Adds LDAP auth support

backend/embed/api_docs/api.swagger.json

@@ -10,6 +10,24 @@
 				"$ref": "file://./paths/get.json"
 			}
 		},
+		"/auth": {
+			"get": {
+				"$ref": "file://./paths/auth/get.json"
+			},
+			"post": {
+				"$ref": "file://./paths/auth/post.json"
+			}
+		},
+		"/auth/refresh": {
+			"post": {
+				"$ref": "file://./paths/auth/refresh/post.json"
+			}
+		},
+		"/auth/sse": {
+			"post": {
+				"$ref": "file://./paths/auth/sse/post.json"
+			}
+		},
 		"/certificates": {
 			"get": {
 				"$ref": "file://./paths/certificates/get.json"
@@ -155,19 +173,6 @@
 				"$ref": "file://./paths/streams/streamID/delete.json"
 			}
 		},
-		"/tokens": {
-			"get": {
-				"$ref": "file://./paths/tokens/get.json"
-			},
-			"post": {
-				"$ref": "file://./paths/tokens/post.json"
-			}
-		},
-		"/tokens/sse": {
-			"post": {
-				"$ref": "file://./paths/tokens/sse/post.json"
-			}
-		},
 		"/upstreams": {
 			"get": {
 				"$ref": "file://./paths/upstreams/get.json"
@@ -219,6 +224,9 @@
 	},
 	"components": {
 		"schemas": {
+			"AuthConfigObject": {
+				"$ref": "file://./components/AuthConfigObject.json"
+			},
 			"CertificateAuthorityList": {
 				"$ref": "file://./components/CertificateAuthorityList.json"
 			},

backend/embed/api_docs/components/AuthConfigObject.json

@@ -0,0 +1,13 @@
+{
+	"type": "array",
+	"description": "AuthConfigObject",
+	"minItems": 1,
+	"items": {
+		"type": "string",
+		"enum": [
+			"local",
+			"ldap",
+			"oidc"
+		]
+	}
+}

backend/embed/api_docs/components/UserObject.json

@@ -7,7 +7,6 @@
 		"created_at",
 		"updated_at",
 		"name",
-		"nickname",
 		"email",
 		"is_disabled"
 	],
@@ -29,12 +28,7 @@
 		"name": {
 			"type": "string",
 			"minLength": 2,
-			"maxLength": 100
-		},
-		"nickname": {
-			"type": "string",
-			"minLength": 2,
-			"maxLength": 100
+			"maxLength": 50
 		},
 		"email": {
 			"type": "string",

backend/embed/api_docs/paths/auth/get.json

@@ -0,0 +1,28 @@
+{
+	"operationId": "getAuthConfig",
+	"summary": "Returns auth configuration",
+	"tags": ["Auth"],
+	"responses": {
+		"200": {
+			"description": "200 response",
+			"content": {
+				"application/json": {
+					"schema": {
+						"type": "object",
+						"required": ["result"],
+						"properties": {
+							"result": {
+								"$ref": "#/components/schemas/AuthConfigObject"
+							}
+						}
+					},
+					"examples": {
+						"default": {
+							"value": "todo"
+						}
+					}
+				}
+			}
+		}
+	}
+}

backend/embed/api_docs/paths/auth/post.json

@@ -1,7 +1,7 @@
 {
 	"operationId": "requestToken",
 	"summary": "Request a new access token from credentials",
-	"tags": ["Tokens"],
+	"tags": ["Auth"],
 	"requestBody": {
 		"description": "Credentials Payload",
 		"required": true,

backend/embed/api_docs/paths/auth/refresh/post.json

@@ -1,7 +1,7 @@
 {
 	"operationId": "refreshToken",
 	"summary": "Refresh your access token",
-	"tags": ["Tokens"],
+	"tags": ["Auth"],
 	"responses": {
 		"200": {
 			"description": "200 response",

backend/embed/api_docs/paths/auth/sse/post.json

@@ -1,7 +1,7 @@
 {
 	"operationId": "requestSSEToken",
 	"summary": "Request a new SSE token",
-	"tags": ["Tokens"],
+	"tags": ["Auth"],
 	"responses": {
 		"200": {
 			"description": "200 response",

