Backend for new SSH page #47

Merged
esy merged 9 commits from #24_ssh_keys into main 2023-12-31 06:56:30 +00:00
3 changed files with 138 additions and 135 deletions
Showing only changes of commit 2e0ba6e53c - Show all commits

View file

@ -1,44 +1,44 @@
use skynet_ldap_backend::{ use skynet_ldap_backend::{
db_init, get_config, db_init, get_config,
methods::{account_new, account_recover, account_update, account_ssh}, methods::{account_new, account_recover, account_ssh, account_update},
State, State,
}; };
#[async_std::main] #[async_std::main]
async fn main() -> tide::Result<()> { async fn main() -> tide::Result<()> {
let config = get_config(); let config = get_config();
let db = db_init(&config).await?; let db = db_init(&config).await?;
let host_port = config.host_port.clone(); let host_port = config.host_port.clone();
tide::log::start(); tide::log::start();
let state = State { let state = State {
db, db,
config, config,
}; };
let mut app = tide::with_state(state); let mut app = tide::with_state(state);
// for users to update their own profile // for users to update their own profile
app.at("/ldap/update").post(account_update::submit); app.at("/ldap/update").post(account_update::submit);
// for new users // for new users
app.at("/ldap/new/email").post(account_new::email::submit); app.at("/ldap/new/email").post(account_new::email::submit);
app.at("/ldap/new/account").post(account_new::account::submit); app.at("/ldap/new/account").post(account_new::account::submit);
// for folks who forget password/username // for folks who forget password/username
app.at("/ldap/recover/password").post(account_recover::password::reset); app.at("/ldap/recover/password").post(account_recover::password::reset);
app.at("/ldap/recover/password/auth").post(account_recover::password::auth); app.at("/ldap/recover/password/auth").post(account_recover::password::auth);
app.at("/ldap/recover/username").post(account_recover::username::submit); app.at("/ldap/recover/username").post(account_recover::username::submit);
app.at("/ldap/recover/ssh/request").post(account_recover::ssh::request); app.at("/ldap/recover/ssh/request").post(account_recover::ssh::request);
app.at("/ldap/recover/ssh/verify").post(account_recover::ssh::verify); app.at("/ldap/recover/ssh/verify").post(account_recover::ssh::verify);
//for getting current ssh keys associated with the account //for getting current ssh keys associated with the account
app.at("/ldap/ssh").post(account_ssh::get_ssh_keys); app.at("/ldap/ssh").post(account_ssh::get_ssh_keys);
app.at("/ldap/ssh").delete(account_ssh::remove_ssh_key); app.at("/ldap/ssh").delete(account_ssh::remove_ssh_key);
app.at("/ldap/ssh/add").post(account_ssh::add_ssh_key); app.at("/ldap/ssh/add").post(account_ssh::add_ssh_key);
app.listen(host_port).await?; app.listen(host_port).await?;
Ok(()) Ok(())
} }

