allow setting authorization info for passwd backend

b0ad2920 · Christian Pointner · ea29eadf · b0ad2920 · b0ad2920 · b0ad2920
Commit b0ad2920 authored 5 years ago by Christian Pointner
--- a/auth/backend_passwd.go
+++ b/auth/backend_passwd.go
@@ -60,7 +60,8 @@ func (b *PasswdBackend) NewSession(ctx context.Context, arguments json.RawMessag
 		return nil, errors.New("mandatory arguments missing")
 	}

-	if b.userDB[args.Username].Password != args.Password {
+	user, exists := b.userDB[args.Username]
+	if !exists || user.Password != args.Password {
 		return nil, errors.New("invalid username and or password")
 	}

@@ -69,10 +70,9 @@ func (b *PasswdBackend) NewSession(ctx context.Context, arguments json.RawMessag
 	}
 	// TODO: setting this directly is probably fine but rather ugly...
 	s.Username = args.Username
-
-	// TODO: handle authorization
-	s.ReadOnly = true
-	s.AllShows = true
+	s.ReadOnly = user.ReadOnly
+	s.AllShows = user.AllShows
+	s.Shows = user.Shows

 	s.setState(SessionStateLoggedIn)
 	return

--- a/auth/config.go
+++ b/auth/config.go
@@ -42,8 +42,10 @@ type OIDCConfig struct {
 }

 type PasswdUserConfig struct {
-	Password string `json:"password" yaml:"password" toml:"password"`
-	// TODO: add authorization info
+	Password string   `json:"password" yaml:"password" toml:"password"`
+	ReadOnly bool     `json:"readonly" yaml:"readonly" toml:"readonly"`
+	AllShows bool     `json:"all-shows" yaml:"all-shows" toml:"all-shows"`
+	Shows    []string `json:"shows" yaml:"shows" toml:"shows"`
 }

 type Config struct {

--- a/contrib/sample-cfg.yaml
+++ b/contrib/sample-cfg.yaml
@@ -29,21 +29,30 @@ importer:
  normalizer: ffmpeg

 ### uncomment to enable authentication
-auth:
-  sessions:
-    ## defaults to 24h
-    max-age: 12h
-  oidc:
-    issuer-url: http://localhost:8000/openid
-    client-id: ${OIDC_CLIENT_ID}
-    client-secret: ${OIDC_CLIENT_SECRET}
-    callback-url: http://localhost:8040/auth/oidc/callback
-    login-timeout: 10m # defaults to 5 Minutes
-  passwd:
-    hugo:
-      password: secret
-    someuser:
-      password: changeme
+# auth:
+#   sessions:
+#     ## defaults to 24h
+#     max-age: 12h
+#   oidc:
+#     issuer-url: http://localhost:8000/openid
+#     client-id: ${OIDC_CLIENT_ID}
+#     client-secret: ${OIDC_CLIENT_SECRET}
+#     callback-url: http://localhost:8040/auth/oidc/callback
+#     login-timeout: 10m # defaults to 5 Minutes
+#   passwd:
+#     admin:
+#       password: very-secret
+#       all-shows: true
+#     engine:
+#       password: rather-secret
+#       readonly: true
+#       all-shows: true
+#     hugo:
+#       password: changeme
+#       readonly: true
+#       shows:
+#         - hugo
+#         - yet-another-hugo-show

 ### uncomment to enable CORS headers
 ### see: https://godoc.org/github.com/rs/cors#Options