jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

settings: move directory server config to it's own route

Browse Source
This commit is contained in:
Girish Ramakrishnan
2023-08-03 02:26:11 +05:30
parent 4a34c390f8
commit 67e4c90d37
11 changed files with 222 additions and 154 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/directoryserver.js
+33 -5
View File
@@ -1,13 +1,13 @@
'use strict';
exports = module.exports = {
getConfig,
setConfig,
start,
stop,
checkCertificate,
validateConfig,
applyConfig
};
const assert = require('assert'),
@@ -33,6 +33,17 @@ const NOOP = function () {};
const SET_LDAP_ALLOWLIST_CMD = path.join(__dirname, 'scripts/setldapallowlist.sh');
async function getConfig() {
const value = await settings.get(settings.DIRECTORY_SERVER_KEY);
if (value === null) return {
enabled: false,
secret: '',
allowlist: '' // empty means allow all
};
return JSON.parse(value);
}
async function validateConfig(config) {
const { enabled, secret, allowlist } = config;
@@ -69,6 +80,23 @@ async function applyConfig(config) {
if (config.enabled) await start(); else await stop();
}
async function setConfig(directoryServerConfig) {
assert.strictEqual(typeof directoryServerConfig, 'object');
if (settings.isDemo()) throw new BoxError(BoxError.BAD_FIELD, 'Not allowed in demo mode');
const config = {
enabled: directoryServerConfig.enabled,
secret: directoryServerConfig.secret,
// if list is empty, we allow all IPs
allowlist: directoryServerConfig.allowlist || ''
};
await validateConfig(config);
await settings.set(settings.DIRECTORY_SERVER_KEY, JSON.stringify(config));
await applyConfig(config);
}
// helper function to deal with pagination
function finalSend(results, req, res, next) {
let min = 0;
@@ -317,10 +345,10 @@ async function start() {
gServer.bind('ou=system,dc=cloudron', async function(req, res, next) {
debug('system bind: %s (from %s)', req.dn.toString(), req.connection.ldap.id);
const tmp = await settings.getDirectoryServerConfig();
const config = await getConfig();
if (!req.dn.equals(constants.USER_DIRECTORY_LDAP_DN)) return next(new ldap.InvalidCredentialsError(req.dn.toString()));
if (req.credentials !== tmp.secret) return next(new ldap.InvalidCredentialsError(req.dn.toString()));
if (req.credentials !== config.secret) return next(new ldap.InvalidCredentialsError(req.dn.toString()));
req.user = { user: 'directoryServerAdmin' };