Compare commits

..

7 Commits
v1.0.5 ... main

Author SHA1 Message Date
222864868d update README 2024-11-15 00:47:29 +00:00
33566572fb generate session secret key randomly each application start,
bump app version 1.0.6
2024-11-15 00:35:57 +00:00
7da5c22313 update go.mod 2024-11-14 07:26:45 +00:00
bf80945168 rename make testsd target to test 2024-10-24 18:08:43 +00:00
e18737c043 cleanup gitignore 2024-10-23 22:46:43 +00:00
162eda70b9 fix make PHONY targets 2024-10-23 18:58:06 +00:00
0d1dd540c0 update go.mod 2024-10-21 19:56:01 +00:00
10 changed files with 41 additions and 28 deletions

4
.gitignore vendored
View File

@ -1,3 +1,3 @@
**/go.sum go.sum
**/config.json
dist/* dist/*
**/config.json

View File

@ -1,10 +1,10 @@
.PHONY: build test clean dev-init .PHONY: build test clean dev-init dev-reinit
build: clean build: clean
@echo "======================== Building Binary =======================" @echo "======================== Building Binary ======================="
CGO_ENABLED=0 go build -ldflags="-s -w" -v -o dist/ . CGO_ENABLED=0 go build -ldflags="-s -w" -v -o dist/ .
tests: dev-reinit test: dev-reinit
@echo "======================== Running Tests =========================" @echo "======================== Running Tests ========================="
go test -v -cover -coverpkg=./app/ -coverprofile coverage ./test/ go test -v -cover -coverpkg=./app/ -coverprofile coverage ./test/
@echo "======================= Coverage Report ========================" @echo "======================= Coverage Report ========================"

View File

@ -30,9 +30,16 @@ ProxmoxAAS LDAP provides a simple API for managing users and groups in a simplif
1. Download `proxmoxaas-ldap` binary and `template.config.json` file from [releases](https://git.tronnet.net/tronnet/ProxmoxAAS-LDAP/releases) 1. Download `proxmoxaas-ldap` binary and `template.config.json` file from [releases](https://git.tronnet.net/tronnet/ProxmoxAAS-LDAP/releases)
2. Rename `template.config.json` to `config.json` and modify: 2. Rename `template.config.json` to `config.json` and modify:
- listenPort: port for PAAS-LDAP to bind and listen on
- ldapURL: url to the ldap server ie. `ldap://ldap.domain.net` - ldapURL: url to the ldap server ie. `ldap://ldap.domain.net`
- baseDN: base DN ie. `dc=domain,dc=net` - startTLS: true if backend LDAP supports StartTLS
- sessionSecretKey: random value used to randomize cookie values, replace with any sufficiently large random string - basedn: base DN ie. `dc=domain,dc=net`
- sessionCookieName: name of the session cookie
- sessionCookie: specific cookie properties
- path: cookie path
- httpOnly: cookie http-only
- secure: cookie secure
- maxAge: cookie max-age
3. Run the binary 3. Run the binary
## Building and Testing from Source ## Building and Testing from Source
@ -50,4 +57,4 @@ Building requires the go toolchain. Testing requires the go toolchain, make, and
1. Clone the repository 1. Clone the repository
2. Run `go get` to get requirements 2. Run `go get` to get requirements
3. Run `make dev-init` to install test requirements including openldap (slapd), ldap-utils, debconf-utils 3. Run `make dev-init` to install test requirements including openldap (slapd), ldap-utils, debconf-utils
4. Run `make tests` to run all tests 4. Run `make test` to run all tests

