mirror of
https://github.com/h44z/wg-portal.git
synced 2025-10-06 08:26:17 +00:00
Compare commits
4 Commits
ldap_fix
...
v2.1.0-bet
| Author | SHA1 | Date | |
|---|---|---|---|
|
d311313cb4 | ||
|
0cbca61c15 | ||
|
|
c79a6c83a8 | ||
|
|
098a9fe23e |
@@ -20,7 +20,7 @@ RUN npm run build
|
|||||||
######
|
######
|
||||||
# Build backend
|
# Build backend
|
||||||
######
|
######
|
||||||
FROM --platform=${BUILDPLATFORM} golang:1.24-alpine AS builder
|
FROM --platform=${BUILDPLATFORM} golang:1.25-alpine AS builder
|
||||||
# Set the working directory
|
# Set the working directory
|
||||||
WORKDIR /build
|
WORKDIR /build
|
||||||
# Download dependencies
|
# Download dependencies
|
||||||
|
|||||||
@@ -403,6 +403,12 @@ definitions:
|
|||||||
type: object
|
type: object
|
||||||
models.ProvisioningRequest:
|
models.ProvisioningRequest:
|
||||||
properties:
|
properties:
|
||||||
|
DisplayName:
|
||||||
|
description: |-
|
||||||
|
DisplayName is an optional name for the new peer.
|
||||||
|
If unset, a default template value (e.g., "API Peer ...") will be assigned.
|
||||||
|
example: API Peer xyz
|
||||||
|
type: string
|
||||||
InterfaceIdentifier:
|
InterfaceIdentifier:
|
||||||
description: InterfaceIdentifier is the identifier of the WireGuard interface the peer should be linked to.
|
description: InterfaceIdentifier is the identifier of the WireGuard interface the peer should be linked to.
|
||||||
example: wg0
|
example: wg0
|
||||||
|
|||||||
4
go.mod
4
go.mod
@@ -8,7 +8,7 @@ require (
|
|||||||
github.com/coreos/go-oidc/v3 v3.15.0
|
github.com/coreos/go-oidc/v3 v3.15.0
|
||||||
github.com/glebarez/sqlite v1.11.0
|
github.com/glebarez/sqlite v1.11.0
|
||||||
github.com/go-ldap/ldap/v3 v3.4.11
|
github.com/go-ldap/ldap/v3 v3.4.11
|
||||||
github.com/go-pkgz/routegroup v1.5.2
|
github.com/go-pkgz/routegroup v1.5.3
|
||||||
github.com/go-playground/validator/v10 v10.27.0
|
github.com/go-playground/validator/v10 v10.27.0
|
||||||
github.com/go-webauthn/webauthn v0.13.4
|
github.com/go-webauthn/webauthn v0.13.4
|
||||||
github.com/google/uuid v1.6.0
|
github.com/google/uuid v1.6.0
|
||||||
@@ -29,7 +29,7 @@ require (
|
|||||||
gorm.io/driver/mysql v1.6.0
|
gorm.io/driver/mysql v1.6.0
|
||||||
gorm.io/driver/postgres v1.6.0
|
gorm.io/driver/postgres v1.6.0
|
||||||
gorm.io/driver/sqlserver v1.6.1
|
gorm.io/driver/sqlserver v1.6.1
|
||||||
gorm.io/gorm v1.30.1
|
gorm.io/gorm v1.30.2
|
||||||
)
|
)
|
||||||
|
|
||||||
require (
|
require (
|
||||||
|
|||||||
8
go.sum
8
go.sum
@@ -70,8 +70,8 @@ github.com/go-openapi/spec v0.21.0 h1:LTVzPc3p/RzRnkQqLRndbAzjY0d0BCL72A6j3CdL9Z
|
|||||||
github.com/go-openapi/spec v0.21.0/go.mod h1:78u6VdPw81XU44qEWGhtr982gJ5BWg2c0I5XwVMotYk=
|
github.com/go-openapi/spec v0.21.0/go.mod h1:78u6VdPw81XU44qEWGhtr982gJ5BWg2c0I5XwVMotYk=
|
||||||
github.com/go-openapi/swag v0.23.1 h1:lpsStH0n2ittzTnbaSloVZLuB5+fvSY/+hnagBjSNZU=
|
github.com/go-openapi/swag v0.23.1 h1:lpsStH0n2ittzTnbaSloVZLuB5+fvSY/+hnagBjSNZU=
|
||||||
github.com/go-openapi/swag v0.23.1/go.mod h1:STZs8TbRvEQQKUA+JZNAm3EWlgaOBGpyFDqQnDHMef0=
|
github.com/go-openapi/swag v0.23.1/go.mod h1:STZs8TbRvEQQKUA+JZNAm3EWlgaOBGpyFDqQnDHMef0=
