================== Running Tests ========================="
 	go test -v -cover -coverpkg=./app/ -coverprofile coverage ./test/
 	@echo "======================= Coverage Report ========================"
--- a/README.md
+++ b/README.md
@ -30,9 +30,16 @@ ProxmoxAAS LDAP provides a simple API for managing users and groups in a simplif

 1. Download `proxmoxaas-ldap` binary and `template.config.json` file from [releases](https://git.tronnet.net/tronnet/ProxmoxAAS-LDAP/releases)
 2. Rename `template.config.json` to `config.json` and modify:
+    - listenPort: port for PAAS-LDAP to bind and listen on 
    - ldapURL: url to the ldap server ie. `ldap://ldap.domain.net`
-    - baseDN: base DN ie. `dc=domain,dc=net`
-    - sessionSecretKey: random value used to randomize cookie values, replace with any sufficiently large random string
+    - startTLS: true if backend LDAP supports StartTLS
+    - basedn: base DN ie. `dc=domain,dc=net`
+    - sessionCookieName: name of the session cookie
+    - sessionCookie: specific cookie properties
+        - path: cookie path
+        - httpOnly: cookie http-only
+        - secure: cookie secure
+        - maxAge: cookie max-age
 3. Run the binary

 ## Building and Testing from Source
@ -50,4 +57,4 @@ Building requires the go toolchain. Testing requires the go toolchain, make, and
 1. Clone the repository
 2. Run `go get` to get requirements
 3. Run `make dev-init` to install test requirements including openldap (slapd), ldap-utils, debconf-utils
-4. Run `make tests` to run all tests
+4. Run `make test` to run all tests
--- a/app/app.go
+++ b/app/app.go
@ -1,6 +1,7 @@
 package app

 import (
+	"crypto/rand"
 	"encoding/gob"
 	"flag"
 	"log"
@ -15,7 +16,7 @@ import (
 )

 var LDAPSessions map[string]*LDAPClient
-var AppVersion = "1.0.5"
+var AppVersion = "1.0.6"
 var APIVersion = "1.0.4"

 func Run() {
@ -28,13 +29,20 @@ func Run() {

 	config, err := GetConfig(*configPath)
 	if err != nil {
-		log.Fatal("Error when reading config file: ", err)
+		log.Fatalf("Error when reading config file: %s\n", err)
 	}
 	log.Printf("Read in config from %s\n", *configPath)

+	secretKey := make([]byte, 256)
+	n, err := rand.Read(secretKey)
+	if err != nil {
+		log.Fatalf("Error when generating session secret key: %s\n", err.Error())
+	}
+	log.Printf("Generated session secret key of length %d\n", n)
+
 	gin.SetMode(gin.ReleaseMode)
 	router := gin.Default()
-	store := cookie.NewStore([]byte(config.SessionSecretKey))
+	store := cookie.NewStore(secretKey)
 	store.Options(sessions.Options{
 		Path:     config.SessionCookie.Path,
 		HttpOnly: config.SessionCookie.HttpOnly,
@ -310,5 +318,8 @@ func Run() {

 	log.Printf("Starting LDAP API on port %s\n", strconv.Itoa(config.ListenPort))

-	router.Run("0.0.0.0:" + strconv.Itoa(config.ListenPort))
+	err = router.Run("0.0.0.0:" + strconv.Itoa(config.ListenPort))
+	if err != nil {
+		log.Fatalf("Error starting router: %s", err.Error())
+	}
 }
--- a/app/utils.go
+++ b/app/utils.go
@ -13,7 +13,6 @@ type Config struct {
 	LdapURL           string `json:"ldapURL"`
 	StartTLS          bool   `json:"startTLS"`
 	BaseDN            string `json:"baseDN"`
-	SessionSecretKey  string `json:"sessionSecretKey"`
 	SessionCookieName string `json:"sessionCookieName"`
 	SessionCookie     struct {
 		Path     string `json:"path"`
--- a/configs/template.config.json
+++ b/configs/template.config.json
@ -3,7 +3,6 @@
    "ldapURL": "ldap://localhost",
    "startTLS": true,
    "basedn": "dc=example,dc=com",
-    "sessionSecretKey": "super secret key",
    "sessionCookieName": "PAASLDAPAuthTicket",
    "sessionCookie": {
        "path": "/",
--- a/go.mod
+++ b/go.mod
@ -1,8 +1,6 @@
 module proxmoxaas-ldap

