gawells/Self-Service-Dashboard
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

v0.0.1

Browse Source
This commit is contained in:
Gregory Wells
2026-03-24 15:34:03 -04:00
commit 31ad22ad38
21 changed files with 1237 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
src/config.go Normal file
View File

@@ -0,0 +1,41 @@
package main
import (
"encoding/json"
"os"
)
type LDAPConfig struct {
LDAPURL string `json:"ldap_url"`
BaseDN string `json:"base_dn"`
BindDN string `json:"bind_dn"`
BindPassword string `json:"bind_password"`
Security string `json:"security"`
IgnoreInvalidCert bool `json:"ignore_invalid_cert"`
}
type StyleConfig struct {
FaviconPath string `json:"favicon_path"`
LogoPath string `json:"logo_path"`
}
type WebserverConfig struct {
Port int `json:"port"`
}
type ServerConfig struct {
LDAPConfig LDAPConfig `json:"ldap_config"`
StyleConfig StyleConfig `json:"style_config"`
WebserverConfig WebserverConfig `json:"server_config"`
}
func loadServerConfig(path string) (*ServerConfig, error) {
file, err := os.ReadFile(path)
if err != nil {
return nil, err
}
var cfg ServerConfig
err = json.Unmarshal(file, &cfg)
return &cfg, err
}

52
src/email.go Normal file
View File

@@ -0,0 +1,52 @@
package main
import (
"log"
"net/smtp"
"strconv"
)
type EmailAccount struct {
auth smtp.Auth
email string
smtpHost string
smtpPort string
}
type EmailAccountData struct {
username string
password string
email string
}
func createEmailAccount(accountData EmailAccountData, smtpHost string, smtpPort int) EmailAccount {
account := EmailAccount{
email: accountData.email,
smtpHost: smtpHost,
smtpPort: strconv.Itoa(smtpPort),
}
account.auth = smtp.PlainAuth("", accountData.username, accountData.password, smtpHost)
return account
}
func sendEmail(account EmailAccount, toEmail []string, subject string, message string) {
ToEmailList := ""
for i := 0; i < len(toEmail); i++ {
ToEmailList += toEmail[i]
if i+1 < len(toEmail) {
ToEmailList += ", "
}
}
messageData := []byte(
"From: " + account.email + "\r\n" +
"To: " + ToEmailList + "\r\n" +
"Subject: " + subject + "\r\n" +
"\r\n" +
message,
)
err := smtp.SendMail(account.smtpHost+":"+account.smtpPort, account.auth, account.email, toEmail, messageData)
if err != nil {
log.Print(err)
}
}

119
src/ldap.go Normal file
View File

@@ -0,0 +1,119 @@
package main
import (
"crypto/tls"
"errors"
"log"
"github.com/go-ldap/ldap/v3"
)
type LDAPServer struct {
URL string
StartTLS bool
IgnoreInsecureCert bool
Connection *ldap.Conn
}
type LDAPSearch struct {
Succeeded bool
LDAPSearch *ldap.SearchResult
}
func connectToLDAPServer(URL string, starttls bool, ignore_cert bool) (*LDAPServer, error) {
l, err := ldap.DialURL(URL)
if err != nil {
return nil, err
}
if starttls {
if err := l.StartTLS(&tls.Config{InsecureSkipVerify: ignore_cert}); err != nil {
log.Println("StartTLS failed:", err)
}
}
return &LDAPServer{
Connection: l,
URL: URL,
StartTLS: starttls,
IgnoreInsecureCert: ignore_cert,
}, nil
}
func reconnectToLDAPServer(server *LDAPServer) {
if server == nil {
log.Println("Cannot reconnect: server is nil")
return
}
l, err := ldap.DialURL(server.URL)
if err != nil {
log.Print(err)
return
}
if server.StartTLS {
if err := l.StartTLS(&tls.Config{InsecureSkipVerify: server.IgnoreInsecureCert}); err != nil {
log.Println("StartTLS failed:", err)
}
}
server.Connection = l
}
func connectAsLDAPUser(server *LDAPServer, bindDN, password string) error {
if server == nil {
return errors.New("LDAP server is nil")
}
// Reconnect if needed
if server.Connection == nil || server.Connection.IsClosing() {
reconnectToLDAPServer(server)
}
return server.Connection.Bind(bindDN, password)
}
func searchLDAPServer(server *LDAPServer, baseDN string, searchFilter string, attributes []string) LDAPSearch {
if server == nil {
return LDAPSearch{false, nil}
}
if server.Connection == nil {
reconnectToLDAPServer(server)
if server.Connection == nil {
return LDAPSearch{false, nil}
}
}
searchRequest := ldap.NewSearchRequest(
baseDN,
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
searchFilter, attributes,
nil,
)
sr, err := server.Connection.Search(searchRequest)
if err != nil {
return LDAPSearch{false, nil}
}
return LDAPSearch{true, sr}
}
func modifyLDAPAttribute(server *LDAPServer, userDN string, attribute string, data []string) error {
modify := ldap.NewModifyRequest(userDN, nil)
modify.Replace(attribute, data)
err := server.Connection.Modify(modify)
if err != nil {
return err
}
return nil
}
func closeLDAPServer(server *LDAPServer) {
if server != nil && server.Connection != nil {
server.Connection.Close()
}
}
func ldapEscapeFilter(input string) string { return ldap.EscapeFilter(input) }

