Compare commits
25 Commits
v0.0.5
..
a7b302b74b
| Author | SHA1 | Date | |
|---|---|---|---|
 Gregory Wells
|
a7b302b74b | ||
|
Gregory Wells
|
f8b37d9836 | ||
|
Gregory Wells
|
4256e5ba8a | ||
|
Gregory Wells
|
5386b64648 | ||
|
Gregory Wells
|
78d259ea3b | ||
|
Gregory Wells
|
1e87b8239b | ||
|
Gregory Wells
|
e1862ca8eb | ||
|
Gregory Wells
|
9c984fefaf | ||
|
Gregory Wells
|
10900093e0 | ||
|
Gregory Wells
|
e151e11123 | ||
 gawells
|
1ddc4daf02 | ||
|
gawells
|
e2fe714029 | ||
|
gawells
|
3e2541b411 | ||
|
gawells
|
561c33b1a9 | ||
|
gawells
|
33afca200d | ||
|
gawells
|
812a40492f | ||
|
gawells
|
093b33db0d | ||
|
gawells
|
8633309968 | ||
|
gawells
|
093b258b84 | ||
|
gawells
|
5a80d61d9b | ||
|
gawells
|
6a985c1a84 | ||
|
gawells
|
590ea73a92 | ||
|
gawells
|
8de145adbc | ||
|
gawells
|
8f0291bb8a | ||
|
gawells
|
cde41b82b2 |
@@ -12,6 +12,14 @@
|
||||
"logo_path": "./data/astraltech_logo_large.png"
|
||||
},
|
||||
"server_config": {
|
||||
"port": 8080
|
||||
"port": 8080,
|
||||
"base_url": "https://profile.example.com"
|
||||
},
|
||||
"email_config": {
|
||||
"username": "noreply",
|
||||
"email": "noreply@example.com",
|
||||
"password": "",
|
||||
"smtp_url": "mx.example.com",
|
||||
"smtp_port": 587
|
||||
}
|
||||
}
|
||||
|
||||
@@ -0,0 +1,69 @@
|
||||
<!doctype html>
|
||||
<html>
|
||||
<head>
|
||||
<!-- Tell iOS we support light mode -->
|
||||
<meta name="color-scheme" content="light" />
|
||||
<meta name="supported-color-schemes" content="light" />
|
||||
</head>
|
||||
|
||||
<body
|
||||
style="margin: 0; padding: 0; background-color: #f7fff7; color: #000000"
|
||||
>
|
||||
<table
|
||||
width="100%"
|
||||
cellpadding="0"
|
||||
cellspacing="0"
|
||||
border="0"
|
||||
style="background-color: #f7fff7"
|
||||
>
|
||||
<tr>
|
||||
<td align="center">
|
||||
<!-- Outer container -->
|
||||
<table
|
||||
width="600"
|
||||
cellpadding="0"
|
||||
cellspacing="0"
|
||||
border="0"
|
||||
style="
|
||||
background-color: #ffffff;
|
||||
border: 1px solid #e2e8f0;
|
||||
border-radius: 12px;
|
||||
margin-top: 25px;
|
||||
"
|
||||
>
|
||||
<tr>
|
||||
<td
|
||||
style="
|
||||
padding: 30px;
|
||||
font-family: Arial, sans-serif;
|
||||
color: #000000;
|
||||
"
|
||||
>
|
||||
<p style="margin: 0 0 15px 0">
|
||||
Hi <strong>{{.Username}}</strong>,
|
||||
</p>
|
||||
|
||||
<p style="margin: 0 0 15px 0">
|
||||
Your account password has been successfully
|
||||
changed. If you made this change, you can
|
||||
safely disregard this email.
|
||||
</p>
|
||||
|
||||
<p style="margin: 20px 0 15px 0">
|
||||
If you did not change your password, please
|
||||
contact your system administrator
|
||||
immediately to secure your account.
