126 lines
3.6 KiB
Go
126 lines
3.6 KiB
Go
package main
|
|
|
|
import (
|
|
"errors"
|
|
"log"
|
|
"net/http"
|
|
"context"
|
|
"fmt"
|
|
"github.com/go-ldap/ldap/v3"
|
|
garage "git.deuxfleurs.fr/garage-sdk/garage-admin-sdk-golang"
|
|
)
|
|
|
|
func gadmin() (*garage.APIClient, context.Context) {
|
|
// Set Host and other parameters
|
|
configuration := garage.NewConfiguration()
|
|
configuration.Host = config.S3AdminEndpoint
|
|
|
|
// We can now generate a client
|
|
client := garage.NewAPIClient(configuration)
|
|
|
|
// Authentication is handled through the context pattern
|
|
ctx := context.WithValue(context.Background(), garage.ContextAccessToken, config.S3AdminToken)
|
|
return client, ctx
|
|
}
|
|
|
|
|
|
func grgCreateKey(name string) (*garage.KeyInfo, error) {
|
|
client, ctx := gadmin()
|
|
|
|
kr := garage.AddKeyRequest{Name: &name}
|
|
resp, _, err := client.KeyApi.AddKey(ctx).AddKeyRequest(kr).Execute()
|
|
if err != nil {
|
|
fmt.Printf("%+v\n", err)
|
|
return nil, err
|
|
}
|
|
return resp, nil
|
|
}
|
|
|
|
func grgGetKey(accessKey string) (*garage.KeyInfo, error) {
|
|
client, ctx := gadmin()
|
|
|
|
resp, _, err := client.KeyApi.GetKey(ctx, accessKey).Execute()
|
|
if err != nil {
|
|
fmt.Printf("%+v\n", err)
|
|
return nil, err
|
|
}
|
|
return resp, nil
|
|
}
|
|
|
|
|
|
func checkLoginAndS3(w http.ResponseWriter, r *http.Request) (*LoginStatus, *garage.KeyInfo, error) {
|
|
login := checkLogin(w, r)
|
|
if login == nil {
|
|
return nil, nil, errors.New("LDAP login failed")
|
|
}
|
|
|
|
keyID := login.UserEntry.GetAttributeValue("garage_s3_access_key")
|
|
if keyID == "" {
|
|
keyPair, err := grgCreateKey(login.Info.Username)
|
|
if err != nil {
|
|
return login, nil, err
|
|
}
|
|
modify_request := ldap.NewModifyRequest(login.Info.DN, nil)
|
|
modify_request.Replace("garage_s3_access_key", []string{*keyPair.AccessKeyId})
|
|
// @FIXME compatibility feature for bagage (SFTP+webdav)
|
|
// you can remove it once bagage will be updated to fetch the key from garage directly
|
|
// or when bottin will be able to dynamically fetch it.
|
|
modify_request.Replace("garage_s3_secret_key", []string{*keyPair.SecretAccessKey})
|
|
err = login.conn.Modify(modify_request)
|
|
return login, keyPair, err
|
|
}
|
|
// Note: we could simply return the login info, but LX asked we do not
|
|
// store the secrets in LDAP in the future.
|
|
keyPair, err := grgGetKey(keyID)
|
|
return login, keyPair, err
|
|
}
|
|
|
|
type keyView struct {
|
|
Status *LoginStatus
|
|
Key *garage.KeyInfo
|
|
}
|
|
|
|
func handleGarageKey(w http.ResponseWriter, r *http.Request) {
|
|
login, s3key, err := checkLoginAndS3(w, r)
|
|
if err != nil {
|
|
log.Println(err)
|
|
return
|
|
}
|
|
view := keyView{Status: login, Key: s3key}
|
|
|
|
tKey := getTemplate("garage_key.html")
|
|
tKey.Execute(w, &view)
|
|
}
|
|
|
|
type webListView struct {
|
|
Status *LoginStatus
|
|
Key *garage.KeyInfo
|
|
}
|
|
func handleGarageWebsiteList(w http.ResponseWriter, r *http.Request) {
|
|
login, s3key, err := checkLoginAndS3(w, r)
|
|
if err != nil {
|
|
log.Println(err)
|
|
return
|
|
}
|
|
view := webListView{Status: login, Key: s3key}
|
|
|
|
tWebsiteList := getTemplate("garage_website_list.html")
|
|
tWebsiteList.Execute(w, &view)
|
|
}
|
|
|
|
func handleGarageWebsiteNew(w http.ResponseWriter, r *http.Request) {
|
|
tWebsiteNew := getTemplate("garage_website_new.html")
|
|
tWebsiteNew.Execute(w, nil)
|
|
}
|
|
|
|
func handleGarageWebsiteInspect(w http.ResponseWriter, r *http.Request) {
|
|
login, s3key, err := checkLoginAndS3(w, r)
|
|
if err != nil {
|
|
log.Println(err)
|
|
return
|
|
}
|
|
log.Println(login, s3key)
|
|
|
|
tWebsiteInspect := getTemplate("garage_website_inspect.html")
|
|
tWebsiteInspect.Execute(w, nil)
|
|
}
|