|
||||||
github.com/go-pkgz/routegroup v1.5.2 h1:/W/5GwsHaojeEBldiSB/fcqPLm0AE/eT36reCsMEbtY=
|
github.com/go-pkgz/routegroup v1.5.3 h1:IvH1KLcQkMap9jucQGBlef3IBloxSAe8USUFvxShFqs=
|
||||||
github.com/go-pkgz/routegroup v1.5.2/go.mod h1:Pmu04fhgWhRtBMIJ8HXppnnzOPjnL/IEPBIdO2zmeqg=
|
github.com/go-pkgz/routegroup v1.5.3/go.mod h1:Pmu04fhgWhRtBMIJ8HXppnnzOPjnL/IEPBIdO2zmeqg=
|
||||||
github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
|
github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
|
||||||
github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
|
github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
|
||||||
github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
|
github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
|
||||||
@@ -374,8 +374,8 @@ gorm.io/driver/postgres v1.6.0/go.mod h1:vUw0mrGgrTK+uPHEhAdV4sfFELrByKVGnaVRkXD
|
|||||||
gorm.io/driver/sqlserver v1.6.1 h1:XWISFsu2I2pqd1KJhhTZNJMx1jNQ+zVL/Q8ovDcUjtY=
|
gorm.io/driver/sqlserver v1.6.1 h1:XWISFsu2I2pqd1KJhhTZNJMx1jNQ+zVL/Q8ovDcUjtY=
|
||||||
gorm.io/driver/sqlserver v1.6.1/go.mod h1:VZeNn7hqX1aXoN5TPAFGWvxWG90xtA8erGn2gQmpc6U=
|
gorm.io/driver/sqlserver v1.6.1/go.mod h1:VZeNn7hqX1aXoN5TPAFGWvxWG90xtA8erGn2gQmpc6U=
|
||||||
gorm.io/gorm v1.30.0/go.mod h1:8Z33v652h4//uMA76KjeDH8mJXPm1QNCYrMeatR0DOE=
|
gorm.io/gorm v1.30.0/go.mod h1:8Z33v652h4//uMA76KjeDH8mJXPm1QNCYrMeatR0DOE=
|
||||||
gorm.io/gorm v1.30.1 h1:lSHg33jJTBxs2mgJRfRZeLDG+WZaHYCk3Wtfl6Ngzo4=
|
gorm.io/gorm v1.30.2 h1:f7bevlVoVe4Byu3pmbWPVHnPsLoWaMjEb7/clyr9Ivs=
|
||||||
gorm.io/gorm v1.30.1/go.mod h1:8Z33v652h4//uMA76KjeDH8mJXPm1QNCYrMeatR0DOE=
|
gorm.io/gorm v1.30.2/go.mod h1:8Z33v652h4//uMA76KjeDH8mJXPm1QNCYrMeatR0DOE=
|
||||||
modernc.org/cc/v4 v4.26.3 h1:yEN8dzrkRFnn4PUUKXLYIqVf2PJYAEjMTFjO3BDGc3I=
|
modernc.org/cc/v4 v4.26.3 h1:yEN8dzrkRFnn4PUUKXLYIqVf2PJYAEjMTFjO3BDGc3I=
|
||||||
modernc.org/cc/v4 v4.26.3/go.mod h1:uVtb5OGqUKpoLWhqwNQo/8LwvoiEBLvZXIQ/SmO6mL0=
|
modernc.org/cc/v4 v4.26.3/go.mod h1:uVtb5OGqUKpoLWhqwNQo/8LwvoiEBLvZXIQ/SmO6mL0=
|
||||||
modernc.org/ccgo/v4 v4.28.0 h1:rjznn6WWehKq7dG4JtLRKxb52Ecv8OUGah8+Z/SfpNU=
|
modernc.org/ccgo/v4 v4.28.0 h1:rjznn6WWehKq7dG4JtLRKxb52Ecv8OUGah8+Z/SfpNU=
|
||||||
|
|||||||
@@ -1781,6 +1781,11 @@
|
|||||||
"type": "string"
|
"type": "string"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"Backend": {
|
||||||
|
"description": "the backend used for this interface e.g., local, mikrotik, ...",
|
||||||
|
"type": "string",
|
||||||
|
"example": "local"
|
||||||
|
},
|
||||||
"Disabled": {
|
"Disabled": {
|
||||||
"description": "flag that specifies if the interface is enabled (up) or not (down)",
|
"description": "flag that specifies if the interface is enabled (up) or not (down)",
|
||||||
"type": "boolean"
|
"type": "boolean"
|
||||||
@@ -2249,6 +2254,12 @@
|
|||||||
"ApiAdminOnly": {
|
"ApiAdminOnly": {
|
||||||
"type": "boolean"
|
"type": "boolean"
|
||||||
},
|
},
|
||||||
|
"AvailableBackends": {
|
||||||
|
"type": "array",
|
||||||
|
"items": {
|
||||||
|
"$ref": "#/definitions/model.SettingsBackendNames"
|
||||||
|
}
|
||||||
