gawells/Self-Service-Dashboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 7 Wiki Activity

Compare commits

base: gawells/Self-Service-Dashboard:v0.0.1
Branches Tags
gawells/Self-Service-Dashboard:master
gawells/Self-Service-Dashboard:v0.0.7 gawells/Self-Service-Dashboard:v0.0.6 gawells/Self-Service-Dashboard:v0.0.5 gawells/Self-Service-Dashboard:v0.0.4 gawells/Self-Service-Dashboard:v0.0.3 gawells/Self-Service-Dashboard:v0.0.2 gawells/Self-Service-Dashboard:v0.0.1
..
compare: gawells/Self-Service-Dashboard:7d1be226b6dd8a96733d42c6f106ecc2ba172f2a
Branches Tags
gawells/Self-Service-Dashboard:master
gawells/Self-Service-Dashboard:v0.0.7 gawells/Self-Service-Dashboard:v0.0.6 gawells/Self-Service-Dashboard:v0.0.5 gawells/Self-Service-Dashboard:v0.0.4 gawells/Self-Service-Dashboard:v0.0.3 gawells/Self-Service-Dashboard:v0.0.2 gawells/Self-Service-Dashboard:v0.0.1

120 Commits
v0.0.1 .. 7d1be226b6

Author SHA1 Message Date
gawells 7d1be226b6 move some stuff to a new JS file 2026-06-14 08:13:30 -04:00
gawells 65ed53c5d1 grab picture when moving it around 2026-06-14 07:58:29 -04:00
gawells ff5d9724d6 simple cursor controller 2026-06-14 07:58:17 -04:00
gawells 8859449be5 add boundies for moving image around 2026-06-13 13:41:39 -04:00
gawells f0ace2b43f unblur background on error 2026-06-12 13:23:50 -04:00
gawells 07f78510ed display profile picture image 2026-06-12 13:16:14 -04:00
gawells 4870318148 add a cursor helper 2026-06-11 18:58:57 -04:00
gawells c9f9f3ef6c add in confirm change button 2026-06-11 18:38:37 -04:00
gawells d82d2bba20 redo in memory sesisons to have TTLs 2026-06-11 18:13:31 -04:00
gawells 22c4666fa7 update session stores to decide TTLs 2026-06-09 12:31:27 -04:00
gawells e41a81c487 get a cropped square to exist 2026-06-08 21:36:10 -04:00
gawells 600c3abf20 make new photo pop up in box before changing 2026-06-08 21:09:12 -04:00
Gregory Wells 4cce7b7454 have user data persist between restarts in redis session 2026-06-08 19:21:08 -04:00
Gregory Wells 109199ea45 move redis config over to config file 2026-06-08 18:54:31 -04:00
Gregory Wells 40429d7618 add in config variable for redis sessions 2026-06-08 18:44:20 -04:00
Gregory Wells 11c40a75ac handle cleanup 2026-06-08 18:37:51 -04:00
Gregory Wells d162c32a57 begin handling cleanup of session tokens 2026-06-08 18:37:42 -04:00
Gregory Wells 2a97ec72be convert over in memory store 2026-06-08 18:29:19 -04:00
Gregory Wells 09e0683ae0 fully convert redis over to custom key value store type 2026-06-08 18:24:59 -04:00
Gregory Wells f6016bbdb1 start to move session stores into there own key value in memory store 2026-06-08 18:16:07 -04:00
Gregory Wells 3b31adf3e2 fix server from crashing after restart not having user data 2026-06-08 17:56:04 -04:00
Gregory Wells efdf9fdade remove old comment 2026-06-08 17:47:31 -04:00
Gregory Wells 4474986909 store extra key infront of session tokens 2026-06-07 20:42:09 -04:00
Gregory Wells a7b302b74b redis sessions 2026-06-07 20:38:35 -04:00
Gregory Wells f8b37d9836 update session info 2026-06-07 20:36:23 -04:00
Gregory Wells 4256e5ba8a create redis session 2026-06-07 20:34:10 -04:00
Gregory Wells 5386b64648 finish session getting code 2026-06-07 20:27:42 -04:00
Gregory Wells 78d259ea3b fix crash on load from nil session info 2026-06-07 20:17:51 -04:00
Gregory Wells 1e87b8239b connect to redis session 2026-06-07 20:07:20 -04:00
Gregory Wells e1862ca8eb allow redis to be selected as session store type 2026-06-07 20:02:12 -04:00
Gregory Wells 9c984fefaf create redis session go file 2026-06-07 19:58:59 -04:00
Gregory Wells 10900093e0 log that email has sent successfully 2026-06-02 11:44:35 -04:00
Gregory Wells e151e11123 send email on successful password change 2026-06-02 11:44:17 -04:00
gawells 1ddc4daf02 bold name text 2026-04-17 08:32:53 -04:00
gawells e2fe714029 reset password page design 2026-04-16 14:53:02 -04:00
gawells 3e2541b411 add subtext modifier 2026-04-16 14:52:55 -04:00
gawells 561c33b1a9 move logo page to the master style.css file 2026-04-16 14:44:34 -04:00
gawells 33afca200d reset password page 2026-04-16 14:42:40 -04:00
gawells 812a40492f password expiry email 2026-04-16 14:23:07 -04:00
gawells 093b33db0d add more logging into the password expiry checks 2026-04-16 09:12:46 -04:00
gawells 8633309968 send password expired emails every 12 hours from the program start 2026-04-15 09:43:38 -04:00
gawells 093b258b84 expried password email template 2026-04-13 10:24:12 -04:00
gawells 5a80d61d9b remove old comment 2026-04-13 09:40:24 -04:00
gawells 6a985c1a84 send simple test email to my email on server startup 2026-04-13 09:32:22 -04:00
gawells 590ea73a92 send all emails as HTML 2026-04-13 09:22:57 -04:00
gawells 8de145adbc add email config to config file 2026-04-13 09:19:35 -04:00
gawells 8f0291bb8a make small changes to the email package 2026-04-13 09:13:49 -04:00
gawells cde41b82b2 base URL param for config 2026-04-09 16:45:02 -04:00
gawells 37c6978d1b move all files to images folder 2026-04-08 10:18:07 -04:00
gawells 9389df28e4 add show password buttons to all password inputs 2026-04-08 10:17:01 -04:00
gawells b94bc612c3 implement logic for a show password button 2026-04-08 10:14:33 -04:00
gawells 25e61c553f hide the warnings because I dont like the UI 2026-04-07 12:36:17 -04:00
gawells a31d21456c warnings box 2026-04-06 18:56:58 -04:00
gawells a1f58e817e build sample error box 2026-04-06 18:49:01 -04:00
gawells 387bd2d0ae Update README.md 2026-04-06 18:41:30 -04:00
gawells 0ab1e95690 blur background when changing password 2026-04-06 18:15:07 -04:00
gawells d7727e9b0d remove block 2026-04-06 16:14:43 -04:00
gawells 72dfaf5da1 reset password boxes on close 2026-04-06 16:14:11 -04:00
gawells 5e0771d482 add a couple stylistic changes to the password dialouge 2026-04-06 16:02:34 -04:00
gawells b9ed00c127 password strength meter 2026-04-06 15:48:27 -04:00
gawells 8b74cab34e move password changing to seperate file 2026-04-06 11:50:40 -04:00
gawells dbb91fac62 add in simple password progress bar 2026-04-06 11:48:31 -04:00
gawells 8cb1fff36b password strength function 2026-04-06 11:46:49 -04:00
gawells d0524f901c bug where a users profile photo would not display if the user had not 
logged in
 2026-04-06 09:30:15 -04:00
gawells 384ef90ea8 move errors to a different file 2026-04-05 11:37:00 -04:00
gawells a315161ed3 rework a ton of code 2026-04-03 18:51:27 -04:00
gawells e2531e3021 get attribute val function 2026-04-03 18:36:26 -04:00
gawells a2602f74f0 implement profile photo component 2026-04-03 18:32:11 -04:00
gawells 1c1ba99080 add more helpter functions 2026-04-03 18:31:17 -04:00
gawells ad21d50ce5 start writing search class 2026-04-03 18:28:26 -04:00
gawells 3a3fab08f6 rename session manager functions 2026-04-03 18:24:50 -04:00
gawells bb649aef48 start to write a new LDAP interface 2026-04-03 18:24:14 -04:00
gawells f204069392 make a seperate helpers package 2026-04-03 14:50:41 -04:00
gawells ac663f21e1 move ldap to its own package 2026-04-03 14:50:29 -04:00
gawells d1992ec466 make session manager a singleton 2026-04-03 14:45:34 -04:00
gawells 46db63e62a move email into its own package 2026-04-01 15:10:25 -04:00
gawells 33ea56fb0c finish session manager update 2026-04-01 14:56:43 -04:00
gawells f651894a0f new session manager code 2026-04-01 14:41:12 -04:00
gawells d70e679a01 create new session interface (unused) 2026-04-01 09:34:22 -04:00
gawells a058804603 move worker to seperate package (eventually seperate binary) 2026-04-01 09:28:56 -04:00
gawells c9c352204c move cleanup session 2026-04-01 08:51:33 -04:00
gawells 0402a6ff9c make the session logic a little more concrete 2026-04-01 00:09:04 -04:00
gawells 737a1908e0 add server side password change information 2026-03-31 22:05:47 -04:00
gawells c628c688f7 send request to the server 2026-03-31 21:39:38 -04:00
gawells d283ad0a0a add close button 2026-03-31 21:37:10 -04:00
gawells a8c8feeb3e redid final styling touches 2026-03-31 21:19:36 -04:00
gawells 939a55c44b finish styling for change password page 2026-03-31 21:15:26 -04:00
gawells ffcaee7170 change order of change password and sign out 2026-03-31 21:04:54 -04:00
gawells 3a69c04c25 change some button styling 2026-03-31 21:03:16 -04:00
gawells cacddd16e2 change file structure 2026-03-31 20:57:40 -04:00
gawells 2f6ff081f3 change default style for input 2026-03-31 20:56:39 -04:00
gawells 59bc23bdc2 third time failing to fix 2026-03-31 20:55:19 -04:00
gawells a7c33392ce actually fix 2026-03-31 20:54:09 -04:00
gawells 05e01f4b23 fix background color on hovering bottom button 2026-03-31 20:53:54 -04:00
gawells e2f4a0692c change default style for buttons 2026-03-31 20:53:08 -04:00
gawells efd7d15722 display errors for simple password mistakes 2026-03-31 20:50:53 -04:00
gawells 4e412e9c18 extract out error login 2026-03-31 20:42:14 -04:00
gawells 6220021953 show error when new passwords do not match 2026-03-31 20:33:38 -04:00
Gregory Wells 01ca68e16b make login page use the card style 2026-03-31 19:53:48 -04:00
Gregory Wells 6c435e6135 get a simple change password dialogue to popup on press change password 2026-03-31 19:51:21 -04:00
Gregory Wells e1f992e052 dim and block profile page when executing change profile request 2026-03-25 15:16:13 -04:00
Gregory Wells 074b3f8f31 stale sessions not deleting 2026-03-25 14:05:27 -04:00
Gregory Wells f8b3c10933 final cleanups 2026-03-25 14:02:53 -04:00
Gregory Wells c11425dde7 Finish logging 2026-03-25 14:01:46 -04:00
Gregory Wells bcaa023d3c add log levels in to logger 2026-03-25 13:55:37 -04:00
Gregory Wells f491c80fa0 fixed a bug that stopped sessions from being deleted 2026-03-25 10:20:20 -04:00
Gregory Wells ffb4077f24 debugging session 2026-03-25 09:40:50 -04:00
Gregory Wells 8adca50b91 Logging for LDAP server 2026-03-24 20:26:22 -04:00
Gregory Wells 8928b3c1fc Debug email class (even though no used) 2026-03-24 20:11:52 -04:00
Gregory Wells 92f7c0f127 implemented more logging functionality 2026-03-24 20:06:06 -04:00
Gregory Wells d4512e9cce Debug worker 2026-03-24 18:38:47 -04:00
Gregory Wells ffb9600089 some more changes to the Logger 2026-03-24 18:09:49 -04:00
Gregory Wells d62e1f7b8f Debug connecting to the LDAP server 2026-03-24 18:08:36 -04:00
Gregory Wells 5aa2ce47c7 Fatalf and FatalFileRead 2026-03-24 17:51:59 -04:00
Gregory Wells 8d0cd0fd1b use read file helper function everywhere 2026-03-24 17:10:56 -04:00
Gregory Wells 35ec6678f8 implement and use first logging event (ReadFile) 2026-03-24 17:09:30 -04:00
Gregory Wells ac20f9172d implement the first log message 2026-03-24 16:57:28 -04:00
Gregory Wells b96f65c294 Redo File structure 2026-03-24 16:52:22 -04:00
Gregory Wells c5358e6c50 update 2026-03-24 15:35:36 -04:00
Gregory Wells cc1f4f9aff .gitignore 2026-03-24 15:34:17 -04:00
55 changed files with 2564 additions and 790 deletions
Expand all files Collapse all files
.gitignore
+2
View File
@@ -0,0 +1,2 @@
data/config.json
avatars
README.md
+12 -17
View File
@@ -6,21 +6,21 @@ A simple, lightweight web application for managing user profile photos in a Free
* **LDAP Authentication**: Secure login with existing FreeIPA credentials. * **LDAP Authentication**: Secure login with existing FreeIPA credentials.
* **Profile Management**: View user details (Display Name, Email). * **Profile Management**: View user details (Display Name, Email).
* **Photo Upload**: Users can upload and update their profile picture (`jpegPhoto` attribute). * **Photo Upload**: Users can upload and update their profile picture (`jpegPhoto` attribute).
* **Change Password**: Users can change there password once logged in
* **Session Management**: Secure, cookie-based sessions with CSRF protection. * **Session Management**: Secure, cookie-based sessions with CSRF protection.
* **Customizable**: Configurable styling (logo, favicon) and LDAP settings. * **Customizable**: Configurable styling (logo, favicon) and LDAP settings.