backend/embed/api_docs/paths/users/get.json

@@ -28,7 +28,7 @@
 				"type": "string"
 			},
 			"description": "The sorting of the list",
-			"example": "name,nickname.desc,email.asc"
+			"example": "name,email.asc"
 		}
 	],
 	"responses": {
@@ -57,10 +57,6 @@
 											"field": "name",
 											"direction": "ASC"
 										},
-										{
-											"field": "nickname",
-											"direction": "DESC"
-										},
 										{
 											"field": "email",
 											"direction": "ASC"
@@ -70,7 +66,6 @@
 										{
 											"id": 1,
 											"name": "Jamie Curnow",
-											"nickname": "James",
 											"email": "jc@jc21.com",
 											"created_at": 1578010090000,
 											"updated_at": 1578010095000,
@@ -81,7 +76,6 @@
 										{
 											"id": 2,
 											"name": "John Doe",
-											"nickname": "John",
 											"email": "johdoe@example.com",
 											"created_at": 1578010100000,
 											"updated_at": 1578010105000,
@@ -95,7 +89,6 @@
 										{
 											"id": 3,
 											"name": "Jane Doe",
-											"nickname": "Jane",
 											"email": "janedoe@example.com",
 											"created_at": 1578010110000,
 											"updated_at": 1578010115000,

backend/embed/api_docs/paths/users/post.json

@@ -31,7 +31,6 @@
 								"result": {
 									"id": 1,
 									"name": "Jamie Curnow",
-									"nickname": "James",
 									"email": "jc@jc21.com",
 									"created_at": 1578010100000,
 									"updated_at": 1578010100000,

backend/embed/api_docs/paths/users/userID/get.json

@@ -43,7 +43,6 @@
 								"result": {
 									"id": 1,
 									"name": "Jamie Curnow",
-									"nickname": "James",
 									"email": "jc@jc21.com",
 									"created_at": 1578010100000,
 									"updated_at": 1578010105000,

backend/embed/api_docs/paths/users/userID/put.json

@@ -52,7 +52,6 @@
 								"result": {
 									"id": 1,
 									"name": "Jamie Curnow",
-									"nickname": "James",
 									"email": "jc@jc21.com",
 									"created_at": 1578010100000,
 									"updated_at": 1578010110000,

backend/embed/migrations/mysql/20201013035318_initial_schema.sql

@@ -17,7 +17,6 @@ CREATE TABLE IF NOT EXISTS `user`
 	`updated_at` BIGINT NOT NULL DEFAULT 0,
 	`is_deleted` INT NOT NULL DEFAULT 0, -- int on purpose, gormism
 	`name` VARCHAR(50) NOT NULL,
-	`nickname` VARCHAR(50) NOT NULL,
 	`email` VARCHAR(255) NOT NULL,
 	`is_system` BOOLEAN NOT NULL DEFAULT FALSE,
 	`is_disabled` BOOLEAN NOT NULL DEFAULT FALSE
@@ -45,6 +44,7 @@ CREATE TABLE IF NOT EXISTS `auth`
 	`is_deleted` INT NOT NULL DEFAULT 0, -- int on purpose, gormism
 	`user_id` INT NOT NULL,
 	`type` VARCHAR(50) NOT NULL,
+	`identity` VARCHAR(255) NOT NULL,
 	`secret` VARCHAR(255) NOT NULL,
 	FOREIGN KEY (`user_id`) REFERENCES `user`(`id`) ON DELETE CASCADE,
 	UNIQUE (`user_id`, `type`)

backend/embed/migrations/mysql/20201013035839_initial_data.sql

@@ -37,6 +37,27 @@ INSERT INTO `setting` (
 	"default-site",
 	"What to show users who hit your Nginx server by default",
 	'"welcome"' -- remember this is json
+),
+(
+	ROUND(UNIX_TIMESTAMP(CURTIME(4)) * 1000),
+	ROUND(UNIX_TIMESTAMP(CURTIME(4)) * 1000),
+	"auth-methods",
+	"Which methods are enabled for authentication",
+	'["local"]' -- remember this is json
+),
+(
+	ROUND(UNIX_TIMESTAMP(CURTIME(4)) * 1000),
+	ROUND(UNIX_TIMESTAMP(CURTIME(4)) * 1000),
+	"oidc-auth",
+	"Configuration for OIDC authentication",
+	'{}' -- remember this is json
+),
+(
+	ROUND(UNIX_TIMESTAMP(CURTIME(4)) * 1000),
+	ROUND(UNIX_TIMESTAMP(CURTIME(4)) * 1000),
+	"ldap-auth",
+	"Configuration for LDAP authentication",
+	'{"host": "", "dn": "", "sync_by": "uid"}' -- remember this is json
 );
 