|
||||
</p>
|
||||
|
||||
<p style="margin: 0">
|
||||
Thanks,<br />
|
||||
<strong>{{.ServiceName}}</strong>
|
||||
</p>
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</body>
|
||||
</html>
|
||||
@@ -0,0 +1,112 @@
|
||||
<!doctype html>
|
||||
<html>
|
||||
<head>
|
||||
<!-- Tell iOS we support light mode -->
|
||||
<meta name="color-scheme" content="light" />
|
||||
<meta name="supported-color-schemes" content="light" />
|
||||
</head>
|
||||
|
||||
<body
|
||||
style="margin: 0; padding: 0; background-color: #f7fff7; color: #000000"
|
||||
>
|
||||
<table
|
||||
width="100%"
|
||||
cellpadding="0"
|
||||
cellspacing="0"
|
||||
border="0"
|
||||
style="background-color: #f7fff7"
|
||||
>
|
||||
<tr>
|
||||
<td align="center">
|
||||
<!-- Outer container -->
|
||||
<table
|
||||
width="600"
|
||||
cellpadding="0"
|
||||
cellspacing="0"
|
||||
border="0"
|
||||
style="
|
||||
background-color: #ffffff;
|
||||
border: 1px solid #e2e8f0;
|
||||
border-radius: 12px;
|
||||
margin-top: 25px;
|
||||
"
|
||||
>
|
||||
<tr>
|
||||
<td
|
||||
style="
|
||||
padding: 30px;
|
||||
font-family: Arial, sans-serif;
|
||||
color: #000000;
|
||||
"
|
||||
>
|
||||
<p style="margin: 0 0 15px 0">
|
||||
Hi <strong>{{.Username}}</strong>,
|
||||
</p>
|
||||
|
||||
<p style="margin: 0 0 15px 0">
|
||||
Your account password has expired and needs
|
||||
to be updated to continue accessing your
|
||||
account.
|
||||
</p>
|
||||
|
||||
<p style="margin: 0 0 15px 0">
|
||||
<strong>Expiration Date:</strong><br />
|
||||
{{.ExpiredAt}}
|
||||
</p>
|
||||
|
||||
<p style="margin: 0 0 20px 0">
|
||||
For security reasons, passwords must be
|
||||
updated periodically. Please reset your
|
||||
password as soon as possible.
|
||||
</p>
|
||||
|
||||
<!-- Button -->
|
||||
<table
|
||||
align="center"
|
||||
cellpadding="0"
|
||||
cellspacing="0"
|
||||
border="0"
|
||||
>
|
||||
<tr>
|
||||
<td
|
||||
bgcolor="#1a535c"
|
||||
style="border-radius: 6px"
|
||||
>
|
||||
<a
|
||||
href="{{.ResetURL}}"
|
||||
style="
|
||||
display: inline-block;
|
||||
padding: 12px 20px;
|
||||
font-weight: bold;
|
||||
font-family:
|
||||
Arial, sans-serif;
|
||||
color: #ffffff;
|
||||
text-decoration: none;
|
||||
background-color: #1a535c;
|
||||
border-radius: 6px;
|
||||
-webkit-text-fill-color: #ffffff;
|
||||
"
|
||||
>
|
||||
Reset Password
|
||||
</a>
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
<p style="margin: 20px 0 15px 0">
|
||||
If you did not expect this, please contact
|
||||
your system administrator.
|
||||
</p>
|
||||
|
||||
<p style="margin: 0">
|
||||
Thanks,<br />
|
||||
<strong>{{.ServiceName}}</strong>
|
||||
</p>
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</body>
|
||||
</html>
|
||||
@@ -6,7 +6,10 @@ require github.com/go-ldap/ldap/v3 v3.4.13
|
||||
|
||||
require (
|
||||
github.com/Azure/go-ntlmssp v0.1.0 // indirect
|
||||
github.com/cespare/xxhash/v2 v2.3.0 // indirect
|
||||
github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 // indirect
|
||||
github.com/google/uuid v1.6.0 // indirect
|
||||
github.com/redis/go-redis/v9 v9.20.0 // indirect
|
||||
go.uber.org/atomic v1.11.0 // indirect
|
||||
golang.org/x/crypto v0.48.0 // indirect
|
||||
)
|
||||
|
||||
@@ -2,6 +2,8 @@ github.com/Azure/go-ntlmssp v0.1.0 h1:DjFo6YtWzNqNvQdrwEyr/e4nhU3vRiwenz5QX7sFz+
|
||||
github.com/Azure/go-ntlmssp v0.1.0/go.mod h1:NYqdhxd/8aAct/s4qSYZEerdPuH1liG2/X9DiVTbhpk=
|
||||
github.com/alexbrainman/sspi v0.0.0-20250919150558-7d374ff0d59e h1:4dAU9FXIyQktpoUAgOJK3OTFc/xug0PCXYCqU0FgDKI=
|
||||
github.com/alexbrainman/sspi v0.0.0-20250919150558-7d374ff0d59e/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4=
|
||||
github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