View file

@ -1,137 +1,140 @@
use std::collections::HashSet; use crate::{LdapAuth, LdapAuthResult, State};
use crate::{State, LdapAuthResult, LdapAuth};
use ldap3::{LdapConn, Mod, Scope, SearchEntry}; use ldap3::{LdapConn, Mod, Scope, SearchEntry};
use std::collections::HashSet;
use tide::{ use tide::{
prelude::{json, Deserialize}, prelude::{json, Deserialize},
Request, Request,
}; };
#[derive(Debug, Deserialize)] #[derive(Debug, Deserialize)]
pub struct SSHKey { pub struct SSHKey {
auth: LdapAuth, auth: LdapAuth,
key: String, key: String,
} }
pub async fn add_ssh_key(mut req: Request<State>) -> tide::Result { pub async fn add_ssh_key(mut req: Request<State>) -> tide::Result {
let SSHKey { let SSHKey {
auth, auth,
key, key,
} = req.body_json().await?; } = req.body_json().await?;
let config = &req.state().config; let config = &req.state().config;
let mut ldap = LdapConn::new(&config.ldap_host)?; let mut ldap = LdapConn::new(&config.ldap_host)?;
let dn = format!("uid={},ou=users,dc=skynet,dc=ie", auth.user); let dn = format!("uid={},ou=users,dc=skynet,dc=ie", auth.user);
ldap.simple_bind(&dn, &auth.pass)?.success()?; ldap.simple_bind(&dn, &auth.pass)?.success()?;
let LdapAuthResult { let LdapAuthResult {
mut ldap, mut ldap,
dn, dn,
is_skynet_user: _, is_skynet_user: _,
} = match crate::auth_user(&auth, config).await { } = match crate::auth_user(&auth, config).await {
None => return Ok(json!({"result": "error", "error": "Failed to authenticate"}).into()), None => return Ok(json!({"result": "error", "error": "Failed to authenticate"}).into()),
Some(x) => x, Some(x) => x,
}; };
let mods = vec![ let mods = vec![Mod::Add("sshPublicKey".to_string(), HashSet::from([key]))];
Mod::Add("sshPublicKey".to_string(), HashSet::from([key])), match ldap.modify(&dn, mods) {
]; Ok(_) => {
match ldap.modify(&dn, mods) { ldap.unbind()?;
Ok(_) => { Ok(json!({"result": "success"}).into())
ldap.unbind()?;
Ok(json!({"result": "success"}).into())
}
Err(e) => {
dbg!(e);
ldap.unbind()?;
Ok(json!({"result": "error", "error": "Failed to add key"}).into())
}
} }
Err(e) => {
dbg!(e);
ldap.unbind()?;
Ok(json!({"result": "error", "error": "Failed to add key"}).into())
}
}
} }
pub async fn remove_ssh_key(mut req: Request<State>) -> tide::Result { pub async fn remove_ssh_key(mut req: Request<State>) -> tide::Result {
let SSHKey { let SSHKey {
auth, auth,
key, key,
} = req.body_json().await?; } = req.body_json().await?;
let config = &req.state().config; let config = &req.state().config;
let mut ldap = LdapConn::new(&config.ldap_host)?; let mut ldap = LdapConn::new(&config.ldap_host)?;
let dn = format!("uid={},ou=users,dc=skynet,dc=ie", auth.user); let dn = format!("uid={},ou=users,dc=skynet,dc=ie", auth.user);
match ldap.simple_bind(&dn, &auth.pass) { match ldap.simple_bind(&dn, &auth.pass) {
Ok(_) => {} Ok(_) => {}
Err(e) => { Err(e) => {
dbg!(e); dbg!(e);
return Ok(json!({"result": "error", "error": "Failed to bind"}).into()); return Ok(json!({"result": "error", "error": "Failed to bind"}).into());
}
} }
}
let LdapAuthResult { let LdapAuthResult {
mut ldap, mut ldap,
dn, dn,
is_skynet_user: _ is_skynet_user: _,
} = match crate::auth_user(&auth, config).await { } = match crate::auth_user(&auth, config).await {
None => return Ok(json!({"result": "error", "error": "Failed to authenticate"}).into()), None => return Ok(json!({"result": "error", "error": "Failed to authenticate"}).into()),
Some(x) => x, Some(x) => x,
}; };
let mods = vec![ let mods = vec![Mod::Delete("sshPublicKey".to_string(), HashSet::from([key]))];
Mod::Delete("sshPublicKey".to_string(), HashSet::from([key])),
];
match ldap.modify(&dn, mods) { match ldap.modify(&dn, mods) {
Ok(_) => { Ok(_) => {
ldap.unbind()?; ldap.unbind()?;
Ok(json!({"result": "success"}).into()) Ok(json!({"result": "success"}).into())
}
Err(e) => {
dbg!(e);
ldap.unbind()?;
Ok(json!({"result": "error", "error": "Failed to remove key"}).into())
}
} }
Err(e) => {
dbg!(e);
ldap.unbind()?;
Ok(json!({"result": "error", "error": "Failed to remove key"}).into())
}
}
} }
pub async fn get_ssh_keys(mut req: Request<State>) -> tide::Result { pub async fn get_ssh_keys(mut req: Request<State>) -> tide::Result {
let LdapAuth { let LdapAuth {
user, user,
pass pass,
} = req.body_json().await?; } = req.body_json().await?;
let config = &req.state().config; let config = &req.state().config;
let mut ldap = LdapConn::new(&config.ldap_host)?; let mut ldap = LdapConn::new(&config.ldap_host)?;
let dn = format!("uid={},ou=users,dc=skynet,dc=ie", user); let dn = format!("uid={},ou=users,dc=skynet,dc=ie", user);
ldap.simple_bind(&dn, &pass)?.success()?; ldap.simple_bind(&dn, &pass)?.success()?;
let LdapAuthResult { let LdapAuthResult {
mut ldap, mut ldap,
dn, dn,
is_skynet_user: _, is_skynet_user: _,
} = match crate::auth_user(&LdapAuth { user, pass }, config).await { } = match crate::auth_user(
None => return Ok(json!({"result": "error", "error": "Failed to authenticate"}).into()), &LdapAuth {
Some(x) => if x.is_skynet_user { user,
x pass,
} else { },
return Ok(json!({"result": "error", "error": "Not a skynet user"}).into()); config,
} )
}; .await
{
None => return Ok(json!({"result": "error", "error": "Failed to authenticate"}).into()),
let mut keys: Vec<String> = vec![]; Some(x) => {
let (rs, _res) = ldap.search(&dn, Scope::Base, "(objectClass=*)", vec!["sshPublicKey"])?.success()?; if x.is_skynet_user {
for entry in rs { x
let tmp = SearchEntry::construct(entry); } else {
if tmp.attrs.contains_key("sshPublicKey") { return Ok(json!({"result": "error", "error": "Not a skynet user"}).into());
for key in tmp.attrs["sshPublicKey"].clone() { }
keys.push(key);
}
}
} }
ldap.unbind()?; };
Ok(json!({"result": "success", "success": keys}).into()) let mut keys: Vec<String> = vec![];
let (rs, _res) = ldap.search(&dn, Scope::Base, "(objectClass=*)", vec!["sshPublicKey"])?.success()?;
for entry in rs {
let tmp = SearchEntry::construct(entry);
if tmp.attrs.contains_key("sshPublicKey") {
for key in tmp.attrs["sshPublicKey"].clone() {
keys.push(key);
}
}
}
ldap.unbind()?;
Ok(json!({"result": "success", "success": keys}).into())
} }

View file

@ -1,4 +1,4 @@
pub mod account_new; pub mod account_new;
pub mod account_recover; pub mod account_recover;
pub mod account_update; pub mod account_ssh;
pub mod account_ssh; pub mod account_update;