0 package access
1
2 import (
3 "errors"
4 "fmt"
5 "gemigit/config"
6 "gemigit/db"
7
8 ldap "github.com/go-ldap/ldap/v3"
9 )
10
11 const (
12 None = 0
13 Read = 1
14 Write = 2
15 )
16
17 var conn *ldap.Conn
18
19 func Init() error {
20 if !config.Cfg.Ldap.Enabled {
21 return nil
22 }
23 l, err := ldap.DialURL(config.Cfg.Ldap.Url)
24 if err != nil {
25 return err
26 }
27 conn = l
28 return nil
29 }
30
31 // return nil if credential are valid, an error if not
32 func Login(name string, password string,
33 allowToken bool, allowPassword bool) (error) {
34 if !allowToken && !allowPassword {
35 return errors.New("no authentication")
36 }
37 if name == "" || password == "" {
38 return errors.New("empty field")
39 }
40 if allowToken {
41 err := db.TokenAuth(name, password)
42 if err == nil || !allowPassword {
43 return err
44 }
45 }
46 if config.Cfg.Ldap.Enabled {
47 return conn.Bind(fmt.Sprintf("%s=%s,%s",
48 config.Cfg.Ldap.Attribute,
49 ldap.EscapeFilter(name),
50 config.Cfg.Ldap.Binding),
51 password)
52 }
53 return db.CheckAuth(name, password)
54 }
55
56 func hasAccess(repo string, author string, user string, access int) error {
57 wantAccess, err := db.GetPublicUser(user)
58 if err != nil {
59 return err
60 }
61 owner, err := db.GetPublicUser(author)
62 if err != nil {
63 return err
64 }
65 toRepository, err := owner.GetRepo(repo)
66 if err != nil {
67 return err
68 }
69 if toRepository.UserID == wantAccess.ID {
70 return nil
71 }
72 privilege, err := db.GetAccess(wantAccess, toRepository)
73 if err != nil {
74 return err
75 }
76 if privilege < access {
77 return errors.New("Permission denied")
78 }
79 return nil
80 }
81
82 func HasWriteAccess(repo string, author string, user string) error {
83 return hasAccess(repo, author, user, Write)
84 }
85
86 func HasReadAccess(repo string, author string, user string) error {
87 return hasAccess(repo, author, user, Read)
88 }
89