|
||||
github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
|
||||
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
|
||||
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||
github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 h1:BP4M0CvQ4S3TGls2FvczZtj5Re/2ZzkV9VwqPHH/3Bo=
|
||||
@@ -30,8 +32,12 @@ github.com/jcmturner/rpc/v2 v2.0.3 h1:7FXXj8Ti1IaVFpSAziCZWNzbNuZmnvw/i6CqLNdWfZ
|
||||
github.com/jcmturner/rpc/v2 v2.0.3/go.mod h1:VUJYCIDm3PVOEHw8sgt091/20OJjskO/YJki3ELg/Hc=
|
||||
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
|
||||
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
|
||||
github.com/redis/go-redis/v9 v9.20.0 h1:WnQYxLkgO2xiXTCJY0ldIiI8dNqCDlQAG+AtaH7a2a0=
|
||||
github.com/redis/go-redis/v9 v9.20.0/go.mod h1:v/M13XI1PVCDcm01VtPFOADfZtHf8YW3baQf57KlIkA=
|
||||
github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk=
|
||||
github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
|
||||
go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE=
|
||||
go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
|
||||
golang.org/x/crypto v0.48.0 h1:/VRzVqiRSggnhY7gNRxPauEQ5Drw9haKdM0jqfcCFts=
|
||||
golang.org/x/crypto v0.48.0/go.mod h1:r0kV5h3qnFPlQnBSrULhlsRfryS2pmewsg+XfMgkVos=
|
||||
golang.org/x/net v0.50.0 h1:ucWh9eiCGyDR3vtzso0WMQinm2Dnt8cFMuQa9K33J60=
|
||||
|
||||
+16
-11
@@ -16,37 +16,42 @@ type EmailAccount struct {
|
||||
}
|
||||
|
||||
type EmailAccountData struct {
|
||||
username string
|
||||
password string
|
||||
email string
|
||||
Username string
|
||||
Password string
|
||||
Email string
|
||||
}
|
||||
|
||||
func createEmailAccount(accountData EmailAccountData, smtpHost string, smtpPort int) EmailAccount {
|
||||
logging.Debugf("Creating Email Account: \n\tUsername: %s\n\tEmail: %s\n\tSMTP Host: %s:%d", accountData.username, accountData.email, smtpHost, smtpPort)
|
||||
func CreateEmailAccount(accountData EmailAccountData, smtpHost string, smtpPort int) EmailAccount {
|
||||
logging.Debugf("Creating Email Account: \n\tUsername: %s\n\tEmail: %s\n\tSMTP Host: %s:%d", accountData.Username, accountData.Email, smtpHost, smtpPort)
|
||||
account := EmailAccount{
|
||||
email: accountData.email,
|
||||
email: accountData.Email,
|
||||
smtpHost: smtpHost,
|
||||
smtpPort: strconv.Itoa(smtpPort),
|
||||
}
|
||||
account.auth = smtp.PlainAuth("", accountData.username, accountData.password, smtpHost)
|
||||
account.auth = smtp.PlainAuth("", accountData.Username, accountData.Password, smtpHost)
|
||||
return account
|
||||
}
|
||||
|
||||
func sendEmail(account EmailAccount, toEmail []string, subject string, message string) {
|
||||
logging.Debugf("Sending an email from %s to %s", account.email, strings.Join(toEmail, ""))
|
||||
func (account *EmailAccount) SendEmail(toEmails []string, subject string, message string) {
|
||||
logging.Debugf("Sending an email from %s to %s", account.email, strings.Join(toEmails, ", "))
|
||||
|
||||
ToEmailList := strings.Join(toEmail, "")
|
||||
ToEmailList := strings.Join(toEmails, ", ")
|
||||
|
||||
mime := "MIME-version: 1.0;\r\nContent-Type: text/html; charset=\"UTF-8\";\r\n\r\n"
|
||||
|
||||
messageData := []byte(
|
||||
"From: " + account.email + "\r\n" +
|
||||
"To: " + ToEmailList + "\r\n" +
|
||||
"Subject: " + subject + "\r\n" +
|
||||
mime +
|
||||
"\r\n" +
|
||||
message,
|
||||
)
|
||||
err := smtp.SendMail(account.smtpHost+":"+account.smtpPort, account.auth, account.email, toEmail, messageData)
|
||||
err := smtp.SendMail(account.smtpHost+":"+account.smtpPort, account.auth, account.email, toEmails, messageData)
|
||||
if err != nil {
|
||||
logging.Error("Failed to send email")
|
||||
logging.Error(err.Error())
|
||||
return
|
||||
}
|
||||
