Initial commit

2026-03-06 05:39:05 +00:00 · 2025-12-28 21:16:03 +01:00
commit 62e3c6439e
552 changed files with 104858 additions and 0 deletions
--- a/routes/api/auth/ldap/+server.ts
+++ b/routes/api/auth/ldap/+server.ts
@@ -0,0 +1,81 @@
+import { json } from '@sveltejs/kit';
+import type { RequestHandler } from '@sveltejs/kit';
+import { authorize } from '$lib/server/authorize';
+import { getLdapConfigs, createLdapConfig } from '$lib/server/db';
+
+// GET /api/auth/ldap - List all LDAP configurations
+export const GET: RequestHandler = async ({ cookies }) => {
+	const auth = await authorize(cookies);
+
+	// Allow access when auth is disabled (setup mode) or when user is admin
+	if (auth.authEnabled && (!auth.isAuthenticated || !auth.isAdmin)) {
+		return json({ error: 'Unauthorized' }, { status: 401 });
+	}
+
+	if (!auth.isEnterprise) {
+		return json({ error: 'Enterprise license required' }, { status: 403 });
+	}
+
+	try {
+		const configs = await getLdapConfigs();
+		// Don't return passwords
+		const sanitized = configs.map(config => ({
+			...config,
+			bindPassword: config.bindPassword ? '********' : undefined
+		}));
+		return json(sanitized);
+	} catch (error) {
+		console.error('Failed to get LDAP configs:', error);
+		return json({ error: 'Failed to get LDAP configurations' }, { status: 500 });
+	}
+};
+
+// POST /api/auth/ldap - Create a new LDAP configuration
+export const POST: RequestHandler = async ({ request, cookies }) => {
+	const auth = await authorize(cookies);
+
+	// Allow access when auth is disabled (setup mode) or when user is admin
+	if (auth.authEnabled && (!auth.isAuthenticated || !auth.isAdmin)) {
+		return json({ error: 'Unauthorized' }, { status: 401 });
+	}
+
+	if (!auth.isEnterprise) {
+		return json({ error: 'Enterprise license required' }, { status: 403 });
+	}
+
+	try {
+		const data = await request.json();
+
+		// Validate required fields
+		if (!data.name || !data.serverUrl || !data.baseDn) {
+			return json({ error: 'Name, server URL, and base DN are required' }, { status: 400 });
+		}
+
+		const config = await createLdapConfig({
+			name: data.name,
+			enabled: data.enabled ?? false,
+			serverUrl: data.serverUrl,
+			bindDn: data.bindDn || undefined,
+			bindPassword: data.bindPassword || undefined,
+			baseDn: data.baseDn,
+			userFilter: data.userFilter || '(uid={{username}})',
+			usernameAttribute: data.usernameAttribute || 'uid',
+			emailAttribute: data.emailAttribute || 'mail',
+			displayNameAttribute: data.displayNameAttribute || 'cn',
+			groupBaseDn: data.groupBaseDn || undefined,
+			groupFilter: data.groupFilter || undefined,
+			adminGroup: data.adminGroup || undefined,
+			roleMappings: data.roleMappings || undefined,
+			tlsEnabled: data.tlsEnabled ?? false,
+			tlsCa: data.tlsCa || undefined
+		});
+
+		return json({
+			...config,
+			bindPassword: config.bindPassword ? '********' : undefined
+		}, { status: 201 });
+	} catch (error) {
+		console.error('Failed to create LDAP config:', error);
+		return json({ error: 'Failed to create LDAP configuration' }, { status: 500 });
+	}
+};