|
},
|
||||||
"LoginFormVisible": {
|
"LoginFormVisible": {
|
||||||
"type": "boolean"
|
"type": "boolean"
|
||||||
},
|
},
|
||||||
@@ -2269,6 +2280,17 @@
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"model.SettingsBackendNames": {
|
||||||
|
"type": "object",
|
||||||
|
"properties": {
|
||||||
|
"Id": {
|
||||||
|
"type": "string"
|
||||||
|
},
|
||||||
|
"Name": {
|
||||||
|
"type": "string"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
"model.User": {
|
"model.User": {
|
||||||
"type": "object",
|
"type": "object",
|
||||||
"properties": {
|
"properties": {
|
||||||
|
|||||||
@@ -65,6 +65,10 @@ definitions:
|
|||||||
items:
|
items:
|
||||||
type: string
|
type: string
|
||||||
type: array
|
type: array
|
||||||
|
Backend:
|
||||||
|
description: the backend used for this interface e.g., local, mikrotik, ...
|
||||||
|
example: local
|
||||||
|
type: string
|
||||||
Disabled:
|
Disabled:
|
||||||
description: flag that specifies if the interface is enabled (up) or not (down)
|
description: flag that specifies if the interface is enabled (up) or not (down)
|
||||||
type: boolean
|
type: boolean
|
||||||
@@ -381,6 +385,10 @@ definitions:
|
|||||||
properties:
|
properties:
|
||||||
ApiAdminOnly:
|
ApiAdminOnly:
|
||||||
type: boolean
|
type: boolean
|
||||||
|
AvailableBackends:
|
||||||
|
items:
|
||||||
|
$ref: '#/definitions/model.SettingsBackendNames'
|
||||||
|
type: array
|
||||||
LoginFormVisible:
|
LoginFormVisible:
|
||||||
type: boolean
|
type: boolean
|
||||||
MailLinkOnly:
|
MailLinkOnly:
|
||||||
@@ -394,6 +402,13 @@ definitions:
|
|||||||
WebAuthnEnabled:
|
WebAuthnEnabled:
|
||||||
type: boolean
|
type: boolean
|
||||||
type: object
|
type: object
|
||||||
|
model.SettingsBackendNames:
|
||||||
|
properties:
|
||||||
|
Id:
|
||||||
|
type: string
|
||||||
|
Name:
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
model.User:
|
model.User:
|
||||||
properties:
|
properties:
|
||||||
ApiEnabled:
|
ApiEnabled:
|
||||||
|
|||||||
@@ -2086,6 +2086,11 @@
|
|||||||
"InterfaceIdentifier"
|
"InterfaceIdentifier"
|
||||||
],
|
],
|
||||||
"properties": {
|
"properties": {
|
||||||
|
"DisplayName": {
|
||||||
|
"description": "DisplayName is an optional name for the new peer.\nIf unset, a default template value (e.g., \"API Peer ...\") will be assigned.",
|
||||||
|
"type": "string",
|
||||||
|
"example": "API Peer xyz"
|
||||||
|
},
|
||||||
"InterfaceIdentifier": {
|
"InterfaceIdentifier": {
|
||||||
"description": "InterfaceIdentifier is the identifier of the WireGuard interface the peer should be linked to.",
|
"description": "InterfaceIdentifier is the identifier of the WireGuard interface the peer should be linked to.",
|
||||||
"type": "string",
|
"type": "string",
|
||||||
|
|||||||
@@ -445,6 +445,12 @@ definitions:
|
|||||||
type: object
|
type: object
|
||||||
models.ProvisioningRequest:
|
models.ProvisioningRequest:
|
||||||
properties:
|
properties:
|
||||||
|
DisplayName:
|
||||||
|
description: |-
|
||||||
|
DisplayName is an optional name for the new peer.
|
||||||
|
If unset, a default template value (e.g., "API Peer ...") will be assigned.
