ProxmoxAAS-LDAP/src/main.js

import express from "express";
import bodyParser from "body-parser";
import cookieParser from "cookie-parser";
import morgan from "morgan";
import session from "express-session";
import parseArgs from "minimist";

import * as utils from "./utils.js";
import LDAP from "./ldap.js";

global.argv = parseArgs(process.argv.slice(2), {
	default: {
		package: "package.json",
		config: "config/config.json"
	}
});

global.utils = utils;
global.package = global.utils.readJSONFile(global.argv.package);
global.config = global.utils.readJSONFile(global.argv.config);

const LDAPSessions = {};

const app = express();
app.use(bodyParser.urlencoded({ extended: true }));
app.use(cookieParser());
app.use(morgan("combined"));
app.use(session({
	secret: global.config.sessionSecretKey,
	name: global.config.sessionCookieName,
	cookie: global.config.sessionCookie,
	resave: false,
	saveUninitialized: true
}));

app.listen(global.config.listenPort, () => {
	console.log(`proxmoxaas-ldap v${global.package.version} listening on port ${global.config.listenPort}`);
});

/**
 * GET - get API version
 * responses:
 * - 200: {version: string}
 */
app.get("/version", (req, res) => {
	res.status(200).send({ version: global.package.version });
});

/**
 * GET - echo request
 * responses:
 * - 200: {body: request.body, cookies: request.cookies}
 */
app.get("/echo", (req, res) => {
	res.status(200).send({ body: req.body, cookies: req.cookies });
});

/**
 * POST - get session ticket by authenticating using user id and password
 */
app.post("/ticket", async (req, res) => {
	const params = {
		uid: req.body.uid,
		password: req.body.password
	};
	const newLDAPSession = new LDAP(global.config.ldapURL, global.config.basedn);
	const bindResult = await newLDAPSession.bindUser(params.uid, params.password);
	if (bindResult.ok) {
		LDAPSessions[req.session.id] = newLDAPSession;
		res.status(200).send({ auth: true });
	}
	else {
		res.status(403).send({
			ok: bindResult.ok,
			error: bindResult.error
		});
	}
});

/**
 * DELETE - invalidate and remove session ticket
 */
app.delete("/ticket", async (req, res) => {
	req.session.ldap = null;
	req.session.destroy();
	res.send({ auth: false });
});

/**
 * GET - get user attributes for all users
 */
app.get("/users", async (req, res) => {
	if (req.session.id in LDAPSessions) {
		const ldap = LDAPSessions[req.session.id];
		const result = await ldap.getAllUsers();
		res.send({
			ok: result.ok,
			error: result.error,
			users: result.users
		});
	}
	else {
		res.status(403).send({ auth: false });
	}
});

/**
 * POST - create a new user or modify existing user attributes
 * request:
 * - userid: user id
 * - cn: common name
 * - sn: surname
 * - userpassword: user password
 */
app.post("/users/:userid", async (req, res) => {
	const params = {
		userid: req.params.userid,
		userattrs: {
			cn: req.body.usercn,
			sn: req.body.usersn,
			userPassword: req.body.userpassword
		}
	};
	if (req.session.id in LDAPSessions) {
		const ldap = LDAPSessions[req.session.id];
		const checkUser = await ldap.getUser(params.userid);
		if (!checkUser.ok && checkUser.error.code === 32) { // the user does not exist, create new user
			const result = await ldap.addUser(params.userid, params.userattrs);
			res.send({
				ok: result.ok,
				error: result.error
			});
		}
		else if (checkUser.ok) { // the user does exist, modify the user entries
			const result = await ldap.modUser(params.userid, params.userattrs);
			res.send({
				ok: result.ok,
				error: result.error
			});
		}
		else { // some other error happened
			res.send({
				ok: checkUser.ok,
				error: checkUser.error
			});
		}
	}
	else {
		res.status(403).send({ auth: false });
	}
});