## Prerequisites ## Prerequisites
* **Go 1.26+** installed on your machine.
* **Go 1.20+** installed on your machine. * Access to a **FreeIPA Server**.
* Access to an **FreeIPA Server**. * A Service Account with permission to search and modify the `jpegPhoto` attribute.
* A Service Account (Bind DN) with permission to search users and modify the `jpegPhoto` attribute.
## Setup & Installation ## Setup & Installation
1. **Clone the Repository** 1. **Clone the Repository**
```bash ```bash
git clone https://github.com/GregoryWells2007/account-manager.git git clone https://git.astraltech.xyz/gawells/Self-Service-Dashboard.git
cd account-manager cd Self-Service-Dashboard
``` ```
2. **Configure the Application** 2. **Configure the Application**
@@ -30,7 +30,10 @@ A simple, lightweight web application for managing user profile photos in a Free
``` ```
5. **Edit config** 5. **Edit config**
put in your config values for ldap, and whatevery styling guidelines you would want to use Edit the config file
```bash
nvim data/config.json
```
4. **Install Dependencies** 4. **Install Dependencies**
```bash ```bash
@@ -39,17 +42,9 @@ A simple, lightweight web application for managing user profile photos in a Free
5. **Run the Server** 5. **Run the Server**
```bash ```bash
go run src/*.go go run ./src/main/
``` ```
The application will be available at `http://<host>:<port>`. The application will be available at `http://localhost:<port>`.
## Directory Structure
* `src/`: Go source code (`main.go`, `ldap.go`, `session.go`, etc.).
* `src/pages/`: HTML templates for login and profile pages.
* `static/`: CSS files, images, and other static assets.
* `data/`: Configuration files and local assets (logos).
* `avatars/`: Stores cached user profile photos.
## License ## License
data/config.example.json
+14 -1
View File
@@ -12,6 +12,19 @@
"logo_path": "./data/astraltech_logo_large.png" "logo_path": "./data/astraltech_logo_large.png"
}, },
"server_config": { "server_config": {
"port": 8080 "port": 8080,
"base_url": "https://profile.example.com",
"session_store": "redis",
"redis_config": {
"redis_url": "redis://localhost:6379/0",
"prefix": ""
}
},
"email_config": {
"username": "noreply",
"email": "noreply@example.com",
"password": "",
"smtp_url": "mx.example.com",
"smtp_port": 587
} }
} }
data/email-templates/changed-password.html
+69
View File
@@ -0,0 +1,69 @@
<!doctype html>
<html>
<head>
<!-- Tell iOS we support light mode -->
<meta name="color-scheme" content="light" />
<meta name="supported-color-schemes" content="light" />
</head>
<body
style="margin: 0; padding: 0; background-color: #f7fff7; color: #000000"
>
<table
width="100%"
cellpadding="0"
cellspacing="0"
border="0"
style="background-color: #f7fff7"
>
<tr>
<td align="center">
<!-- Outer container -->
<table
width="600"
cellpadding="0"
cellspacing="0"
border="0"
style="
background-color: #ffffff;
border: 1px solid #e2e8f0;
border-radius: 12px;
margin-top: 25px;
"
>
<tr>
<td
style="
padding: 30px;
font-family: Arial, sans-serif;
color: #000000;
"
>
<p style="margin: 0 0 15px 0">
Hi <strong>{{.Username}}</strong>,
</p>
<p style="margin: 0 0 15px 0">
Your account password has been successfully
changed. If you made this change, you can
safely disregard this email.
</p>
<p style="margin: 20px 0 15px 0">
If you did not change your password, please
contact your system administrator
immediately to secure your account.
</p>
<p style="margin: 0">
Thanks,<br />
<strong>{{.ServiceName}}</strong>
</p>
</td>
</tr>
</table>
</td>
</tr>
</table>
</body>
</html>
data/email-templates/expired-password.html
+112
View File
@@ -0,0 +1,112 @@
<!doctype html>
<html>
<head>
<!-- Tell iOS we support light mode -->
<meta name="color-scheme" content="light" />
<meta name="supported-color-schemes" content="light" />
</head>
<body
style="margin: 0; padding: 0; background-color: #f7fff7; color: #000000"
>
<table
width="100%"
cellpadding="0"
cellspacing="0"
border="0"
style="background-color: #f7fff7"
>
<tr>
<td align="center">
<!-- Outer container -->
<table
width="600"
cellpadding="0"
cellspacing="0"
border="0"
style="
background-color: #ffffff;
border: 1px solid #e2e8f0;
border-radius: 12px;
margin-top: 25px;
"
>
<tr>
<td
style="
padding: 30px;
font-family: Arial, sans-serif;
color: #000000;
"
>
<p style="margin: 0 0 15px 0">
Hi <strong>{{.Username}}</strong>,
</p>
<p style="margin: 0 0 15px 0">
Your account password has expired and needs
to be updated to continue accessing your
account.
</p>
<p style="margin: 0 0 15px 0">
<strong>Expiration Date:</strong><br />
{{.ExpiredAt}}
</p>
<p style="margin: 0 0 20px 0">
For security reasons, passwords must be
updated periodically. Please reset your
password as soon as possible.
</p>
<!-- Button -->
<table
align="center"
cellpadding="0"
cellspacing="0"
border="0"
>
<tr>
<td
bgcolor="#1a535c"
style="border-radius: 6px"
>
<a
href="{{.ResetURL}}"
style="
display: inline-block;
padding: 12px 20px;
font-weight: bold;
font-family:
Arial, sans-serif;
color: #ffffff;
text-decoration: none;
background-color: #1a535c;
border-radius: 6px;
-webkit-text-fill-color: #ffffff;
"
>
Reset Password
</a>
</td>
</tr>
</table>
<p style="margin: 20px 0 15px 0">
If you did not expect this, please contact
your system administrator.
</p>
<p style="margin: 0">
Thanks,<br />
<strong>{{.ServiceName}}</strong>
</p>
</td>
</tr>
</table>
</td>
</tr>
</table>
</body>
</html>
go.mod
+3
View File
@@ -6,7 +6,10 @@ require github.com/go-ldap/ldap/v3 v3.4.13
require ( require (
github.com/Azure/go-ntlmssp v0.1.0 // indirect github.com/Azure/go-ntlmssp v0.1.0 // indirect
github.com/cespare/xxhash/v2 v2.3.0 // indirect
github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 // indirect github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 // indirect
github.com/google/uuid v1.6.0 // indirect github.com/google/uuid v1.6.0 // indirect
github.com/redis/go-redis/v9 v9.20.0 // indirect
go.uber.org/atomic v1.11.0 // indirect
golang.org/x/crypto v0.48.0 // indirect golang.org/x/crypto v0.48.0 // indirect
) )
go.sum
+6
View File
@@ -2,6 +2,8 @@ github.com/Azure/go-ntlmssp v0.1.0 h1:DjFo6YtWzNqNvQdrwEyr/e4nhU3vRiwenz5QX7sFz+
github.com/Azure/go-ntlmssp v0.1.0/go.mod h1:NYqdhxd/8aAct/s4qSYZEerdPuH1liG2/X9DiVTbhpk= github.com/Azure/go-ntlmssp v0.1.0/go.mod h1:NYqdhxd/8aAct/s4qSYZEerdPuH1liG2/X9DiVTbhpk=
github.com/alexbrainman/sspi v0.0.0-20250919150558-7d374ff0d59e h1:4dAU9FXIyQktpoUAgOJK3OTFc/xug0PCXYCqU0FgDKI= github.com/alexbrainman/sspi v0.0.0-20250919150558-7d374ff0d59e h1:4dAU9FXIyQktpoUAgOJK3OTFc/xug0PCXYCqU0FgDKI=
github.com/alexbrainman/sspi v0.0.0-20250919150558-7d374ff0d59e/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4= github.com/alexbrainman/sspi v0.0.0-20250919150558-7d374ff0d59e/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4=
github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 h1:BP4M0CvQ4S3TGls2FvczZtj5Re/2ZzkV9VwqPHH/3Bo= github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 h1:BP4M0CvQ4S3TGls2FvczZtj5Re/2ZzkV9VwqPHH/3Bo=
@@ -30,8 +32,12 @@ github.com/jcmturner/rpc/v2 v2.0.3 h1:7FXXj8Ti1IaVFpSAziCZWNzbNuZmnvw/i6CqLNdWfZ
github.com/jcmturner/rpc/v2 v2.0.3/go.mod h1:VUJYCIDm3PVOEHw8sgt091/20OJjskO/YJki3ELg/Hc= github.com/jcmturner/rpc/v2 v2.0.3/go.mod h1:VUJYCIDm3PVOEHw8sgt091/20OJjskO/YJki3ELg/Hc=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/redis/go-redis/v9 v9.20.0 h1:WnQYxLkgO2xiXTCJY0ldIiI8dNqCDlQAG+AtaH7a2a0=
github.com/redis/go-redis/v9 v9.20.0/go.mod h1:v/M13XI1PVCDcm01VtPFOADfZtHf8YW3baQf57KlIkA=
github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk= github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk=
github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE=
go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
golang.org/x/crypto v0.48.0 h1:/VRzVqiRSggnhY7gNRxPauEQ5Drw9haKdM0jqfcCFts= golang.org/x/crypto v0.48.0 h1:/VRzVqiRSggnhY7gNRxPauEQ5Drw9haKdM0jqfcCFts=
golang.org/x/crypto v0.48.0/go.mod h1:r0kV5h3qnFPlQnBSrULhlsRfryS2pmewsg+XfMgkVos= golang.org/x/crypto v0.48.0/go.mod h1:r0kV5h3qnFPlQnBSrULhlsRfryS2pmewsg+XfMgkVos=
golang.org/x/net v0.50.0 h1:ucWh9eiCGyDR3vtzso0WMQinm2Dnt8cFMuQa9K33J60= golang.org/x/net v0.50.0 h1:ucWh9eiCGyDR3vtzso0WMQinm2Dnt8cFMuQa9K33J60=
src/components/profile_photo.go
+165
View File
@@ -0,0 +1,165 @@
package components
import (
"fmt"
"io"
"net/http"
"os"
"path/filepath"
"strings"
"sync"
"time"
"astraltech.xyz/accountmanager/src/helpers"
"astraltech.xyz/accountmanager/src/ldap"
"astraltech.xyz/accountmanager/src/logging"
"astraltech.xyz/accountmanager/src/session"
)
var (
photoCreatedTimestamp = make(map[string]time.Time)
photoCreatedMutex sync.Mutex
blankPhotoData []byte
)
var (
sessionManager = session.GetSessionManager()
LDAPServer *ldap.LDAPServer
BaseDN string
ServiceUserBindDN string
ServiceUserPassword string
)
func ReadBlankPhoto() {
blank, err := helpers.ReadFile("static/images/blank_profile.jpg")
if err != nil {
logging.Fatal("Could not load blank profile image")
}
blankPhotoData = blank
}
func CreateUserPhoto(username string, photoData []byte) error {
helpers.Mkdir("./avatars", os.ModePerm)
path := fmt.Sprintf("./avatars/%s.jpeg", username)
cleaned := filepath.Clean(path)
dst, err := helpers.CreateFile(cleaned)
if err != nil {
return fmt.Errorf("Could not save file")
}
photoCreatedMutex.Lock()
photoCreatedTimestamp[username] = time.Now()
photoCreatedMutex.Unlock()
defer dst.Close()
logging.Info("Writing to avarar file")
_, err = dst.Write(photoData)
if err != nil {
return err
}
return nil
}
func UploadPhotoHandler(w http.ResponseWriter, r *http.Request) {
sessionData, err := sessionManager.GetSession(r)
if err != nil {
logging.Error(err.Error())
http.Redirect(w, r, "/login", http.StatusSeeOther)
return
}
err = r.ParseMultipartForm(10 << 20) // 10MB limit
if err != nil {
http.Error(w, "Bad request", http.StatusBadRequest)
return
}
if r.FormValue("csrf_token") != sessionData.CSRFToken {
http.Error(w, "CSRF Forbidden", http.StatusForbidden)
return
}
file, header, err := r.FormFile("photo")
if err != nil {
http.Error(w, "File not found", http.StatusBadRequest)
return
}
defer file.Close()
if header.Size > (10 * 1024 * 1024) {
http.Error(w, "File is to large (limit is 10 MB)", http.StatusBadRequest)
return
}
// 3. Read file into memory
data, err := io.ReadAll(file)
if err != nil {
http.Error(w, "Failed to read file", http.StatusInternalServerError)
return
}
userDN := fmt.Sprintf("uid=%s,cn=users,cn=accounts,%s", sessionData.UserID, BaseDN)
err = LDAPServer.ModifyAttribute(ServiceUserBindDN, ServiceUserPassword, userDN, "jpegphoto", []string{string(data)})
if err != nil {
logging.Error(err.Error())
return
}
CreateUserPhoto(sessionData.UserID, data)
}
func AvatarHandler(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "image/jpeg")
username := r.URL.Query().Get("user")
if strings.Contains(username, "/") {
w.Write(blankPhotoData)
return
}
filePath := fmt.Sprintf("./avatars/%s.jpeg", username)
cleaned := filepath.Clean(filePath)
fileExist, err := helpers.DoesFileExist(cleaned)
if err != nil {
w.Write(blankPhotoData)
logging.Error(err.Error())
return
}
photoCreatedMutex.Lock()
if fileExist && time.Since(photoCreatedTimestamp[username]) <= 5*time.Minute {
photoCreatedMutex.Unlock()
val, err := helpers.ReadFile(cleaned)
if err != nil {
logging.Error(err.Error())
w.Write(blankPhotoData)
return
}
w.Write(val)
return
}
photoCreatedMutex.Unlock()
userSearch, err := LDAPServer.SerchServer(
ServiceUserBindDN, ServiceUserPassword,
BaseDN,
fmt.Sprintf("(&(objectClass=inetOrgPerson)(uid=%s))", ldap.LDAPEscapeFilter(username)),
[]string{"jpegphoto"},
)
if err != nil {
logging.Error(err.Error())
w.Write(blankPhotoData)
return
}
if userSearch.EntryCount() == 0 {
w.Write(blankPhotoData)
return
}
entry := userSearch.GetEntry(0)
bytes := entry.GetRawAttributeValue("jpegphoto")
if len(bytes) == 0 {
w.Write(blankPhotoData)
return
} else {
w.Write(bytes)
CreateUserPhoto(username, bytes)