logging.Info("Successfully sent email")
|
||||
}
|
||||
|
||||
@@ -0,0 +1,28 @@
|
||||
package email
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"path/filepath"
|
||||
"text/template"
|
||||
)
|
||||
|
||||
func RenderTemplate(path string, data any, funcMap template.FuncMap) (string, error) {
|
||||
tmpl := template.New("")
|
||||
|
||||
if funcMap != nil {
|
||||
tmpl = tmpl.Funcs(funcMap)
|
||||
}
|
||||
|
||||
tmpl, err := tmpl.ParseFiles(path)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
||||
var buf bytes.Buffer
|
||||
err = tmpl.ExecuteTemplate(&buf, filepath.Base(path), data)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
||||
return buf.String(), nil
|
||||
}
|
||||
@@ -23,12 +23,22 @@ type StyleConfig struct {
|
||||
|
||||
type WebserverConfig struct {
|
||||
Port int `json:"port"`
|
||||
BaseURL string `json:"base_url"`
|
||||
}
|
||||
|
||||
type EmailConfig struct {
|
||||
Username string `json:"username"`
|
||||
Email string `json:"email"`
|
||||
Password string `json:"password"`
|
||||
SMTPURL string `json:"smtp_url"`
|
||||
SMTPPort int `json:"smtp_port"`
|
||||
}
|
||||
|
||||
type ServerConfig struct {
|
||||
LDAPConfig LDAPConfig `json:"ldap_config"`
|
||||
StyleConfig StyleConfig `json:"style_config"`
|
||||
WebserverConfig WebserverConfig `json:"server_config"`
|
||||
EmailConfig EmailConfig `json:"email_config"`
|
||||
}
|
||||
|
||||
func loadServerConfig(path string) (*ServerConfig, error) {
|
||||
|
||||
@@ -0,0 +1,58 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"html/template"
|
||||
"net/http"
|
||||
"strings"
|
||||
|
||||
"astraltech.xyz/accountmanager/src/logging"
|
||||
)
|
||||
|
||||
type LoginPageData struct {
|
||||
IsHiddenClassList string
|
||||
}
|
||||
|
||||
func loginHandler(w http.ResponseWriter, r *http.Request) {
|
||||
logging.Info("Handing login page")
|
||||
|
||||
w.Header().Set("Content-Type", "text/html; charset=utf-8")
|
||||
tmpl := template.Must(template.ParseFiles("src/pages/login_page.html"))
|
||||
if r.Method == http.MethodGet {
|
||||
logging.Info("Rending login page")
|
||||
tmpl.Execute(w, LoginPageData{IsHiddenClassList: "hidden"})
|
||||
return
|
||||
}
|
||||
|
||||
if r.Method == http.MethodPost {
|
||||
username := r.FormValue("username")
|
||||
if strings.Contains(username, "/") {
|
||||
tmpl.Execute(w, LoginPageData{IsHiddenClassList: ""})
|
||||
}
|
||||
password := r.FormValue("password")
|
||||
|
||||
logging.Infof("New Login request for %s\n", username)
|
||||
newUserData, err := authenticateUser(username, password)
|
||||
userDataMutex.Lock()
|
||||
userData[username] = newUserData
|
||||
userDataMutex.Unlock()
|
||||
if err == ErrPasswordExpired {
|
||||
http.Redirect(w, r, "/reset-password?token=this_is_the_only_token_that_works", http.StatusFound)
|
||||
} else if err != nil {
|
||||
logging.Error(err.Error())
|
||||
tmpl.Execute(w, LoginPageData{IsHiddenClassList: ""})
|
||||
} else {
|
||||
if newUserData.isAuth == true {
|
||||
cookie, err := sessionManager.CreateSession(username)
|
||||
if err != nil {
|
||||
logging.Error(err.Error())
|
||||
http.Error(w, "Session error", http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
http.SetCookie(w, cookie)
|
||||
http.Redirect(w, r, "/profile", http.StatusFound)
|
||||
} else {
|
||||
tmpl.Execute(w, LoginPageData{IsHiddenClassList: ""})
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
+29
-49
@@ -1,6 +1,7 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"html/template"
|
||||
"log"
|
||||
@@ -9,6 +10,7 @@ import (
|
||||
"sync"
|
||||
|
||||
"astraltech.xyz/accountmanager/src/components"
|
||||
"astraltech.xyz/accountmanager/src/email"
|
||||
"astraltech.xyz/accountmanager/src/helpers"
|
||||
