1839811/ifms-smart-cp
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Basic UserID mapping OK

Browse Source
This commit is contained in:
Douglas Barone 2023-10-19 19:42:33 -04:00
parent 0c787391bb
commit b1e8e8933d
8 changed files with 106 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -22,3 +22,5 @@ pnpm-debug.log*
*.sw? *.sw?
.env .env
/src/server/db

66
package-lock.json generated
View File

@ -954,6 +954,20 @@
"resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
"integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==" "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A=="
}, },
"node_modules/body-parser/node_modules/qs": {
"version": "6.11.0",
"resolved": "https://registry.npmjs.org/qs/-/qs-6.11.0.tgz",
"integrity": "sha512-MvjoMCJwEarSbUYk5O+nmoSzSutSsTwF85zcHPQ9OrlFoZOYIjaqBAJIqIXjptyD5vThxGq52Xu/MaJzRkIk4Q==",
"dependencies": {
"side-channel": "^1.0.4"
},
"engines": {
"node": ">=0.6"
},
"funding": {
"url": "https://github.com/sponsors/ljharb"
}
},
"node_modules/brace-expansion": { "node_modules/brace-expansion": {
"version": "2.0.1", "version": "2.0.1",
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz", "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
@ -1366,6 +1380,20 @@
"resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
"integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==" "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A=="
}, },
"node_modules/express/node_modules/qs": {
"version": "6.11.0",
"resolved": "https://registry.npmjs.org/qs/-/qs-6.11.0.tgz",
"integrity": "sha512-MvjoMCJwEarSbUYk5O+nmoSzSutSsTwF85zcHPQ9OrlFoZOYIjaqBAJIqIXjptyD5vThxGq52Xu/MaJzRkIk4Q==",
"dependencies": {
"side-channel": "^1.0.4"
},
"engines": {
"node": ">=0.6"
},
"funding": {
"url": "https://github.com/sponsors/ljharb"
}
},
"node_modules/express/node_modules/raw-body": { "node_modules/express/node_modules/raw-body": {
"version": "2.5.1", "version": "2.5.1",
"resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.1.tgz", "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.1.tgz",
@ -2026,20 +2054,6 @@
"node": ">= 0.10" "node": ">= 0.10"
} }
}, },
"node_modules/qs": {
"version": "6.11.0",
"resolved": "https://registry.npmjs.org/qs/-/qs-6.11.0.tgz",
"integrity": "sha512-MvjoMCJwEarSbUYk5O+nmoSzSutSsTwF85zcHPQ9OrlFoZOYIjaqBAJIqIXjptyD5vThxGq52Xu/MaJzRkIk4Q==",
"dependencies": {
"side-channel": "^1.0.4"
},
"engines": {
"node": ">=0.6"
},
"funding": {
"url": "https://github.com/sponsors/ljharb"
}
},
"node_modules/range-parser": { "node_modules/range-parser": {
"version": "1.2.1", "version": "1.2.1",
"resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz", "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz",
@ -3418,6 +3432,14 @@
"version": "2.0.0", "version": "2.0.0",
"resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
"integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==" "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A=="
},
"qs": {
"version": "6.11.0",
"resolved": "https://registry.npmjs.org/qs/-/qs-6.11.0.tgz",
"integrity": "sha512-MvjoMCJwEarSbUYk5O+nmoSzSutSsTwF85zcHPQ9OrlFoZOYIjaqBAJIqIXjptyD5vThxGq52Xu/MaJzRkIk4Q==",
"requires": {
"side-channel": "^1.0.4"
}
} }
} }
}, },
@ -3744,6 +3766,14 @@
"resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
"integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==" "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A=="
}, },
"qs": {
"version": "6.11.0",
"resolved": "https://registry.npmjs.org/qs/-/qs-6.11.0.tgz",
"integrity": "sha512-MvjoMCJwEarSbUYk5O+nmoSzSutSsTwF85zcHPQ9OrlFoZOYIjaqBAJIqIXjptyD5vThxGq52Xu/MaJzRkIk4Q==",
"requires": {
"side-channel": "^1.0.4"
}
},
"raw-body": { "raw-body": {
"version": "2.5.1", "version": "2.5.1",
"resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.1.tgz", "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.1.tgz",
@ -4195,14 +4225,6 @@
"ipaddr.js": "1.9.1" "ipaddr.js": "1.9.1"
} }
}, },
"qs": {
"version": "6.11.0",
"resolved": "https://registry.npmjs.org/qs/-/qs-6.11.0.tgz",
"integrity": "sha512-MvjoMCJwEarSbUYk5O+nmoSzSutSsTwF85zcHPQ9OrlFoZOYIjaqBAJIqIXjptyD5vThxGq52Xu/MaJzRkIk4Q==",
"requires": {
"side-channel": "^1.0.4"
}
},
"range-parser": { "range-parser": {
"version": "1.2.1", "version": "1.2.1",
"resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz", "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz",

