Authelia users sync
This commit is contained in:
parent
9e1b06a448
commit
6654463aee
GPG key ID:
423440D735B56BE2
5 changed files with 252 additions and 6 deletions
74
helpers/authelia/database.go
Normal file
74
helpers/authelia/database.go
Normal file
|
|
@ -0,0 +1,74 @@
|
|||
package authelia
|
||||
|
||||
import (
|
||||
"os"
|
||||
|
||||
"git.readonly.ch/bouzoure/pop-camarades/helpers"
|
||||
"go.yaml.in/yaml/v4"
|
||||
)
|
||||
|
||||
type AutheliaUser struct {
|
||||
Password string `yaml:"password"`
|
||||
DisplayName string `yaml:"displayname"`
|
||||
Email string `yaml:"email"`
|
||||
Groups []string `yaml:"groups"`
|
||||
GivenName string `yaml:"given_name"`
|
||||
MiddleName string `yaml:"middle_name"`
|
||||
FamilyName string `yaml:"family_name"`
|
||||
Nickname string `yaml:"nickname"`
|
||||
Gender string `yaml:"gender"`
|
||||
Birthdate string `yaml:"birthdate"`
|
||||
Website string `yaml:"website"`
|
||||
Profile string `yaml:"profile"`
|
||||
Picture string `yaml:"picture"`
|
||||
ZoneInfo string `yaml:"zoneinfo"`
|
||||
Locale string `yaml:"locale"`
|
||||
PhoneNumber string `yaml:"phone_number"`
|
||||
PhoneExtension string `yaml:"phone_extension"`
|
||||
Disabled bool `yaml:"disabled"`
|
||||
Address any `yaml:"address"`
|
||||
Extra map[string]any `yaml:"extra"`
|
||||
}
|
||||
|
||||
type AutheliaUsers struct {
|
||||
Users map[string]AutheliaUser `yaml:"users"`
|
||||
}
|
||||
|
||||
func ReadDatabase() (AutheliaUsers, error) {
|
||||
var users AutheliaUsers
|
||||
|
||||
// Get config
|
||||
config, err := helpers.GetConfig()
|
||||
if err != nil {
|
||||
return users, err
|
||||
}
|
||||
|
||||
// Read YAML file
|
||||
filePath := config.Authelia.UsersLocation
|
||||
fileContent, err := os.ReadFile(filePath)
|
||||
if err != nil {
|
||||
return users, err
|
||||
}
|
||||
|
||||
// Unmarshal YAML
|
||||
err = yaml.Unmarshal(fileContent, &users)
|
||||
|
||||
return users, err
|
||||
}
|
||||
|
||||
func WriteDatabase(users AutheliaUsers) error {
|
||||
// Get config
|
||||
config, err := helpers.GetConfig()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// Marshal YAML
|
||||
yamlData, err := yaml.Marshal(users)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
filePath := config.Authelia.UsersLocation
|
||||
return os.WriteFile(filePath, yamlData, 0644)
|
||||
}
|
||||
|
|
@ -1 +1,112 @@
|
|||
package authelia
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"git.readonly.ch/bouzoure/pop-camarades/helpers"
|
||||
"git.readonly.ch/bouzoure/pop-camarades/models"
|
||||
"github.com/alexedwards/argon2id"
|
||||
"github.com/charmbracelet/log"
|
||||
"github.com/sethvargo/go-password/password"
|
||||
)
|
||||
|
||||
func SyncUsers() error {
|
||||
db, err := helpers.GetDatabase()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
var accounts []models.PersonAccount
|
||||
result := db.Joins("Person").Find(
|
||||
&accounts, "account_created IS NULL OR update_needed = ?", true,
|
||||
)
|
||||
|
||||
if result.Error != nil {
|
||||
return result.Error
|
||||
}
|
||||
|
||||
// If no accounts to create or update -> skip sync
|
||||
if result.RowsAffected <= 0 {
|
||||
return nil
|
||||
}
|
||||
|
||||
users, err := ReadDatabase()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
for _, account := range accounts {
|
||||
accountExists := false
|
||||
for uuid, user := range users.Users {
|
||||
if uuid == account.UUID.String() {
|
||||
accountExists = true
|
||||
|
||||
// Update account
|
||||
user.Disabled = !account.Enabled
|
||||
user.Groups = strings.Split(account.Groups, "|||")
|
||||
user.GivenName = account.Person.FirstName
|
||||
user.FamilyName = account.Person.LastName
|
||||
user.DisplayName = fmt.Sprintf("%s %s",
|
||||
account.Person.FirstName, account.Person.LastName,
|
||||
)
|
||||
user.Email = account.Person.Email
|
||||
|
||||
// Overwrite old user struct
|
||||
users.Users[uuid] = user
|
||||
|
||||
// Exit loop early
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
if !accountExists {
|
||||
// Generate random password
|
||||
randomPassword, err := password.Generate(64, 10, 10, false, false)
|
||||
if err != nil {
|
||||
log.Error(err)
|
||||
continue
|
||||
}
|
||||
|
||||
argonParams := argon2id.Params{
|
||||
Iterations: 3,
|
||||
Memory: 65536,
|
||||
Parallelism: 4,
|
||||
KeyLength: 32,
|
||||
SaltLength: 16,
|
||||
}
|
||||
hashedPassword, err := argon2id.CreateHash(randomPassword, &argonParams)
|
||||
if err != nil {
|
||||
log.Error(err)
|
||||
continue
|
||||
}
|
||||
|
||||
// Create account
|
||||
user := AutheliaUser{
|
||||
Disabled: !account.Enabled,
|
||||
Groups: strings.Split(account.Groups, "|||"),
|
||||
GivenName: account.Person.FirstName,
|
||||
FamilyName: account.Person.LastName,
|
||||
DisplayName: fmt.Sprintf("%s %s",
|
||||
account.Person.FirstName, account.Person.LastName,
|
||||
),
|
||||
Email: account.Person.Email,
|
||||
Password: hashedPassword,
|
||||
}
|
||||
|
||||
// Insert new user
|
||||
users.Users[account.UUID.String()] = user
|
||||
}
|
||||
|
||||
account.UpdateNeeded = false
|
||||
if !account.AccountCreated.Valid {
|
||||
// TODO: send email
|
||||
account.AccountCreated.Scan(time.Now())
|
||||
}
|
||||
|
||||
db.Save(&account)
|
||||
}
|
||||
|
||||
return WriteDatabase(users)
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue