Containerize

.gitignore

@@ -1,2 +1,3 @@
 guichet
+guichet.static
 config.json

Dockerfile

@@ -0,0 +1,7 @@
+FROM scratch
+
+ADD static /static
+ADD guichet.static /guichet
+ADD templates /templates
+
+ENTRYPOINT ["/guichet"]

Makefile

@@ -1,5 +1,19 @@
-all: guichet
+BIN=guichet
+SRC=main.go ssha.go profile.go admin.go
+DOCKER=lxpz/guichet_amd64
 
-guichet: main.go ssha.go profile.go admin.go
+all: $(BIN)
-	go get -v
+
-	go build -v
+$(BIN): $(SRC)
+	go get -d -v
+	go build -v -o $(BIN)
+
+$(BIN).static: $(SRC)
+	go get -d -v
+	CGO_ENABLED=0 GOOS=linux go build -a -v -o $(BIN).static
+
+docker: $(BIN).static
+	docker build -t $(DOCKER):$(TAG) .
+	docker push $(DOCKER):$(TAG)
+	docker tag $(DOCKER):$(TAG) $(DOCKER):latest
+	docker push $(DOCKER):latest

README.md

@@ -5,7 +5,6 @@ Exemple de config.json pour Deuxfleurs:
 ```
 {
   "http_bind_addr": ":9991",
-  "session_key": "V1BAbmn9VW/wL0EZ6Q8xwhkVq/QVwmwPOtliUlfc0iI=",
   "ldap_server_addr": "ldap://bottin2.service.2.cluster.deuxfleurs.fr:389",
 
   "base_dn": "dc=deuxfleurs,dc=fr",
@@ -14,7 +13,12 @@ Exemple de config.json pour Deuxfleurs:
   "group_base_dn": "ou=groups,dc=deuxfleurs,dc=fr",
   "group_name_attr": "cn",
 
+  "admin_account": "cn=admin,dc=deuxfleurs,dc=fr",
   "group_can_admin": "cn=admin,ou=groups,dc=deuxfleurs,dc=fr",
   "group_can_invite": "cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr"
 }
 ```
+
+```
+docker run --net host -v $PWD/config.json:/config.json -i lxpz/guichet_amd64:latest 
+```

admin.go

@@ -78,7 +78,7 @@ func handleAdminUsers(w http.ResponseWriter, r *http.Request) {
 	data := &AdminUsersTplData{
 		Login:        login,
 		UserNameAttr: config.UserNameAttr,
-		UserBaseDN: config.UserBaseDN,
+		UserBaseDN:   config.UserBaseDN,
 		Users:        EntryList(sr.Entries),
 	}
 	sort.Sort(data.Users)
@@ -117,7 +117,7 @@ func handleAdminGroups(w http.ResponseWriter, r *http.Request) {
 	data := &AdminGroupsTplData{
 		Login:         login,
 		GroupNameAttr: config.GroupNameAttr,
-		GroupBaseDN: config.GroupBaseDN,
+		GroupBaseDN:   config.GroupBaseDN,
 		Groups:        EntryList(sr.Entries),
 	}
 	sort.Sort(data.Groups)
@@ -128,11 +128,11 @@ func handleAdminGroups(w http.ResponseWriter, r *http.Request) {
 type AdminLDAPTplData struct {
 	DN string
 
-	Path     []PathItem
+	Path        []PathItem
-	Children []Child
+	Children    []Child
 	CanAddChild bool
-	Props    map[string]*PropValues
+	Props       map[string]*PropValues
-	CanDelete bool
+	CanDelete   bool
 
 	HasMembers bool
 	Members    []EntryName
@@ -161,9 +161,9 @@ type PathItem struct {
 }
 
 type PropValues struct {
-	Name     string
+	Name      string
-	Values   []string
+	Values    []string
-	Editable bool
+	Editable  bool
 	Deletable bool
 }
 
