Git init

Author: gmD3v

.traefik.yml

@@ -0,0 +1,12 @@
+displayName: NetsocsPlugin
+type: middleware
+import: github.com/Netsocs-Team/netsocs-traefik-plugin
+summary: Netsocs feats plugins
+
+iconPath: foo/icon.png
+bannerPath: foo/banner.png
+
+testData:
+  CookieName: COOKIE_NAME
+  LicenseApi: http://localhost:8080
+  AccessControlApi: http://localhost:8080

Readme.md

@@ -0,0 +1,2 @@
+# Traefik Plugin
+This is the Netsocs traefik plugin.

go.mod

@@ -0,0 +1,11 @@
+module github.com/Netsocs-Team/netsocs-traefik-plugin
+
+go 1.23.0
+
+toolchain go1.23.7
+
+require (
+	github.com/cpuguy83/go-md2man/v2 v2.0.5 // indirect
+	github.com/russross/blackfriday/v2 v2.1.0 // indirect
+	github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 // indirect
+)

go.sum

@@ -0,0 +1,8 @@
+github.com/cpuguy83/go-md2man/v2 v2.0.5 h1:ZtcqGrnekaHpVLArFSe4HK5DoKx1T0rq2DwVB0alcyc=
+github.com/cpuguy83/go-md2man/v2 v2.0.5/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
+github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/urfave/cli/v2 v2.27.6 h1:VdRdS98FNhKZ8/Az8B7MTyGQmpIr36O1EHybx/LaZ4g=
+github.com/urfave/cli/v2 v2.27.6/go.mod h1:3Sevf16NykTbInEnD0yKkjDAeZDS0A6bzhBH5hrMvTQ=
+github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 h1:gEOO8jv9F4OT7lGCjxCBTO/36wtF6j2nSip77qHd4x4=
+github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1/go.mod h1:Ohn+xnUBiLI6FVj/9LpzZWtj1/D6lUovWYBkxHVV3aM=

main.go

@@ -0,0 +1,141 @@
+package main
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"time"
+)
+
+// Config the plugin configuration.
+type Config struct {
+	AccessControlApi string
+	CookieName       string
+	LicenseApi       string
+}
+
+// CreateConfig creates the default plugin configuration.
+func CreateConfig() *Config {
+	return &Config{}
+}
+
+type Person struct {
+	ID                         string        `json:"id"`
+	Name                       string        `json:"name"`
+	Photo                      string        `json:"photo"`
+	Type                       string        `json:"type"`
+	IdentificationDocument     string        `json:"identification_document"`
+	IdentificationDocumentType string        `json:"identification_document_type"`
+	Email                      string        `json:"email"`
+	AccessLevels               []interface{} `json:"access_levels"`
+	Phone                      string        `json:"phone"`
+	Vehicles                   []interface{} `json:"vehicles"`
+	ActivationDate             string        `json:"activation_date"`
+	ExpirationDate             string        `json:"expiration_date"`
+	Lists                      []interface{} `json:"lists"`
+	Signature                  string        `json:"signature"`
+	Attachments                []interface{} `json:"attachments"`
+	Departments                []interface{} `json:"departments"`
+	Disabled                   bool          `json:"disabled"`
+	CreatedAt                  time.Time     `json:"created_at"`
+	UpdatedAt                  time.Time     `json:"updated_at"`
+}
+
+type NetsocsUserSession struct {
+	next             http.Handler
+	AccessControlApi string
+	CookieName       string
+	LicenseApi       string
+}
+
+// New created a new Demo plugin.
+func New(ctx context.Context, next http.Handler, config *Config, name string) (http.Handler, error) {
+	return &NetsocsUserSession{
+		next:             next,
+		AccessControlApi: config.AccessControlApi,
+		CookieName:       config.CookieName,
+		LicenseApi:       config.LicenseApi,
+	}, nil
+}
+
+func (a *NetsocsUserSession) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
+	license := CheckLicense(a.LicenseApi)
+	if !license {
+		http.Redirect(rw, req, "/n/config", http.StatusFound)
+		return
+	}
+	err := SyncUserSession(req.Context(), req, rw, a.CookieName, a.AccessControlApi)
+	if err != nil {
+		http.Redirect(rw, req, "/", http.StatusFound)
+		return
+	}
+
+	a.next.ServeHTTP(rw, req)
+}
+
+func SyncUserSession(ctx context.Context, req *http.Request, rw http.ResponseWriter,
+	cookieName string, accessControlApi string) error {
+	cookie, err := req.Cookie(cookieName)
+	if err == nil {
+		user, err := CheckUser(cookie.Value, accessControlApi, cookieName)
+		if err != nil {
+			return fmt.Errorf("error checking user: %v", err)
+		}
+
+		if len(user.Departments) == 0 {
+			http.Redirect(rw, req, "/n/access_control/host", http.StatusFound)
+		}
+
+	} else if err == http.ErrNoCookie {
+		return fmt.Errorf("cookie not found")
+	} else {
+		return err
+	}
+
+	return nil
+}
+
+func CheckLicense(licenseApi string) bool {
+	url := fmt.Sprintf("%s/license", licenseApi)
+	req, err := http.NewRequest("GET", url, nil)
+	if err != nil {
+		return false
+	}
+	client := &http.Client{}
+	resp, err := client.Do(req)
+	if err != nil {
+		return false
+	}
+	defer resp.Body.Close()
+	return resp.StatusCode == http.StatusOK
+}
+
+func CheckUser(netsocstoken string, accesControlApi string, cookieName string) (Person, error) {
+	url := fmt.Sprintf("%s/check_user", accesControlApi)
+	req, err := http.NewRequest("GET", url, nil)
+	if err != nil {
+		return Person{}, err
+	}
+	req.Header.Set("Cookie", fmt.Sprintf("%s=%s", cookieName, netsocstoken))
+	client := &http.Client{}
+	resp, err := client.Do(req)
+	if err != nil {
+		return Person{}, err
+	}
+	defer resp.Body.Close()
+	if resp.StatusCode != http.StatusOK {
+		return Person{}, fmt.Errorf("failed to check user: %s", resp.Status)
+	}
+	var user Person
+	err = json.NewDecoder(resp.Body).Decode(&user)
+
+	if err != nil {
+		return Person{}, err
+	}
+	if user.ID == "" {
+		return Person{}, fmt.Errorf("user not found")
+	}
+	return user, nil
+
+}