-go 1.23
-
-toolchain go1.23.2
+go 1.23.2

 require (
 	github.com/gin-contrib/sessions v1.0.1
@ -13,8 +11,8 @@ require (

 require (
 	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect
-	github.com/bytedance/sonic v1.12.3 // indirect
-	github.com/bytedance/sonic/loader v0.2.0 // indirect
+	github.com/bytedance/sonic v1.12.4 // indirect
+	github.com/bytedance/sonic/loader v0.2.1 // indirect
 	github.com/cloudwego/base64x v0.1.4 // indirect
 	github.com/cloudwego/iasm v0.2.0 // indirect
 	github.com/gabriel-vasile/mimetype v1.4.6 // indirect
@ -30,7 +28,8 @@ require (
 	github.com/gorilla/securecookie v1.1.2 // indirect
 	github.com/gorilla/sessions v1.4.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/klauspost/cpuid/v2 v2.2.8 // indirect
+	github.com/klauspost/cpuid/v2 v2.2.9 // indirect
+	github.com/knz/go-libedit v1.10.1 // indirect
 	github.com/leodido/go-urn v1.4.0 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
@ -38,11 +37,11 @@ require (
 	github.com/pelletier/go-toml/v2 v2.2.3 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
 	github.com/ugorji/go/codec v1.2.12 // indirect
-	golang.org/x/arch v0.11.0 // indirect
-	golang.org/x/crypto v0.28.0 // indirect
-	golang.org/x/net v0.30.0 // indirect
-	golang.org/x/sys v0.26.0 // indirect
-	golang.org/x/text v0.19.0 // indirect
+	golang.org/x/arch v0.12.0 // indirect
+	golang.org/x/crypto v0.29.0 // indirect
+	golang.org/x/net v0.31.0 // indirect
+	golang.org/x/sys v0.27.0 // indirect
+	golang.org/x/text v0.20.0 // indirect
 	google.golang.org/protobuf v1.35.1 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
--- a/scripts/Makefile
+++ b/scripts/Makefile
@ -1,4 +1,4 @@
-.PHONY: dev-init
+.PHONY: prerequisites dev-init dev-reinit

 prerequisites:
 	@echo "=================== Installing Prerequisites ==================="
--- a/test/test_config.json
+++ b/test/test_config.json
@ -3,7 +3,6 @@
    "ldapURL": "ldap://localhost",
    "startTLS": true,
    "basedn": "dc=test,dc=paasldap",
-    "sessionSecretKey": "test",
    "sessionCookieName": "PAASLDAPAuthTicket",
    "sessionCookie": {
        "path": "/",
--- a/test/unit_test.go
+++ b/test/unit_test.go
@ -18,7 +18,6 @@ func TestConfig_ValidPath(t *testing.T) {
 	AssertEquals(t, "config.ListenPort", config.ListenPort, 80)
 	AssertEquals(t, "config.LdapURL", config.LdapURL, "ldap://localhost")
 	AssertEquals(t, "config.BaseDN", config.BaseDN, "dc=test,dc=paasldap")
-	AssertEquals(t, "config.SessionSecretKey", config.SessionSecretKey, "test")
 	AssertEquals(t, "config.SessionCookieName", config.SessionCookieName, "PAASLDAPAuthTicket")
 	AssertEquals(t, "config.SessionCookie.Path", config.SessionCookie.Path, "/")
 	AssertEquals(t, "config.SessionCookie.HttpOnly", config.SessionCookie.HttpOnly, true)
Author	SHA1	Message	Date
Arthur Lu	222864868d	update README	2024-11-15 00:47:29 +00:00
Arthur Lu	33566572fb	generate session secret key randomly each application start, bump app version 1.0.6	2024-11-15 00:35:57 +00:00
Arthur Lu	7da5c22313	update go.mod	2024-11-14 07:26:45 +00:00
Arthur Lu	bf80945168	rename make testsd target to test	2024-10-24 18:08:43 +00:00
Arthur Lu	e18737c043	cleanup gitignore	2024-10-23 22:46:43 +00:00
Arthur Lu	162eda70b9	fix make PHONY targets	2024-10-23 18:58:06 +00:00
Arthur Lu	0d1dd540c0	update go.mod	2024-10-21 19:56:01 +00:00