@@ -299,7 +299,7 @@ func handleAdminLDAP(w http.ResponseWriter, r *http.Request) {
 			if err != nil {
 				dError = err.Error()
 			} else {
-				http.Redirect(w, r, "/admin/ldap/" + strings.Join(dn_split[1:], ","), http.StatusFound)
+				http.Redirect(w, r, "/admin/ldap/"+strings.Join(dn_split[1:], ","), http.StatusFound)
 				return
 			}
 		}
@@ -344,16 +344,16 @@ func handleAdminLDAP(w http.ResponseWriter, r *http.Request) {
 					}
 				}
 				deletable := true
-				for _, restricted := range []string{ "displayname", "objectclass", "structuralobjectclass" } {
+				for _, restricted := range []string{"displayname", "objectclass", "structuralobjectclass"} {
 					if strings.EqualFold(attr.Name, restricted) {
 						deletable = false
 						break
 					}
 				}
 				props[name_lower] = &PropValues{
-					Name:     attr.Name,
+					Name:      attr.Name,
-					Values:   attr.Values,
+					Values:    attr.Values,
-					Editable: editable,
+					Editable:  editable,
 					Deletable: deletable,
 				}
 			}
@@ -468,11 +468,11 @@ func handleAdminLDAP(w http.ResponseWriter, r *http.Request) {
 	templateAdminLDAP.Execute(w, &AdminLDAPTplData{
 		DN: dn,
 
-		Path:     path,
+		Path:        path,
-		Children: children,
+		Children:    children,
-		Props:    props,
+		Props:       props,
 		CanAddChild: dn_last_attr == "ou" || isOrganization,
-		CanDelete: dn != config.BaseDN && len(children) == 0,
+		CanDelete:   dn != config.BaseDN && len(children) == 0,
 
 		HasMembers: len(members) > 0 || hasMembers,
 		Members:    members,
@@ -486,14 +486,14 @@ func handleAdminLDAP(w http.ResponseWriter, r *http.Request) {
 
 type CreateData struct {
 	SuperDN string
-	Path     []PathItem
+	Path    []PathItem
 
 	IdType                string
 	IdValue               string
 	DisplayName           string
 	StructuralObjectClass string
 	ObjectClass           string
-	IsTemplated		bool
+	IsTemplated           bool
 
 	Error string
 }
@@ -548,7 +548,7 @@ func handleAdminCreate(w http.ResponseWriter, r *http.Request) {
 	// Handle data
 	data := &CreateData{
 		SuperDN: super_dn,
-		Path: path,
+		Path:    path,
 	}
 	if template == "user" {
 		data.IdType = config.UserNameAttr

main.go

@@ -3,7 +3,6 @@ package main
 import (
 	"crypto/rand"
 	"crypto/tls"
-	"encoding/base64"
 	"encoding/json"
 	"flag"
 	"fmt"
@@ -21,7 +20,6 @@ import (
 
 type ConfigFile struct {
 	HttpBindAddr   string `json:"http_bind_addr"`
-	SessionKey     string `json:"session_key"`
 	LdapServerAddr string `json:"ldap_server_addr"`
 	LdapTLS        bool   `json:"ldap_tls"`
 
@@ -31,7 +29,7 @@ type ConfigFile struct {
 	GroupBaseDN   string `json:"group_base_dn"`
 	GroupNameAttr string `json:"group_name_attr"`
 
-	AdminAccount	   string `json:"admin_account"`
+	AdminAccount   string `json:"admin_account"`
 	GroupCanInvite string `json:"group_can_invite"`
 	GroupCanAdmin  string `json:"group_can_admin"`
 }
@@ -45,15 +43,8 @@ const SESSION_NAME = "guichet_session"
 var store sessions.Store = nil
 
 func readConfig() ConfigFile {
-	key_bytes := make([]byte, 32)
-	n, err := rand.Read(key_bytes)
-	if err != nil || n != 32 {
-		log.Fatal(err)
-	}
-
 	config_file := ConfigFile{
 		HttpBindAddr:   ":9991",
-		SessionKey:     base64.StdEncoding.EncodeToString(key_bytes),
 		LdapServerAddr: "ldap://127.0.0.1:389",
 		LdapTLS:        false,
 		BaseDN:         "dc=example,dc=com",
@@ -66,7 +57,7 @@ func readConfig() ConfigFile {
 		GroupCanAdmin:  "gid=admin,ou=groups,dc=example,dc=com",
 	}
 
