Backend for new SSH page #47
4 changed files with 180 additions and 2 deletions
65
README.md
65
README.md
|
@ -179,13 +179,76 @@ Errors:
|
||||||
```json
|
```json
|
||||||
{"result": "error", "error": "no valid key"}
|
{"result": "error", "error": "no valid key"}
|
||||||
```
|
```
|
||||||
|
|
||||||
#### Success
|
#### Success
|
||||||
|
|
||||||
```json
|
```json
|
||||||
{"result": "success", "success": "key valid"}
|
{"result": "success", "success": "key valid"}
|
||||||
```
|
```
|
||||||
|
|
||||||
|
### POST /ldap/ssh
|
||||||
|
Returns array of SSH keys associated with the Skynet account
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"auth" : {
|
||||||
|
"user": "username",
|
||||||
|
"pass": "password"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
#### Errors
|
||||||
|
```json
|
||||||
|
{"result": "error", "error": "Failed to authenticate"}
|
||||||
|
```
|
||||||
|
#### Success
|
||||||
|
```json
|
||||||
|
{"result": "success", "success": ["key1","key2","key3"]}
|
||||||
|
```
|
||||||
|
|
||||||
|
### DELETE /ldap/ssh
|
||||||
|
Deletes SSH key from Skynet account
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"auth" : {
|
||||||
|
"user": "username",
|
||||||
|
"pass": "password"
|
||||||
|
},
|
||||||
|
"key": "ssh key"
|
||||||
|
}
|
||||||
|
```
|
||||||
|
#### Errors
|
||||||
|
```json
|
||||||
|
{"result": "error", "error": "Failed to authenticate"}
|
||||||
|
```
|
||||||
|
```json
|
||||||
|
{"result": "error", "error": "Failed to remove key"}
|
||||||
|
```
|
||||||
|
#### Success
|
||||||
|
```json
|
||||||
|
{"result": "success"}
|
||||||
|
```
|
||||||
|
|
||||||
|
### POST /ldap/ssh/add
|
||||||
|
Adds SSH key to Skynet account
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"auth" : {
|
||||||
|
"user": "username",
|
||||||
|
"pass": "password"
|
||||||
|
},
|
||||||
|
"key": "ssh key"
|
||||||
|
}
|
||||||
|
```
|
||||||
|
#### Errors
|
||||||
|
```json
|
||||||
|
{"result": "error", "error": "Failed to authenticate"}
|
||||||
|
```
|
||||||
|
```json
|
||||||
|
{"result": "error", "error": "Failed to add key"}
|
||||||
|
```
|
||||||
|
#### Success
|
||||||
|
```json
|
||||||
|
{"result": "success"}
|
||||||
|
```
|
||||||
## Responses
|
## Responses
|
||||||
|
|
||||||
Generic responses which is used unless otherwise specified above.
|
Generic responses which is used unless otherwise specified above.
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
use skynet_ldap_backend::{
|
use skynet_ldap_backend::{
|
||||||
db_init, get_config,
|
db_init, get_config,
|
||||||
methods::{account_new, account_recover, account_update},
|
methods::{account_new, account_recover, account_ssh, account_update},
|
||||||
State,
|
State,
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -34,6 +34,11 @@ async fn main() -> tide::Result<()> {
|
||||||
app.at("/ldap/recover/ssh/request").post(account_recover::ssh::request);
|
app.at("/ldap/recover/ssh/request").post(account_recover::ssh::request);
|
||||||
app.at("/ldap/recover/ssh/verify").post(account_recover::ssh::verify);
|
app.at("/ldap/recover/ssh/verify").post(account_recover::ssh::verify);
|
||||||
|
|
||||||
|
//for getting current ssh keys associated with the account
|
||||||
|
app.at("/ldap/ssh").post(account_ssh::get_ssh_keys);
|
||||||
|
app.at("/ldap/ssh").delete(account_ssh::remove_ssh_key);
|
||||||
|
app.at("/ldap/ssh/add").post(account_ssh::add_ssh_key);
|
||||||
|
|
||||||
app.listen(host_port).await?;
|
app.listen(host_port).await?;
|
||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|
109
src/methods/account_ssh.rs
Normal file
109
src/methods/account_ssh.rs
Normal file
|
@ -0,0 +1,109 @@
|
||||||
|
use crate::{LdapAuth, LdapAuthResult, State};
|
||||||
|
use ldap3::{Mod, Scope, SearchEntry};
|
||||||
|
use std::collections::HashSet;
|
||||||
|
use tide::{
|
||||||
|
prelude::{json, Deserialize},
|
||||||
|
Request,
|
||||||
|
};
|
||||||
|
|
||||||
|
#[derive(Debug, Deserialize)]
|
||||||
|
struct SSHKey {
|
||||||
|
auth: LdapAuth,
|
||||||
|
key: String,
|
||||||
|
}
|
||||||
|
|
||||||
|
pub async fn add_ssh_key(mut req: Request<State>) -> tide::Result {
|
||||||
|
let SSHKey {
|
||||||
|
auth,
|
||||||
|
key,
|
||||||
|
} = req.body_json().await?;
|
||||||
|
let config = &req.state().config;
|
||||||
|
|
||||||
|
let LdapAuthResult {
|
||||||
|
mut ldap,
|
||||||
|
dn,
|
||||||
|
..
|
||||||
|
} = match crate::auth_user(&auth, config).await {
|
||||||
|
None => return Ok(json!({"result": "error", "error": "Failed to authenticate"}).into()),
|
||||||
|
Some(x) => x,
|
||||||
|
};
|
||||||
|
|
||||||
|
let mods = vec![Mod::Add("sshPublicKey".to_owned(), HashSet::from([key]))];
|
||||||
|
let result = match ldap.modify(&dn, mods) {
|
||||||
|
Ok(_) => Ok(json!({"result": "success"}).into()),
|
||||||
|
Err(e) => {
|
||||||
|
dbg!(e);
|
||||||
|
Ok(json!({"result": "error", "error": "Failed to add key"}).into())
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
ldap.unbind()?;
|
||||||
|
|
||||||
|
result
|
||||||
|
}
|
||||||
|
|
||||||
|
pub async fn remove_ssh_key(mut req: Request<State>) -> tide::Result {
|
||||||
|
let SSHKey {
|
||||||
|
auth,
|
||||||
|
key,
|
||||||
|
} = req.body_json().await?;
|
||||||
|
let config = &req.state().config;
|
||||||
|
|
||||||
|
let LdapAuthResult {
|
||||||
|
mut ldap,
|
||||||
|
dn,
|
||||||
|
..
|
||||||
|
} = match crate::auth_user(&auth, config).await {
|
||||||
|
None => return Ok(json!({"result": "error", "error": "Failed to authenticate"}).into()),
|
||||||
|
Some(x) => x,
|
||||||
|
};
|
||||||
|
|
||||||
|
let mods = vec![Mod::Delete("sshPublicKey".to_owned(), HashSet::from([key]))];
|
||||||
|
|
||||||
|
let result = match ldap.modify(&dn, mods) {
|
||||||
|
Ok(_) => Ok(json!({"result": "success"}).into()),
|
||||||
|
Err(e) => {
|
||||||
|
dbg!(e);
|
||||||
|
Ok(json!({"result": "error", "error": "Failed to remove key"}).into())
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
ldap.unbind()?;
|
||||||
|
|
||||||
|
result
|
||||||
|
}
|
||||||
|
|
||||||
|
#[derive(Debug, Deserialize)]
|
||||||
|
struct SSHKeyGet {
|
||||||
|
auth: LdapAuth,
|
||||||
|
}
|
||||||
|
|
||||||
|
pub async fn get_ssh_keys(mut req: Request<State>) -> tide::Result {
|
||||||
|
let SSHKeyGet {
|
||||||
|
auth,
|
||||||
|
} = req.body_json().await?;
|
||||||
|
let config = &req.state().config;
|
||||||
|
|
||||||
|
let LdapAuthResult {
|
||||||
|
mut ldap,
|
||||||
|
dn,
|
||||||
|
..
|
||||||
|
} = match crate::auth_user(&auth, config).await {
|
||||||
|
None => return Ok(json!({"result": "error", "error": "Failed to authenticate"}).into()),
|
||||||
|
Some(x) => x,
|
||||||
|
};
|
||||||
|
let mut keys: Vec<String> = vec![];
|
||||||
|
let (rs, _res) = ldap.search(&dn, Scope::Base, "(objectClass=*)", vec!["sshPublicKey"])?.success()?;
|
||||||
|
for entry in rs {
|
||||||
|
let tmp = SearchEntry::construct(entry);
|
||||||
|
if tmp.attrs.contains_key("sshPublicKey") {
|
||||||
|
for key in tmp.attrs["sshPublicKey"].clone() {
|
||||||
|
keys.push(key);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
ldap.unbind()?;
|
||||||
|
|
||||||
|
Ok(json!({"result": "success", "success": keys}).into())
|
||||||
|
}
|
|
@ -1,3 +1,4 @@
|
||||||
pub mod account_new;
|
pub mod account_new;
|
||||||
pub mod account_recover;
|
pub mod account_recover;
|
||||||
|
pub mod account_ssh;
|
||||||
pub mod account_update;
|
pub mod account_update;
|
||||||
|
|
Loading…
Reference in a new issue