348
src/main.go Normal file
View File

@@ -0,0 +1,348 @@
package main
import (
"fmt"
"html/template"
"io"
"log"
"net/http"
"os"
"path/filepath"
"strings"
"sync"
"time"
)
var (
ldapServer *LDAPServer
ldapServerMutex sync.Mutex
serverConfig *ServerConfig
)
type UserData struct {
isAuth bool
Username string
DisplayName string
Email string
}
var (
photoCreatedTimestamp = make(map[string]time.Time)
photoCreatedMutex sync.Mutex
blankPhotoData []byte
)
func createUserPhoto(username string, photoData []byte) error {
os.Mkdir("./avatars", os.ModePerm)
path := fmt.Sprintf("./avatars/%s.jpeg", username)
cleaned := filepath.Clean(path)
dst, err := os.Create(cleaned)
if err != nil {
fmt.Printf("Not saving file\n")
return fmt.Errorf("Could not save file")
}
photoCreatedMutex.Lock()
photoCreatedTimestamp[username] = time.Now()
photoCreatedMutex.Unlock()
defer dst.Close()
_, err = dst.Write(photoData)
if err != nil {
return err
}
return nil
}
func authenticateUser(username, password string) (UserData, error) {
ldapServerMutex.Lock()
defer ldapServerMutex.Unlock()
if ldapServer.Connection == nil {
return UserData{isAuth: false}, fmt.Errorf("LDAP server not connected")
}
userDN := fmt.Sprintf("uid=%s,cn=users,cn=accounts,%s", username, serverConfig.LDAPConfig.BaseDN)
connected := connectAsLDAPUser(ldapServer, userDN, password)
if connected != nil {
return UserData{isAuth: false}, connected
}
userSearch := searchLDAPServer(
ldapServer,
serverConfig.LDAPConfig.BaseDN,
fmt.Sprintf("(&(objectClass=inetOrgPerson)(uid=%s))", ldapEscapeFilter(username)),
[]string{"displayName", "mail", "jpegphoto"},
)
if !userSearch.Succeeded {
return UserData{isAuth: false}, fmt.Errorf("user metadata not found")
}
entry := userSearch.LDAPSearch.Entries[0]
user := UserData{
isAuth: true,
Username: username,
DisplayName: entry.GetAttributeValue("displayName"),
Email: entry.GetAttributeValue("mail"),
}
photoData := entry.GetRawAttributeValue("jpegphoto")
if len(photoData) > 0 {
createUserPhoto(user.Username, photoData)
}
return user, nil
}
type LoginPageData struct {
IsHiddenClassList string
}
func loginHandler(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "text/html; charset=utf-8")
tmpl := template.Must(template.ParseFiles("src/pages/login_page.html"))
if r.Method == http.MethodGet {
tmpl.Execute(w, LoginPageData{IsHiddenClassList: "hidden"})
return
}
// 2. Logic for processing the form
if r.Method == http.MethodPost {
username := r.FormValue("username")
if strings.Contains(username, "/") {
tmpl.Execute(w, LoginPageData{IsHiddenClassList: ""})
}
password := r.FormValue("password")
log.Printf("New Login request for %s\n", username)
userData, err := authenticateUser(username, password)
if err != nil {
log.Print(err)
tmpl.Execute(w, LoginPageData{IsHiddenClassList: ""})
} else {
if userData.isAuth == true {
cookie := createSession(&userData)
if cookie == nil {
http.Error(w, "Session error", 500)
return
}
http.SetCookie(w, cookie)
http.Redirect(w, r, "/profile", http.StatusFound)
} else {
tmpl.Execute(w, LoginPageData{IsHiddenClassList: ""})
}
}
}
}
type ProfileData struct {
Username string
Email string
DisplayName string
CSRFToken string
}
func profileHandler(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "text/html; charset=utf-8")
exist, sessionData := validateSession(r)
if !exist {
http.Redirect(w, r, "/login", http.StatusSeeOther)
return
}
if r.Method == http.MethodGet {
tmpl := template.Must(template.ParseFiles("src/pages/profile_page.html"))
tmpl.Execute(w, ProfileData{
Username: sessionData.data.Username,
Email: sessionData.data.Email,
DisplayName: sessionData.data.DisplayName,
CSRFToken: sessionData.CSRFToken,
})
return
}
}
func avatarHandler(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "image/jpeg")
username := r.URL.Query().Get("user")
if strings.Contains(username, "/") {
w.Write(blankPhotoData)
return
}
filePath := fmt.Sprintf("./avatars/%s.jpeg", username)
cleaned := filepath.Clean(filePath)
value, err := os.ReadFile(cleaned)
if err == nil {
photoCreatedMutex.Lock()
if time.Since(photoCreatedTimestamp[username]) <= 5*time.Minute {
photoCreatedMutex.Unlock()
w.Write(value)
return
}
photoCreatedMutex.Unlock()
}
ldapServerMutex.Lock()
defer ldapServerMutex.Unlock()
connected := connectAsLDAPUser(ldapServer, serverConfig.LDAPConfig.BindDN, serverConfig.LDAPConfig.BindPassword)
if connected != nil {
w.Write(blankPhotoData)
fmt.Println("Returned blank avatar because couldnt connect as user")
return
}
userSearch := searchLDAPServer(
ldapServer,
serverConfig.LDAPConfig.BaseDN,
fmt.Sprintf("(&(objectClass=inetOrgPerson)(uid=%s))", ldapEscapeFilter(username)),
[]string{"jpegphoto"},
)
if !userSearch.Succeeded || len(userSearch.LDAPSearch.Entries) == 0 {
w.Write(blankPhotoData)
fmt.Println("Returned blank avatar because we couldnt find the user")
return
}
entry := userSearch.LDAPSearch.Entries[0]
bytes := entry.GetRawAttributeValue("jpegphoto")
if len(bytes) == 0 {
fmt.Println("Returned blank avatar because we just don't have an avatar")
w.Write(blankPhotoData)
return
} else {
w.Write(bytes)
createUserPhoto(username, bytes)
}
}
func logoutHandler(w http.ResponseWriter, r *http.Request) {
cookie, err := r.Cookie("session_token")
if err != nil {
http.Redirect(w, r, "/login", http.StatusSeeOther)
return
}
token := cookie.Value
exist, sessionData := validateSession(r)
if exist {
if r.FormValue("csrf_token") != sessionData.CSRFToken {
http.Error(w, "Unable to log user out", http.StatusForbidden)
log.Printf("%s attempted to logout with invalid csrf token", sessionData.data.Username)
return
}
}
sessionMutex.Lock()
delete(sessions, token)
sessionMutex.Unlock()
http.Redirect(w, r, "/login", http.StatusSeeOther)
}
func uploadPhotoHandler(w http.ResponseWriter, r *http.Request) {
exist, sessionData := validateSession(r)
if !exist {
http.Redirect(w, r, "/login", http.StatusSeeOther)
return
}
err := r.ParseMultipartForm(10 << 20) // 10MB limit
if err != nil {
http.Error(w, "Bad request", http.StatusBadRequest)
return
}
if r.FormValue("csrf_token") != sessionData.CSRFToken {
http.Error(w, "CSRF Forbidden", http.StatusForbidden)
return
}
file, header, err := r.FormFile("photo")
if err != nil {
http.Error(w, "File not found", http.StatusBadRequest)
return
}
defer file.Close()
if header.Size > (10 * 1024 * 1024) {
http.Error(w, "File is to large (limit is 10 MB)", http.StatusBadRequest)
return
}
// 3. Read file into memory
data, err := io.ReadAll(file)
if err != nil {
http.Error(w, "Failed to read file", http.StatusInternalServerError)
return
}
userDN := fmt.Sprintf("uid=%s,cn=users,cn=accounts,%s", sessionData.data.Username, serverConfig.LDAPConfig.BaseDN)
ldapServerMutex.Lock()
defer ldapServerMutex.Unlock()
modifyLDAPAttribute(ldapServer, userDN, "jpegphoto", []string{string(data)})
createUserPhoto(sessionData.data.Username, data)
}
func faviconHandler(w http.ResponseWriter, r *http.Request) {
http.ServeFile(w, r, serverConfig.StyleConfig.FaviconPath)
}
func logoHandler(w http.ResponseWriter, r *http.Request) {
http.ServeFile(w, r, serverConfig.StyleConfig.LogoPath)
}
func cleanupSessions() {
sessionMutex.Lock()
defer sessionMutex.Unlock()
sessions_to_delete := []string{}
for session_token, session_data := range sessions {
timeUntilRemoval := time.Minute * 5
if session_data.loggedIn {
timeUntilRemoval = time.Hour
}
if time.Since(session_data.timeCreated) > timeUntilRemoval {
sessions_to_delete = append(sessions_to_delete, session_token)
}
}
for _, session_id := range sessions_to_delete {
delete(sessions, session_id)
}
}
func main() {
var err error = nil
blankPhotoData, err = os.ReadFile("static/blank_profile.jpg")
if err != nil {
log.Fatal("Could not load blank profile image")
}
serverConfig, err = loadServerConfig("./data/config.json")
if err != nil {
log.Fatal("Could not load server config")
}
ldapServerMutex.Lock()
server, err := connectToLDAPServer(serverConfig.LDAPConfig.LDAPURL, serverConfig.LDAPConfig.Security == "tls", serverConfig.LDAPConfig.IgnoreInvalidCert)
ldapServer = server
ldapServerMutex.Unlock()
if err != nil {
log.Fatal(err)
return
}
defer closeLDAPServer(ldapServer)
createWorker(time.Minute*5, cleanupSessions)
http.HandleFunc("/favicon.ico", faviconHandler)
http.HandleFunc("/logo", logoHandler)
http.Handle("/static/", http.StripPrefix("/static/", http.FileServer(http.Dir("static"))))
http.HandleFunc("/login", loginHandler)
http.HandleFunc("/profile", profileHandler)
http.HandleFunc("/logout", logoutHandler)
http.HandleFunc("/avatar", avatarHandler)
http.HandleFunc("/change-photo", uploadPhotoHandler)
http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
http.Redirect(w, r, "/profile", http.StatusFound) // 302 redirect
})
serverAddress := fmt.Sprintf(":%d", serverConfig.WebserverConfig.Port)
log.Fatal(http.ListenAndServe(serverAddress, nil))
}