"astraltech.xyz/accountmanager/src/ldap"
|
||||
"astraltech.xyz/accountmanager/src/logging"
|
||||
@@ -19,6 +21,7 @@ var (
|
||||
ldapServer ldap.LDAPServer
|
||||
serverConfig *ServerConfig
|
||||
sessionManager *session.SessionManager
|
||||
noReplyEmail email.EmailAccount
|
||||
)
|
||||
|
||||
type UserData struct {
|
||||
@@ -32,12 +35,17 @@ var (
|
||||
userDataMutex sync.RWMutex
|
||||
)
|
||||
|
||||
var ErrPasswordExpired = errors.New("Password expired")
|
||||
|
||||
func authenticateUser(username, password string) (*UserData, error) {
|
||||
logging.Event(logging.AuthenticateUser, username)
|
||||
userDN := fmt.Sprintf("uid=%s,cn=users,cn=accounts,%s", username, serverConfig.LDAPConfig.BaseDN)
|
||||
|
||||
connected, err := ldapServer.AuthenticateUser(userDN, password)
|
||||
if err != nil {
|
||||
if strings.Contains(err.Error(), "Password is expired") {
|
||||
return nil, ErrPasswordExpired
|
||||
}
|
||||
return nil, err
|
||||
}
|
||||
if connected == false {
|
||||
@@ -70,54 +78,6 @@ func authenticateUser(username, password string) (*UserData, error) {
|
||||
return &user, nil
|
||||
}
|
||||
|
||||
type LoginPageData struct {
|
||||
IsHiddenClassList string
|
||||
}
|
||||
|
||||
func loginHandler(w http.ResponseWriter, r *http.Request) {
|
||||
logging.Info("Handing login page")
|
||||
|
||||
w.Header().Set("Content-Type", "text/html; charset=utf-8")
|
||||
tmpl := template.Must(template.ParseFiles("src/pages/login_page.html"))
|
||||
if r.Method == http.MethodGet {
|
||||
logging.Info("Rending login page")
|
||||
tmpl.Execute(w, LoginPageData{IsHiddenClassList: "hidden"})
|
||||
return
|
||||
}
|
||||
|
||||
// 2. Logic for processing the form
|
||||
if r.Method == http.MethodPost {
|
||||
username := r.FormValue("username")
|
||||
if strings.Contains(username, "/") {
|
||||
tmpl.Execute(w, LoginPageData{IsHiddenClassList: ""})
|
||||
}
|
||||
password := r.FormValue("password")
|
||||
|
||||
logging.Infof("New Login request for %s\n", username)
|
||||
newUserData, err := authenticateUser(username, password)
|
||||
userDataMutex.Lock()
|
||||
userData[username] = newUserData
|
||||
userDataMutex.Unlock()
|
||||
if err != nil {
|
||||
logging.Error(err.Error())
|
||||
tmpl.Execute(w, LoginPageData{IsHiddenClassList: ""})
|
||||
} else {
|
||||
if newUserData.isAuth == true {
|
||||
cookie, err := sessionManager.CreateSession(username)
|
||||
if err != nil {
|
||||
logging.Error(err.Error())
|
||||
http.Error(w, "Session error", http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
http.SetCookie(w, cookie)
|
||||
http.Redirect(w, r, "/profile", http.StatusFound)
|
||||
} else {
|
||||
tmpl.Execute(w, LoginPageData{IsHiddenClassList: ""})
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
type ProfileData struct {
|
||||
Username string
|
||||
Email string
|
||||
@@ -237,12 +197,23 @@ func changePasswordHandler(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
w.WriteHeader(http.StatusOK)
|
||||
w.Write([]byte(`{"success": true}`))
|
||||
|
||||
data := map[string]any{
|
||||
"Username": userData[sessionData.UserID].DisplayName,
|
||||
"ServiceName": "Astral Tech",
|
||||
}
|
||||
|
||||
email_template, err := email.RenderTemplate("./data/email-templates/changed-password.html", data, nil)
|
||||
if err != nil {
|
||||
logging.Errorf("Failed to load email template: %s", err.Error())
|
||||
}
|
||||
noReplyEmail.SendEmail([]string{userData[sessionData.UserID].Email}, "Password expired", email_template)
|
||||
}
|
||||
|
||||
func main() {
|
||||
logging.Info("Starting the server")
|
||||
sessionManager = session.GetSessionManager()
|
||||
sessionManager.SetStoreType(session.InMemory)
|
||||
sessionManager.SetStoreType(session.Redis)
|
||||
|
||||
var err error