return
}
}
src/email.go
-52
View File
@@ -1,52 +0,0 @@
package main
import (
"log"
"net/smtp"
"strconv"
)
type EmailAccount struct {
auth smtp.Auth
email string
smtpHost string
smtpPort string
}
type EmailAccountData struct {
username string
password string
email string
}
func createEmailAccount(accountData EmailAccountData, smtpHost string, smtpPort int) EmailAccount {
account := EmailAccount{
email: accountData.email,
smtpHost: smtpHost,
smtpPort: strconv.Itoa(smtpPort),
}
account.auth = smtp.PlainAuth("", accountData.username, accountData.password, smtpHost)
return account
}
func sendEmail(account EmailAccount, toEmail []string, subject string, message string) {
ToEmailList := ""
for i := 0; i < len(toEmail); i++ {
ToEmailList += toEmail[i]
if i+1 < len(toEmail) {
ToEmailList += ", "
}
}
messageData := []byte(
"From: " + account.email + "\r\n" +
"To: " + ToEmailList + "\r\n" +
"Subject: " + subject + "\r\n" +
"\r\n" +
message,
)
err := smtp.SendMail(account.smtpHost+":"+account.smtpPort, account.auth, account.email, toEmail, messageData)
if err != nil {
log.Print(err)
}
}
src/email/email.go
+57
View File
@@ -0,0 +1,57 @@
package email
import (
"net/smtp"
"strconv"
"strings"
"astraltech.xyz/accountmanager/src/logging"
)
type EmailAccount struct {
auth smtp.Auth
email string
smtpHost string
smtpPort string
}
type EmailAccountData struct {
Username string
Password string
Email string
}
func CreateEmailAccount(accountData EmailAccountData, smtpHost string, smtpPort int) EmailAccount {
logging.Debugf("Creating Email Account: \n\tUsername: %s\n\tEmail: %s\n\tSMTP Host: %s:%d", accountData.Username, accountData.Email, smtpHost, smtpPort)
account := EmailAccount{
email: accountData.Email,
smtpHost: smtpHost,
smtpPort: strconv.Itoa(smtpPort),
}
account.auth = smtp.PlainAuth("", accountData.Username, accountData.Password, smtpHost)
return account
}
func (account *EmailAccount) SendEmail(toEmails []string, subject string, message string) {
logging.Debugf("Sending an email from %s to %s", account.email, strings.Join(toEmails, ", "))
ToEmailList := strings.Join(toEmails, ", ")
mime := "MIME-version: 1.0;\r\nContent-Type: text/html; charset=\"UTF-8\";\r\n\r\n"
messageData := []byte(
"From: " + account.email + "\r\n" +
"To: " + ToEmailList + "\r\n" +
"Subject: " + subject + "\r\n" +
mime +
"\r\n" +
message,
)
err := smtp.SendMail(account.smtpHost+":"+account.smtpPort, account.auth, account.email, toEmails, messageData)
if err != nil {
logging.Error("Failed to send email")
logging.Error(err.Error())
return
}
logging.Info("Successfully sent email")
}
src/email/render_template.go
+28
View File
@@ -0,0 +1,28 @@
package email
import (
"bytes"
"path/filepath"
"text/template"
)
func RenderTemplate(path string, data any, funcMap template.FuncMap) (string, error) {
tmpl := template.New("")
if funcMap != nil {
tmpl = tmpl.Funcs(funcMap)
}
tmpl, err := tmpl.ParseFiles(path)
if err != nil {
return "", err
}
var buf bytes.Buffer
err = tmpl.ExecuteTemplate(&buf, filepath.Base(path), data)
if err != nil {
return "", err
}
return buf.String(), nil
}
src/helpers/helpers.go
+69
View File
@@ -0,0 +1,69 @@
package helpers
import (
"net/http"
"os"
"astraltech.xyz/accountmanager/src/logging"
)
// Reads a file, if fails just returns an error
func ReadFile(path string) ([]byte, error) {
logging.Event(logging.ReadFile, "static/blank_profile.jpg")
data, err := os.ReadFile(path)
if err != nil {
logging.Infof("Could not read file at %s", path)
logging.Infof("Error code: %e", err)
return nil, err
}
logging.Infof("Successfully read file at %s", path)
return data, err
}
func ReadRequiredFile(path string) []byte {
logging.Event(logging.ReadFile, "static/blank_profile.jpg")
data, err := os.ReadFile(path)
if err != nil {
logging.Fatalf("Could not read file at %s", path)
return nil
}
logging.Infof("Successfully read file at %s", path)
return data
}
func Mkdir(path string, perm os.FileMode) error {
logging.Infof("Making directory %s", path)
err := os.Mkdir(path, perm)
if err != nil {
logging.Errorf("Failed to make %s directory", path)
logging.Error(err.Error())
return err
}
return nil
}
func CreateFile(path string) (*os.File, error) {
logging.Infof("Creating %s", path)
file, err := os.Create(path)
if err != nil {
logging.Errorf("Faile to create %s", path)
logging.Error(err.Error())
}
return file, nil
}
func DoesFileExist(path string) (bool, error) {
_, err := os.Stat(path)
if err == nil {
return true, nil
}
if os.IsNotExist(err) {
return false, nil
}
return false, err
}
func HandleFunc(path string, handler func(http.ResponseWriter, *http.Request)) {
logging.Infof("Handling %s", path)
http.HandleFunc(path, handler)
}
src/ldap.go
-119
View File
@@ -1,119 +0,0 @@
package main
import (
"crypto/tls"
"errors"
"log"
"github.com/go-ldap/ldap/v3"
)
type LDAPServer struct {
URL string
StartTLS bool
IgnoreInsecureCert bool
Connection *ldap.Conn
}
type LDAPSearch struct {
Succeeded bool
LDAPSearch *ldap.SearchResult
}
func connectToLDAPServer(URL string, starttls bool, ignore_cert bool) (*LDAPServer, error) {
l, err := ldap.DialURL(URL)
if err != nil {
return nil, err
}
if starttls {
if err := l.StartTLS(&tls.Config{InsecureSkipVerify: ignore_cert}); err != nil {
log.Println("StartTLS failed:", err)
}
}
return &LDAPServer{
Connection: l,
URL: URL,
StartTLS: starttls,
IgnoreInsecureCert: ignore_cert,
}, nil
}
func reconnectToLDAPServer(server *LDAPServer) {
if server == nil {
log.Println("Cannot reconnect: server is nil")
return
}
l, err := ldap.DialURL(server.URL)
if err != nil {
log.Print(err)
return
}
if server.StartTLS {
if err := l.StartTLS(&tls.Config{InsecureSkipVerify: server.IgnoreInsecureCert}); err != nil {
log.Println("StartTLS failed:", err)
}
}
server.Connection = l
}
func connectAsLDAPUser(server *LDAPServer, bindDN, password string) error {
if server == nil {
return errors.New("LDAP server is nil")
}
// Reconnect if needed
if server.Connection == nil || server.Connection.IsClosing() {
reconnectToLDAPServer(server)
}
return server.Connection.Bind(bindDN, password)
}
func searchLDAPServer(server *LDAPServer, baseDN string, searchFilter string, attributes []string) LDAPSearch {
if server == nil {
return LDAPSearch{false, nil}
}
if server.Connection == nil {
reconnectToLDAPServer(server)
if server.Connection == nil {
return LDAPSearch{false, nil}
}
}
searchRequest := ldap.NewSearchRequest(
baseDN,
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
searchFilter, attributes,
nil,
)
sr, err := server.Connection.Search(searchRequest)
if err != nil {
return LDAPSearch{false, nil}
}
return LDAPSearch{true, sr}
}
func modifyLDAPAttribute(server *LDAPServer, userDN string, attribute string, data []string) error {
modify := ldap.NewModifyRequest(userDN, nil)
modify.Replace(attribute, data)
err := server.Connection.Modify(modify)
if err != nil {
return err
}
return nil
}
func closeLDAPServer(server *LDAPServer) {
if server != nil && server.Connection != nil {
server.Connection.Close()
}
}
func ldapEscapeFilter(input string) string { return ldap.EscapeFilter(input) }
src/ldap/ldap_helpers.go
+7
View File
@@ -0,0 +1,7 @@
package ldap
import (
"github.com/go-ldap/ldap/v3"
)
func LDAPEscapeFilter(input string) string { return ldap.EscapeFilter(input) }
src/ldap/ldap_search.go
+29
View File
@@ -0,0 +1,29 @@
package ldap
import (
"github.com/go-ldap/ldap/v3"
)
type LDAPSearch struct {
search *ldap.SearchResult
}
type LDAPEntry struct {
entry *ldap.Entry
}
func (s *LDAPSearch) EntryCount() int {
return len(s.search.Entries)
}
func (s *LDAPSearch) GetEntry(number int) *LDAPEntry {
return &LDAPEntry{s.search.Entries[number]}
}
func (e *LDAPEntry) GetRawAttributeValue(name string) []byte {
return e.entry.GetRawAttributeValue(name)
}
func (e *LDAPEntry) GetAttributeValue(name string) string {
return e.entry.GetAttributeValue(name)
}
src/ldap/ldap_server.go
+130
View File
@@ -0,0 +1,130 @@
package ldap
import (
"crypto/tls"
"strings"
"astraltech.xyz/accountmanager/src/logging"
"github.com/go-ldap/ldap/v3"
)
type LDAPServer struct {
URL string
StartTLS bool
IgnoreInsecureCert bool
}
func (s *LDAPServer) TestConnection() (bool, error) {
l, err := ldap.DialURL(s.URL)
l.Close()
if err != nil {
return false, err
}
return true, nil
}
// internal connect, should not be used regularly
func (s *LDAPServer) connect() (*ldap.Conn, error) {
l, err := ldap.DialURL(s.URL)
if err != nil {
return nil, err
}
if s.StartTLS {
err = l.StartTLS(&tls.Config{
InsecureSkipVerify: s.IgnoreInsecureCert,
})
if err != nil {
l.Close()
return nil, err
}
}
return l, nil
}
func (s *LDAPServer) connectAsUser(userDN, password string) (*ldap.Conn, error) {
conn, err := s.connect()
if err != nil {
return nil, err
}
err = conn.Bind(userDN, password)
if err != nil {
return nil, err
}
return conn, nil
}
func (s *LDAPServer) AuthenticateUser(userDN, password string) (bool, error) {
conn, err := s.connectAsUser(userDN, password)
if err != nil || conn == nil {
return false, err
}
conn.Close()
return true, nil
}
func (s *LDAPServer) SerchServer(
userDN string, password string,
baseDN string,
searchFilter string, attributes []string,
) (*LDAPSearch, error) {
logging.Debugf("Searching %s LDAP server\n\tBase DN: %s\n\tSearch Filter %s\n\tAttributes: %s", s.URL, baseDN, searchFilter, strings.Join(attributes, ","))
conn, err := s.connectAsUser(userDN, password)
if err != nil {
return nil, err
}
defer conn.Close()
searchRequest := ldap.NewSearchRequest(
baseDN,
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
searchFilter, attributes,
nil,
)
sr, err := conn.Search(searchRequest)
if err != nil {
logging.Errorf("Failed to search LDAP server %s\n", err.Error())
return nil, err
}
return &LDAPSearch{sr}, nil
}
func (s *LDAPServer) ChangePassword(userDN string, oldPassword string, newPassword string) error {
conn, err := s.connectAsUser(userDN, oldPassword)
if err != nil {
return err
}
defer conn.Close()
// Perform password modify extended operation
_, err = conn.PasswordModify(&ldap.PasswordModifyRequest{
UserIdentity: userDN,
OldPassword: oldPassword,
NewPassword: newPassword,
})
if err != nil {
logging.Errorf("Password modify failed: %s", err.Error())
return err
}
logging.Infof("Password successfully changed for %s", userDN)
return nil
}
func (s *LDAPServer) ModifyAttribute(bindUserDN string, password string, userDN string, attribute string, data []string) error {
logging.Infof("Modifing LDAP attribute %s", attribute)
conn, err := s.connectAsUser(bindUserDN, password)
if err != nil {
return err
}
defer conn.Close()
modify := ldap.NewModifyRequest(userDN, nil)
modify.Replace(attribute, data)
err = conn.Modify(modify)
if err != nil {
logging.Errorf("Failed to modify %s", err.Error())
return err
}
return nil
}
src/logging/logging.go
+120
View File
@@ -0,0 +1,120 @@
package logging
import (
"log"
)
type EventType int
const (
ReadFile EventType = iota
AuthenticateUser
)
type LogLevel int
const (
InfoLevel LogLevel = iota
EventLevel
DebugLevel
WarnLevel
ErrorLevel
FatalLevel
)
var (
currentLevel LogLevel = InfoLevel
)
func Info(message string) {
if currentLevel > InfoLevel {
return
}
log.Printf("Info: %s", message)
}
func Infof(message string, v ...any) {
if currentLevel > InfoLevel {
return
}
log.Printf("Info: "+message, v...)
}
func Debug(message string) {
if currentLevel > DebugLevel {
return
}
log.Printf("Debug: %s", message)
}
func Debugf(message string, v ...any) {
if currentLevel > DebugLevel {
return
}
log.Printf("Debug: "+message, v...)
}
func Warn(message string) {
if currentLevel > WarnLevel {
return
}
log.Printf("Warn: %s", message)
}
func Warnf(message string, v ...any) {
if currentLevel > WarnLevel {
return
}
log.Printf("Warn: "+message, v...)
}
func Error(message string) {
if currentLevel > ErrorLevel {
return
}
log.Printf("Error: %s", message)
}
func Errorf(message string, v ...any) {
if currentLevel > ErrorLevel {
return
}
log.Printf("Error: "+message, v...)
}
func Fatal(message string) {
if currentLevel > FatalLevel {
return
}
log.Fatal(message)
}
func Fatalf(message string, v ...any) {
if currentLevel > FatalLevel {
return
}
log.Fatalf(message, v...)
}
func Event(eventType EventType, eventData ...any) {
if currentLevel > EventLevel {
return
}
switch eventType {
case ReadFile:
{
log.Printf("Reading file %s", eventData[0])
break
}
case AuthenticateUser:
{
log.Printf("Authenticating user %s", eventData[0])
break
}
}
}
func SetLogLovel(level LogLevel) {
currentLevel = level
}
src/main.go
-348
View File
@@ -1,348 +0,0 @@
package main
import (
"fmt"
"html/template"
"io"
"log"
"net/http"
"os"
"path/filepath"
"strings"
"sync"
"time"
)
var (
ldapServer *LDAPServer
ldapServerMutex sync.Mutex
serverConfig *ServerConfig
)
type UserData struct {
isAuth bool
Username string
DisplayName string
Email string
}
var (
photoCreatedTimestamp = make(map[string]time.Time)
photoCreatedMutex sync.Mutex
blankPhotoData []byte
)
func createUserPhoto(username string, photoData []byte) error {
os.Mkdir("./avatars", os.ModePerm)
path := fmt.Sprintf("./avatars/%s.jpeg", username)
cleaned := filepath.Clean(path)
dst, err := os.Create(cleaned)
if err != nil {
fmt.Printf("Not saving file\n")
return fmt.Errorf("Could not save file")
}
photoCreatedMutex.Lock()
photoCreatedTimestamp[username] = time.Now()
photoCreatedMutex.Unlock()
defer dst.Close()
_, err = dst.Write(photoData)
if err != nil {
return err
}
return nil
}
func authenticateUser(username, password string) (UserData, error) {
ldapServerMutex.Lock()
defer ldapServerMutex.Unlock()
if ldapServer.Connection == nil {
return UserData{isAuth: false}, fmt.Errorf("LDAP server not connected")
}
userDN := fmt.Sprintf("uid=%s,cn=users,cn=accounts,%s", username, serverConfig.LDAPConfig.BaseDN)
connected := connectAsLDAPUser(ldapServer, userDN, password)
if connected != nil {
return UserData{isAuth: false}, connected
}
userSearch := searchLDAPServer(
ldapServer,
serverConfig.LDAPConfig.BaseDN,
fmt.Sprintf("(&(objectClass=inetOrgPerson)(uid=%s))", ldapEscapeFilter(username)),
[]string{"displayName", "mail", "jpegphoto"},
)
if !userSearch.Succeeded {
return UserData{isAuth: false}, fmt.Errorf("user metadata not found")
}
entry := userSearch.LDAPSearch.Entries[0]
user := UserData{
isAuth: true,
Username: username,
DisplayName: entry.GetAttributeValue("displayName"),
Email: entry.GetAttributeValue("mail"),
}
photoData := entry.GetRawAttributeValue("jpegphoto")
if len(photoData) > 0 {
createUserPhoto(user.Username, photoData)
}
return user, nil
}
type LoginPageData struct {
IsHiddenClassList string
}
func loginHandler(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "text/html; charset=utf-8")
tmpl := template.Must(template.ParseFiles("src/pages/login_page.html"))
if r.Method == http.MethodGet {
tmpl.Execute(w, LoginPageData{IsHiddenClassList: "hidden"})
return
}
// 2. Logic for processing the form
if r.Method == http.MethodPost {
username := r.FormValue("username")
if strings.Contains(username, "/") {
tmpl.Execute(w, LoginPageData{IsHiddenClassList: ""})
}
password := r.FormValue("password")
log.Printf("New Login request for %s\n", username)
userData, err := authenticateUser(username, password)
if err != nil {
log.Print(err)
tmpl.Execute(w, LoginPageData{IsHiddenClassList: ""})
} else {
if userData.isAuth == true {
cookie := createSession(&userData)
if cookie == nil {
http.Error(w, "Session error", 500)
return
}
http.SetCookie(w, cookie)
http.Redirect(w, r, "/profile", http.StatusFound)
} else {
tmpl.Execute(w, LoginPageData{IsHiddenClassList: ""})
}
}
}
}
type ProfileData struct {
Username string
Email string
DisplayName string
CSRFToken string
}
func profileHandler(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "text/html; charset=utf-8")
exist, sessionData := validateSession(r)
if !exist {
http.Redirect(w, r, "/login", http.StatusSeeOther)
return
}
if r.Method == http.MethodGet {
tmpl := template.Must(template.ParseFiles("src/pages/profile_page.html"))
tmpl.Execute(w, ProfileData{
Username: sessionData.data.Username,
Email: sessionData.data.Email,
DisplayName: sessionData.data.DisplayName,
CSRFToken: sessionData.CSRFToken,
})
return
}
}
func avatarHandler(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "image/jpeg")
username := r.URL.Query().Get("user")
if strings.Contains(username, "/") {
w.Write(blankPhotoData)
return
}
filePath := fmt.Sprintf("./avatars/%s.jpeg", username)
cleaned := filepath.Clean(filePath)
value, err := os.ReadFile(cleaned)
if err == nil {
photoCreatedMutex.Lock()
if time.Since(photoCreatedTimestamp[username]) <= 5*time.Minute {
photoCreatedMutex.Unlock()
w.Write(value)
return
}
photoCreatedMutex.Unlock()
}
ldapServerMutex.Lock()
defer ldapServerMutex.Unlock()
connected := connectAsLDAPUser(ldapServer, serverConfig.LDAPConfig.BindDN, serverConfig.LDAPConfig.BindPassword)
if connected != nil {
w.Write(blankPhotoData)
fmt.Println("Returned blank avatar because couldnt connect as user")
return
}
userSearch := searchLDAPServer(
ldapServer,
serverConfig.LDAPConfig.BaseDN,
fmt.Sprintf("(&(objectClass=inetOrgPerson)(uid=%s))", ldapEscapeFilter(username)),
[]string{"jpegphoto"},
)
if !userSearch.Succeeded || len(userSearch.LDAPSearch.Entries) == 0 {
w.Write(blankPhotoData)
fmt.Println("Returned blank avatar because we couldnt find the user")
return
}
entry := userSearch.LDAPSearch.Entries[0]
bytes := entry.GetRawAttributeValue("jpegphoto")
if len(bytes) == 0 {
fmt.Println("Returned blank avatar because we just don't have an avatar")
w.Write(blankPhotoData)
return
} else {
w.Write(bytes)
createUserPhoto(username, bytes)
}
}
func logoutHandler(w http.ResponseWriter, r *http.Request) {
cookie, err := r.Cookie("session_token")
if err != nil {
http.Redirect(w, r, "/login", http.StatusSeeOther)
return
}
token := cookie.Value
exist, sessionData := validateSession(r)
if exist {
if r.FormValue("csrf_token") != sessionData.CSRFToken {
http.Error(w, "Unable to log user out", http.StatusForbidden)
log.Printf("%s attempted to logout with invalid csrf token", sessionData.data.Username)
return
}
}
sessionMutex.Lock()
delete(sessions, token)
sessionMutex.Unlock()
http.Redirect(w, r, "/login", http.StatusSeeOther)
}
func uploadPhotoHandler(w http.ResponseWriter, r *http.Request) {
exist, sessionData := validateSession(r)
if !exist {
http.Redirect(w, r, "/login", http.StatusSeeOther)
return
}
err := r.ParseMultipartForm(10 << 20) // 10MB limit
if err != nil {
http.Error(w, "Bad request", http.StatusBadRequest)
return
}
if r.FormValue("csrf_token") != sessionData.CSRFToken {
http.Error(w, "CSRF Forbidden", http.StatusForbidden)
return
}
file, header, err := r.FormFile("photo")
if err != nil {
http.Error(w, "File not found", http.StatusBadRequest)
return
}
defer file.Close()
if header.Size > (10 * 1024 * 1024) {
http.Error(w, "File is to large (limit is 10 MB)", http.StatusBadRequest)
return
}
// 3. Read file into memory
data, err := io.ReadAll(file)
if err != nil {
http.Error(w, "Failed to read file", http.StatusInternalServerError)
return
}
userDN := fmt.Sprintf("uid=%s,cn=users,cn=accounts,%s", sessionData.data.Username, serverConfig.LDAPConfig.BaseDN)
ldapServerMutex.Lock()
defer ldapServerMutex.Unlock()
modifyLDAPAttribute(ldapServer, userDN, "jpegphoto", []string{string(data)})
createUserPhoto(sessionData.data.Username, data)
}
func faviconHandler(w http.ResponseWriter, r *http.Request) {
http.ServeFile(w, r, serverConfig.StyleConfig.FaviconPath)
}
func logoHandler(w http.ResponseWriter, r *http.Request) {
http.ServeFile(w, r, serverConfig.StyleConfig.LogoPath)
}
func cleanupSessions() {
sessionMutex.Lock()
defer sessionMutex.Unlock()
sessions_to_delete := []string{}
for session_token, session_data := range sessions {
timeUntilRemoval := time.Minute * 5
if session_data.loggedIn {
timeUntilRemoval = time.Hour
}
if time.Since(session_data.timeCreated) > timeUntilRemoval {
sessions_to_delete = append(sessions_to_delete, session_token)
}
}
for _, session_id := range sessions_to_delete {
delete(sessions, session_id)
}
}
func main() {
var err error = nil
blankPhotoData, err = os.ReadFile("static/blank_profile.jpg")
if err != nil {
log.Fatal("Could not load blank profile image")
}
serverConfig, err = loadServerConfig("./data/config.json")
if err != nil {
log.Fatal("Could not load server config")
}
ldapServerMutex.Lock()
server, err := connectToLDAPServer(serverConfig.LDAPConfig.LDAPURL, serverConfig.LDAPConfig.Security == "tls", serverConfig.LDAPConfig.IgnoreInvalidCert)
ldapServer = server
ldapServerMutex.Unlock()
if err != nil {
log.Fatal(err)
return
}
defer closeLDAPServer(ldapServer)
createWorker(time.Minute*5, cleanupSessions)
http.HandleFunc("/favicon.ico", faviconHandler)
http.HandleFunc("/logo", logoHandler)
http.Handle("/static/", http.StripPrefix("/static/", http.FileServer(http.Dir("static"))))
http.HandleFunc("/login", loginHandler)
http.HandleFunc("/profile", profileHandler)
http.HandleFunc("/logout", logoutHandler)
http.HandleFunc("/avatar", avatarHandler)
http.HandleFunc("/change-photo", uploadPhotoHandler)
http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
http.Redirect(w, r, "/profile", http.StatusFound) // 302 redirect
})
serverAddress := fmt.Sprintf(":%d", serverConfig.WebserverConfig.Port)
log.Fatal(http.ListenAndServe(serverAddress, nil))
}
src/config.go → src/main/config.go
+28 -1
View File
@@ -3,6 +3,8 @@ package main
import ( import (
"encoding/json" "encoding/json"
"os" "os"
"astraltech.xyz/accountmanager/src/logging"
) )
type LDAPConfig struct { type LDAPConfig struct {
@@ -19,23 +21,48 @@ type StyleConfig struct {
LogoPath string `json:"logo_path"` LogoPath string `json:"logo_path"`
} }
type RedisConfig struct {
RedisURL string `json:"redis_url"`
Prefix string `json:"prefix"`
}
type WebserverConfig struct { type WebserverConfig struct {
Port int `json:"port"` Port int `json:"port"`
BaseURL string `json:"base_url"`
SessionStore string `json:"session_store"`
RedisConfigInfo RedisConfig `json:"redis_config"`
}
type EmailConfig struct {
Username string `json:"username"`
Email string `json:"email"`
Password string `json:"password"`
SMTPURL string `json:"smtp_url"`
SMTPPort int `json:"smtp_port"`
} }
type ServerConfig struct { type ServerConfig struct {
LDAPConfig LDAPConfig `json:"ldap_config"` LDAPConfig LDAPConfig `json:"ldap_config"`
StyleConfig StyleConfig `json:"style_config"` StyleConfig StyleConfig `json:"style_config"`
WebserverConfig WebserverConfig `json:"server_config"` WebserverConfig WebserverConfig `json:"server_config"`
EmailConfig EmailConfig `json:"email_config"`
} }
func loadServerConfig(path string) (*ServerConfig, error) { func loadServerConfig(path string) (*ServerConfig, error) {
logging.Debugf("Loading server config file: %s", path)
file, err := os.ReadFile(path) file, err := os.ReadFile(path)
if err != nil { if err != nil {
logging.Errorf("Failed to load server config")
logging.Error(err.Error())
return nil, err return nil, err
} }
var cfg ServerConfig var cfg ServerConfig
logging.Debugf("Unmarshaling JSON data")
err = json.Unmarshal(file, &cfg) err = json.Unmarshal(file, &cfg)
return &cfg, err if err != nil {
logging.Error("Failed to read JSON data")
logging.Error(err.Error())
}
return &cfg, nil
} }
src/main/login.go
+65
View File
@@ -0,0 +1,65 @@
package main
import (
"html/template"
"net/http"
"strings"
"astraltech.xyz/accountmanager/src/logging"
"astraltech.xyz/accountmanager/src/store"
)
type LoginPageData struct {
IsHiddenClassList string
}
func loginHandler(w http.ResponseWriter, r *http.Request) {
logging.Info("Handing login page")
w.Header().Set("Content-Type", "text/html; charset=utf-8")
tmpl := template.Must(template.ParseFiles("src/pages/login_page.html"))
if r.Method == http.MethodGet {
logging.Info("Rending login page")
tmpl.Execute(w, LoginPageData{IsHiddenClassList: "hidden"})
return
}
if r.Method == http.MethodPost {
username := r.FormValue("username")
if strings.Contains(username, "/") {
tmpl.Execute(w, LoginPageData{IsHiddenClassList: ""})
}
password := r.FormValue("password")
logging.Infof("New Login request for %s\n", username)
newUserData, err := authenticateUser(username, password)
userDataErr := userData.Create(username, newUserData)
if userDataErr == store.ErrKeyAlreadyExists {
userData.Update(username, newUserData)
} else if userDataErr != nil {
logging.Error(userDataErr.Error())
return
}
if err == ErrPasswordExpired {
http.Redirect(w, r, "/reset-password?token=this_is_the_only_token_that_works", http.StatusFound)
} else if err != nil {
logging.Error(err.Error())
tmpl.Execute(w, LoginPageData{IsHiddenClassList: ""})
} else {
if newUserData.isAuth == true {
cookie, err := sessionManager.CreateSession(username)
if err != nil {
logging.Error(err.Error())
http.Error(w, "Session error", http.StatusInternalServerError)
return
}
http.SetCookie(w, cookie)
http.Redirect(w, r, "/profile", http.StatusFound)
} else {
tmpl.Execute(w, LoginPageData{IsHiddenClassList: ""})
}
}
}
}
src/main/main.go
+288
View File
@@ -0,0 +1,288 @@
package main
import (
"errors"
"fmt"
"html/template"
"log"
"net/http"
"strings"
"astraltech.xyz/accountmanager/src/components"
"astraltech.xyz/accountmanager/src/email"
"astraltech.xyz/accountmanager/src/helpers"
"astraltech.xyz/accountmanager/src/ldap"
"astraltech.xyz/accountmanager/src/logging"
"astraltech.xyz/accountmanager/src/session"
"astraltech.xyz/accountmanager/src/store"
)
var (
ldapServer ldap.LDAPServer
serverConfig *ServerConfig
sessionManager *session.SessionManager
noReplyEmail email.EmailAccount
)
type UserData struct {
isAuth bool
DisplayName string
Email string
}
var (
userData store.KeyValueStore[*UserData]
)
var ErrPasswordExpired = errors.New("Password expired")
func authenticateUser(username, password string) (*UserData, error) {
logging.Event(logging.AuthenticateUser, username)
userDN := fmt.Sprintf("uid=%s,cn=users,cn=accounts,%s", username, serverConfig.LDAPConfig.BaseDN)
connected, err := ldapServer.AuthenticateUser(userDN, password)
if err != nil {
if strings.Contains(err.Error(), "Password is expired") {
return nil, ErrPasswordExpired
}
return nil, err
}
if connected == false {
logging.Debug("Failed to authenticate user")
return nil, fmt.Errorf("Failed to authenticate user %s", username)
}
logging.Info("User authenticated successfully")
userSearch, err := ldapServer.SerchServer(
userDN, password,
serverConfig.LDAPConfig.BaseDN,
fmt.Sprintf("(&(objectClass=inetOrgPerson)(uid=%s))", ldap.LDAPEscapeFilter(username)),
[]string{"displayName", "mail", "jpegphoto"},
)
if err != nil {
return nil, err
}
entry := userSearch.GetEntry(0)
user := UserData{
isAuth: true,
DisplayName: entry.GetAttributeValue("displayName"),
Email: entry.GetAttributeValue("mail"),
}
photoData := entry.GetRawAttributeValue("jpegphoto")
if len(photoData) > 0 {
components.CreateUserPhoto(username, photoData)
}
return &user, nil
}
type ProfileData struct {
Username string
Email string
DisplayName string
CSRFToken string
}
func profileHandler(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "text/html; charset=utf-8")
sessionData, err := sessionManager.GetSession(r)
if err != nil {
logging.Error(err.Error())
http.Redirect(w, r, "/login", http.StatusSeeOther)
return
}
data, err := userData.Get(sessionData.UserID)
if err != nil {
logging.Error(err.Error())
http.Redirect(w, r, "/login", http.StatusSeeOther)
return
}
if r.Method == http.MethodGet {
tmpl := template.Must(template.ParseFiles("src/pages/profile_page.html"))
tmpl.Execute(w, ProfileData{
Username: sessionData.UserID,
Email: data.Email,
DisplayName: data.DisplayName,
CSRFToken: sessionData.CSRFToken,
})
return
}
}
func logoutHandler(w http.ResponseWriter, r *http.Request) {
cookie, err := r.Cookie("session_token")
if err != nil {
http.Redirect(w, r, "/login", http.StatusSeeOther)
return
}
token := cookie.Value
sessionData, err := sessionManager.GetSession(r)
if err != nil {
logging.Error(err.Error())
}
if r.FormValue("csrf_token") != sessionData.CSRFToken {
http.Error(w, "Unable to log user out", http.StatusForbidden)
logging.Debugf("%s attempted to logout with invalid csrf token", sessionData.UserID)
return
}
logging.Infof("handling logout event for %s", sessionData.UserID)
sessionManager.DeleteSession(token)
http.Redirect(w, r, "/login", http.StatusSeeOther)
}
func faviconHandler(w http.ResponseWriter, r *http.Request) {
logging.Info("Requesting Favicon")
http.ServeFile(w, r, serverConfig.StyleConfig.FaviconPath)
}
func logoHandler(w http.ResponseWriter, r *http.Request) {
logging.Info("Requesting Logo")
http.ServeFile(w, r, serverConfig.StyleConfig.LogoPath)
}
func changePasswordHandler(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
sessionData, err := sessionManager.GetSession(r)
if err != nil {
logging.Error(err.Error())
w.WriteHeader(http.StatusUnauthorized)
w.Write([]byte(`{"success": false, "error": "Not authenticated"}`))
return
}
err = r.ParseMultipartForm(10 << 20)
if err != nil {
w.WriteHeader(http.StatusBadRequest)
w.Write([]byte(`{"success": false, "error": "Bad request"}`))
return
}
if r.FormValue("csrf_token") != sessionData.CSRFToken {
w.WriteHeader(http.StatusForbidden)
w.Write([]byte(`{"success": false, "error": "CSRF Forbidden"}`))
return
}
oldPassword := r.FormValue("old_password")
newPassword := r.FormValue("new_password")
newPasswordRepeat := r.FormValue("new_password_repeat")
if newPassword != newPasswordRepeat {
w.WriteHeader(http.StatusBadRequest)
w.Write([]byte(`{"success": false, "error": "Passwords do not match"}`))
return
}
userDN := fmt.Sprintf(
"uid=%s,cn=users,cn=accounts,%s",
sessionData.UserID,
serverConfig.LDAPConfig.BaseDN,
)
err = ldapServer.ChangePassword(userDN, oldPassword, newPassword)
if err != nil {
w.WriteHeader(http.StatusInternalServerError)
if strings.Contains(err.Error(), "Invalid Credentials") {
w.Write([]byte(`{"success": false, "error": "Current password incorrect"}`))
} else if strings.Contains(err.Error(), "Too soon to change password") {
w.Write([]byte(`{"success": false, "error": "Too soon to change password"}`))
} else {
w.Write([]byte(`{"success": false, "error": "Internal error"}`))
}
return
}
w.WriteHeader(http.StatusOK)
w.Write([]byte(`{"success": true}`))
user_data, err := userData.Get(sessionData.UserID)
data := map[string]any{
"Username": user_data.DisplayName,
"ServiceName": "Astral Tech",
}
email_template, err := email.RenderTemplate("./data/email-templates/changed-password.html", data, nil)
if err != nil {
logging.Errorf("Failed to load email template: %s", err.Error())
}
noReplyEmail.SendEmail([]string{user_data.Email}, "Password expired", email_template)
}
func main() {
logging.Info("Starting the server")
var err error
serverConfig, err = loadServerConfig("./data/config.json")
if err != nil {
log.Fatal("Could not load server config")
}
sessionManager = session.GetSessionManager()
if serverConfig.WebserverConfig.SessionStore == "in_memory" {
sessionManager.SetStoreType(session.InMemory)
userData = store.NewMemoryStore[*UserData]()
} else if serverConfig.WebserverConfig.SessionStore == "redis" {
sessionManager.SetStoreType(session.Redis, serverConfig.WebserverConfig.RedisConfigInfo.RedisURL, serverConfig.WebserverConfig.RedisConfigInfo.Prefix)
userData = store.NewRedisStore[*UserData](serverConfig.WebserverConfig.RedisConfigInfo.RedisURL, serverConfig.WebserverConfig.RedisConfigInfo.Prefix)
} else {
logging.Warnf("'%s' is an unknown session store type defaulting to in memory", serverConfig.WebserverConfig.SessionStore)
sessionManager.SetStoreType(session.InMemory)
userData = store.NewMemoryStore[*UserData]()
}
noReplyEmail = email.CreateEmailAccount(email.EmailAccountData{
Username: serverConfig.EmailConfig.Username,
Password: serverConfig.EmailConfig.Password,
Email: serverConfig.EmailConfig.Email,
}, serverConfig.EmailConfig.SMTPURL, serverConfig.EmailConfig.SMTPPort)
ldapServer = ldap.LDAPServer{
URL: serverConfig.LDAPConfig.LDAPURL,
StartTLS: serverConfig.LDAPConfig.Security == "tls",
IgnoreInsecureCert: serverConfig.LDAPConfig.IgnoreInvalidCert,
}
components.LDAPServer = &ldapServer
components.BaseDN = serverConfig.LDAPConfig.BaseDN
components.ServiceUserBindDN = serverConfig.LDAPConfig.BindDN
components.ServiceUserPassword = serverConfig.LDAPConfig.BindPassword
connected, err := ldapServer.TestConnection()
if connected != true || err != nil {
if err != nil {
logging.Error(err.Error())
}
logging.Fatal("Failed to connect to LDAP server")
}
InitPasswordExpiry()
helpers.HandleFunc("/favicon.ico", faviconHandler)
helpers.HandleFunc("/logo", logoHandler)
http.Handle("/static/", http.StripPrefix("/static/", http.FileServer(http.Dir("static"))))
helpers.HandleFunc("/login", loginHandler)
helpers.HandleFunc("/profile", profileHandler)
helpers.HandleFunc("/logout", logoutHandler)
helpers.HandleFunc("/reset-password", resetPasswordHandler)
helpers.HandleFunc("/avatar", components.AvatarHandler)
helpers.HandleFunc("/change-photo", components.UploadPhotoHandler)
helpers.HandleFunc("/change-password", changePasswordHandler)
helpers.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
http.Redirect(w, r, "/profile", http.StatusFound) // 302 redirect
})
serverAddress := fmt.Sprintf(":%d", serverConfig.WebserverConfig.Port)
logging.Fatal(http.ListenAndServe(serverAddress, nil).Error())
}
src/main/password_expiry.go
+57
View File
@@ -0,0 +1,57 @@
package main
import (
"fmt"
"time"
"astraltech.xyz/accountmanager/src/email"
"astraltech.xyz/accountmanager/src/logging"
"astraltech.xyz/accountmanager/src/worker"
)
func InitPasswordExpiry() {
go func() {
CheckPasswordExpriy()
}()
worker.CreateWorker(time.Hour*12, CheckPasswordExpriy)
}
func CheckPasswordExpriy() {
logging.Infof("Starting password expiry check")
now := time.Now().UTC()
formatted := now.Format("20060102150405Z")
search, err := ldapServer.SerchServer(serverConfig.LDAPConfig.BindDN, serverConfig.LDAPConfig.BindPassword, serverConfig.LDAPConfig.BaseDN, fmt.Sprintf("(&(objectclass=person)(krbPasswordExpiration<=%s))", formatted), []string{"cn", "mail", "krbPasswordExpiration"})
if err != nil {
logging.Warn(err.Error())
}
logging.Infof("%d users with expired passwords", search.EntryCount())
for i := range search.EntryCount() {
emailAddr := search.GetEntry(i).GetAttributeValue("mail")
if len(emailAddr) <= 0 {
continue
}
t, err := time.Parse("20060102150405Z", search.GetEntry(i).GetAttributeValue("krbPasswordExpiration"))
if err != nil {
panic(err)
}
formatted := t.Format("January 2, 2006 at 3:04 PM MST")
data := map[string]any{
"Username": search.GetEntry(i).GetAttributeValue("cn"),
"ExpiredAt": formatted,
"ResetURL": fmt.Sprintf("%s", serverConfig.WebserverConfig.BaseURL),
"ServiceName": "Astral Tech",
}
email_template, err := email.RenderTemplate("./data/email-templates/expired-password.html", data, nil)
if err != nil {
logging.Errorf("Failed to load email template: %s", err.Error())
}
noReplyEmail.SendEmail([]string{emailAddr}, "Password expired", email_template)
}
}
src/main/reset_password.go
+21
View File
@@ -0,0 +1,21 @@
package main
import (
"html/template"
"net/http"
"astraltech.xyz/accountmanager/src/logging"
)
func resetPasswordHandler(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "text/html; charset=utf-8")
token := r.URL.Query().Get("token")
logging.Infof("Token: %s\n", token)
tmpl := template.Must(template.ParseFiles("src/pages/reset_password.html"))
if r.Method == http.MethodGet {
tmpl.Execute(w, nil)
return
}
}
src/pages/login_page.html
+15 -14
View File
@@ -6,37 +6,38 @@
rel="stylesheet" rel="stylesheet"
/> />
<link rel="stylesheet" href="static/style.css" /> <link rel="stylesheet" href="static/style.css" />
<link rel="stylesheet" href="static/error/error.css" />
<link rel="stylesheet" href="static/card.css" />
<link rel="stylesheet" href="static/login_page.css" /> <link rel="stylesheet" href="static/login_page.css" />
<img id="logo_image" alt="logo" src="/logo" /> <img id="logo_image" alt="logo" src="/logo" />
<form id="login_card" method="POST"> <form id="login_card" class="card" method="POST">
<div id="welcome_text"> <div id="welcome_text">
Welcome to Astral Tech, Please Sign in to your account below Welcome to Astral Tech, Please Sign in to your account below
</div> </div>
<div id="incorrect_password_text" class="{{.IsHiddenClassList}}"> <div class="error {{.IsHiddenClassList}}">
⚠️ Invalid username or password. ⚠️ Invalid username or password.
