2024-04-12 16:41:11 +02:00
|
|
|
package authn
|
|
|
|
|
|
|
|
import (
|
|
|
|
"reflect"
|
|
|
|
"time"
|
|
|
|
|
|
|
|
"forge.cadoles.com/cadoles/bouncer/internal/store"
|
|
|
|
"github.com/mitchellh/mapstructure"
|
|
|
|
"github.com/pkg/errors"
|
|
|
|
)
|
|
|
|
|
|
|
|
type LayerOptions struct {
|
2024-05-17 17:29:26 +02:00
|
|
|
MatchURLs []string `mapstructure:"matchURLs"`
|
2024-05-21 12:10:52 +02:00
|
|
|
Rules []string `mapstructure:"rules"`
|
2024-05-17 17:29:26 +02:00
|
|
|
Templates TemplatesOptions `mapstructure:"templates"`
|
2024-04-12 16:41:11 +02:00
|
|
|
}
|
|
|
|
|
2024-05-17 17:29:26 +02:00
|
|
|
type TemplatesOptions struct {
|
|
|
|
Forbidden TemplateOptions `mapstructure:"forbidden"`
|
2024-06-05 15:46:59 +02:00
|
|
|
Error TemplateOptions `mapstructure:"error"`
|
2024-05-17 17:29:26 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
type TemplateOptions struct {
|
|
|
|
Block string `mapstructure:"block"`
|
|
|
|
}
|
|
|
|
|
2024-04-12 16:41:11 +02:00
|
|
|
func DefaultLayerOptions() LayerOptions {
|
|
|
|
return LayerOptions{
|
|
|
|
MatchURLs: []string{"*"},
|
2024-05-21 12:10:52 +02:00
|
|
|
Rules: []string{
|
2024-10-21 13:48:59 +02:00
|
|
|
"del_headers(ctx, 'Remote-*')",
|
|
|
|
"set_header(ctx,'Remote-User', vars.user.subject)",
|
2024-05-21 12:10:52 +02:00
|
|
|
`map(
|
2024-10-21 13:48:59 +02:00
|
|
|
toPairs(vars.user.attrs), {
|
2024-05-21 12:10:52 +02:00
|
|
|
let name = replace(lower(string(get(#, 0))), '_', '-');
|
|
|
|
set_header(
|
2024-10-21 13:48:59 +02:00
|
|
|
ctx,
|
2024-05-21 12:10:52 +02:00
|
|
|
'Remote-User-Attr-' + name,
|
|
|
|
get(#, 1)
|
|
|
|
)
|
|
|
|
})
|
|
|
|
`,
|
2024-04-12 16:41:11 +02:00
|
|
|
},
|
2024-05-17 17:29:26 +02:00
|
|
|
Templates: TemplatesOptions{
|
|
|
|
Forbidden: TemplateOptions{
|
|
|
|
Block: "default",
|
|
|
|
},
|
2024-06-05 15:46:59 +02:00
|
|
|
Error: TemplateOptions{
|
|
|
|
Block: "default",
|
|
|
|
},
|
2024-05-17 17:29:26 +02:00
|
|
|
},
|
2024-04-12 16:41:11 +02:00
|
|
|
}
|
2024-05-17 17:29:26 +02:00
|
|
|
|
2024-04-12 16:41:11 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
func fromStoreOptions(storeOptions store.LayerOptions) (*LayerOptions, error) {
|
|
|
|
layerOptions := DefaultLayerOptions()
|
|
|
|
|
|
|
|
if err := FromStoreOptions(storeOptions, &layerOptions); err != nil {
|
|
|
|
return nil, errors.WithStack(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
return &layerOptions, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func FromStoreOptions(storeOptions store.LayerOptions, dest any) error {
|
|
|
|
config := mapstructure.DecoderConfig{
|
|
|
|
Result: dest,
|
|
|
|
ZeroFields: true,
|
|
|
|
DecodeHook: mapstructure.ComposeDecodeHookFunc(
|
|
|
|
toDurationHookFunc(),
|
|
|
|
),
|
|
|
|
}
|
|
|
|
|
|
|
|
decoder, err := mapstructure.NewDecoder(&config)
|
|
|
|
if err != nil {
|
|
|
|
return errors.WithStack(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := decoder.Decode(storeOptions); err != nil {
|
|
|
|
return errors.WithStack(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func toDurationHookFunc() mapstructure.DecodeHookFunc {
|
|
|
|
return func(
|
|
|
|
f reflect.Type,
|
|
|
|
t reflect.Type,
|
|
|
|
data interface{}) (interface{}, error) {
|
|
|
|
if t != reflect.TypeOf(*new(time.Duration)) {
|
|
|
|
return data, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
switch f.Kind() {
|
|
|
|
case reflect.String:
|
|
|
|
return time.ParseDuration(data.(string))
|
|
|
|
case reflect.Int64:
|
|
|
|
return time.Duration(data.(int64) * int64(time.Second)), nil
|
|
|
|
default:
|
|
|
|
return data, nil
|
|
|
|
}
|
|
|
|
// Convert it by parsing
|
|
|
|
}
|
|
|
|
}
|