Added ldap and pam authentication

This commit is contained in:
Martino Ferrari
2026-06-23 17:59:40 +02:00
parent ac24011487
commit 11120bedca
36 changed files with 1935 additions and 66 deletions
+23 -4
View File
@@ -37,7 +37,7 @@ func configStatus(err error) int {
// ── config sets ─────────────────────────────────────────────────────────────
func (h *Handler) listConfigSets(w http.ResponseWriter, _ *http.Request) {
func (h *Handler) listConfigSets(w http.ResponseWriter, r *http.Request) {
if !h.configEnabled(w) {
return
}
@@ -46,7 +46,7 @@ func (h *Handler) listConfigSets(w http.ResponseWriter, _ *http.Request) {
jsonError(w, http.StatusInternalServerError, err.Error())
return
}
jsonOK(w, sets)
jsonOK(w, h.filterConfigMetas(r, sets))
}
func (h *Handler) getConfigSet(w http.ResponseWriter, r *http.Request) {
@@ -92,6 +92,9 @@ func (h *Handler) updateConfigSet(w http.ResponseWriter, r *http.Request) {
jsonError(w, http.StatusBadRequest, "invalid JSON: "+err.Error())
return
}
if prev, err := h.cfg.GetSet(id); err == nil {
set.Owner = prev.Owner // owner is immutable across revisions
}
out, err := h.cfg.UpdateSet(id, set, r.URL.Query().Get("tag"))
if err != nil {
jsonError(w, configStatus(err), err.Error())
@@ -227,7 +230,7 @@ func (h *Handler) resolveSet(id, version string) (confmgr.ConfigSet, error) {
// ── config instances ────────────────────────────────────────────────────────
func (h *Handler) listConfigInstances(w http.ResponseWriter, _ *http.Request) {
func (h *Handler) listConfigInstances(w http.ResponseWriter, r *http.Request) {
if !h.configEnabled(w) {
return
}
@@ -236,7 +239,20 @@ func (h *Handler) listConfigInstances(w http.ResponseWriter, _ *http.Request) {
jsonError(w, http.StatusInternalServerError, err.Error())
return
}
jsonOK(w, insts)
jsonOK(w, h.filterConfigMetas(r, insts))
}
// filterConfigMetas drops entries the caller may not see per their scope
// (private/group/global). Owner always sees their own; empty scope = global.
func (h *Handler) filterConfigMetas(r *http.Request, metas []confmgr.Meta) []confmgr.Meta {
user := caller(r)
out := make([]confmgr.Meta, 0, len(metas))
for _, m := range metas {
if h.policy.CanSee(user, m.Owner, m.Scope, m.Groups) {
out = append(out, m)
}
}
return out
}
func (h *Handler) getConfigInstance(w http.ResponseWriter, r *http.Request) {
@@ -282,6 +298,9 @@ func (h *Handler) updateConfigInstance(w http.ResponseWriter, r *http.Request) {
jsonError(w, http.StatusBadRequest, "invalid JSON: "+err.Error())
return
}
if prev, err := h.cfg.GetInstance(id); err == nil {
inst.Owner = prev.Owner // owner is immutable across revisions
}
out, err := h.cfg.UpdateInstance(id, inst, r.URL.Query().Get("tag"))
if err != nil {
jsonError(w, configStatus(err), err.Error())