42
src/pages/login_page.html Normal file
View File

@@ -0,0 +1,42 @@
<!doctype html>
<title>Astral Tech - Login</title>
<link
href="https://fonts.googleapis.com/css2?family=Inter:wght@400;600&display=swap"
rel="stylesheet"
/>
<link rel="stylesheet" href="static/style.css" />
<link rel="stylesheet" href="static/login_page.css" />
<img id="logo_image" alt="logo" src="/logo" />
<form id="login_card" method="POST">
<div id="welcome_text">
Welcome to Astral Tech, Please Sign in to your account below
</div>
<div id="incorrect_password_text" class="{{.IsHiddenClassList}}">
⚠️ Invalid username or password.
<button id="incorrect_password_close_button">X</button>
</div>
<div>
<label class="login_text">Username</label><br />
<input type="text" name="username" placeholder="" required />
</div>
<div>
<label class="login_text">Password</label><br />
<input type="password" name="password" placeholder="" required />
</div>
<button type="submit">Login</button>
</form>
<script>
document
.getElementById("incorrect_password_close_button")
.addEventListener("click", function () {
document
.getElementById("incorrect_password_text")
.classList.add("hidden");
});
</script>

131
src/pages/profile_page.html Normal file
View File

@@ -0,0 +1,131 @@
<!doctype html>
<title>Astral Tech - Profile</title>
<link
href="https://fonts.googleapis.com/css2?family=Inter:wght@400;600&display=swap"
rel="stylesheet"
/>
<link rel="stylesheet" href="static/style.css" />
<link rel="stylesheet" href="static/card.css" />
<link rel="stylesheet" href="static/profile_page.css" />
<img id="logo_image" alt="logo" src="/logo" />
<div id="main_content">
<div class="cards">
<div id="user-card" class="card">
<div id="picture_holder">
<img
src="/avatar?user={{.Username}}"
class="profile-pic"
alt="User Image"
/>
<input
type="file"
id="file_input"
accept=".jpg,.jpeg"
style="display: none"
/>
<button id="edit_picture_button">
<img
src="/static/crayon_icon.png"
id="edit_picture_image"
/>
</button>
</div>
<h1>{{.DisplayName}}</h1>
<hr
style="
border: 0;
border-top: 1px solid var(--border-subtle);
margin: 20px 0;
"
/>
<div style="text-align: left">
<span class="data-label">Username</span>
<div class="data-value">{{.Username}}</div>
<span class="data-label">Primary Email</span>
<div class="data-value">{{.Email}}</div>
</div>
<form
action="/logout"
method="POST"
style="
color: var(--primary-accent);
text-decoration: none;
font-weight: bold;
margin-top: 20px;
display: inline-block;
"
>
<button
style="
background: none;
border-style: none;
color: var(--primary-accent);
text-decoration: none;
font-weight: bold;
font-size: 20px;
"
id="signout_button"
>
<input
id="csrf_token_storage"
type="hidden"
name="csrf_token"
value="{{.CSRFToken}}"
/>
Sign Out
</button>
</form>
</div>
</div>
</div>
<script type="text/javascript">
const button = document.getElementById("edit_picture_button");
const fileInput = document.getElementById("file_input");
button.addEventListener("click", () => {
