stuve-it-backend/ldapSync/tables.go

268 lines
7.3 KiB
Go
Raw Permalink Normal View History

2023-10-26 20:34:59 +00:00
package ldapSync
/*
this file contains the code for creating the ldapUsers and ldapGroups tables
*/
import (
"github.com/pocketbase/pocketbase"
"github.com/pocketbase/pocketbase/forms"
"github.com/pocketbase/pocketbase/models"
"github.com/pocketbase/pocketbase/models/schema"
"github.com/pocketbase/pocketbase/tools/types"
)
const ldapUsersTableName string = "users"
2023-10-26 20:34:59 +00:00
const ldapGroupsTableName string = "ldap_groups"
const ldapSyncLogsTableName string = "ldap_sync_logs"
// createLDAPGroupsTable creates ldapGroups table
//
// the function does not check if the ldapGroups table already exists
// returns error
func createLDAPGroupsTable(app *pocketbase.PocketBase) error {
collection := &models.Collection{}
form := forms.NewCollectionUpsert(app, collection)
form.Name = ldapGroupsTableName
form.Type = models.CollectionTypeBase
form.ListRule = nil
form.ViewRule = nil
2023-10-26 20:34:59 +00:00
form.CreateRule = nil
form.UpdateRule = nil
form.DeleteRule = nil
// add description field
form.Schema.AddField(&schema.SchemaField{
Name: "description",
Type: schema.FieldTypeText,
Required: false,
})
// add common name field
form.Schema.AddField(&schema.SchemaField{
Name: "cn",
Type: schema.FieldTypeText,
Required: true,
Presentable: true,
})
// add distinguished name field
form.Schema.AddField(&schema.SchemaField{
Name: "dn",
Type: schema.FieldTypeText,
Required: true,
})
// add objectGUID field
form.Schema.AddField(&schema.SchemaField{
Name: "objectGUID",
Type: schema.FieldTypeText,
Required: true,
})
2023-10-26 20:34:59 +00:00
// create index on cn
form.Indexes = types.JsonArray[string]{
"CREATE UNIQUE INDEX idx_ldapGroups_cn ON " + ldapGroupsTableName + " (cn)",
"CREATE UNIQUE INDEX idx_ldapGroups_objectGUID ON " + ldapSyncLogsTableName + " (objectGUID)",
2023-10-26 20:34:59 +00:00
}
// validate and submit (internally it calls app.Dao().SaveCollection(collection) in a transaction)
if err := form.Submit(); err != nil {
return err
}
// find the ldapGroups collection by name
collection, err := app.Dao().FindCollectionByNameOrId(ldapGroupsTableName)
if err != nil {
return err
}
// create form for collection update
form = forms.NewCollectionUpsert(app, collection)
// add groups field - we cant add this field in the first form because the collection (and the ID) does not exist yet
form.Schema.AddField(&schema.SchemaField{
Name: "memberOf",
Type: schema.FieldTypeRelation,
Required: false,
Options: &schema.RelationOptions{
CollectionId: collection.Id,
CascadeDelete: false,
},
})
// validate and submit (internally it calls app.Dao().SaveCollection(collection) in a transaction)
if err := form.Submit(); err != nil {
return err
}
// return collection id and nil error
return nil
}
// createLDAPUsersTable creates ldapUsers table
//
// the function does not check if the ldapUsers table already exists
// returns error
func createLDAPUsersTable(app *pocketbase.PocketBase) error {
// find the ldapGroups collection by name
groupsCollection, err := app.Dao().FindCollectionByNameOrId(ldapGroupsTableName)
if err != nil {
return err
}
// create ldapUsers table
collection := &models.Collection{}
// because this is an auth collection, the system will automatically create a username field, a password field, verified field, an email field and an emailVisibility field
// create form for collection creation
form := forms.NewCollectionUpsert(app, collection)
form.Name = ldapUsersTableName // collection name
form.Type = models.CollectionTypeAuth // collection type set to auth, otherwise login will not work
form.ListRule = nil // list rule (only admins can list)
