diff options
| author | Markus Krogh <markus@nordu.net> | 2018-06-08 14:19:46 +0200 |
|---|---|---|
| committer | Markus Krogh <markus@nordu.net> | 2018-06-08 14:19:46 +0200 |
| commit | 8b7180f770d0cd63c8a3626f35ce6d8c06f54db4 (patch) | |
| tree | 1fab6ac8a80c7c8020d8cba2678e73b7b9248d03 /main.go | |
| parent | 494303236fb55530a0f9e756babf2a79e4267a61 (diff) | |
Adding basepath and password strength
Diffstat (limited to 'main.go')
| -rw-r--r-- | main.go | 49 |
1 files changed, 10 insertions, 39 deletions
@@ -17,6 +17,7 @@ type PwmanServer struct { Krb5Conf string ChangePwScript string RemoteUserHeader string + BasePath string } var pwman *PwmanServer @@ -24,7 +25,7 @@ var pwman *PwmanServer const csrf_base = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789._#%!&:;?+{}[]" func main() { - var ldapServer, ldapUser, ldapPassword, pwnedFile, krb5Conf, changePwScript, csrfSecret, serverAddr string + var ldapServer, ldapUser, ldapPassword, pwnedFile, krb5Conf, changePwScript, csrfSecret, serverAddr, basePath string var ldapPort int var ldapSkipSSLVerify, csrfInsecure, gennerateCsrfKey bool flag.StringVar(&ldapServer, "ldap-server", "localhost", "the ldap server address") @@ -37,6 +38,7 @@ func main() { flag.StringVar(&changePwScript, "changepw-script", "./create-kdc-principal.pl", "Path to the change password script") flag.StringVar(&csrfSecret, "csrf-secret", "", "Specify csrf 32 char secret") flag.StringVar(&serverAddr, "address", ":3000", "Server address to listen on") + flag.StringVar(&basePath, "base-path", "", "A base path that pwman lives under e.g. /sso") flag.BoolVar(&csrfInsecure, "csrf-insecure", false, "Allow csrf cookie to be sent over http") flag.BoolVar(&gennerateCsrfKey, "gennerate-csrf", false, "Gennerate a csrf secret") flag.Parse() @@ -58,19 +60,19 @@ func main() { Krb5Conf: krb5Conf, ChangePwScript: changePwScript, RemoteUserHeader: "X-Remote-User", + BasePath: basePath, } - base_path := "/sso" v := Views() mux := http.NewServeMux() - mux.Handle(base_path+"/", FlashMessage(RemoteUser(v.Index()))) - mux.Handle(base_path+"/sso", FlashMessage(RemoteUser(v.ChangePassword("SSO")))) - mux.Handle(base_path+"/tacacs", FlashMessage(RemoteUser(v.ChangePassword("TACACS")))) - mux.Handle(base_path+"/eduroam", FlashMessage(RemoteUser(v.ChangePassword("eduroam")))) - mux.Handle(base_path+"/pubkeys", FlashMessage(RemoteUser(v.ChangeSSHKeys()))) + mux.Handle(basePath+"/", http.StripPrefix(basePath, FlashMessage(RemoteUser(v.Index())))) + mux.Handle(basePath+"/changepw/sso/", FlashMessage(RemoteUser(v.ChangePassword("SSO")))) + mux.Handle(basePath+"/changepw/tacacs/", FlashMessage(RemoteUser(v.ChangePassword("TACACS")))) + mux.Handle(basePath+"/changepw/eduroam/", FlashMessage(RemoteUser(v.ChangePassword("eduroam")))) + mux.Handle(basePath+"/pubkeys/", FlashMessage(RemoteUser(v.ChangeSSHKeys()))) - mux.Handle(base_path+"/static/", http.StripPrefix(base_path+"/static", http.FileServer(http.Dir("static")))) + mux.Handle(basePath+"/static/", http.StripPrefix(basePath+"/static", http.FileServer(http.Dir("static")))) CSRF := csrf.Protect([]byte(csrfSecret), csrf.Secure(!csrfInsecure)) @@ -95,34 +97,3 @@ func gennerateCsrfSecret() string { } return string(b) } - -//type CustomMux struct { -// base_path string -// mux *http.ServeMux -//} -// -//func NewCustomMux(base_path string) *CustomMux { -// return &CustomMux{base_path, http.NewServeMux()} -//} -// -//func (m *CustomMux) Handle(path string, h http.Handler) { -// m.mux.Handle(path, h) -//} -// -//func (m *CustomMux) ServeHTTP(w http.ResponseWriter, r *http.Request) { -// clean_path := filepath.Clean(r.URL.Path) -// log.Println(clean_path) -// if !strings.HasPrefix(clean_path, m.base_path) { -// http.NotFound(w, r) -// return -// } -// r.URL.Path = clean_path[len(m.base_path):] -// log.Println(clean_path[len(m.base_path):]) -// m.mux.ServeHTTP(w, r) -//} - -//type RemoteUserMux map[string] http.Handler -// -//func (m RemoteUserMux) ServeHTTP(w http.ResponseWriter, r *http.Request) { -// handler, ok := m[r.URL.Path -//} |