feat: add insecure option for self-signed certificates

2025-12-18 14:12:28 +00:00 · 2025-07-05 02:53:16 +03:00
parent 1e413e671f
commit e55f29ccf9
6 changed files with 35 additions and 30 deletions
--- a/internal/auth/auth.go
+++ b/internal/auth/auth.go
@@ -71,16 +71,17 @@ func (auth *Auth) GetSession(c *gin.Context) (*sessions.Session, error) {
 	return session, nil
 }

-func (auth *Auth) GetUser(username string) types.UserSearch {
+func (auth *Auth) SearchUser(username string) types.UserSearch {
 	// Loop through users and return the user if the username matches
 	log.Debug().Str("username", username).Msg("Searching for user")

-	for _, user := range auth.Config.Users {
-		if user.Username == username {
-			return types.UserSearch{
-				Username: user.Username,
-				Type:     "local",
-			}
+	if auth.GetLocalUser(username).Username != "" {
+		log.Debug().Str("username", username).Msg("Found local user")
+
+		// If user found, return a user with the username and type "local"
+		return types.UserSearch{
+			Username: username,
+			Type:     "local",
 		}
 	}

@@ -126,7 +127,7 @@ func (auth *Auth) VerifyUser(search types.UserSearch, password string) bool {
 			}

 			// If bind is successful, rebind with the LDAP bind user
-			auth.LDAP.Bind(auth.LDAP.Config.BindUser, auth.LDAP.Config.BindPassword)
+			auth.LDAP.Bind(auth.LDAP.Config.BindDN, auth.LDAP.Config.BindPassword)
 			log.Debug().Str("username", search.Username).Msg("LDAP authentication successful")

 			// Return true if the bind was successful
--- a/internal/handlers/handlers.go
+++ b/internal/handlers/handlers.go
@@ -362,8 +362,8 @@ func (h *Handlers) LoginHandler(c *gin.Context) {
 		return
 	}

-	// Get user based on username
-	userSearch := h.Auth.GetUser(login.Username)
+	// Search for a user based on username
+	userSearch := h.Auth.SearchUser(login.Username)

 	log.Debug().Interface("userSearch", userSearch).Msg("Searching for user")

--- a/internal/hooks/hooks.go
+++ b/internal/hooks/hooks.go
@@ -35,8 +35,8 @@ func (hooks *Hooks) UseUserContext(c *gin.Context) types.UserContext {
 	if basic != nil {
 		log.Debug().Msg("Got basic auth")

-		// Get user
-		userSearch := hooks.Auth.GetUser(basic.Username)
+		// Search for a user based on username
+		userSearch := hooks.Auth.SearchUser(basic.Username)

 		if userSearch.Type == "" {
 			log.Error().Str("username", basic.Username).Msg("User does not exist")
@@ -104,8 +104,8 @@ func (hooks *Hooks) UseUserContext(c *gin.Context) types.UserContext {
 	if cookie.Provider == "username" {
 		log.Debug().Msg("Provider is username")

-		// Get user
-		userSearch := hooks.Auth.GetUser(cookie.Username)
+		// Search for the user with the username
+		userSearch := hooks.Auth.SearchUser(cookie.Username)

 		if userSearch.Type == "" {
 			log.Error().Str("username", cookie.Username).Msg("User does not exist")
--- a/internal/ldap/ldap.go
+++ b/internal/ldap/ldap.go
@@ -1,6 +1,7 @@
 package ldap

 import (
+	"crypto/tls"
 	"fmt"
 	"tinyauth/internal/types"

@@ -15,18 +16,15 @@ type LDAP struct {

 func NewLDAP(config types.LdapConfig) (*LDAP, error) {
 	// Connect to the LDAP server
-	conn, err := ldapgo.DialURL(config.Address)
+	conn, err := ldapgo.DialURL(config.Address, ldapgo.DialWithTLSConfig(&tls.Config{
+		InsecureSkipVerify: config.Insecure,
+	}))
 	if err != nil {
 		return nil, err
 	}

-	// Try to connect using TLS
-	// conn.StartTLS(&tls.Config{
-	// 	InsecureSkipVerify: true,
-	// })
-
 	// Bind to the LDAP server with the provided credentials
-	err = conn.Bind(config.BindUser, config.BindPassword)
+	err = conn.Bind(config.BindDN, config.BindPassword)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/types/config.go
+++ b/internal/types/config.go
@@ -37,9 +37,10 @@ type Config struct {
 	FogotPasswordMessage    string `mapstructure:"forgot-password-message" validate:"required"`
 	BackgroundImage         string `mapstructure:"background-image" validate:"required"`
 	LdapAddress             string `mapstructure:"ldap-address"`
-	LdapBindUser            string `mapstructure:"ldap-bind-user"`
+	LdapBindDN              string `mapstructure:"ldap-bind-dn"`
 	LdapBindPassword        string `mapstructure:"ldap-bind-password"`
 	LdapBaseDN              string `mapstructure:"ldap-base-dn"`
+	LdapInsecure            bool   `mapstructure:"ldap-insecure"`
 }

 // Server configuration
@@ -130,7 +131,8 @@ type Labels struct {
 // Ldap config is a struct that contains the configuration for the LDAP service
 type LdapConfig struct {
 	Address      string
-	BindUser     string
+	BindDN       string
 	BindPassword string
 	BaseDN       string
+	Insecure     bool
 }