<button id="incorrect_password_close_button">X</button> <button class="close_error_button">X</button>
</div> </div>
<div> <div>
<label class="login_text">Username</label><br /> <label class="input_label">Username</label><br />
<input type="text" name="username" placeholder="" required /> <input type="text" name="username" placeholder="" required />
</div> </div>
<div> <div>
<label class="login_text">Password</label><br /> <label class="input_label">Password</label><br />
<div class="password_box">
<input type="password" name="password" placeholder="" required /> <input type="password" name="password" placeholder="" required />
<button type="button" class="show_password_toggle closed"></button>
</div>
</div> </div>
<button type="submit">Login</button> <button type="submit">Login</button>
</form> </form>
<script> <script src="/static/error/error.js" type="text/javascript"></script>
document <script
.getElementById("incorrect_password_close_button") src="/static/javascript/show_password.js"
.addEventListener("click", function () { type="text/javascript"
document ></script>
.getElementById("incorrect_password_text")
.classList.add("hidden");
});
</script>
src/pages/profile_page.html
+180 -29
View File
@@ -7,7 +7,109 @@
/> />
<link rel="stylesheet" href="static/style.css" /> <link rel="stylesheet" href="static/style.css" />
<link rel="stylesheet" href="static/card.css" /> <link rel="stylesheet" href="static/card.css" />
<link rel="stylesheet" href="static/error/error.css" />
<link rel="stylesheet" href="static/profile_page.css" /> <link rel="stylesheet" href="static/profile_page.css" />
<link rel="stylesheet" href="static/progress_bar.css" />
<link rel="stylesheet" href="static/cursor.css" />
<div id="popup_background" class="blocked hidden"></div>
<div id="change_password_dialogue" class="card static_center hidden">
<div class="dialouge_title">Change Password</div>
<button id="close_password_dialogue">X</button>
<hr
style="
border: 0;
border-top: 1px solid var(--border-subtle);
margin: 20px 0;
margin-bottom: 0px;
margin-top: 0px;
"
/>
<div id="password_error" class="error hidden">
<div id="password_text"></div>
<button id="password_error_close_button" class="close_error_button">
X
</button>
</div>
<div>
<label class="input_label">Current password</label><br />
<div class="password_box">
<input
type="password"
id="current_password"
name="current_password"
placeholder=""
required
/>
<button type="button" class="show_password_toggle closed"></button>
</div>
</div>
<div>
<label class="input_label">New password</label><br />
<div class="password_box">
<input
type="password"
id="new_password"
name="new_password"
placeholder=""
required
/>
<button type="button" class="show_password_toggle closed"></button>
</div>
</div>
<div>
<label class="input_label">New password (repeat)</label><br />
<div class="password_box">
<input
type="password"
id="new_password_repeat"
name="new_password_repeat"
placeholder=""
required
/>
<button type="button" class="show_password_toggle closed"></button>
</div>
</div>
<div>
<label class="input_label" id="strengh-label">Strength: Weak</label
><br />
<div class="progress-bar">
<div
class="progress-bar-progress"
id="password-progress"
style="width: 0%"
></div>
</div>
</div>
<!--<div id="password_errors">
<div class="password_error">Error 1</div>
<div class="password_error">Error 2</div>
</div>
<div id="password_warnings">
<div class="password_error">Error 1</div>
<div class="password_error">Error 2</div>
</div>-->
<button id="final_change_password_button">Change Password</button>
</div>
<div id="resize_photo_dialouge" class="card static_center hidden">
<div id="image_container">
<img id="new_profile_image" alt="new-profile-image" />
<div id="darken_part"></div>
</div>
<div id="resize_photo_box"></div>
<button id="confirm_change">Confirm Change</button>
</div>
<img id="logo_image" alt="logo" src="/logo" /> <img id="logo_image" alt="logo" src="/logo" />
<div id="main_content"> <div id="main_content">
@@ -29,7 +131,7 @@
<button id="edit_picture_button"> <button id="edit_picture_button">
<img <img
src="/static/crayon_icon.png" src="/static/images/crayon_icon.png"
id="edit_picture_image" id="edit_picture_image"
/> />
</button> </button>
@@ -51,28 +153,18 @@
<div class="data-value">{{.Email}}</div> <div class="data-value">{{.Email}}</div>
</div> </div>
<form <button class="bottom_button" id="change_password_button">
action="/logout" <input
method="POST" id="csrf_token_storage"
style=" type="hidden"
color: var(--primary-accent); name="csrf_token"
text-decoration: none; value="{{.CSRFToken}}"
font-weight: bold; />
margin-top: 20px; Change Password
display: inline-block; </button>
"
> <form action="/logout" method="POST" style="display: inline-block">
<button <button class="bottom_button" id="signout_button">
style="
background: none;
border-style: none;
color: var(--primary-accent);
text-decoration: none;
font-weight: bold;
font-size: 20px;
"
id="signout_button"
>
<input <input
id="csrf_token_storage" id="csrf_token_storage"
type="hidden" type="hidden"
@@ -86,26 +178,68 @@
</div> </div>
</div> </div>
<script src="/static/javascript/cursor.js" type="text/javascript"></script>
<script
src="/static/javascript/resize_photo_dialouge.js"
type="text/javascript"
></script>
<script type="text/javascript"> <script type="text/javascript">
const button = document.getElementById("edit_picture_button"); const button = document.getElementById("edit_picture_button");
const fileInput = document.getElementById("file_input"); const fileInput = document.getElementById("file_input");
const confirm_change = document.getElementById("confirm_change");
const new_profile_image = document.getElementById("new_profile_image");
button.addEventListener("click", () => { button.addEventListener("click", () => {
fileInput.click(); // opens file picker fileInput.click();
}); });
</script> </script>
<script type="text/javascript"> <script type="text/javascript">
var currentPreviewURL = null; var currentPreviewURL = null,
image = null,
file = null;
var x_start = 0,
y_start = 0;
var bitmap;
fileInput.addEventListener("change", async () => { fileInput.addEventListener("change", async () => {
const file = fileInput.files[0]; document.getElementById("popup_background").classList.remove("hidden");
file = fileInput.files[0];
if (!file) return; if (!file) return;
if (file.type !== "image/jpeg") { if (file.type !== "image/jpeg") {
alert("Only JPEG images are allowed."); alert("Only JPEG images are allowed.");
fileInput.value = ""; fileInput.value = "";
document.getElementById("popup_background").classList.add("hidden");
return; return;
} }
document
.getElementById("resize_photo_dialouge")
.classList.remove("hidden");
image = URL.createObjectURL(file);
bitmap = await createImageBitmap(file);
new_profile_image.src = image;
resize_photo_box.style.setProperty(
"--image-width",
bitmap.width + "px",
);
new_profile_image.style.setProperty("--x-offset", "0px");
new_profile_image.style.setProperty("--y-offset", "0px");
});
confirm_change.addEventListener("click", async () => {
document
.getElementById("resize_photo_dialouge")
.classList.add("hidden");
const formData = new FormData(); const formData = new FormData();
formData.append("photo", file); formData.append("photo", file);
formData.append( formData.append(
@@ -118,14 +252,31 @@
credentials: "include", credentials: "include",
}); });
const text = await res.text(); const text = await res.text();
// show the picture (so we don't need to re render the whole page)
document.getElementById("popup_background").classList.add("hidden");
const img = document.querySelector(".profile-pic"); const img = document.querySelector(".profile-pic");
if (currentPreviewURL != null) { if (currentPreviewURL != null) {
URL.revokeObjectURL(currentPreviewURL); URL.revokeObjectURL(currentPreviewURL);
} }
img.src = URL.createObjectURL(file); img.src = image;
currentPreviewURL = img.src; currentPreviewURL = image;
}); });
</script> </script>
<script src="/static/error/error.js" type="text/javascript"></script>
<script
src="/static/javascript/password_strength.js"
type="text/javascript"
></script>
<script
src="/static/javascript/handle_password_change.js"
type="text/javascript"
></script>
<script
src="/static/javascript/show_password.js"
type="text/javascript"
></script>
src/pages/reset_password.html
+44
View File
@@ -0,0 +1,44 @@
<!doctype html>
<title>Astral Tech - Reset Password</title>
<link
href="https://fonts.googleapis.com/css2?family=Inter:wght@400;600&display=swap"
rel="stylesheet"
/>
<link rel="stylesheet" href="static/style.css" />
<link rel="stylesheet" href="static/error/error.css" />
<link rel="stylesheet" href="static/card.css" />
<link rel="stylesheet" href="static/reset_password.css" />
<img id="logo_image" alt="logo" src="/logo" />
<div id="reset_password_card" class="card static_center">
<div>
<div>
Welcome
<b>{{.Name}}</b>
</div>
<div class="subtext">
Your password needs to be reset, please enter your new password
below
</div>
</div>
<div>
<label class="input_label">New password</label><br />
<div class="password_box">
<input type="password" name="password" placeholder="" required />
<button type="button" class="show_password_toggle closed"></button>
</div>
</div>
<div>
<label class="input_label">New password (repeated)</label><br />
<div class="password_box">
<input type="password" name="password" placeholder="" required />
<button type="button" class="show_password_toggle closed"></button>
</div>
</div>
<button>Reset Password</button>
</div>
src/session.go
-91
View File
@@ -1,91 +0,0 @@
package main
import (
"crypto/rand"
"crypto/sha256"
"encoding/base64"
"log"
"net/http"
"sync"
"time"
)
type SessionData struct {
loggedIn bool
data *UserData
timeCreated time.Time
CSRFToken string
}
var (
sessions = make(map[string]SessionData)
sessionMutex sync.Mutex
)
func GenerateSessionToken(length int) (string, error) {
b := make([]byte, length)
_, err := rand.Read(b)
if err != nil {
return "", err
}
token := base64.RawURLEncoding.EncodeToString(b)
return token, nil
}
func createSession(userData *UserData) *http.Cookie {
token, err := GenerateSessionToken(32) // Use crypto/rand for this
if err != nil {
log.Print(err)
return nil
}
CSRFToken, err := GenerateSessionToken(32)
if err != nil {
log.Print(err)
return nil
}
tokenEncoded := sha256.Sum256([]byte(token))
tokenEncodedString := string(tokenEncoded[:])
sessionMutex.Lock()
defer sessionMutex.Unlock()
loggedIn := false
if userData != nil {
loggedIn = true
}
sessions[tokenEncodedString] = SessionData{
data: userData,
timeCreated: time.Now(),
CSRFToken: CSRFToken,
loggedIn: loggedIn,
}
cookie := &http.Cookie{
Name: "session_token",
Value: token,
Path: "/",
HttpOnly: true, // Essential: prevents JS access
Secure: true, // Set to TRUE in production (HTTPS)
SameSite: http.SameSiteLaxMode,
MaxAge: 3600, // 1 hour
}
return cookie
}
func validateSession(r *http.Request) (bool, *SessionData) {
cookie, err := r.Cookie("session_token")
if err != nil {
return false, &SessionData{}
}
token := cookie.Value
tokenEncoded := sha256.Sum256([]byte(token))
tokenEncodedString := string(tokenEncoded[:])
sessionMutex.Lock()
sessionData, exists := sessions[tokenEncodedString]
sessionMutex.Unlock()
if !exists || !sessionData.loggedIn {
return false, &SessionData{}
}
return true, &sessionData
}
src/session/session_helpers.go
+17
View File
@@ -0,0 +1,17 @@
package session
import (
"crypto/rand"
"encoding/base64"
)
// helper function for secure session storage
func GenerateSessionToken(length int) (string, error) {
b := make([]byte, length)
_, err := rand.Read(b)
if err != nil {
return "", err
}
token := base64.RawURLEncoding.EncodeToString(b)
return token, nil
}
src/session/session_manager.go
+110
View File
@@ -0,0 +1,110 @@
package session
import (
"net/http"
"sync"
"time"
"astraltech.xyz/accountmanager/src/logging"
"astraltech.xyz/accountmanager/src/store"
)
const SessionCookieName = "session_token"
type SessionManager struct {
store store.KeyValueStore[*SessionData]
}
var instance *SessionManager
var once sync.Once
type StoreType int
const (
InMemory StoreType = iota
Redis
)
func GetSessionManager() *SessionManager {
once.Do(func() {
instance = &SessionManager{}
})
return instance
}
func (manager *SessionManager) SetStoreType(storeType StoreType, params ...any) {
logging.Infof("Changing session manager store type")
switch storeType {
case InMemory:
{
manager.store = store.NewMemoryStore[*SessionData]()
break
}
case Redis:
{
url, _ := params[0].(string)
prefix, _ := params[1].(string)
manager.store = store.NewRedisStore[*SessionData](url, prefix)
break
}
}
}
func (manager *SessionManager) CreateSession(userID string) (cookie *http.Cookie, err error) {
logging.Debugf("Creating a new session for %s", userID)
token, err := GenerateSessionToken(32) // Use crypto/rand for this
if err != nil {
return nil, err
}
CSRFToken, err := GenerateSessionToken(32)
if err != nil {
return nil, err
}
newSessionData := SessionData{
UserID: userID,
CSRFToken: CSRFToken,
ExpiresAt: time.Now().Add(time.Hour),
}
err = manager.store.CreateExpiring(token, &newSessionData, time.Hour)
