update go mod, remove tls insecure skip verifies

2026-05-28 20:02:54 +00:00
parent c177f7d45b
commit b0bcaf61a2
6 changed files with 33 additions and 24 deletions
@@ -2,6 +2,7 @@ package app

 import (
 	"encoding/json"
+	"log"
 	"os"
 )

@@ -34,15 +35,23 @@ type Config struct {
 	PVE PVEConfig `json:"pve"`
 }

-func GetConfig(configPath string) (Config, error) {
-	content, err := os.ReadFile(configPath)
+func GetConfig(configPath string) Config {
+	root, err := os.OpenRoot(".")
 	if err != nil {
-		return Config{}, err
+		log.Fatal("Error when opening root dir: ", err)
 	}
+	defer root.Close()
+
+	content, err := root.ReadFile(configPath)
+	if err != nil {
+		log.Fatal("Error when opening config file: ", err)
+	}
+
 	var config Config
 	err = json.Unmarshal(content, &config)
 	if err != nil {
-		return Config{}, err
+		log.Fatal("Error during parsing config file: ", err)
 	}
-	return config, nil
+
+	return config
 }
@@ -25,7 +25,7 @@ func NewClientFromCredentials(config common.LDAPConfig, username common.Username
 	}

 	if config.StartTLS {
-		err = LDAPConn.StartTLS(&tls.Config{InsecureSkipVerify: true})
+		err = LDAPConn.StartTLS(&tls.Config{})
 		if err != nil {
 			return nil, http.StatusInternalServerError, err
 		}
@@ -14,14 +14,20 @@ type DB struct {

 func LoadDB(localDBPath string) (DB, error) {
 	db := DB{}
-	content, err := os.ReadFile(localDBPath)
+
+	root, err := os.OpenRoot(".")
 	if err != nil {
-		//log.Fatal("Error when opening file: ", err)
 		return db, err
 	}
+	defer root.Close()
+
+	content, err := root.ReadFile(localDBPath)
+	if err != nil {
+		return db, err
+	}
+
 	err = json.Unmarshal(content, &db.data)
 	if err != nil {
-		//log.Fatal("Error during Unmarshal(): ", err)
 		return db, err
 	}
 	return db, nil
@@ -32,7 +38,7 @@ func SaveDB(localDBPath string, db DB) error {
 	if err != nil {
 		return err
 	}
-	err = os.WriteFile(localDBPath, []byte(json), 0644)
+	err = os.WriteFile(localDBPath, []byte(json), 0600)
 	return err
 }

@@ -30,10 +30,8 @@ var Realms map[string]Realm
 func Run(configPath *string, localDBPath *string) {
 	// load config values
 	var err error
-	Config, err = common.GetConfig(*configPath)
-	if err != nil {
-		log.Fatalf("Error when reading config file: %s\n", err)
-	}
+	Config = common.GetConfig(*configPath)
+	// already exits if failed
 	log.Printf("Read in config from %s\n", *configPath)

 	// load localdb
@@ -551,9 +549,7 @@ func GetRealmsFromPVE(config *common.Config) map[string]Realm {

 	HTTPClient := http.Client{
 		Transport: &http.Transport{
-			TLSClientConfig: &tls.Config{
-				InsecureSkipVerify: true,
-			},
+			TLSClientConfig: &tls.Config{},
 		},
 	}
 	token := fmt.Sprintf(`%s@%s!%s`, config.PVE.Token.User, config.PVE.Token.Realm, config.PVE.Token.ID)
@@ -21,9 +21,7 @@ type ProxmoxClient struct {
 func NewClientFromCredentials(config common.PVEConfig, username common.Username, password string) (*ProxmoxClient, int, error) {
 	HTTPClient := http.Client{
 		Transport: &http.Transport{
-			TLSClientConfig: &tls.Config{
-				InsecureSkipVerify: true,
-			},
+			TLSClientConfig: &tls.Config{},
 		},
 	}

@@ -6,7 +6,7 @@ require (
 	github.com/gin-contrib/sessions v1.1.0
 	github.com/gin-gonic/gin v1.12.0
 	github.com/go-ldap/ldap/v3 v3.4.13
-	github.com/luthermonson/go-proxmox v0.5.1
+	github.com/luthermonson/go-proxmox v0.6.0
 	github.com/nu7hatch/gouuid v0.0.0-20131221200532-179d4d0c4d8d
 	proxmoxaas-common-lib v0.0.0
 )
@@ -50,9 +50,9 @@ require (
 	github.com/ugorji/go/codec v1.3.1 // indirect
 	go.mongodb.org/mongo-driver/v2 v2.6.0 // indirect
 	golang.org/x/arch v0.27.0 // indirect
-	golang.org/x/crypto v0.51.0 // indirect
-	golang.org/x/net v0.54.0 // indirect
-	golang.org/x/sys v0.44.0 // indirect
+	golang.org/x/crypto v0.52.0 // indirect
+	golang.org/x/net v0.55.0 // indirect
+	golang.org/x/sys v0.45.0 // indirect
 	golang.org/x/text v0.37.0 // indirect
 	google.golang.org/protobuf v1.36.11 // indirect
 )