authenticateduser.go 2.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107
  1. package authpublic
  2. import (
  3. "slices"
  4. "strings"
  5. "github.com/OliveTin/OliveTin/internal/config"
  6. log "github.com/sirupsen/logrus"
  7. )
  8. // User represents a person.
  9. type AuthenticatedUser struct {
  10. Username string
  11. UsergroupLine string
  12. Provider string
  13. SID string
  14. Acls []string
  15. EffectivePolicy *config.ConfigurationPolicy
  16. }
  17. func (u *AuthenticatedUser) IsGuest() bool {
  18. return u.Username == "guest" && u.Provider == "system"
  19. }
  20. func (u *AuthenticatedUser) parseUsergroupLine(sep string) []string {
  21. ret := []string{}
  22. if sep != "" {
  23. for _, v := range strings.Split(u.UsergroupLine, sep) {
  24. trimmed := strings.TrimSpace(v)
  25. if trimmed != "" {
  26. ret = append(ret, trimmed)
  27. }
  28. }
  29. } else {
  30. ret = strings.Fields(u.UsergroupLine)
  31. }
  32. log.Debugf("parseUsergroupLine: %v, %v, sep:%v", u.UsergroupLine, ret, sep)
  33. return ret
  34. }
  35. func (u *AuthenticatedUser) MatchesUsergroupAcl(matchUsergroups []string, sep string) bool {
  36. groupList := u.parseUsergroupLine(sep)
  37. for _, group := range groupList {
  38. if slices.Contains(matchUsergroups, group) {
  39. log.Debugf("Usergroup %v found in %+v (len: %v)", group, groupList, len(groupList))
  40. return true
  41. }
  42. }
  43. return false
  44. }
  45. func (u *AuthenticatedUser) BuildUserAcls(cfg *config.Config) {
  46. for _, acl := range cfg.AccessControlLists {
  47. if slices.Contains(acl.MatchUsernames, u.Username) {
  48. u.Acls = append(u.Acls, acl.Name)
  49. continue
  50. }
  51. if u.MatchesUsergroupAcl(acl.MatchUsergroups, cfg.AuthHttpHeaderUserGroupSep) {
  52. u.Acls = append(u.Acls, acl.Name)
  53. continue
  54. }
  55. }
  56. u.EffectivePolicy = getEffectivePolicy(cfg, u)
  57. }
  58. func getEffectivePolicy(cfg *config.Config, u *AuthenticatedUser) *config.ConfigurationPolicy {
  59. ret := &config.ConfigurationPolicy{
  60. ShowDiagnostics: cfg.DefaultPolicy.ShowDiagnostics,
  61. ShowLogList: cfg.DefaultPolicy.ShowLogList,
  62. ShowVersionNumber: cfg.DefaultPolicy.ShowVersionNumber,
  63. }
  64. for _, acl := range cfg.AccessControlLists {
  65. if slices.Contains(u.Acls, acl.Name) {
  66. ret = buildConfigurationPolicy(ret, acl.Policy)
  67. }
  68. }
  69. return ret
  70. }
  71. func buildConfigurationPolicy(ret *config.ConfigurationPolicy, policy config.ConfigurationPolicy) *config.ConfigurationPolicy {
  72. if policy.ShowDiagnostics {
  73. ret.ShowDiagnostics = policy.ShowDiagnostics
  74. }
  75. if policy.ShowLogList {
  76. ret.ShowLogList = policy.ShowLogList
  77. }
  78. if policy.ShowVersionNumber {
  79. ret.ShowVersionNumber = policy.ShowVersionNumber
  80. }
  81. return ret
  82. }