if err != nil {
return nil, err
}
newCookie := &http.Cookie{
Name: SessionCookieName,
Value: token,
Path: "/",
HttpOnly: true,
Secure: true,
SameSite: http.SameSiteLaxMode,
MaxAge: 3600,
}
return newCookie, nil
}
func (manager *SessionManager) GetSession(r *http.Request) (*SessionData, error) {
logging.Debug("Validating session from request")
cookie, err := r.Cookie(SessionCookieName)
if err != nil {
return nil, ErrSessionNotFound
}
token := cookie.Value
if token == "" {
return nil, ErrSessionNotFound
}
data, err := manager.store.Get(token)
if err != nil {
return nil, ErrSessionNotFound
}
if time.Now().After(data.ExpiresAt) {
_ = manager.store.Delete(token)
return nil, ErrSessionExpired
}
return data, nil
}
func (manager *SessionManager) DeleteSession(sessionId string) error {
return manager.store.Delete(sessionId)
}
src/session/session_store.go
+17
View File
@@ -0,0 +1,17 @@
package session
import (
"errors"
"time"
)
var ErrSessionNotFound = errors.New("Session not found")
var ErrSessionAlreadyExists = errors.New("Session already exists")
var ErrSessionExpired = errors.New("Session expired")
var ErrSessionBackend = errors.New("Session backend")
type SessionData struct {
UserID string `json:"userid"`
CSRFToken string `json:"csrftoken"`
ExpiresAt time.Time `json:"expiresat"`
}
src/store/store.go
+15
View File
@@ -0,0 +1,15 @@
package store
import (
"time"
)
// A simple key value store that can either just be single instance in memory or a redis server (for now)
type KeyValueStore[Value any] interface {
Create(key string, value Value) error
CreateExpiring(key string, value Value, ttl time.Duration) error
Get(key string) (Value, error)
Update(key string, session Value) error
Delete(key string) error
}
src/store/store_errros.go
+8
View File
@@ -0,0 +1,8 @@
package store
import "errors"
var ErrKeyNotFound = errors.New("Key not found")
var ErrKeyAlreadyExists = errors.New("Key already exists")
var ErrKeyExpired = errors.New("Key expired")
var ErrKeyBackend = errors.New("Key backend")
src/store/store_helpers.go
+11
View File
@@ -0,0 +1,11 @@
package store
import (
"crypto/sha256"
"encoding/base64"
)
func HashKey(key string) string {
tokenEncoded := sha256.Sum256([]byte(key))
return base64.RawURLEncoding.EncodeToString(tokenEncoded[:])
}
src/store/store_in_memory.go
+158
View File
@@ -0,0 +1,158 @@
package store
import (
"sync"
"time"
"astraltech.xyz/accountmanager/src/logging"
"astraltech.xyz/accountmanager/src/worker"
)
type KeyValue[Value any] struct {
value Value
expireTime time.Time
}
type ExpireTime struct {
expiryTime time.Time
key string
}
type MemoryStore[Value any] struct {
Keys map[string]KeyValue[Value]
Lock sync.RWMutex
ExpireTimes []ExpireTime
}
func NewMemoryStore[Value any]() *MemoryStore[Value] {
logging.Debug("Creating new in memory session store")
store := &MemoryStore[Value]{
Keys: make(map[string]KeyValue[Value]),
Lock: sync.RWMutex{},
ExpireTimes: []ExpireTime{},
}
worker.CreateWorker(time.Minute*5, store.CleanupExpired)
return store
}
func (m *MemoryStore[Value]) CreateExpiring(key string, value Value, duration time.Duration) error {
var expiry time.Time
if duration != 0 {
expiry = time.Now().Add(duration)
}
m.Lock.Lock()
defer m.Lock.Unlock()
hashedkey := HashKey(key)
_, exist := m.Keys[hashedkey]
if exist {
return ErrKeyAlreadyExists
}
m.Keys[hashedkey] = KeyValue[Value]{
value: value,
expireTime: expiry,
}
if duration != 0 {
low := 0
high := len(m.ExpireTimes)
for low < high {
mid := (low + high) / 2
if m.ExpireTimes[mid].expiryTime.Before(expiry) {
low = mid + 1
} else {
high = mid
}
}
insertIndex := low
m.ExpireTimes = append(m.ExpireTimes, ExpireTime{})
copy(m.ExpireTimes[insertIndex+1:], m.ExpireTimes[insertIndex:])
m.ExpireTimes[insertIndex] = ExpireTime{
key: key,
expiryTime: expiry,
}
}
return nil
}
func (m *MemoryStore[Value]) CleanupExpired() {
m.Lock.Lock()
defer m.Lock.Unlock()
now := time.Now()
for len(m.ExpireTimes) > 0 && !now.Before(m.ExpireTimes[0].expiryTime) {
key, exists := m.Keys[HashKey(m.ExpireTimes[0].key)]
if exists && key.expireTime.Equal(m.ExpireTimes[0].expiryTime) {
m.deleteWithoutLock(m.ExpireTimes[0].key)
}
m.ExpireTimes = m.ExpireTimes[1:]
}
}
func (m *MemoryStore[Value]) Create(key string, session Value) error {
return m.CreateExpiring(key, session, 0)
}
func (m *MemoryStore[Value]) Get(key string) (Value, error) {
var data KeyValue[Value]
var zeroValue Value
hashedkey := HashKey(key)
m.Lock.RLock()
data, exists := m.Keys[hashedkey]
m.Lock.RUnlock()
if !exists {
return zeroValue, ErrKeyNotFound
}
if !data.expireTime.IsZero() && !time.Now().Before(data.expireTime) {
m.Lock.Lock()
if current, ok := m.Keys[hashedkey]; ok && current.expireTime.Equal(data.expireTime) {
delete(m.Keys, hashedkey)
}
m.Lock.Unlock()
return zeroValue, ErrKeyNotFound
}
return data.value, nil
}
func (m *MemoryStore[Value]) Update(sessionID string, value Value) error {
hashedkey := HashKey(sessionID)
m.Lock.Lock()
defer m.Lock.Unlock()
old_key, exist := m.Keys[hashedkey]
if !exist {
return ErrKeyNotFound
}
m.Keys[hashedkey] = KeyValue[Value]{
value: value,
expireTime: old_key.expireTime,
}
return nil
}
func (m *MemoryStore[Value]) deleteWithoutLock(key string) error {
hashedkey := HashKey(key)
_, exist := m.Keys[hashedkey]
if !exist {
return ErrKeyNotFound
}
delete(m.Keys, hashedkey)
return nil
}
func (m *MemoryStore[Value]) Delete(key string) error {
m.Lock.Lock()
defer m.Lock.Unlock()
return m.deleteWithoutLock(key)
}
src/store/store_redis.go
+116
View File
@@ -0,0 +1,116 @@
package store
import (
"context"
"encoding/json"
"time"
"astraltech.xyz/accountmanager/src/logging"
"github.com/redis/go-redis/v9"
)
type RedisStore[Value any] struct {
client *redis.Client
ctx context.Context
prefix string
}
func (m *RedisStore[Value]) RedisHash(value_to_hash string) string {
return m.prefix + HashKey(value_to_hash)
}
func NewRedisStore[Value any](redis_server string, prefix string) *RedisStore[Value] {
logging.Debug("Creating new redis session store")
opts, err := redis.ParseURL(redis_server)
if err != nil {
logging.Errorf("Failed to parse redis url %s", err.Error())
}
rdb := redis.NewClient(opts)
ctx := context.Background()
if err := rdb.Ping(ctx).Err(); err != nil {
logging.Errorf("Failed to connect to redis server %s", redis_server)
} else {
logging.Infof("Successfully connected to redis server %s", redis_server)
}
store := &RedisStore[Value]{
client: rdb,
ctx: ctx,
prefix: prefix,
}
return store
}
func (m *RedisStore[Value]) CreateExpiring(key string, value Value, ttl time.Duration) error {
hashedSession := m.RedisHash(key)
data, err := json.Marshal(value)
if err != nil {
return ErrKeyBackend
}
created, err := m.client.SetNX(m.ctx, hashedSession, data, ttl).Result()
if err != nil {
logging.Error(err.Error())
return ErrKeyBackend
}
if !created {
return ErrKeyAlreadyExists
}
return nil
}
func (m *RedisStore[Value]) Create(key string, value Value) error {
return m.CreateExpiring(key, value, 0)
}
func (m *RedisStore[Value]) Get(sessionID string) (Value, error) {
hashed := m.RedisHash(sessionID)
var session_data Value
data, err := m.client.Get(m.ctx, hashed).Bytes()
if err == redis.Nil {
return session_data, ErrKeyNotFound
} else if err != nil {
logging.Error(err.Error())
return session_data, ErrKeyBackend
}
if err := json.Unmarshal(data, &session_data); err != nil {
logging.Error(err.Error())
return session_data, ErrKeyBackend
}
return session_data, nil
}
func (m *RedisStore[Value]) Update(key string, value Value) error {
hashedSession := m.RedisHash(key)
data, err := json.Marshal(value)
if err != nil {
return ErrKeyBackend
}
updated, err := m.client.SetXX(m.ctx, hashedSession, data, time.Hour).Result()
if err != nil {
logging.Error(err.Error())
return ErrKeyBackend
}
if !updated {
return ErrKeyNotFound
}
return nil
}
func (m *RedisStore[Value]) Delete(sessionID string) error {
hashedSession := m.RedisHash(sessionID)
err := m.client.Del(m.ctx, hashedSession).Err()
if err != nil {
logging.Error(err.Error())
return ErrKeyBackend
}
return nil
}
src/worker.go
-16
View File
@@ -1,16 +0,0 @@
package main
import (
"time"
)
func createWorker(interval time.Duration, task func()) {
go func() {
ticker := time.NewTicker(interval)
defer ticker.Stop()
for range ticker.C {
task()
}
}()
}
src/worker/worker.go
+19
View File
@@ -0,0 +1,19 @@
package worker
import (
"time"
"astraltech.xyz/accountmanager/src/logging"
)
func CreateWorker(interval time.Duration, task func()) {
logging.Debugf("Creating worker that runs on a %s interval", interval.String())
go func() {
ticker := time.NewTicker(interval)
defer ticker.Stop()
for range ticker.C {
task()
}
}()
}
static/card.css
+14 -7
View File
@@ -1,13 +1,20 @@
.card { .card {
background: rgba( background: rgba(255, 255, 255, 1);
255,
255,
255,
0.8
); /* Semi-transparent white for light theme */
border: 1px solid var(--border-subtle); border: 1px solid var(--border-subtle);
border-radius: 12px; border-radius: 12px;
padding: 24px; padding: 2.5rem;
box-shadow: 0 4px 15px rgba(0, 0, 0, 0.03); box-shadow: 0 4px 15px rgba(0, 0, 0, 0.03);
transition: transform 0.2s ease; transition: transform 0.2s ease;
display: flex;
flex-direction: column;
gap: 15px;
overflow: hidden;
}
.static_center {
position: fixed;
left: 50%;
top: 50%;
transform: translateX(-50%) translateY(-50%);
} }
static/cursor.css
+3
View File
@@ -0,0 +1,3 @@
.cursor_grabbing {
cursor: grabbing;
}
static/error/error.css
+30
View File
@@ -0,0 +1,30 @@
.error {
background-color: var(--error-red) !important;
border-radius: 10px;
padding: 20px;
border-style: solid;
border-color: var(--error-border-red);
border-width: 1px;
box-sizing: border-box;
font-size: 12px;
position: relative;
color: white;
box-shadow: 0 2px 6px rgba(0, 0, 0, 0.1);
}
.close_error_button {
position: absolute !important;
background-color: rgba(0, 0, 0, 0) !important;
padding: 0px !important;
top: 20px;
right: 20px;
color: black !important;
font-weight: normal !important;
border: none;
width: fit-content !important;
}
.close_error_button:hover {
cursor: default;
font-weight: bold !important;
}
static/error/error.js
+7
View File
@@ -0,0 +1,7 @@
var error_close_buttons = document.getElementsByClassName("close_error_button");
for (const close_button of error_close_buttons) {
close_button.addEventListener("click", function () {
this.parentElement.classList.add("hidden");
});
}
static/blank_profile.jpg → static/images/blank_profile.jpg
View File
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 21 KiB

After

Width:  |  Height:  |  Size: 21 KiB

static/images/closed_eye.png
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.6 KiB

static/crayon_icon.png → static/images/crayon_icon.png
View File
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 3.0 KiB

After

Width:  |  Height:  |  Size: 3.0 KiB

static/images/filled_eye.png
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.2 KiB

static/javascript/cursor.js
+20
View File
@@ -0,0 +1,20 @@
var currentX, currentY;
document.addEventListener("mousemove", (e) => {
const rect = document.body.getBoundingClientRect();
currentX = e.clientX;
currentY = e.clientY;
});
const CURSOR_NORMAL = "cursor_normal";
const CURSOR_GRABBING = "cursor_grabbing";
document.body.classList.remove(CURSOR_NORMAL);
let current_cursor_state = CURSOR_NORMAL;
function set_cursor_state(new_cursor_state) {
document.body.classList.remove(current_cursor_state);
document.body.classList.add(new_cursor_state);
current_cursor_state = new_cursor_state;
}
static/javascript/handle_password_change.js
+106
View File
@@ -0,0 +1,106 @@
document
.getElementById("close_password_dialogue")
.addEventListener("click", () => {
document.getElementById("change_password_dialogue").classList.add("hidden");
document.getElementById("popup_background").classList.add("hidden");
});
const popup_botton = document.getElementById("change_password_button");
const currentPasswordButton = document.getElementById("current_password"),
newPasswordButton = document.getElementById("new_password"),
newPasswordRepeatButton = document.getElementById("new_password_repeat");
const strengh_label = document.getElementById("strengh-label");
const password_progress = document.getElementById("password-progress");
popup_botton.addEventListener("click", () => {
document.getElementById("popup_background").classList.remove("hidden");
document
.getElementById("change_password_dialogue")
.classList.remove("hidden");
currentPasswordButton.value = "";
newPasswordButton.value = "";
newPasswordRepeatButton.value = "";
strengh_label.innerText = "Strength: Weak";
password_progress.style.width = "0%";
});
const changePasswordButton = document.getElementById(
"final_change_password_button",
);
function displayError(errorText) {
document.getElementById("password_error").classList.remove("hidden");
document.getElementById("password_text").innerText = "⚠️ " + errorText + ".";
return;
}
changePasswordButton.addEventListener("click", () => {
if (currentPasswordButton.value === "") {
displayError("Please enter current password");
return;
}
if (newPasswordButton.value === "") {
displayError("No value for new password");
return;
}
if (newPasswordRepeatButton.value === "") {