View File

@ -1,6 +1,7 @@
package app package app
import ( import (
"crypto/rand"
"encoding/gob" "encoding/gob"
"flag" "flag"
"log" "log"
@ -15,7 +16,7 @@ import (
) )
var LDAPSessions map[string]*LDAPClient var LDAPSessions map[string]*LDAPClient
var AppVersion = "1.0.5" var AppVersion = "1.0.6"
var APIVersion = "1.0.4" var APIVersion = "1.0.4"
func Run() { func Run() {
@ -28,13 +29,20 @@ func Run() {
config, err := GetConfig(*configPath) config, err := GetConfig(*configPath)
if err != nil { if err != nil {
log.Fatal("Error when reading config file: ", err) log.Fatalf("Error when reading config file: %s\n", err)
} }
log.Printf("Read in config from %s\n", *configPath) log.Printf("Read in config from %s\n", *configPath)
secretKey := make([]byte, 256)
n, err := rand.Read(secretKey)
if err != nil {
log.Fatalf("Error when generating session secret key: %s\n", err.Error())
}
log.Printf("Generated session secret key of length %d\n", n)
gin.SetMode(gin.ReleaseMode) gin.SetMode(gin.ReleaseMode)
router := gin.Default() router := gin.Default()
store := cookie.NewStore([]byte(config.SessionSecretKey)) store := cookie.NewStore(secretKey)
store.Options(sessions.Options{ store.Options(sessions.Options{
Path: config.SessionCookie.Path, Path: config.SessionCookie.Path,
HttpOnly: config.SessionCookie.HttpOnly, HttpOnly: config.SessionCookie.HttpOnly,
@ -310,5 +318,8 @@ func Run() {
log.Printf("Starting LDAP API on port %s\n", strconv.Itoa(config.ListenPort)) log.Printf("Starting LDAP API on port %s\n", strconv.Itoa(config.ListenPort))
router.Run("0.0.0.0:" + strconv.Itoa(config.ListenPort)) err = router.Run("0.0.0.0:" + strconv.Itoa(config.ListenPort))
if err != nil {
log.Fatalf("Error starting router: %s", err.Error())
}
} }

View File

@ -13,7 +13,6 @@ type Config struct {
LdapURL string `json:"ldapURL"` LdapURL string `json:"ldapURL"`
StartTLS bool `json:"startTLS"` StartTLS bool `json:"startTLS"`
BaseDN string `json:"baseDN"` BaseDN string `json:"baseDN"`
SessionSecretKey string `json:"sessionSecretKey"`
SessionCookieName string `json:"sessionCookieName"` SessionCookieName string `json:"sessionCookieName"`
SessionCookie struct { SessionCookie struct {
Path string `json:"path"` Path string `json:"path"`

View File

@ -3,7 +3,6 @@
"ldapURL": "ldap://localhost", "ldapURL": "ldap://localhost",
"startTLS": true, "startTLS": true,
"basedn": "dc=example,dc=com", "basedn": "dc=example,dc=com",
"sessionSecretKey": "super secret key",
"sessionCookieName": "PAASLDAPAuthTicket", "sessionCookieName": "PAASLDAPAuthTicket",
"sessionCookie": { "sessionCookie": {
"path": "/", "path": "/",