6
src/server/auth/FakeAuth.ts
View File

@ -3,7 +3,11 @@ export class FakeAuth implements Auth {
async login(username: string, password: string): Promise<LoginResult> { async login(username: string, password: string): Promise<LoginResult> {
if (username == 'test' && password == 'test') if (username == 'test' && password == 'test')
return { displayName: 'Test User', username: 'test' } return {
displayName: 'Test User',
username: 'test',
domain: 'test_domain'
}
throw new Error('Login failed') throw new Error('Login failed')
} }
} }

3
src/server/auth/LdapAuth.ts
View File

@ -19,7 +19,8 @@ export class LdapAuth implements Auth {
return { return {
username, username,
displayName: search.searchEntries[0].displayName as string displayName: search.searchEntries[0].displayName as string,
domain: this.domain
} }
} catch (error: any) { } catch (error: any) {
console.log('Error:', error) console.log('Error:', error)

1
src/server/interfaces/Auth.ts
View File

@ -1,6 +1,7 @@
type LoginResult = { type LoginResult = {
username: string username: string
displayName: string displayName: string
domain: string
jwt?: string jwt?: string
} }

20
src/server/lib/login.ts
View File

@ -1,15 +1,29 @@
import { Client } from 'ldapts' import { Client } from 'ldapts'
import { LdapAuth } from '../auth/LdapAuth' import { LdapAuth } from '../auth/LdapAuth'
import { PaFirewall } from '../paloalto/PaFirewall'
export async function login(username: string, password: string) { import { paHosts } from '../db/pa'
process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'
export async function login(username: string, password: string, ip: string) {
const ldapClient = new Client({ const ldapClient = new Client({
url: 'ldap://10.7.0.18' url: 'ldap://10.7.0.18'
}) })
const ldapAuth = new LdapAuth(ldapClient, 'ifms', 'DC=ifms,DC=edu,DC=br') const ldapAuth = new LdapAuth(ldapClient, 'ifms', 'DC=ifms,DC=edu,DC=br')
const user = await ldapAuth.login(username, password) try {
const user = await ldapAuth.login(username, password)
return user const pa = new PaFirewall(paHosts[0].ip, paHosts[0].key)
await pa.mapUserIDToIP(username, ip, user.domain)
return user
} catch (error) {
console.log(error)
throw new Error('Login failed')
}
} }

33
src/server/paloalto/PaFirewall.ts Normal file
View File

@ -0,0 +1,33 @@
const MAP_TIMEOUT_IN_MINUTES = process.env.MAPPING_TIMEOUT || '720' // 12 horas
export class PaFirewall {
constructor(private ip: string, private key: string) {}
async mapUserIDToIP(username: string, ip: string, domain: string) {
const command = this.createCommand(username, ip, domain)
const response = await fetch(
`https://${this.ip}/api/?type=user-id&key=${this.key}&cmd=${command}`,
{
method: 'POST'
}
)
const data = await response.text()
console.log(data)
}
private createCommand(username: string, ip: string, domain: string) {
return `
<uid-message>
<version>1.0</version>
<type>update</type>
<payload>
<login>
<entry name="ifms\\${username}" ip="${ip}" timeout="${MAP_TIMEOUT_IN_MINUTES}"/>
</login>
</payload>
</uid-message>`
}
}

4
src/server/trpc.ts
View File

@ -21,8 +21,8 @@ export const appRouter = t.router({
login: t.procedure login: t.procedure
.input(z.object({ username: z.string(), password: z.string() })) .input(z.object({ username: z.string(), password: z.string() }))
.mutation(async ({ input }) => { .mutation(async ({ input, ctx }) => {
return await login(input.username, input.password) return await login(input.username, input.password, getIpFromContext(ctx))
}) })
}) })