-	_, err = os.Stat(*configFlag)
+	_, err := os.Stat(*configFlag)
 	if os.IsNotExist(err) {
 		// Generate default config file
 		log.Printf("Generating default config file as %s", *configFlag)
@@ -106,7 +97,13 @@ func main() {
 
 	config_file := readConfig()
 	config = &config_file
-	store = sessions.NewFilesystemStore("", []byte(config.SessionKey))
+
+	session_key := make([]byte, 32)
+	n, err := rand.Read(session_key)
+	if err != nil || n != 32 {
+		log.Fatal(err)
+	}
+	store = sessions.NewCookieStore(session_key)
 
 	r := mux.NewRouter()
 	r.HandleFunc("/", handleHome)
@@ -123,7 +120,7 @@ func main() {
 	r.Handle("/static/{file:.*}", http.StripPrefix("/static/", staticfiles))
 
 	log.Printf("Starting HTTP server on %s", config.HttpBindAddr)
-	err := http.ListenAndServe(config.HttpBindAddr, logRequest(r))
+	err = http.ListenAndServe(config.HttpBindAddr, logRequest(r))
 	if err != nil {
 		log.Fatal("Cannot start http server: ", err)
 	}
@@ -149,28 +146,28 @@ func logRequest(handler http.Handler) http.Handler {
 }
 
 func checkLogin(w http.ResponseWriter, r *http.Request) *LoginStatus {
+	var login_info *LoginInfo
+
 	session, err := store.Get(r, SESSION_NAME)
-	if err != nil {
+	if err == nil {
-		http.Error(w, err.Error(), http.StatusInternalServerError)
+		username, ok := session.Values["login_username"]
-		return nil
+		password, ok2 := session.Values["login_password"]
+		user_dn, ok3 := session.Values["login_dn"]
+
+		if ok && ok2 && ok3 {
+			login_info = &LoginInfo{
+				DN:       user_dn.(string),
+				Username: username.(string),
+				Password: password.(string),
+			}
+		}
 	}
 
-	username, ok := session.Values["login_username"]
+	if login_info == nil {
-	password, ok2 := session.Values["login_password"]
-	user_dn, ok3 := session.Values["login_dn"]
-
-	var login_info *LoginInfo
-	if !(ok && ok2 && ok3) {
 		login_info = handleLogin(w, r)
 		if login_info == nil {
 			return nil
 		}
-	} else {
-		login_info = &LoginInfo{
-			DN:       user_dn.(string),
-			Username: username.(string),
-			Password: password.(string),
-		}
 	}
 
 	l := ldapOpen(w)
@@ -193,8 +190,8 @@ func checkLogin(w http.ResponseWriter, r *http.Request) *LoginStatus {
 	}
 
 	loginStatus := &LoginStatus{
-		Info:      login_info,
+		Info: login_info,
-		conn:      l,
+		conn: l,
 	}
 
 	requestKind := "(objectClass=organizationalPerson)"
@@ -245,11 +242,11 @@ func ldapOpen(w http.ResponseWriter) *ldap.Conn {
 // Page handlers ----
 
 type HomePageData struct {
-	Login     *LoginStatus
+	Login       *LoginStatus
 	WelcomeName string
-	CanAdmin  bool
+	CanAdmin    bool
-	CanInvite bool
+	CanInvite   bool
-	BaseDN    string
+	BaseDN      string
 }
 
 func handleHome(w http.ResponseWriter, r *http.Request) {
@@ -272,10 +269,10 @@ func handleHome(w http.ResponseWriter, r *http.Request) {
 	}
 
 	data := &HomePageData{
-		Login:     login,
+		Login:       login,
-		CanAdmin:  can_admin,
+		CanAdmin:    can_admin,
-		CanInvite: can_invite,
+		CanInvite:   can_invite,
-		BaseDN:    config.BaseDN,
+		BaseDN:      config.BaseDN,
 		WelcomeName: login.UserEntry.GetAttributeValue("givenname"),
 	}
 	if data.WelcomeName == "" {
@@ -346,8 +343,7 @@ func handleLogin(w http.ResponseWriter, r *http.Request) *LoginInfo {
 		// Successfully logged in, save it to session
 		session, err := store.Get(r, SESSION_NAME)
 		if err != nil {
-			http.Error(w, err.Error(), http.StatusInternalServerError)
+			session, _ = store.New(r, SESSION_NAME)
-			return nil
 		}
 
 		session.Values["login_username"] = username

templates/admin_ldap.html

@@ -146,7 +146,7 @@
         <div class="col-md-3"><strong>Ajouter au groupe :</strong>
       </div>
       <div class="col-md-5">
-        <input class="form-control" type="text" name="values" placeholder="Groupe..." />
+        <input class="form-control" type="text" name="values" placeholder="Utilisateur..." />
       </div>
       <div class="col-md-2">
           <input type="submit" value="Ajouter" class="form-control btn btn-success btn-sm" />