21
go.mod
View File

@ -1,8 +1,6 @@
module proxmoxaas-ldap module proxmoxaas-ldap
go 1.23 go 1.23.2
toolchain go1.23.2
require ( require (
github.com/gin-contrib/sessions v1.0.1 github.com/gin-contrib/sessions v1.0.1
@ -13,8 +11,8 @@ require (
require ( require (
github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect
github.com/bytedance/sonic v1.12.3 // indirect github.com/bytedance/sonic v1.12.4 // indirect
github.com/bytedance/sonic/loader v0.2.0 // indirect github.com/bytedance/sonic/loader v0.2.1 // indirect
github.com/cloudwego/base64x v0.1.4 // indirect github.com/cloudwego/base64x v0.1.4 // indirect
github.com/cloudwego/iasm v0.2.0 // indirect github.com/cloudwego/iasm v0.2.0 // indirect
github.com/gabriel-vasile/mimetype v1.4.6 // indirect github.com/gabriel-vasile/mimetype v1.4.6 // indirect
@ -30,7 +28,8 @@ require (
github.com/gorilla/securecookie v1.1.2 // indirect github.com/gorilla/securecookie v1.1.2 // indirect
github.com/gorilla/sessions v1.4.0 // indirect github.com/gorilla/sessions v1.4.0 // indirect
github.com/json-iterator/go v1.1.12 // indirect github.com/json-iterator/go v1.1.12 // indirect
github.com/klauspost/cpuid/v2 v2.2.8 // indirect github.com/klauspost/cpuid/v2 v2.2.9 // indirect
github.com/knz/go-libedit v1.10.1 // indirect
github.com/leodido/go-urn v1.4.0 // indirect github.com/leodido/go-urn v1.4.0 // indirect
github.com/mattn/go-isatty v0.0.20 // indirect github.com/mattn/go-isatty v0.0.20 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
@ -38,11 +37,11 @@ require (
github.com/pelletier/go-toml/v2 v2.2.3 // indirect github.com/pelletier/go-toml/v2 v2.2.3 // indirect
github.com/twitchyliquid64/golang-asm v0.15.1 // indirect github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
github.com/ugorji/go/codec v1.2.12 // indirect github.com/ugorji/go/codec v1.2.12 // indirect
golang.org/x/arch v0.11.0 // indirect golang.org/x/arch v0.12.0 // indirect
golang.org/x/crypto v0.28.0 // indirect golang.org/x/crypto v0.29.0 // indirect
golang.org/x/net v0.30.0 // indirect golang.org/x/net v0.31.0 // indirect
golang.org/x/sys v0.26.0 // indirect golang.org/x/sys v0.27.0 // indirect
golang.org/x/text v0.19.0 // indirect golang.org/x/text v0.20.0 // indirect
google.golang.org/protobuf v1.35.1 // indirect google.golang.org/protobuf v1.35.1 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect
) )

View File

@ -1,4 +1,4 @@
.PHONY: dev-init .PHONY: prerequisites dev-init dev-reinit
prerequisites: prerequisites:
@echo "=================== Installing Prerequisites ===================" @echo "=================== Installing Prerequisites ==================="

View File

@ -3,7 +3,6 @@
"ldapURL": "ldap://localhost", "ldapURL": "ldap://localhost",
"startTLS": true, "startTLS": true,
"basedn": "dc=test,dc=paasldap", "basedn": "dc=test,dc=paasldap",
"sessionSecretKey": "test",
"sessionCookieName": "PAASLDAPAuthTicket", "sessionCookieName": "PAASLDAPAuthTicket",
"sessionCookie": { "sessionCookie": {
"path": "/", "path": "/",

View File

@ -18,7 +18,6 @@ func TestConfig_ValidPath(t *testing.T) {
AssertEquals(t, "config.ListenPort", config.ListenPort, 80) AssertEquals(t, "config.ListenPort", config.ListenPort, 80)
AssertEquals(t, "config.LdapURL", config.LdapURL, "ldap://localhost") AssertEquals(t, "config.LdapURL", config.LdapURL, "ldap://localhost")
AssertEquals(t, "config.BaseDN", config.BaseDN, "dc=test,dc=paasldap") AssertEquals(t, "config.BaseDN", config.BaseDN, "dc=test,dc=paasldap")
AssertEquals(t, "config.SessionSecretKey", config.SessionSecretKey, "test")
AssertEquals(t, "config.SessionCookieName", config.SessionCookieName, "PAASLDAPAuthTicket") AssertEquals(t, "config.SessionCookieName", config.SessionCookieName, "PAASLDAPAuthTicket")
AssertEquals(t, "config.SessionCookie.Path", config.SessionCookie.Path, "/") AssertEquals(t, "config.SessionCookie.Path", config.SessionCookie.Path, "/")
AssertEquals(t, "config.SessionCookie.HttpOnly", config.SessionCookie.HttpOnly, true) AssertEquals(t, "config.SessionCookie.HttpOnly", config.SessionCookie.HttpOnly, true)