form.ViewRule = nil // view rule (only admins can view)
form.CreateRule = nil // create rule (only admins can create)
form.UpdateRule = nil // update rule (only admins can update)
form.DeleteRule = nil // delete rule (only admins can delete)
2023-10-26 20:34:59 +00:00
// add common name field, the collection will also have a field named "username" which is the username field. this field is added automatically by the forms.NewCollectionUpsert() function
form.Schema.AddField(&schema.SchemaField{
Name: "cn",
Type: schema.FieldTypeText,
Required: false,
2023-10-26 20:34:59 +00:00
Presentable: true,
})
// add objectGUID field
form.Schema.AddField(&schema.SchemaField{
Name: "objectGUID",
Type: schema.FieldTypeText,
Required: false,
})
2023-10-26 20:34:59 +00:00
// add distinguished name field
form.Schema.AddField(&schema.SchemaField{
Name: "dn",
Type: schema.FieldTypeText,
Required: false,
2023-10-26 20:34:59 +00:00
})
// add surname field
form.Schema.AddField(&schema.SchemaField{
Name: "sn",
Type: schema.FieldTypeText,
Required: false,
2023-10-26 20:34:59 +00:00
})
// add given name field
form.Schema.AddField(&schema.SchemaField{
Name: "givenName",
Type: schema.FieldTypeText,
Required: false,
2023-10-26 20:34:59 +00:00
})
// add account expires field
form.Schema.AddField(&schema.SchemaField{
Name: "accountExpires",
Type: schema.FieldTypeDate,
Required: false,
})
// add account expires field
form.Schema.AddField(&schema.SchemaField{
Name: "REALM",
Type: schema.FieldTypeDate,
Required: true,
})
2023-10-26 20:34:59 +00:00
// add groups field
form.Schema.AddField(&schema.SchemaField{
Name: "memberOf",
Type: schema.FieldTypeRelation,
Required: false,
Options: &schema.RelationOptions{
CollectionId: groupsCollection.Id,
CascadeDelete: false,
},
})
// create index on username
form.Indexes = types.JsonArray[string]{
"CREATE UNIQUE INDEX idx_users_username ON " + ldapGroupsTableName + " (username, REALM)", // username must be unique for each realm
"CREATE UNIQUE INDEX idx_users_cn ON " + ldapGroupsTableName + " (cn)",
"CREATE UNIQUE INDEX idx_users_objectGUID ON " + ldapSyncLogsTableName + " (objectGUID)",
2023-10-26 20:34:59 +00:00
}
return form.Submit()
}
// createLDAPSyncLogsTable creates ldapSyncLogs table
func createLDAPSyncLogsTable(app *pocketbase.PocketBase) error {
2023-10-26 20:34:59 +00:00
// create ldapSyncs table
collection := &models.Collection{}
// create form for collection creation
form := forms.NewCollectionUpsert(app, collection)
form.Name = ldapSyncLogsTableName // collection name
form.Type = models.CollectionTypeBase // collection type set to auth, otherwise login will not work
form.Schema.AddField(&schema.SchemaField{
Name: "usersFound",
Type: schema.FieldTypeNumber,
})
form.Schema.AddField(&schema.SchemaField{
Name: "usersSynced",
Type: schema.FieldTypeNumber,
})
form.Schema.AddField(&schema.SchemaField{
Name: "usersRemoved",
Type: schema.FieldTypeNumber,
})
form.Schema.AddField(&schema.SchemaField{
Name: "userSyncErrors",
Options: &schema.JsonOptions{
MaxSize: 2000000,
},
2023-10-26 20:34:59 +00:00
Type: schema.FieldTypeJson,
})
form.Schema.AddField(&schema.SchemaField{
Name: "groupsFound",
Type: schema.FieldTypeNumber,
})
form.Schema.AddField(&schema.SchemaField{
Name: "groupsSynced",
Type: schema.FieldTypeNumber,
})
form.Schema.AddField(&schema.SchemaField{
Name: "groupsRemoved",
Type: schema.FieldTypeNumber,
})
form.Schema.AddField(&schema.SchemaField{
Name: "groupSyncErrors",
Options: &schema.JsonOptions{
MaxSize: 2000000,
},
2023-10-26 20:34:59 +00:00
Type: schema.FieldTypeJson,
})
// create index
form.Indexes = types.JsonArray[string]{
"CREATE UNIQUE INDEX idx_ldapSyncs ON " + ldapSyncLogsTableName + " (created)",
}
return form.Submit()
}