Basic UserID mapping OK
This commit is contained in:
parent
0c787391bb
commit
b1e8e8933d
2
.gitignore
vendored
2
.gitignore
vendored
|
@ -22,3 +22,5 @@ pnpm-debug.log*
|
||||||
*.sw?
|
*.sw?
|
||||||
|
|
||||||
.env
|
.env
|
||||||
|
|
||||||
|
/src/server/db
|
||||||
|
|
66
package-lock.json
generated
66
package-lock.json
generated
|
@ -954,6 +954,20 @@
|
||||||
"resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
|
"resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
|
||||||
"integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A=="
|
"integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A=="
|
||||||
},
|
},
|
||||||
|
"node_modules/body-parser/node_modules/qs": {
|
||||||
|
"version": "6.11.0",
|
||||||
|
"resolved": "https://registry.npmjs.org/qs/-/qs-6.11.0.tgz",
|
||||||
|
"integrity": "sha512-MvjoMCJwEarSbUYk5O+nmoSzSutSsTwF85zcHPQ9OrlFoZOYIjaqBAJIqIXjptyD5vThxGq52Xu/MaJzRkIk4Q==",
|
||||||
|
"dependencies": {
|
||||||
|
"side-channel": "^1.0.4"
|
||||||
|
},
|
||||||
|
"engines": {
|
||||||
|
"node": ">=0.6"
|
||||||
|
},
|
||||||
|
"funding": {
|
||||||
|
"url": "https://github.com/sponsors/ljharb"
|
||||||
|
}
|
||||||
|
},
|
||||||
"node_modules/brace-expansion": {
|
"node_modules/brace-expansion": {
|
||||||
"version": "2.0.1",
|
"version": "2.0.1",
|
||||||
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
|
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
|
||||||
|
@ -1366,6 +1380,20 @@
|
||||||
"resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
|
"resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
|
||||||
"integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A=="
|
"integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A=="
|
||||||
},
|
},
|
||||||
|
"node_modules/express/node_modules/qs": {
|
||||||
|
"version": "6.11.0",
|
||||||
|
"resolved": "https://registry.npmjs.org/qs/-/qs-6.11.0.tgz",
|
||||||
|
"integrity": "sha512-MvjoMCJwEarSbUYk5O+nmoSzSutSsTwF85zcHPQ9OrlFoZOYIjaqBAJIqIXjptyD5vThxGq52Xu/MaJzRkIk4Q==",
|
||||||
|
"dependencies": {
|
||||||
|
"side-channel": "^1.0.4"
|
||||||
|
},
|
||||||
|
"engines": {
|
||||||
|
"node": ">=0.6"
|
||||||
|
},
|
||||||
|
"funding": {
|
||||||
|
"url": "https://github.com/sponsors/ljharb"
|
||||||
|
}
|
||||||
|
},
|
||||||
"node_modules/express/node_modules/raw-body": {
|
"node_modules/express/node_modules/raw-body": {
|
||||||
"version": "2.5.1",
|
"version": "2.5.1",
|
||||||
"resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.1.tgz",
|
"resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.1.tgz",
|
||||||
|
@ -2026,20 +2054,6 @@
|
||||||
"node": ">= 0.10"
|
"node": ">= 0.10"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"node_modules/qs": {
|
|
||||||
"version": "6.11.0",
|
|
||||||
"resolved": "https://registry.npmjs.org/qs/-/qs-6.11.0.tgz",
|
|
||||||
"integrity": "sha512-MvjoMCJwEarSbUYk5O+nmoSzSutSsTwF85zcHPQ9OrlFoZOYIjaqBAJIqIXjptyD5vThxGq52Xu/MaJzRkIk4Q==",
|
|
||||||
"dependencies": {
|
|
||||||
"side-channel": "^1.0.4"
|
|
||||||
},
|
|
||||||
"engines": {
|
|
||||||
"node": ">=0.6"
|
|
||||||
},
|
|
||||||
"funding": {
|
|
||||||
"url": "https://github.com/sponsors/ljharb"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"node_modules/range-parser": {
|
"node_modules/range-parser": {
|
||||||
"version": "1.2.1",
|
"version": "1.2.1",
|
||||||
"resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz",
|
"resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz",
|
||||||
|
@ -3418,6 +3432,14 @@
|
||||||
"version": "2.0.0",
|
"version": "2.0.0",
|
||||||
"resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
|
"resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
|
||||||
"integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A=="
|
"integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A=="
|
||||||
|
},
|
||||||
|
"qs": {
|
||||||
|
"version": "6.11.0",
|
||||||
|
"resolved": "https://registry.npmjs.org/qs/-/qs-6.11.0.tgz",
|
||||||
|
"integrity": "sha512-MvjoMCJwEarSbUYk5O+nmoSzSutSsTwF85zcHPQ9OrlFoZOYIjaqBAJIqIXjptyD5vThxGq52Xu/MaJzRkIk4Q==",
|
||||||
|
"requires": {
|
||||||
|
"side-channel": "^1.0.4"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
@ -3744,6 +3766,14 @@
|
||||||
"resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
|
"resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
|
||||||
"integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A=="
|
"integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A=="
|
||||||
},
|
},
|
||||||
|
"qs": {
|
||||||
|
"version": "6.11.0",
|
||||||
|
"resolved": "https://registry.npmjs.org/qs/-/qs-6.11.0.tgz",
|
||||||
|
"integrity": "sha512-MvjoMCJwEarSbUYk5O+nmoSzSutSsTwF85zcHPQ9OrlFoZOYIjaqBAJIqIXjptyD5vThxGq52Xu/MaJzRkIk4Q==",
|
||||||
|
"requires": {
|
||||||
|
"side-channel": "^1.0.4"
|
||||||
|
}
|
||||||
|
},
|
||||||
"raw-body": {
|
"raw-body": {
|
||||||
"version": "2.5.1",
|
"version": "2.5.1",
|
||||||
"resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.1.tgz",
|
"resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.1.tgz",
|
||||||
|
@ -4195,14 +4225,6 @@
|
||||||
"ipaddr.js": "1.9.1"
|
"ipaddr.js": "1.9.1"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"qs": {
|
|
||||||
"version": "6.11.0",
|
|
||||||
"resolved": "https://registry.npmjs.org/qs/-/qs-6.11.0.tgz",
|
|
||||||
"integrity": "sha512-MvjoMCJwEarSbUYk5O+nmoSzSutSsTwF85zcHPQ9OrlFoZOYIjaqBAJIqIXjptyD5vThxGq52Xu/MaJzRkIk4Q==",
|
|
||||||
"requires": {
|
|
||||||
"side-channel": "^1.0.4"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"range-parser": {
|
"range-parser": {
|
||||||
"version": "1.2.1",
|
"version": "1.2.1",
|
||||||
"resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz",
|
"resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz",
|
||||||
|
|
|
@ -3,7 +3,11 @@ export class FakeAuth implements Auth {
|
||||||
|
|
||||||
async login(username: string, password: string): Promise<LoginResult> {
|
async login(username: string, password: string): Promise<LoginResult> {
|
||||||
if (username == 'test' && password == 'test')
|
if (username == 'test' && password == 'test')
|
||||||
return { displayName: 'Test User', username: 'test' }
|
return {
|
||||||
|
displayName: 'Test User',
|
||||||
|
username: 'test',
|
||||||
|
domain: 'test_domain'
|
||||||
|
}
|
||||||
throw new Error('Login failed')
|
throw new Error('Login failed')
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -19,7 +19,8 @@ export class LdapAuth implements Auth {
|
||||||
|
|
||||||
return {
|
return {
|
||||||
username,
|
username,
|
||||||
displayName: search.searchEntries[0].displayName as string
|
displayName: search.searchEntries[0].displayName as string,
|
||||||
|
domain: this.domain
|
||||||
}
|
}
|
||||||
} catch (error: any) {
|
} catch (error: any) {
|
||||||
console.log('Error:', error)
|
console.log('Error:', error)
