0 package access

1

2 import (

3 "errors"

4 "fmt"

5 "gemigit/config"

6 "gemigit/db"

7

8 ldap "github.com/go-ldap/ldap/v3"

9 )

10

11 const (

12 None = 0

13 Read = 1

14 Write = 2

15 )

16

17 var conn *ldap.Conn

18

19 func Init() error {

20 if !config.Cfg.Ldap.Enabled {

21 return nil

22 }

23 l, err := ldap.DialURL(config.Cfg.Ldap.Url)

24 if err != nil {

25 return err

26 }

27 conn = l

28 return nil

29 }

30

31 // return nil if credential are valid, an error if not

32 func Login(name string, password string,

33 allowToken bool, allowPassword bool) (error) {

34 if !allowToken && !allowPassword {

35 return errors.New("no authentication")

36 }

37 if name == "" || password == "" {

38 return errors.New("empty field")

39 }

40 if allowToken {

41 err := db.TokenAuth(name, password)

42 if err == nil || !allowPassword {

43 return err

44 }

45 }

46 if config.Cfg.Ldap.Enabled {

47 return conn.Bind(fmt.Sprintf("%s=%s,%s",

48 config.Cfg.Ldap.Attribute,

49 ldap.EscapeFilter(name),

50 config.Cfg.Ldap.Binding),

51 password)

52 }

53 return db.CheckAuth(name, password)

54 }

55

56 func hasAccess(repo string, author string, user string, access int) error {

57 wantAccess, err := db.GetPublicUser(user)

58 if err != nil {

59 return err

60 }

61 owner, err := db.GetPublicUser(author)

62 if err != nil {

63 return err

64 }

65 toRepository, err := owner.GetRepo(repo)

66 if err != nil {

67 return err

68 }

69 if toRepository.UserID == wantAccess.ID {

70 return nil

71 }

72 privilege, err := db.GetAccess(wantAccess, toRepository)

73 if err != nil {

74 return err

75 }

76 if privilege < access {

77 return errors.New("Permission denied")

78 }

79 return nil

80 }

81

82 func HasWriteAccess(repo string, author string, user string) error {

83 return hasAccess(repo, author, user, Write)

84 }

85

86 func HasReadAccess(repo string, author string, user string) error {

87 return hasAccess(repo, author, user, Read)

88 }

89