|
||||
serverConfig, err = loadServerConfig("./data/config.json")
|
||||
@@ -250,6 +221,12 @@ func main() {
|
||||
log.Fatal("Could not load server config")
|
||||
}
|
||||
|
||||
noReplyEmail = email.CreateEmailAccount(email.EmailAccountData{
|
||||
Username: serverConfig.EmailConfig.Username,
|
||||
Password: serverConfig.EmailConfig.Password,
|
||||
Email: serverConfig.EmailConfig.Email,
|
||||
}, serverConfig.EmailConfig.SMTPURL, serverConfig.EmailConfig.SMTPPort)
|
||||
|
||||
ldapServer = ldap.LDAPServer{
|
||||
URL: serverConfig.LDAPConfig.LDAPURL,
|
||||
StartTLS: serverConfig.LDAPConfig.Security == "tls",
|
||||
@@ -269,6 +246,8 @@ func main() {
|
||||
logging.Fatal("Failed to connect to LDAP server")
|
||||
}
|
||||
|
||||
InitPasswordExpiry()
|
||||
|
||||
helpers.HandleFunc("/favicon.ico", faviconHandler)
|
||||
helpers.HandleFunc("/logo", logoHandler)
|
||||
|
||||
@@ -276,6 +255,7 @@ func main() {
|
||||
helpers.HandleFunc("/login", loginHandler)
|
||||
helpers.HandleFunc("/profile", profileHandler)
|
||||
helpers.HandleFunc("/logout", logoutHandler)
|
||||
helpers.HandleFunc("/reset-password", resetPasswordHandler)
|
||||
|
||||
helpers.HandleFunc("/avatar", components.AvatarHandler)
|
||||
helpers.HandleFunc("/change-photo", components.UploadPhotoHandler)
|
||||
|
||||
@@ -0,0 +1,57 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"time"
|
||||
|
||||
"astraltech.xyz/accountmanager/src/email"
|
||||
"astraltech.xyz/accountmanager/src/logging"
|
||||
"astraltech.xyz/accountmanager/src/worker"
|
||||
)
|
||||
|
||||
func InitPasswordExpiry() {
|
||||
go func() {
|
||||
CheckPasswordExpriy()
|
||||
}()
|
||||
worker.CreateWorker(time.Hour*12, CheckPasswordExpriy)
|
||||
}
|
||||
|
||||
func CheckPasswordExpriy() {
|
||||
logging.Infof("Starting password expiry check")
|
||||
|
||||
now := time.Now().UTC()
|
||||
formatted := now.Format("20060102150405Z")
|
||||
|
||||
search, err := ldapServer.SerchServer(serverConfig.LDAPConfig.BindDN, serverConfig.LDAPConfig.BindPassword, serverConfig.LDAPConfig.BaseDN, fmt.Sprintf("(&(objectclass=person)(krbPasswordExpiration<=%s))", formatted), []string{"cn", "mail", "krbPasswordExpiration"})
|
||||
if err != nil {
|
||||
logging.Warn(err.Error())
|
||||
}
|
||||
|
||||
logging.Infof("%d users with expired passwords", search.EntryCount())
|
||||
|
||||
for i := range search.EntryCount() {
|
||||
emailAddr := search.GetEntry(i).GetAttributeValue("mail")
|
||||
if len(emailAddr) <= 0 {
|
||||
continue
|
||||
}
|
||||
|
||||
t, err := time.Parse("20060102150405Z", search.GetEntry(i).GetAttributeValue("krbPasswordExpiration"))
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
formatted := t.Format("January 2, 2006 at 3:04 PM MST")
|
||||
|
||||
data := map[string]any{
|
||||
"Username": search.GetEntry(i).GetAttributeValue("cn"),
|
||||
"ExpiredAt": formatted,
|
||||
"ResetURL": fmt.Sprintf("%s", serverConfig.WebserverConfig.BaseURL),
|
||||
"ServiceName": "Astral Tech",
|
||||
}
|
||||
|
||||
email_template, err := email.RenderTemplate("./data/email-templates/expired-password.html", data, nil)
|
||||
if err != nil {
|
||||
logging.Errorf("Failed to load email template: %s", err.Error())
|
||||
}
|
||||
noReplyEmail.SendEmail([]string{emailAddr}, "Password expired", email_template)
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,21 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"html/template"
|
||||
"net/http"
|
||||
|
||||
"astraltech.xyz/accountmanager/src/logging"
|
||||
)
|
||||
|
||||
func resetPasswordHandler(w http.ResponseWriter, r *http.Request) {
|
||||
w.Header().Set("Content-Type", "text/html; charset=utf-8")
|
||||
|
||||
token := r.URL.Query().Get("token")
|
||||
logging.Infof("Token: %s\n", token)