fileInput.click(); // opens file picker
});
</script>
<script type="text/javascript">
var currentPreviewURL = null;
fileInput.addEventListener("change", async () => {
const file = fileInput.files[0];
if (!file) return;
if (file.type !== "image/jpeg") {
alert("Only JPEG images are allowed.");
fileInput.value = "";
return;
}
const formData = new FormData();
formData.append("photo", file);
formData.append(
"csrf_token",
document.getElementById("csrf_token_storage").value,
);
const res = await fetch("/change-photo", {
method: "POST",
body: formData,
credentials: "include",
});
const text = await res.text();
// show the picture (so we don't need to re render the whole page)
const img = document.querySelector(".profile-pic");
if (currentPreviewURL != null) {
URL.revokeObjectURL(currentPreviewURL);
}
img.src = URL.createObjectURL(file);
currentPreviewURL = img.src;
});
</script>

91
src/session.go Normal file
View File

@@ -0,0 +1,91 @@
package main
import (
"crypto/rand"
"crypto/sha256"
"encoding/base64"
"log"
"net/http"
"sync"
"time"
)
type SessionData struct {
loggedIn bool
data *UserData
timeCreated time.Time
CSRFToken string
}
var (
sessions = make(map[string]SessionData)
sessionMutex sync.Mutex
)
func GenerateSessionToken(length int) (string, error) {
b := make([]byte, length)
_, err := rand.Read(b)
if err != nil {
return "", err
}
token := base64.RawURLEncoding.EncodeToString(b)
return token, nil
}
func createSession(userData *UserData) *http.Cookie {
token, err := GenerateSessionToken(32) // Use crypto/rand for this
if err != nil {
log.Print(err)
return nil
}
CSRFToken, err := GenerateSessionToken(32)
if err != nil {
log.Print(err)
return nil
}
tokenEncoded := sha256.Sum256([]byte(token))
tokenEncodedString := string(tokenEncoded[:])
sessionMutex.Lock()
defer sessionMutex.Unlock()
loggedIn := false
if userData != nil {
loggedIn = true
}
sessions[tokenEncodedString] = SessionData{
data: userData,
timeCreated: time.Now(),
CSRFToken: CSRFToken,
loggedIn: loggedIn,
}
cookie := &http.Cookie{
Name: "session_token",
Value: token,
Path: "/",
HttpOnly: true, // Essential: prevents JS access
Secure: true, // Set to TRUE in production (HTTPS)
SameSite: http.SameSiteLaxMode,
MaxAge: 3600, // 1 hour
}
return cookie
}
func validateSession(r *http.Request) (bool, *SessionData) {
cookie, err := r.Cookie("session_token")
if err != nil {
return false, &SessionData{}
}
token := cookie.Value
tokenEncoded := sha256.Sum256([]byte(token))
tokenEncodedString := string(tokenEncoded[:])
sessionMutex.Lock()
sessionData, exists := sessions[tokenEncodedString]
sessionMutex.Unlock()
if !exists || !sessionData.loggedIn {
return false, &SessionData{}
}
return true, &sessionData
}

16
src/worker.go Normal file
View File

@@ -0,0 +1,16 @@
package main
import (
"time"
)
func createWorker(interval time.Duration, task func()) {
go func() {
ticker := time.NewTicker(interval)
defer ticker.Stop()
for range ticker.C {
task()
}
}()
}