diff --git a/configuration.nix b/configuration.nix index 7713316..fe98f77 100644 --- a/configuration.nix +++ b/configuration.nix @@ -2,11 +2,6 @@ let secrets = import ./secrets.nix; - ldap = pkgs.buildGoModule rec { - name = "ldap"; - src = ./ldap; - vendorHash = "sha256-HlsVCWs7Q4kBAtRpt3U323tRmgWdQxZlpfMZ/cSlw4Q="; - }; image = "chocobozzz/peertube:production-bullseye"; @@ -64,22 +59,6 @@ in { environment.systemPackages = with pkgs; [ vim htop git tmux ]; - systemd.services."peertube-ldap" = { - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - environment = { - AUTH_URL = secrets.peertube.auth.url; - AUTH_SECRET = secrets.peertube.auth.secret; - LDAP_USER = secrets.peertube.ldap.user; - LDAP_PASS = secrets.peertube.ldap.password; - }; - serviceConfig = { - Restart = "always"; - RestartSec = 30; - ExecStart = "${ldap}/bin/ldap"; - User = "peertube"; - }; - }; services.caddy = { enable = true; diff --git a/ldap/go.mod b/ldap/go.mod deleted file mode 100644 index 87d3f1c..0000000 --- a/ldap/go.mod +++ /dev/null @@ -1,16 +0,0 @@ -module code.dumpstack.io/infra/v.lor.sh/ldap - -go 1.19 - -require ( - github.com/jackc/pgx/v5 v5.2.0 - github.com/lor00x/goldap v0.0.0-20180618054307-a546dffdd1a3 - github.com/vjeantet/ldapserver v1.0.1 -) - -require ( - github.com/jackc/pgpassfile v1.0.0 // indirect - github.com/jackc/pgservicefile v0.0.0-20200714003250-2b9c44734f2b // indirect - golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90 // indirect - golang.org/x/text v0.3.8 // indirect -) diff --git a/ldap/go.sum b/ldap/go.sum deleted file mode 100644 index 6b25943..0000000 --- a/ldap/go.sum +++ /dev/null @@ -1,25 +0,0 @@ -github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= -github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsIM= -github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg= -github.com/jackc/pgservicefile v0.0.0-20200714003250-2b9c44734f2b h1:C8S2+VttkHFdOOCXJe+YGfa4vHYwlt4Zx+IVXQ97jYg= -github.com/jackc/pgservicefile v0.0.0-20200714003250-2b9c44734f2b/go.mod h1:vsD4gTJCa9TptPL8sPkXrLZ+hDuNrZCnj29CQpr4X1E= -github.com/jackc/pgx/v5 v5.2.0 h1:NdPpngX0Y6z6XDFKqmFQaE+bCtkqzvQIOt1wvBlAqs8= -github.com/jackc/pgx/v5 v5.2.0/go.mod h1:Ptn7zmohNsWEsdxRawMzk3gaKma2obW+NWTnKa0S4nk= -github.com/lor00x/goldap v0.0.0-20180618054307-a546dffdd1a3 h1:wIONC+HMNRqmWBjuMxhatuSzHaljStc4gjDeKycxy0A= -github.com/lor00x/goldap v0.0.0-20180618054307-a546dffdd1a3/go.mod h1:37YR9jabpiIxsb8X9VCIx8qFOjTDIIrIHHODa8C4gz0= -github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= -github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= -github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk= -github.com/vjeantet/ldapserver v1.0.1 h1:3z+TCXhwwDLJC3pZCNbuECPDqC2x1R7qQQbswB1Qwoc= -github.com/vjeantet/ldapserver v1.0.1/go.mod h1:YvUqhu5vYhmbcLReMLrm/Tq3S7Yj43kSVFvvol6Lh6k= -golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90 h1:Y/gsMcFOcR+6S6f3YeMKl5g+dZMEWqcz5Czj/GWYbkM= -golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/text v0.3.8 h1:nAL+RVCQ9uMn3vJZbV+MRnydTJFPf8qqY42YiA6MrqY= -golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= -gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= diff --git a/ldap/ldap.go b/ldap/ldap.go deleted file mode 100644 index 4705936..0000000 --- a/ldap/ldap.go +++ /dev/null @@ -1,169 +0,0 @@ -package main - -import ( - "bytes" - "context" - "encoding/json" - "errors" - "fmt" - "net/http" - "os" - "os/signal" - "strings" - "syscall" - - "github.com/jackc/pgx/v5" - "github.com/lor00x/goldap/message" - ldap "github.com/vjeantet/ldapserver" -) - -func auth(username, email, password string) (ruser, remail string, err error) { - var payload struct { - Secret string - Username string - Email string - Password string - } - - payload.Secret = os.Getenv("AUTH_SECRET") - payload.Username = username - payload.Email = email - payload.Password = password - - raw, err := json.Marshal(payload) - if err != nil { - return - } - body := bytes.NewReader(raw) - - req, err := http.NewRequest("POST", os.Getenv("AUTH_URL"), body) - if err != nil { - return - } - req.Header.Set("Content-Type", "application/json") - - resp, err := http.DefaultClient.Do(req) - if err != nil { - return - } - defer resp.Body.Close() - - var result struct { - Username string - Email string - Error string - } - - err = json.NewDecoder(resp.Body).Decode(&result) - if err != nil { - return - } - - if result.Error != "" { - err = errors.New(result.Error) - } - - ruser = result.Username - remail = result.Email - return -} - -func bind(w ldap.ResponseWriter, m *ldap.Message) { - r := m.GetBindRequest() - res := ldap.NewBindResponse(ldap.LDAPResultSuccess) - - username := string(r.Name()) - password := string(r.AuthenticationSimple()) - - if username == os.Getenv("LDAP_USER") { - if password == os.Getenv("LDAP_PASS") { - w.Write(res) - return - } - } - - if username == "root" { - res.SetResultCode(ldap.LDAPResultInvalidCredentials) - res.SetDiagnosticMessage("root login is disabled") - w.Write(res) - return - } - - _, _, err := auth(username, "", password) - if err == nil { - fmt.Println("bind:", username, "ok") - w.Write(res) - return - } - - fmt.Println("bind:", username, "incorrect password") - res.SetResultCode(ldap.LDAPResultInvalidCredentials) - res.SetDiagnosticMessage("invalid credentials") - w.Write(res) -} - -func updateEmail(username, email string) (err error) { - path := "dbname=" + os.Getenv("DATABASE") - conn, err := pgx.Connect(context.Background(), path) - if err != nil { - return - } - defer conn.Close(context.Background()) - - query := "update \"user\" set email=$1 where username=$2" - _, err = conn.Exec(context.Background(), query, email, username) - return -} - -func search(w ldap.ResponseWriter, m *ldap.Message) { - r := m.GetSearchRequest() - res := ldap.NewSearchResultDoneResponse(ldap.LDAPResultSuccess) - defer w.Write(res) - - var username, email string - - s := r.FilterString() - s = s[6 : len(s)-1] - - if strings.Contains(s, "@") { - username, email, _ = auth("", s, "") - } else { - username, email, _ = auth(s, "", "") - } - - if username == "" || email == "" { - fmt.Println("search:", s, "not found") - return - } - fmt.Println("search:", s, "found", username, email) - - err := updateEmail(username, email) - if err != nil { - fmt.Println(err) - } - - e := ldap.NewSearchResultEntry(username) - e.AddAttribute("uid", message.AttributeValue(username)) - e.AddAttribute("mail", message.AttributeValue(email)) - w.Write(e) -} - -func main() { - ldap.Logger = ldap.DiscardingLogger - - server := ldap.NewServer() - - routes := ldap.NewRouteMux() - routes.Bind(bind) - routes.Search(search) - server.Handle(routes) - - go server.ListenAndServe(":10389") - - ch := make(chan os.Signal) - signal.Notify(ch, syscall.SIGINT, syscall.SIGTERM) - <-ch - close(ch) - - server.Stop() -}