 -- Default Certificate Authorities

backend/embed/migrations/postgres/20201013035318_initial_schema.sql

@@ -15,7 +15,6 @@ CREATE TABLE "user" (
 	"updated_at" BIGINT NOT NULL DEFAULT 0,
 	"is_deleted" INTEGER NOT NULL DEFAULT 0, -- int on purpose, gormism
 	"name" VARCHAR(50) NOT NULL,
-	"nickname" VARCHAR(50) NOT NULL,
 	"email" VARCHAR(255) NOT NULL,
 	"is_system" BOOLEAN NOT NULL DEFAULT FALSE,
 	"is_disabled" BOOLEAN NOT NULL DEFAULT FALSE
@@ -39,6 +38,7 @@ CREATE TABLE "auth" (
 	"is_deleted" INTEGER NOT NULL DEFAULT 0, -- int on purpose, gormism
 	"user_id" INTEGER NOT NULL REFERENCES "user"("id") ON DELETE CASCADE,
 	"type" VARCHAR(50) NOT NULL,
+	"identity" VARCHAR(255) NOT NULL,
 	"secret" VARCHAR(255) NOT NULL,
 	UNIQUE ("user_id", "type")
 );

backend/embed/migrations/postgres/20201013035839_initial_data.sql

@@ -37,6 +37,27 @@ INSERT INTO "setting" (
 	'default-site',
 	'What to show users who hit your Nginx server by default',
 	'"welcome"' -- remember this is json
+),
+(
+	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
+	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
+	'auth-methods',
+	'Which methods are enabled for authentication',
+	'["local"]' -- remember this is json
+),
+(
+	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
+	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
+	'oidc-auth',
+	'Configuration for OIDC authentication',
+	'{}' -- remember this is json
+),
+(
+	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
+	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
+	'ldap-auth',
+	'Configuration for LDAP authentication',
+	'{"host": "", "dn": "", "sync_by": "uid"}' -- remember this is json
 );
 
 -- Default Certificate Authorities

backend/embed/migrations/sqlite/20201013035318_initial_schema.sql

@@ -17,7 +17,6 @@ CREATE TABLE IF NOT EXISTS `user`
 	`updated_at` INTEGER NOT NULL DEFAULT 0,
 	`is_deleted` INTEGER NOT NULL DEFAULT 0,
 	`name` TEXT NOT NULL,
-	`nickname` TEXT NOT NULL,
 	`email` TEXT NOT NULL,
 	`is_system` INTEGER NOT NULL DEFAULT 0,
 	`is_disabled` INTEGER NOT NULL DEFAULT 0
@@ -45,6 +44,7 @@ CREATE TABLE IF NOT EXISTS `auth`
 	`is_deleted` INTEGER NOT NULL DEFAULT 0,
 	`user_id` INTEGER NOT NULL,
 	`type` TEXT NOT NULL,
+	`identity` TEXT NOT NULL,
 	`secret` TEXT NOT NULL,
 	FOREIGN KEY (`user_id`) REFERENCES `user` (`id`) ON DELETE CASCADE,
 	UNIQUE (`user_id`, `type`)

backend/embed/migrations/sqlite/20201013035839_initial_data.sql

@@ -36,6 +36,27 @@ INSERT INTO `setting` (
 	"default-site",
 	"What to show users who hit your Nginx server by default",
 	'"welcome"' -- remember this is json
+),
+(
+	unixepoch() * 1000,
+	unixepoch() * 1000,
+	"auth-methods",
+	"Which methods are enabled for authentication",
+	'["local"]' -- remember this is json
+),
+(
+	unixepoch() * 1000,
+	unixepoch() * 1000,
+	"oidc-auth",
+	"Configuration for OIDC authentication",
+	'{}' -- remember this is json
+),
+(
+	unixepoch() * 1000,
+	unixepoch() * 1000,
+	"ldap-auth",
+	"Configuration for LDAP authentication",
+	'{"host": "", "dn": "", "sync_by": "uid"}' -- remember this is json
 );
 
 -- Default Certificate Authorities