Backend for new SSH page #47

Merged
esy merged 9 commits from #24_ssh_keys into main 2023-12-31 06:56:30 +00:00
4 changed files with 180 additions and 2 deletions

View file

@ -179,13 +179,76 @@ Errors:
```json ```json
{"result": "error", "error": "no valid key"} {"result": "error", "error": "no valid key"}
``` ```
#### Success #### Success
```json ```json
{"result": "success", "success": "key valid"} {"result": "success", "success": "key valid"}
``` ```
### POST /ldap/ssh
Returns array of SSH keys associated with the Skynet account
```json
{
"auth" : {
"user": "username",
"pass": "password"
}
}
```
#### Errors
```json
{"result": "error", "error": "Failed to authenticate"}
```
#### Success
```json
{"result": "success", "success": ["key1","key2","key3"]}
```
### DELETE /ldap/ssh
Deletes SSH key from Skynet account
```json
{
"auth" : {
"user": "username",
"pass": "password"
},
"key": "ssh key"
}
```
#### Errors
```json
{"result": "error", "error": "Failed to authenticate"}
```
```json
{"result": "error", "error": "Failed to remove key"}
```
#### Success
```json
{"result": "success"}
```
### POST /ldap/ssh/add
Adds SSH key to Skynet account
```json
{
"auth" : {
"user": "username",
"pass": "password"
},
"key": "ssh key"
}
```
#### Errors
```json
{"result": "error", "error": "Failed to authenticate"}
```
```json
{"result": "error", "error": "Failed to add key"}
```
#### Success
```json
{"result": "success"}
```
## Responses ## Responses
Generic responses which is used unless otherwise specified above. Generic responses which is used unless otherwise specified above.

View file

@ -1,6 +1,6 @@
use skynet_ldap_backend::{ use skynet_ldap_backend::{
db_init, get_config, db_init, get_config,
methods::{account_new, account_recover, account_update}, methods::{account_new, account_recover, account_ssh, account_update},
State, State,
}; };
@ -34,6 +34,11 @@ async fn main() -> tide::Result<()> {
app.at("/ldap/recover/ssh/request").post(account_recover::ssh::request); app.at("/ldap/recover/ssh/request").post(account_recover::ssh::request);
app.at("/ldap/recover/ssh/verify").post(account_recover::ssh::verify); app.at("/ldap/recover/ssh/verify").post(account_recover::ssh::verify);
//for getting current ssh keys associated with the account
app.at("/ldap/ssh").post(account_ssh::get_ssh_keys);
app.at("/ldap/ssh").delete(account_ssh::remove_ssh_key);
app.at("/ldap/ssh/add").post(account_ssh::add_ssh_key);
app.listen(host_port).await?; app.listen(host_port).await?;
Ok(()) Ok(())
} }

109
src/methods/account_ssh.rs Normal file
View file

@ -0,0 +1,109 @@
use crate::{LdapAuth, LdapAuthResult, State};
use ldap3::{Mod, Scope, SearchEntry};
use std::collections::HashSet;
use tide::{
prelude::{json, Deserialize},
Request,
};
#[derive(Debug, Deserialize)]
struct SSHKey {
auth: LdapAuth,
key: String,
}
pub async fn add_ssh_key(mut req: Request<State>) -> tide::Result {
let SSHKey {
auth,
key,
} = req.body_json().await?;
let config = &req.state().config;
let LdapAuthResult {
mut ldap,
dn,
..
} = match crate::auth_user(&auth, config).await {
None => return Ok(json!({"result": "error", "error": "Failed to authenticate"}).into()),
Some(x) => x,
};
let mods = vec![Mod::Add("sshPublicKey".to_owned(), HashSet::from([key]))];
let result = match ldap.modify(&dn, mods) {
Ok(_) => Ok(json!({"result": "success"}).into()),
Err(e) => {
dbg!(e);
Ok(json!({"result": "error", "error": "Failed to add key"}).into())
}
};
ldap.unbind()?;
result
}
pub async fn remove_ssh_key(mut req: Request<State>) -> tide::Result {
let SSHKey {
auth,
key,
} = req.body_json().await?;
let config = &req.state().config;
let LdapAuthResult {
mut ldap,
dn,
..
} = match crate::auth_user(&auth, config).await {
None => return Ok(json!({"result": "error", "error": "Failed to authenticate"}).into()),
Some(x) => x,
};
let mods = vec![Mod::Delete("sshPublicKey".to_owned(), HashSet::from([key]))];
let result = match ldap.modify(&dn, mods) {
Ok(_) => Ok(json!({"result": "success"}).into()),
Err(e) => {
dbg!(e);
Ok(json!({"result": "error", "error": "Failed to remove key"}).into())
}
};
ldap.unbind()?;
result
}
#[derive(Debug, Deserialize)]
struct SSHKeyGet {
auth: LdapAuth,
}
pub async fn get_ssh_keys(mut req: Request<State>) -> tide::Result {
let SSHKeyGet {
auth,
} = req.body_json().await?;
let config = &req.state().config;
let LdapAuthResult {
mut ldap,
dn,
..
} = match crate::auth_user(&auth, config).await {
None => return Ok(json!({"result": "error", "error": "Failed to authenticate"}).into()),
Some(x) => x,
};
let mut keys: Vec<String> = vec![];
let (rs, _res) = ldap.search(&dn, Scope::Base, "(objectClass=*)", vec!["sshPublicKey"])?.success()?;
for entry in rs {
let tmp = SearchEntry::construct(entry);
if tmp.attrs.contains_key("sshPublicKey") {
for key in tmp.attrs["sshPublicKey"].clone() {
keys.push(key);
}
}
}
ldap.unbind()?;
Ok(json!({"result": "success", "success": keys}).into())
}

View file

@ -1,3 +1,4 @@
pub mod account_new; pub mod account_new;
pub mod account_recover; pub mod account_recover;
pub mod account_ssh;
pub mod account_update; pub mod account_update;