displayError("Please repeat new password");
return;
}
if (newPasswordButton.value !== newPasswordRepeatButton.value) {
displayError("New passwords do not match");
return;
}
const formData = new FormData();
formData.append(
"csrf_token",
document.getElementById("csrf_token_storage").value,
);
formData.append("old_password", currentPasswordButton.value);
formData.append("new_password", newPasswordButton.value);
formData.append("new_password_repeat", newPasswordRepeatButton.value);
fetch("/change-password", {
method: "POST",
body: formData,
})
.then(async (res) => {
const data = await res.json();
if (!res.ok) {
throw new Error(data.error || "Request failed");
}
return data;
})
.then((data) => {
document
.getElementById("change_password_dialogue")
.classList.add("hidden");
document.getElementById("popup_background").classList.add("hidden");
})
.catch((err) => {
displayError(err.message);
});
});
document.getElementById("new_password").addEventListener("input", () => {
score = EvaluatePassword(document.getElementById("new_password").value).score;
password_progress.style.width = score + "%";
if (score <= 40) {
strengh_label.innerText = "Strength: Weak";
password_progress.style.backgroundColor = "var(--password-strength-weak)";
} else if (score > 40 && score <= 70) {
strengh_label.innerText = "Strength: Medium";
password_progress.style.backgroundColor = "var(--password-strength-medium)";
} else if (score > 40 && score >= 70) {
strengh_label.innerText = "Strength: Strong";
password_progress.style.backgroundColor = "var(--password-strength-strong)";
}
});
static/javascript/password_strength.js
+51
View File
@@ -0,0 +1,51 @@
// build in evaluate password function
// Errors: reasons why the FreeIPA server would reject the password
// Suggestions: reasons the password should be made stronger
// You can change this code to change how complexity is rated
// Return values
// Score: 0-100
// Errors: A list of errors that would cause the server to reject the password
// Suggestions: A list of suggestions to make the password stronger
function EvaluatePassword(password) {
let score = 0;
let errors = [];
let suggestions = [];
const hasUpper = /[A-Z]/.test(password);
const hasLower = /[a-z]/.test(password);
const hasNumber = /[0-9]/.test(password);
const hasSpecial = /[^A-Za-z0-9]/.test(password);
const isLongEnough = password.length >= 8;
if (!isLongEnough) {
errors.push("Password must be at least 8 characters long.");
}
score += Math.min(password.length * 3, 60);
if (hasUpper) score += 10;
if (hasLower) score += 10;
if (hasNumber) score += 10;
if (hasSpecial) score += 10;
if (score < 100) {
if (password.length < 20) {
suggestions.push(
`Add ${20 - password.length} more characters to reach maximum length points.`,
);
}
if (!hasUpper) suggestions.push("Add an uppercase letter.");
if (!hasLower) suggestions.push("Add a lowercase letter.");
if (!hasNumber) suggestions.push("Add a number.");
if (!hasSpecial)
suggestions.push("Add a special character (e.g., !, @, #).");
if (score > 70 && score < 100) {
suggestions.push(
"Pro-tip: Use a full sentence (passphrase) to make it easier to remember and harder to crack.",
);
}
}
return {
score: Math.min(score, 100),
errors: errors,
suggestions: suggestions,
};
}
static/javascript/resize_photo_dialouge.js
+52
View File
@@ -0,0 +1,52 @@
const resize_photo_box = document.getElementById("resize_photo_box");
// Drag handling
var startXOffset = 0,
startYOffset = 0;
function calculateOffsets() {
const yOffset = startYOffset + (currentY - y_start);
const xOffset = startXOffset + (currentX - x_start);
var top = bitmap.height / 2 - yOffset - 175;
if (top > 0) top = 0;
var bottom = -(bitmap.height / 2) - yOffset + 10 + 175;
if (bottom < 0) bottom = 0;
var left = bitmap.width / 2 - xOffset - 175;
if (left > 0) left = 0;
var right = -(bitmap.width / 2) - xOffset + 10 + 175;
if (right < 0) right = 0;
return { x: xOffset + left + right, y: yOffset + top + bottom };
}
var mouseClicked = false;
resize_photo_box.addEventListener("mousemove", () => {
if (!mouseClicked) return;
offsets = calculateOffsets();
y_top = new_profile_image.style.setProperty("--x-offset", offsets.x + "px");
new_profile_image.style.setProperty("--y-offset", offsets.y + "px");
});
resize_photo_box.addEventListener("mousedown", () => {
x_start = currentX;
y_start = currentY;
mouseClicked = true;
set_cursor_state(CURSOR_GRABBING);
});
resize_photo_box.addEventListener("mouseup", () => {
offsets = calculateOffsets();
startXOffset = offsets.x;
startYOffset = offsets.y;
});
document.body.addEventListener("mouseup", () => {
mouseClicked = false;
set_cursor_state(CURSOR_NORMAL);
});
static/javascript/show_password.js
+22
View File
@@ -0,0 +1,22 @@
const showPasswordButtons = document.getElementsByClassName(
"show_password_toggle",
);
for (const button of showPasswordButtons) {
button.addEventListener("click", function () {
const input = this.parentElement.querySelector(
"input[type='password'], input[type='text']",
);
if (!input) return;
const isHidden = input.type === "password";
input.type = isHidden ? "text" : "password";
if (isHidden) {
this.classList.add("open");
this.classList.remove("closed");
} else {
this.classList.remove("open");
this.classList.add("closed");
}
});
}
static/login_page.css
-81
View File
@@ -1,56 +1,15 @@
#logo_image {
position: fixed;
width: 300px;
left: 50%;
transform: translateX(-50%);
}
#login_card { #login_card {
/* The Magic Three */
display: flex;
flex-direction: column; /* Stack vertically */
gap: 15px; /* Space between inputs */
position: fixed; position: fixed;
top: 50%; top: 50%;
left: 50%; left: 50%;
transform: translateX(-50%) translateY(-50%); transform: translateX(-50%) translateY(-50%);
background-color: var(--bg-card);
border: 1px solid var(--border-subtle);
padding: 2.5rem;
border-radius: 8px;
width: 350px; width: 350px;
/* Soft shadow for depth in light mode */
box-shadow:
0 4px 12px rgba(0, 0, 0, 0.05),
0 1px 3px rgba(0, 0, 0, 0.1);
} }
#login_card input { #login_card input {
padding: 12px;
background-color: var(--bg-input);
border: 1px solid var(--border-subtle);
color: var(--text-main);
border-radius: 6px;
width: 324px; width: 324px;
} }
#login_card input::placeholder {
color: var(--text-muted);
}
#login_card button {
padding: 12px;
background-color: var(--primary-accent); /* Our Teal/Blue */
color: white;
border: none;
border-radius: 6px;
cursor: pointer;
font-weight: bold;
}
#login_card div { #login_card div {
width: 100%; width: 100%;
} }
@@ -69,48 +28,8 @@
flex: 2; flex: 2;
} }
#login_card button:hover {
background-color: var(--primary-hover);
}
.login_text {
color: var(--text-muted);
margin: 0;
padding: 0;
font-size: 15px;
}
#welcome_text { #welcome_text {
font-weight: 700; font-weight: 700;
font-size: 1.25rem; font-size: 1.25rem;
margin-bottom: 8px; margin-bottom: 8px;
} }
#incorrect_password_text {
background-color: var(--error-red) !important;
border-radius: 10px;
padding: 20px;
border-style: solid;
border-color: var(--error-border-red);
border-width: 1px;
box-sizing: border-box;
font-size: 12px;
position: relative;
color: white;
box-shadow: 0 2px 6px rgba(0, 0, 0, 0.1);
}
#incorrect_password_close_button {
position: absolute !important;
background-color: rgba(0, 0, 0, 0) !important;
padding: 0px !important;
top: 20px;
right: 20px;
color: black !important;
font-weight: normal !important;
}
#incorrect_password_close_button:hover {
cursor: default;
font-weight: bold !important;
}
static/profile_page.css
+127 -10
View File
@@ -1,10 +1,3 @@
#logo_image {
position: fixed;
width: 300px;
left: 50%;
transform: translateX(-50%);
}
#main_content { #main_content {
position: fixed; position: fixed;
top: 100px; top: 100px;
@@ -33,6 +26,8 @@
max-width: 500px; max-width: 500px;
text-align: center; text-align: center;
gap: 0px !important;
position: fixed; position: fixed;
left: 50%; left: 50%;
top: 50%; top: 50%;
@@ -83,6 +78,8 @@
border-radius: 50%; border-radius: 50%;
border: none; border: none;
padding: 6px; padding: 6px;
width: fit-content !important;
} }
#edit_picture_button:hover { #edit_picture_button:hover {
@@ -90,8 +87,8 @@
} }
#edit_picture_image { #edit_picture_image {
width: 20px; width: 20px !important;
height: 20px; height: 20px !important;
} }
#picture_holder { #picture_holder {
@@ -100,6 +97,126 @@
line-height: 0; line-height: 0;
} }
#signout_button:hover { .bottom_button:hover {
text-decoration: underline !important; text-decoration: underline !important;
background: none !important;
} }
.bottom_button {
background: none;
border-style: none;
color: var(--primary-accent);
text-decoration: none;
font-weight: bold;
font-size: 20px;
}
#change_password_dialogue {
z-index: 10000;
position: fixed;
}
#resize_photo_dialouge {
z-index: 10000;
}
#change_password_dialogue input {
width: 350px;
}
#close_password_dialogue {
display: inline-block;
aspect-ratio: 1 / 1;
position: absolute;
right: 2.5rem;
padding: 0px;
margin: 0px;
width: 30px;
}
#password_errors {
background-color: var(--error-red);
border-radius: 8px;
padding: 20px;
border-color: var(--error-border-red);
border-width: 2px;
border-style: solid;
color: var(--text-main);
}
#password_warnings {
background-color: var(--warning-yellow);
border-radius: 8px;
padding: 20px;
border-color: var(--warning-border-yellow);
border-width: 2px;
border-style: solid;
color: var(--text-main);
}
#image_container {
position: absolute;
}
#darken_part {
/*background-color: black;*/
z-index: 3;
width: 100vw;
height: 100vh;
}
#confirm_change {
z-index: 2;
}
#new_profile_image {
z-index: 1;
transform: translateX(calc(-50% + var(--x-offset)))
translateY(calc(-50% + var(--y-offset)));
position: absolute;
left: calc(350px / 2);
top: calc(350px / 2);
}
#resize_photo_box {
background-color: rgba(0, 0, 0, 0);
width: 350px;
aspect-ratio: 1 / 1;
border-style: dashed;
border-color: black;
border-width: 5px;
z-index: 4;
}
#resize_photo_box:hover {
background-color: rgba(0, 0, 0, 0);
width: 350px;
aspect-ratio: 1 / 1;
border-style: dashed;
border-color: black;
border-width: 5px;
z-index: 4;
}
/*
#resize_photo_box:hover {
cursor: grab;
}
#new_profile_image {
height: 350px;
position: absolute;
transform: translateX(5px) translateY(5px);
object-fit: cover;
}
#image_container {
height: 350px;
width: fit-content;
position: absolute;
background-color: red;
}*/
static/progress_bar.css
+16
View File
@@ -0,0 +1,16 @@
:root {
--progress-top: #becbd8;
}
.progress-bar {
width: 100%;
background-color: var(--bg-input);
height: 20px;
border-radius: 10px;
}
.progress-bar-progress {
background-color: var(--progress-top);
height: 20px;
border-radius: 10px;
}
static/reset_password.css
+7
View File
@@ -0,0 +1,7 @@
#reset_password_card {
width: 350px;
}
#reset_password_card input {
width: 324px;
}
static/style.css
+115 -2
View File
@@ -16,6 +16,13 @@
--error-red: #ef4444; /* Professional Red */ --error-red: #ef4444; /* Professional Red */
--error-border-red: #e22d2d; --error-border-red: #e22d2d;
--warning-yellow: #fef08a;
--warning-border-yellow: #fde047;
--password-strength-weak: var(--error-red);
--password-strength-medium: var(--warning-border-yellow);
--password-strength-strong: #43ef6b;
font-family: "Inter", sans-serif; font-family: "Inter", sans-serif;
-webkit-font-smoothing: antialiased; -webkit-font-smoothing: antialiased;
} }
@@ -24,6 +31,112 @@ body {
background-color: var(--bg-main); background-color: var(--bg-main);
} }
.hidden { button {
display: none; padding: 12px;
background-color: var(--primary-accent); /* Our Teal/Blue */
color: white;
border: none;
border-radius: 6px;
cursor: pointer;
font-weight: bold;
width: 100%;
}
button:hover {
background-color: var(--primary-hover);
}
button:focus {
outline: 2px solid var(--primary-accent);
}
input {
padding: 12px;
background-color: var(--bg-input);
border: 1px solid var(--border-subtle);
color: var(--text-main);
border-radius: 6px;
}
input:focus {
outline: 2px solid var(--primary-accent);
}
input::placeholder {
color: var(--text-muted);
}
.input_label {
color: var(--text-muted);
margin: 0;
padding: 0;
font-size: 15px;
}
.hidden {
display: none !important;
}
.blocked {
position: fixed; /* or absolute */
top: 0;
left: 0;
width: 100%;
height: 100%;
z-index: 9999; /* higher = on top */
backdrop-filter: blur(4px);
background-color: rgba(0, 0, 0, 0.3);
pointer-events: all;
}
.dialouge_title {
font-size: 20px;
margin-bottom: 0px;
color: var(--text-main) !important;
}
.password_box {
position: relative;
display: inline-block;
}
.show_password_toggle {
width: 10px;
height: 10px;
position: absolute;
right: 5px;
bottom: 50%;
transform: translateY(50%);
background-size: contain;
background-repeat: no-repeat;
background-position: center;
background-color: rgba(0, 0, 0, 0);
}
.show_password_toggle.closed {
background-image: url("/static/images/closed_eye.png");
}
.show_password_toggle.open {
background-image: url("/static/images/filled_eye.png");
}
.show_password_toggle:hover {
background-color: rgba(0, 0, 0, 0);
}
.show_password_toggle:focus {
outline: none !important;
}
#logo_image {
position: fixed;
width: 300px;
left: 50%;
transform: translateX(-50%);
}
.subtext {
color: var(--text-muted);
} }