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
type LoginResult = {
|
type LoginResult = {
|
||||||
username: string
|
username: string
|
||||||
displayName: string
|
displayName: string
|
||||||
|
domain: string
|
||||||
jwt?: string
|
jwt?: string
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,15 +1,29 @@
|
||||||
import { Client } from 'ldapts'
|
import { Client } from 'ldapts'
|
||||||
|
|
||||||
import { LdapAuth } from '../auth/LdapAuth'
|
import { LdapAuth } from '../auth/LdapAuth'
|
||||||
|
import { PaFirewall } from '../paloalto/PaFirewall'
|
||||||
|
|
||||||
export async function login(username: string, password: string) {
|
import { paHosts } from '../db/pa'
|
||||||
|
|
||||||
|
process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'
|
||||||
|
|
||||||
|
export async function login(username: string, password: string, ip: string) {
|
||||||
const ldapClient = new Client({
|
const ldapClient = new Client({
|
||||||
url: 'ldap://10.7.0.18'
|
url: 'ldap://10.7.0.18'
|
||||||
})
|
})
|
||||||
|
|
||||||
const ldapAuth = new LdapAuth(ldapClient, 'ifms', 'DC=ifms,DC=edu,DC=br')
|
const ldapAuth = new LdapAuth(ldapClient, 'ifms', 'DC=ifms,DC=edu,DC=br')
|
||||||
|
|
||||||
const user = await ldapAuth.login(username, password)
|
try {
|
||||||
|
const user = await ldapAuth.login(username, password)
|
||||||
|
|
||||||
return user
|
const pa = new PaFirewall(paHosts[0].ip, paHosts[0].key)
|
||||||
|
|
||||||
|
await pa.mapUserIDToIP(username, ip, user.domain)
|
||||||
|
|
||||||
|
return user
|
||||||
|
} catch (error) {
|
||||||
|
console.log(error)
|
||||||
|
throw new Error('Login failed')
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
33
src/server/paloalto/PaFirewall.ts
Normal file
33
src/server/paloalto/PaFirewall.ts
Normal file
|
@ -0,0 +1,33 @@
|
||||||
|
const MAP_TIMEOUT_IN_MINUTES = process.env.MAPPING_TIMEOUT || '720' // 12 horas
|
||||||
|
|
||||||
|
export class PaFirewall {
|
||||||
|
constructor(private ip: string, private key: string) {}
|
||||||
|
|
||||||
|
async mapUserIDToIP(username: string, ip: string, domain: string) {
|
||||||
|
const command = this.createCommand(username, ip, domain)
|
||||||
|
|
||||||
|
const response = await fetch(
|
||||||
|
`https://${this.ip}/api/?type=user-id&key=${this.key}&cmd=${command}`,
|
||||||
|
{
|
||||||
|
method: 'POST'
|
||||||
|
}
|
||||||
|
)
|
||||||
|
|
||||||
|
const data = await response.text()
|
||||||
|
|
||||||
|
console.log(data)
|
||||||
|
}
|
||||||
|
|
||||||
|
private createCommand(username: string, ip: string, domain: string) {
|
||||||
|
return `
|
||||||
|
<uid-message>
|
||||||
|
<version>1.0</version>
|
||||||
|
<type>update</type>
|
||||||
|
<payload>
|
||||||
|
<login>
|
||||||
|
<entry name="ifms\\${username}" ip="${ip}" timeout="${MAP_TIMEOUT_IN_MINUTES}"/>
|
||||||
|
</login>
|
||||||
|
</payload>
|
||||||
|
</uid-message>`
|
||||||
|
}
|
||||||
|
}
|
|
@ -21,8 +21,8 @@ export const appRouter = t.router({
|
||||||
|
|
||||||
login: t.procedure
|
login: t.procedure
|
||||||
.input(z.object({ username: z.string(), password: z.string() }))
|
.input(z.object({ username: z.string(), password: z.string() }))
|
||||||
.mutation(async ({ input }) => {
|
.mutation(async ({ input, ctx }) => {
|
||||||
return await login(input.username, input.password)
|
return await login(input.username, input.password, getIpFromContext(ctx))
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user