Containerize

.gitignore

@@ -1,2 +1,3 @@
 guichet
+guichet.static
 config.json

Dockerfile

@@ -0,0 +1,7 @@
+FROM scratch
+
+ADD static /static
+ADD guichet.static /guichet
+ADD templates /templates
+
+ENTRYPOINT ["/guichet"]

Makefile

@@ -1,5 +1,19 @@
-all: guichet
+BIN=guichet
+SRC=main.go ssha.go profile.go admin.go
+DOCKER=lxpz/guichet_amd64
 
-guichet: main.go ssha.go profile.go admin.go
-	go get -v
-	go build -v
+all: $(BIN)
+
+$(BIN): $(SRC)
+	go get -d -v
+	go build -v -o $(BIN)
+
+$(BIN).static: $(SRC)
+	go get -d -v
+	CGO_ENABLED=0 GOOS=linux go build -a -v -o $(BIN).static
+
+docker: $(BIN).static
+	docker build -t $(DOCKER):$(TAG) .
+	docker push $(DOCKER):$(TAG)
+	docker tag $(DOCKER):$(TAG) $(DOCKER):latest
+	docker push $(DOCKER):latest

README.md

@@ -5,7 +5,6 @@ Exemple de config.json pour Deuxfleurs:
 ```
 {
   "http_bind_addr": ":9991",
-  "session_key": "V1BAbmn9VW/wL0EZ6Q8xwhkVq/QVwmwPOtliUlfc0iI=",
   "ldap_server_addr": "ldap://bottin2.service.2.cluster.deuxfleurs.fr:389",
 
   "base_dn": "dc=deuxfleurs,dc=fr",
@@ -14,7 +13,12 @@ Exemple de config.json pour Deuxfleurs:
   "group_base_dn": "ou=groups,dc=deuxfleurs,dc=fr",
   "group_name_attr": "cn",
 
+  "admin_account": "cn=admin,dc=deuxfleurs,dc=fr",
   "group_can_admin": "cn=admin,ou=groups,dc=deuxfleurs,dc=fr",
   "group_can_invite": "cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr"
 }
 ```
+
+```
+docker run --net host -v $PWD/config.json:/config.json -i lxpz/guichet_amd64:latest 
+```

admin.go

@@ -299,7 +299,7 @@ func handleAdminLDAP(w http.ResponseWriter, r *http.Request) {
 			if err != nil {
 				dError = err.Error()
 			} else {
-				http.Redirect(w, r, "/admin/ldap/" + strings.Join(dn_split[1:], ","), http.StatusFound)
+				http.Redirect(w, r, "/admin/ldap/"+strings.Join(dn_split[1:], ","), http.StatusFound)
 				return
 			}
 		}
@@ -344,7 +344,7 @@ func handleAdminLDAP(w http.ResponseWriter, r *http.Request) {
 					}
 				}
 				deletable := true
-				for _, restricted := range []string{ "displayname", "objectclass", "structuralobjectclass" } {
+				for _, restricted := range []string{"displayname", "objectclass", "structuralobjectclass"} {
 					if strings.EqualFold(attr.Name, restricted) {
 						deletable = false
 						break

main.go

@@ -3,7 +3,6 @@ package main
 import (
 	"crypto/rand"
 	"crypto/tls"
-	"encoding/base64"
 	"encoding/json"
 	"flag"
 	"fmt"
@@ -21,7 +20,6 @@ import (
 
 type ConfigFile struct {
 	HttpBindAddr   string `json:"http_bind_addr"`
-	SessionKey     string `json:"session_key"`
 	LdapServerAddr string `json:"ldap_server_addr"`
 	LdapTLS        bool   `json:"ldap_tls"`
 