/**
 * GET - get user attributes
 * request:
 * - userid: user id
 */
app.get("/users/:userid", async (req, res) => {
	const params = {
		userid: req.params.userid
	};
	if (req.session.id in LDAPSessions) {
		const ldap = LDAPSessions[req.session.id];
		const result = await ldap.getUser(params.userid);
		if (result.ok) {
			res.send({
				ok: result.ok,
				error: result.error,
				user: result.user
			});
		}
		else {
			res.send({
				ok: result.ok,
				error: result.error
			});
		}
	}
	else {
		res.status(403).send({ auth: false });
	}
});

/**
 * DELETE - delete user
 * request:
 * - userid: user id
 */
app.delete("/users/:userid", async (req, res) => {
	const params = {
		userid: req.params.userid
	};
	if (req.session.id in LDAPSessions) {
		const ldap = LDAPSessions[req.session.id];
		const result = await ldap.delUser(params.userid);
		res.send({
			ok: result.ok,
			error: result.error
		});
	}
	else {
		res.status(403).send({ auth: false });
	}
});

/**
 * GET - get group attributes including members for all groups
 * request:
 */
app.get("/groups", async (req, res) => {
	if (req.session.id in LDAPSessions) {
		const ldap = LDAPSessions[req.session.id];
		const result = await ldap.getAllGroups();
		res.send({
			ok: result.ok,
			error: result.error,
			groups: result.groups
		});
	}
	else {
		res.status(403).send({ auth: false });
	}
});

/**
 * POST - create a new group
 * request:
 * - groupid: group id
 */
app.post("/groups/:groupid", async (req, res) => {
	const params = {
		groupid: req.params.groupid
	};
	if (req.session.id in LDAPSessions) {
		const ldap = LDAPSessions[req.session.id];
		const result = await ldap.addGroup(params.groupid);
		res.send({
			ok: result.ok,
			error: result.error
		});
	}
	else {
		res.status(403).send({ auth: false });
	}
});

/**
 * GET - get group attributes including members
 * request:
 * - groupid: group id
 */
app.get("/groups/:groupid", async (req, res) => {
	const params = {
		groupid: req.params.groupid
	};
	if (req.session.id in LDAPSessions) {
		const ldap = LDAPSessions[req.session.id];
		const result = await ldap.getGroup(params.groupid);
		if (result.ok) {
			res.send({
				ok: result.ok,
				error: result.error,
				group: result.group
			});
		}
		else {
			res.send({
				ok: result.ok,
				error: result.error
			});
		}
	}
	else {
		res.status(403).send({ auth: false });
	}
});

/**
 * DELETE - delete group
 * request:
 * - groupid: group id
 */
app.delete("/groups/:groupid", async (req, res) => {
	const params = {
		groupid: req.params.groupid
	};
	if (req.session.id in LDAPSessions) {
		const ldap = LDAPSessions[req.session.id];
		const result = await ldap.delGroup(params.groupid);
		res.send({
			ok: result.ok,
			error: result.error
		});
	}
	else {
		res.status(403).send({ auth: false });
	}
});

/**
 * POST - add a member to the group
 * request:
 * - groupid: group id
 * - userid: user id
 */
app.post("/groups/:groupid/members/:userid", async (req, res) => {
	const params = {
		groupid: req.params.groupid,
		userid: req.params.userid
	};
	if (req.session.id in LDAPSessions) {
		const ldap = LDAPSessions[req.session.id];
		const result = await ldap.addUserToGroup(params.userid, params.groupid);
		res.send({
			ok: result.ok,
			error: result.error
		});
	}
	else {
		res.status(403).send({ auth: false });
	}
});

/**
 * DELETE - remove a member from the group
 * - groupid: group id
 * - userid: user id
 */
app.delete("/groups/:groupid/members/:userid", async (req, res) => {
	const params = {
		groupid: req.params.groupid,
		userid: req.params.userid
	};
	if (req.session.id in LDAPSessions) {
		const ldap = LDAPSessions[req.session.id];
		const result = await ldap.delUserFromGroup(params.userid, params.groupid);
		res.send({
			ok: result.ok,
			error: result.error
		});
	}
	else {
		res.status(403).send({ auth: false });
	}
});