|
||||||
|
example: API Peer xyz
|
||||||
|
type: string
|
||||||
InterfaceIdentifier:
|
InterfaceIdentifier:
|
||||||
description: InterfaceIdentifier is the identifier of the WireGuard interface
|
description: InterfaceIdentifier is the identifier of the WireGuard interface
|
||||||
the peer should be linked to.
|
the peer should be linked to.
|
||||||
|
|||||||
@@ -162,7 +162,11 @@ func (p ProvisioningService) NewPeer(ctx context.Context, req models.Provisionin
|
|||||||
if req.PresharedKey != "" {
|
if req.PresharedKey != "" {
|
||||||
peer.PresharedKey = domain.PreSharedKey(req.PresharedKey)
|
peer.PresharedKey = domain.PreSharedKey(req.PresharedKey)
|
||||||
}
|
}
|
||||||
|
if req.DisplayName == "" {
|
||||||
peer.GenerateDisplayName("API")
|
peer.GenerateDisplayName("API")
|
||||||
|
} else {
|
||||||
|
peer.DisplayName = req.DisplayName
|
||||||
|
}
|
||||||
|
|
||||||
// save new peer
|
// save new peer
|
||||||
peer, err = p.peers.CreatePeer(ctx, peer)
|
peer, err = p.peers.CreatePeer(ctx, peer)
|
||||||
|
|||||||
@@ -68,6 +68,10 @@ type ProvisioningRequest struct {
|
|||||||
// If no user identifier is set, the authenticated user is used.
|
// If no user identifier is set, the authenticated user is used.
|
||||||
UserIdentifier string `json:"UserIdentifier" example:"uid-1234567"`
|
UserIdentifier string `json:"UserIdentifier" example:"uid-1234567"`
|
||||||
|
|
||||||
|
// DisplayName is an optional name for the new peer.
|
||||||
|
// If unset, a default template value (e.g., "API Peer ...") will be assigned.
|
||||||
|
DisplayName string `json:"DisplayName" example:"API Peer xyz" binding:"omitempty"`
|
||||||
|
|
||||||
// PublicKey is the optional public key of the peer. If no public key is set, a new key pair is generated.
|
// PublicKey is the optional public key of the peer. If no public key is set, a new key pair is generated.
|
||||||
PublicKey string `json:"PublicKey" example:"xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg=" binding:"omitempty,len=44"`
|
PublicKey string `json:"PublicKey" example:"xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg=" binding:"omitempty,len=44"`
|
||||||
// PresharedKey is the optional pre-shared key of the peer. If no pre-shared key is set, a new key is generated.
|
// PresharedKey is the optional pre-shared key of the peer. If no pre-shared key is set, a new key is generated.
|
||||||
|
|||||||
@@ -54,7 +54,7 @@ func (l LdapAuthenticator) PlaintextAuthentication(userId domain.UserIdentifier,
|
|||||||
|
|
||||||
attrs := []string{"dn"}
|
attrs := []string{"dn"}
|
||||||
|
|
||||||
loginFilter := strings.Replace(l.cfg.LoginFilter, "{{login_identifier}}", string(userId), -1)
|
loginFilter := strings.Replace(l.cfg.LoginFilter, "{{login_identifier}}", ldap.EscapeFilter(string(userId)), -1)
|
||||||
searchRequest := ldap.NewSearchRequest(
|
searchRequest := ldap.NewSearchRequest(
|
||||||
l.cfg.BaseDN,
|
l.cfg.BaseDN,
|
||||||
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 20, false, // 20 second time limit
|
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 20, false, // 20 second time limit
|
||||||
@@ -100,7 +100,7 @@ func (l LdapAuthenticator) GetUserInfo(_ context.Context, userId domain.UserIden
|
|||||||
|
|
||||||
attrs := internal.LdapSearchAttributes(&l.cfg.FieldMap)
|
attrs := internal.LdapSearchAttributes(&l.cfg.FieldMap)
|
||||||
|
|
||||||
loginFilter := strings.Replace(l.cfg.LoginFilter, "{{login_identifier}}", string(userId), -1)
|
loginFilter := strings.Replace(l.cfg.LoginFilter, "{{login_identifier}}", ldap.EscapeFilter(string(userId)), -1)
|
||||||
searchRequest := ldap.NewSearchRequest(
|
searchRequest := ldap.NewSearchRequest(
|
||||||
l.cfg.BaseDN,
|
l.cfg.BaseDN,
|
||||||
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 20, false, // 20 second time limit
|
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 20, false, // 20 second time limit
|
||||||
|
|||||||
Reference in New Issue
Block a user