Basic UserID mapping OK
This commit is contained in:
parent
0c787391bb
commit
b1e8e8933d
2
.gitignore
vendored
2
.gitignore
vendored
|
@ -22,3 +22,5 @@ pnpm-debug.log*
|
|||
*.sw?
|
||||
|
||||
.env
|
||||
|
||||
/src/server/db
|
||||
|
|
66
package-lock.json
generated
66
package-lock.json
generated
|
@ -954,6 +954,20 @@
|
|||
"resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
|
||||
"integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A=="
|
||||
},
|
||||
"node_modules/body-parser/node_modules/qs": {
|
||||
"version": "6.11.0",
|
||||
"resolved": "https://registry.npmjs.org/qs/-/qs-6.11.0.tgz",
|
||||
"integrity": "sha512-MvjoMCJwEarSbUYk5O+nmoSzSutSsTwF85zcHPQ9OrlFoZOYIjaqBAJIqIXjptyD5vThxGq52Xu/MaJzRkIk4Q==",
|
||||
"dependencies": {
|
||||
"side-channel": "^1.0.4"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">=0.6"
|
||||
},
|
||||
"funding": {
|
||||
"url": "https://github.com/sponsors/ljharb"
|
||||
}
|
||||
},
|
||||
"node_modules/brace-expansion": {
|
||||
"version": "2.0.1",
|
||||
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
|
||||
|
@ -1366,6 +1380,20 @@
|
|||
"resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
|
||||
"integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A=="
|
||||
},
|
||||
"node_modules/express/node_modules/qs": {
|
||||
"version": "6.11.0",
|
||||
"resolved": "https://registry.npmjs.org/qs/-/qs-6.11.0.tgz",
|
||||
"integrity": "sha512-MvjoMCJwEarSbUYk5O+nmoSzSutSsTwF85zcHPQ9OrlFoZOYIjaqBAJIqIXjptyD5vThxGq52Xu/MaJzRkIk4Q==",
|
||||
"dependencies": {
|
||||
"side-channel": "^1.0.4"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">=0.6"
|
||||
},
|
||||
"funding": {
|
||||
"url": "https://github.com/sponsors/ljharb"
|
||||
}
|
||||
},
|
||||
"node_modules/express/node_modules/raw-body": {
|
||||
"version": "2.5.1",
|
||||
"resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.1.tgz",
|
||||
|
@ -2026,20 +2054,6 @@
|
|||
"node": ">= 0.10"
|
||||
}
|
||||
},
|
||||
"node_modules/qs": {
|
||||
"version": "6.11.0",
|
||||
"resolved": "https://registry.npmjs.org/qs/-/qs-6.11.0.tgz",
|
||||
"integrity": "sha512-MvjoMCJwEarSbUYk5O+nmoSzSutSsTwF85zcHPQ9OrlFoZOYIjaqBAJIqIXjptyD5vThxGq52Xu/MaJzRkIk4Q==",
|
||||
"dependencies": {
|
||||
"side-channel": "^1.0.4"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">=0.6"
|
||||
},
|
||||
"funding": {
|
||||
"url": "https://github.com/sponsors/ljharb"
|
||||
}
|
||||
},
|
||||
"node_modules/range-parser": {
|
||||
"version": "1.2.1",
|
||||
"resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz",
|
||||
|
@ -3418,6 +3432,14 @@
|
|||
"version": "2.0.0",
|
||||
"resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
|
||||
"integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A=="
|
||||
},
|
||||
"qs": {
|
||||
"version": "6.11.0",
|
||||
"resolved": "https://registry.npmjs.org/qs/-/qs-6.11.0.tgz",
|
||||
"integrity": "sha512-MvjoMCJwEarSbUYk5O+nmoSzSutSsTwF85zcHPQ9OrlFoZOYIjaqBAJIqIXjptyD5vThxGq52Xu/MaJzRkIk4Q==",
|
||||
"requires": {
|
||||
"side-channel": "^1.0.4"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
|
@ -3744,6 +3766,14 @@
|
|||
"resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
|
||||
"integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A=="
|
||||
},
|
||||
"qs": {
|
||||
"version": "6.11.0",
|
||||
"resolved": "https://registry.npmjs.org/qs/-/qs-6.11.0.tgz",
|
||||
"integrity": "sha512-MvjoMCJwEarSbUYk5O+nmoSzSutSsTwF85zcHPQ9OrlFoZOYIjaqBAJIqIXjptyD5vThxGq52Xu/MaJzRkIk4Q==",
|
||||
"requires": {
|
||||
"side-channel": "^1.0.4"
|
||||
}
|
||||
},
|
||||
"raw-body": {
|
||||
"version": "2.5.1",
|
||||
"resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.1.tgz",
|
||||
|
@ -4195,14 +4225,6 @@
|
|||
"ipaddr.js": "1.9.1"
|
||||
}
|
||||
},
|
||||
"qs": {
|
||||
"version": "6.11.0",
|
||||
"resolved": "https://registry.npmjs.org/qs/-/qs-6.11.0.tgz",
|
||||