@@ -45,15 +43,8 @@ const SESSION_NAME = "guichet_session"
 var store sessions.Store = nil
 
 func readConfig() ConfigFile {
-	key_bytes := make([]byte, 32)
-	n, err := rand.Read(key_bytes)
-	if err != nil || n != 32 {
-		log.Fatal(err)
-	}
-
 	config_file := ConfigFile{
 		HttpBindAddr:   ":9991",
-		SessionKey:     base64.StdEncoding.EncodeToString(key_bytes),
 		LdapServerAddr: "ldap://127.0.0.1:389",
 		LdapTLS:        false,
 		BaseDN:         "dc=example,dc=com",
@@ -66,7 +57,7 @@ func readConfig() ConfigFile {
 		GroupCanAdmin:  "gid=admin,ou=groups,dc=example,dc=com",
 	}
 
-	_, err = os.Stat(*configFlag)
+	_, err := os.Stat(*configFlag)
 	if os.IsNotExist(err) {
 		// Generate default config file
 		log.Printf("Generating default config file as %s", *configFlag)
@@ -106,7 +97,13 @@ func main() {
 
 	config_file := readConfig()
 	config = &config_file
-	store = sessions.NewFilesystemStore("", []byte(config.SessionKey))
+
+	session_key := make([]byte, 32)
+	n, err := rand.Read(session_key)
+	if err != nil || n != 32 {
+		log.Fatal(err)
+	}
+	store = sessions.NewCookieStore(session_key)
 
 	r := mux.NewRouter()
 	r.HandleFunc("/", handleHome)
@@ -123,7 +120,7 @@ func main() {
 	r.Handle("/static/{file:.*}", http.StripPrefix("/static/", staticfiles))
 
 	log.Printf("Starting HTTP server on %s", config.HttpBindAddr)
-	err := http.ListenAndServe(config.HttpBindAddr, logRequest(r))
+	err = http.ListenAndServe(config.HttpBindAddr, logRequest(r))
 	if err != nil {
 		log.Fatal("Cannot start http server: ", err)
 	}
@@ -149,29 +146,29 @@ func logRequest(handler http.Handler) http.Handler {
 }
 
 func checkLogin(w http.ResponseWriter, r *http.Request) *LoginStatus {
-	session, err := store.Get(r, SESSION_NAME)
-	if err != nil {
-		http.Error(w, err.Error(), http.StatusInternalServerError)
-		return nil
-	}
+	var login_info *LoginInfo
 
+	session, err := store.Get(r, SESSION_NAME)
+	if err == nil {
 		username, ok := session.Values["login_username"]
 		password, ok2 := session.Values["login_password"]
 		user_dn, ok3 := session.Values["login_dn"]
 
-	var login_info *LoginInfo
-	if !(ok && ok2 && ok3) {
-		login_info = handleLogin(w, r)
-		if login_info == nil {
-			return nil
-		}
-	} else {
+		if ok && ok2 && ok3 {
 			login_info = &LoginInfo{
 				DN:       user_dn.(string),
 				Username: username.(string),
 				Password: password.(string),
 			}
 		}
+	}
+
+	if login_info == nil {
+		login_info = handleLogin(w, r)
+		if login_info == nil {
+			return nil
+		}
+	}
 
 	l := ldapOpen(w)
 	if l == nil {
@@ -346,8 +343,7 @@ func handleLogin(w http.ResponseWriter, r *http.Request) *LoginInfo {
 		// Successfully logged in, save it to session
 		session, err := store.Get(r, SESSION_NAME)
 		if err != nil {
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return nil
+			session, _ = store.New(r, SESSION_NAME)
 		}
 
 		session.Values["login_username"] = username

templates/admin_ldap.html

@@ -146,7 +146,7 @@
         <div class="col-md-3"><strong>Ajouter au groupe :</strong>
       </div>
       <div class="col-md-5">
-        <input class="form-control" type="text" name="values" placeholder="Groupe..." />
+        <input class="form-control" type="text" name="values" placeholder="Utilisateur..." />
       </div>
       <div class="col-md-2">
           <input type="submit" value="Ajouter" class="form-control btn btn-success btn-sm" />