|
||||
|
||||
tmpl := template.Must(template.ParseFiles("src/pages/reset_password.html"))
|
||||
if r.Method == http.MethodGet {
|
||||
tmpl.Execute(w, nil)
|
||||
return
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,44 @@
|
||||
<!doctype html>
|
||||
<title>Astral Tech - Reset Password</title>
|
||||
|
||||
<link
|
||||
href="https://fonts.googleapis.com/css2?family=Inter:wght@400;600&display=swap"
|
||||
rel="stylesheet"
|
||||
/>
|
||||
<link rel="stylesheet" href="static/style.css" />
|
||||
<link rel="stylesheet" href="static/error/error.css" />
|
||||
<link rel="stylesheet" href="static/card.css" />
|
||||
<link rel="stylesheet" href="static/reset_password.css" />
|
||||
|
||||
<img id="logo_image" alt="logo" src="/logo" />
|
||||
|
||||
<div id="reset_password_card" class="card static_center">
|
||||
<div>
|
||||
<div>
|
||||
Welcome
|
||||
<b>{{.Name}}</b>
|
||||
</div>
|
||||
<div class="subtext">
|
||||
Your password needs to be reset, please enter your new password
|
||||
below
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<label class="input_label">New password</label><br />
|
||||
<div class="password_box">
|
||||
<input type="password" name="password" placeholder="" required />
|
||||
<button type="button" class="show_password_toggle closed"></button>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<label class="input_label">New password (repeated)</label><br />
|
||||
<div class="password_box">
|
||||
<input type="password" name="password" placeholder="" required />
|
||||
<button type="button" class="show_password_toggle closed"></button>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<button>Reset Password</button>
|
||||
</div>
|
||||
@@ -5,3 +5,4 @@ import "errors"
|
||||
var ErrSessionNotFound = errors.New("session not found")
|
||||
var ErrSessionAlreadyExists = errors.New("session already exists")
|
||||
var ErrSessionExpired = errors.New("session expired")
|
||||
var ErrSessionBackend = errors.New("session backend")
|
||||
|
||||
@@ -21,6 +21,7 @@ type StoreType int
|
||||
|
||||
const (
|
||||
InMemory StoreType = iota
|
||||
Redis
|
||||
)
|
||||
|
||||
func GetSessionManager() *SessionManager {
|
||||
@@ -38,6 +39,11 @@ func (manager *SessionManager) SetStoreType(storeType StoreType) {
|
||||
manager.store = NewMemoryStore()
|
||||
break
|
||||
}
|
||||
case Redis:
|
||||
{
|
||||
manager.store = NewRedisStore()
|
||||
break
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -0,0 +1,117 @@
|
||||
package session
|
||||
|
||||
import (
|
||||
"context"
|
||||
"encoding/json"
|
||||
"time"
|
||||
|
||||
"astraltech.xyz/accountmanager/src/logging"
|
||||
"github.com/redis/go-redis/v9"
|
||||
)
|
||||
|
||||
type RedisStore struct {
|
||||
client *redis.Client
|
||||
ctx context.Context
|
||||
}
|
||||
|
||||
func NewRedisStore() *RedisStore {
|
||||
logging.Debug("Creating new redis session store")
|
||||
|
||||
// this will be replaced with a URL that can be parsed in the config file
|
||||
redis_server := "redis://localhost:6379/0"
|
||||
|
||||
opts, err := redis.ParseURL(redis_server)
|
||||
if err != nil {
|
||||
logging.Errorf("Failed to parse redis url %s", err.Error())
|
||||
}
|
||||
|
||||
rdb := redis.NewClient(opts)
|
||||
|
||||
ctx := context.Background()
|
||||
if err := rdb.Ping(ctx).Err(); err != nil {
|
||||
logging.Errorf("Failed to connect to redis server %s", redis_server)
|
||||
} else {
|
||||
logging.Infof("Successfully connected to redis server %s", redis_server)
|
||||
}
|
||||
|
||||
store := &RedisStore{
|
||||
client: rdb,
|
||||
ctx: ctx,
|
||||
}
|
||||
return store
|
||||
}
|
||||
|
||||
// return rdb.Set(ctx, key, data, 0).Err()
|
||||
|
||||