"integrity": "sha512-MvjoMCJwEarSbUYk5O+nmoSzSutSsTwF85zcHPQ9OrlFoZOYIjaqBAJIqIXjptyD5vThxGq52Xu/MaJzRkIk4Q==",
|
||||
"requires": {
|
||||
"side-channel": "^1.0.4"
|
||||
}
|
||||
},
|
||||
"range-parser": {
|
||||
"version": "1.2.1",
|
||||
"resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz",
|
||||
|
|
|
@ -3,7 +3,11 @@ export class FakeAuth implements Auth {
|
|||
|
||||
async login(username: string, password: string): Promise<LoginResult> {
|
||||
if (username == 'test' && password == 'test')
|
||||
return { displayName: 'Test User', username: 'test' }
|
||||
return {
|
||||
displayName: 'Test User',
|
||||
username: 'test',
|
||||
domain: 'test_domain'
|
||||
}
|
||||
throw new Error('Login failed')
|
||||
}
|
||||
}
|
||||
|
|
|
@ -19,7 +19,8 @@ export class LdapAuth implements Auth {
|
|||
|
||||
return {
|
||||
username,
|
||||
displayName: search.searchEntries[0].displayName as string
|
||||
displayName: search.searchEntries[0].displayName as string,
|
||||
domain: this.domain
|
||||
}
|
||||
} catch (error: any) {
|
||||
console.log('Error:', error)
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
type LoginResult = {
|
||||
username: string
|
||||
displayName: string
|
||||
domain: string
|
||||
jwt?: string
|
||||
}
|
||||
|
||||
|
|
|
@ -1,15 +1,29 @@
|
|||
import { Client } from 'ldapts'
|
||||
|
||||
import { LdapAuth } from '../auth/LdapAuth'
|
||||
import { PaFirewall } from '../paloalto/PaFirewall'
|
||||
|
||||
export async function login(username: string, password: string) {
|
||||
import { paHosts } from '../db/pa'
|
||||
|
||||
process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'
|
||||
|
||||
export async function login(username: string, password: string, ip: string) {
|
||||
const ldapClient = new Client({
|
||||
url: 'ldap://10.7.0.18'
|
||||
})
|
||||
|
||||
const ldapAuth = new LdapAuth(ldapClient, 'ifms', 'DC=ifms,DC=edu,DC=br')
|
||||
|
||||
const user = await ldapAuth.login(username, password)
|
||||
try {
|
||||
const user = await ldapAuth.login(username, password)
|
||||
|
||||
return user
|
||||
const pa = new PaFirewall(paHosts[0].ip, paHosts[0].key)
|
||||
|
||||
await pa.mapUserIDToIP(username, ip, user.domain)
|
||||
|
||||
return user
|
||||
} catch (error) {
|
||||
console.log(error)
|
||||
throw new Error('Login failed')
|
||||
}
|
||||
}
|
||||
|
|
33
src/server/paloalto/PaFirewall.ts
Normal file
33
src/server/paloalto/PaFirewall.ts
Normal file
|
@ -0,0 +1,33 @@
|
|||
const MAP_TIMEOUT_IN_MINUTES = process.env.MAPPING_TIMEOUT || '720' // 12 horas
|
||||
|
||||
export class PaFirewall {
|
||||
constructor(private ip: string, private key: string) {}
|
||||
|
||||
async mapUserIDToIP(username: string, ip: string, domain: string) {
|
||||
const command = this.createCommand(username, ip, domain)
|
||||
|
||||
const response = await fetch(
|
||||
`https://${this.ip}/api/?type=user-id&key=${this.key}&cmd=${command}`,
|
||||
{
|
||||
method: 'POST'
|
||||
}
|
||||
)
|
||||
|
||||
const data = await response.text()
|
||||
|
||||
console.log(data)
|
||||
}
|
||||
|
||||
private createCommand(username: string, ip: string, domain: string) {
|
||||
return `
|
||||
<uid-message>
|
||||
<version>1.0</version>
|
||||
<type>update</type>
|
||||
<payload>
|
||||
<login>
|
||||
<entry name="ifms\\${username}" ip="${ip}" timeout="${MAP_TIMEOUT_IN_MINUTES}"/>
|
||||
</login>
|
||||
</payload>
|
||||
</uid-message>`
|
||||
}
|
||||
}
|
|
@ -21,8 +21,8 @@ export const appRouter = t.router({
|
|||
|
||||
login: t.procedure
|
||||
.input(z.object({ username: z.string(), password: z.string() }))
|
||||
.mutation(async ({ input }) => {
|
||||
return await login(input.username, input.password)
|
||||
.mutation(async ({ input, ctx }) => {
|
||||
return await login(input.username, input.password, getIpFromContext(ctx))
|
||||
})
|
||||
})
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user