external auth: add example HTTP server to use as authentication hook

The server authenticate against an LDAP server.
2025-12-08 15:28:05 +03:00 · 2020-04-26 14:48:32 +02:00
parent 0a47412e8c
commit ebd6a11f3a
20 changed files with 1535 additions and 2 deletions
--- a/examples/ldapauthserver/httpd/tlsutils.go
+++ b/examples/ldapauthserver/httpd/tlsutils.go
@@ -0,0 +1,50 @@
+package httpd
+
+import (
+	"crypto/tls"
+	"sync"
+
+	"github.com/drakkan/sftpgo/ldapauthserver/logger"
+)
+
+type certManager struct {
+	cert     *tls.Certificate
+	certPath string
+	keyPath  string
+	lock     *sync.RWMutex
+}
+
+func (m *certManager) loadCertificate() error {
+	newCert, err := tls.LoadX509KeyPair(m.certPath, m.keyPath)
+	if err != nil {
+		logger.Warn(logSender, "", "unable to load https certificate: %v", err)
+		return err
+	}
+	logger.Debug(logSender, "", "https certificate successfully loaded")
+	m.lock.Lock()
+	defer m.lock.Unlock()
+	m.cert = &newCert
+	return nil
+}
+
+func (m *certManager) GetCertificateFunc() func(*tls.ClientHelloInfo) (*tls.Certificate, error) {
+	return func(clientHello *tls.ClientHelloInfo) (*tls.Certificate, error) {
+		m.lock.RLock()
+		defer m.lock.RUnlock()
+		return m.cert, nil
+	}
+}
+
+func newCertManager(certificateFile, certificateKeyFile string) (*certManager, error) {
+	manager := &certManager{
+		cert:     nil,
+		certPath: certificateFile,
+		keyPath:  certificateKeyFile,
+		lock:     new(sync.RWMutex),
+	}
+	err := manager.loadCertificate()
+	if err != nil {
+		return nil, err
+	}
+	return manager, nil
+}