func (m *RedisStore) Create(sessionID string, session *SessionData) (err error) {
|
||||
hashedSession := hashSession(sessionID)
|
||||
|
||||
data, err := json.Marshal(*session)
|
||||
if err != nil {
|
||||
return ErrSessionBackend
|
||||
}
|
||||
|
||||
created, err := m.client.SetNX(m.ctx, hashedSession, data, time.Hour).Result()
|
||||
if err != nil {
|
||||
logging.Error(err.Error())
|
||||
return ErrSessionBackend
|
||||
}
|
||||
|
||||
if !created {
|
||||
return ErrSessionAlreadyExists
|
||||
}
|
||||
return nil
|
||||
}
|
||||
func (m *RedisStore) Get(sessionID string) (*SessionData, error) {
|
||||
hashed := hashSession(sessionID)
|
||||
|
||||
data, err := m.client.Get(m.ctx, hashed).Bytes()
|
||||
if err == redis.Nil {
|
||||
return nil, ErrSessionNotFound
|
||||
} else if err != nil {
|
||||
logging.Error(err.Error())
|
||||
return nil, ErrSessionBackend
|
||||
}
|
||||
|
||||
var session_data SessionData
|
||||
if err := json.Unmarshal(data, &session_data); err != nil {
|
||||
logging.Error(err.Error())
|
||||
return nil, ErrSessionBackend
|
||||
}
|
||||
|
||||
if time.Now().After(session_data.ExpiresAt) {
|
||||
_ = m.Delete(sessionID)
|
||||
return nil, ErrSessionBackend
|
||||
}
|
||||
return &session_data, nil
|
||||
}
|
||||
|
||||
func (m *RedisStore) Update(sessionID string, session *SessionData) error {
|
||||
hashedSession := hashSession(sessionID)
|
||||
|
||||
data, err := json.Marshal(*session)
|
||||
if err != nil {
|
||||
return ErrSessionBackend
|
||||
}
|
||||
|
||||
updated, err := m.client.SetXX(m.ctx, hashedSession, data, time.Hour).Result()
|
||||
if err != nil {
|
||||
logging.Error(err.Error())
|
||||
return ErrSessionBackend
|
||||
}
|
||||
|
||||
if !updated {
|
||||
return ErrSessionNotFound
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (m *RedisStore) Delete(sessionID string) error {
|
||||
hashedSession := hashSession(sessionID)
|
||||
err := m.client.Del(m.ctx, hashedSession).Err()
|
||||
if err != nil {
|
||||
logging.Error(err.Error())
|
||||
return ErrSessionBackend
|
||||
}
|
||||
return nil
|
||||
}
|
||||
@@ -3,9 +3,9 @@ package session
|
||||
import "time"
|
||||
|
||||
type SessionData struct {
|
||||
UserID string
|
||||
CSRFToken string
|
||||
ExpiresAt time.Time
|
||||
UserID string `json:"userid"`
|
||||
CSRFToken string `json:"csrftoken"`
|
||||
ExpiresAt time.Time `json:"expiresat"`
|
||||
}
|
||||
|
||||
type SessionStore interface {
|
||||
|
||||
+1
-6
@@ -1,10 +1,5 @@
|
||||
.card {
|
||||
background: rgba(
|
||||
255,
|
||||
255,
|
||||
255,
|
||||
1
|
||||
); /* Semi-transparent white for light theme */
|
||||
background: rgba(255, 255, 255, 1);
|
||||
border: 1px solid var(--border-subtle);
|
||||
border-radius: 12px;
|
||||
padding: 2.5rem;
|
||||
|
||||
@@ -1,10 +1,3 @@
|
||||
#logo_image {
|
||||
position: fixed;
|
||||
width: 300px;
|
||||
left: 50%;
|
||||
transform: translateX(-50%);
|
||||
}
|
||||
|
||||
#login_card {
|
||||
position: fixed;
|
||||
top: 50%;
|
||||
|
||||
@@ -1,10 +1,3 @@
|
||||
#logo_image {
|
||||
position: fixed;
|
||||
width: 300px;
|
||||
left: 50%;
|
||||
transform: translateX(-50%);
|
||||
}
|
||||
|
||||
#main_content {
|
||||
position: fixed;
|
||||
top: 100px;
|
||||
|
||||
@@ -0,0 +1,7 @@
|
||||
#reset_password_card {
|
||||
width: 350px;
|
||||
}
|
||||
|
||||
#reset_password_card input {
|
||||
width: 324px;
|
||||
}
|
||||
@@ -129,3 +129,14 @@ input::placeholder {
|
||||
.show_password_toggle:focus {
|
||||
outline: none !important;
|
||||
}
|
||||
|
||||
#logo_image {
|
||||
position: fixed;
|
||||
width: 300px;
|
||||
left: 50%;
|
||||
transform: translateX(-50%);
|
||||
}
|
||||
|
||||
.subtext {
|
||||
color: var(--text-muted);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user