From a9a29593bc6c8b6271003800c2e0c1decb360b96 Mon Sep 17 00:00:00 2001
From: "colynn.liu" <colynn.liu@gmail.com>
Date: Wed, 21 Sep 2022 17:53:37 +0800
Subject: [PATCH] upgrade*: auth pkg change to public

---
 internal/api/auth.go                       | 28 +++++++++++++---
 {internal/core => pkg}/auth/auth.go        |  0
 {internal/core => pkg}/auth/ldap/ldap.go   | 22 ++++++++----
 pkg/auth/ldap/options.go                   | 39 ++++++++++++++++++++++
 {internal/core => pkg}/auth/local/local.go | 32 +++++++++---------
 pkg/auth/local/options.go                  | 27 +++++++++++++++
 6 files changed, 122 insertions(+), 26 deletions(-)
 rename {internal/core => pkg}/auth/auth.go (100%)
 rename {internal/core => pkg}/auth/ldap/ldap.go (85%)
 create mode 100644 pkg/auth/ldap/options.go
 rename {internal/core => pkg}/auth/local/local.go (75%)
 create mode 100644 pkg/auth/local/options.go

diff --git a/internal/api/auth.go b/internal/api/auth.go
index bf4931d7..0219f96c 100644
--- a/internal/api/auth.go
+++ b/internal/api/auth.go
@@ -32,9 +32,9 @@ import (
 	mycasbin "github.com/go-atomci/atomci/internal/middleware/casbin"
 	"github.com/go-atomci/atomci/internal/middleware/log"
 
-	"github.com/go-atomci/atomci/internal/core/auth"
-	"github.com/go-atomci/atomci/internal/core/auth/ldap"
-	"github.com/go-atomci/atomci/internal/core/auth/local"
+	"github.com/go-atomci/atomci/pkg/auth"
+	"github.com/go-atomci/atomci/pkg/auth/ldap"
+	"github.com/go-atomci/atomci/pkg/auth/local"
 )
 
 // AuthController .operations about login/logout
@@ -68,9 +68,27 @@ func (a *AuthController) Authenticate() {
 	var loginProvider auth.Provider
 	switch req.LoginType {
 	case models.LocalAuth:
-		loginProvider = local.NewProvider()
+		userModel, err := dao.GetUser(req.Username)
+		if err != nil {
+			log.Log.Error("get user error: " + err.Error())
+			a.CustomAbort(http.StatusBadRequest, "用户不存在或密码错误")
+		}
+		loginProvider = local.NewProvider(
+			local.Name(userModel.Name),
+			local.Email(userModel.Email),
+			local.User(userModel.User),
+			local.Password(userModel.Password),
+		)
 	case models.LDAPAuth:
-		loginProvider = ldap.NewProvider()
+		port, _ := beego.AppConfig.Int("ldap::port")
+		loginProvider = ldap.NewProvider(
+			ldap.BaseDN(beego.AppConfig.String("ldap::baseDN")),
+			ldap.Host(beego.AppConfig.String("ldap::host")),
+			ldap.Port(port),
+			ldap.BindDN(beego.AppConfig.String("ldap::bindDN")),
+			ldap.BindPassword(beego.AppConfig.String("ldap::bindPassword")),
+			ldap.UserFilter(beego.AppConfig.String("ldap::userFilter")),
+		)
 	default:
 		log.Log.Error("login_type is %v, not support", req.LoginType)
 		http.Error(a.Ctx.ResponseWriter, "不支持此类型的登录，请联系管理员", http.StatusInternalServerError)
diff --git a/internal/core/auth/auth.go b/pkg/auth/auth.go
similarity index 100%
rename from internal/core/auth/auth.go
rename to pkg/auth/auth.go
diff --git a/internal/core/auth/ldap/ldap.go b/pkg/auth/ldap/ldap.go
similarity index 85%
rename from internal/core/auth/ldap/ldap.go
rename to pkg/auth/ldap/ldap.go
index 4376f11a..1b0608cd 100644
--- a/internal/core/auth/ldap/ldap.go
+++ b/pkg/auth/ldap/ldap.go
@@ -19,8 +19,8 @@ package ldap
 import (
 	"fmt"
 
-	"github.com/go-atomci/atomci/internal/core/auth"
 	"github.com/go-atomci/atomci/internal/middleware/log"
+	"github.com/go-atomci/atomci/pkg/auth"
 
 	"github.com/astaxie/beego"
 	ldap "github.com/colynn/go-ldap-client/v3"
@@ -28,11 +28,22 @@ import (
 
 // Provider a ldap authentication provider.
 // TODO: support configuration later
-type Provider struct{}
+type Provider struct {
+	baseDN       string
+	host         string
+	port         int
+	bindDN       string
+	bindPassword string
+	userFilter   string
+}
 
 // NewProvider creates a new ldap authentication provider.
-func NewProvider() auth.Provider {
-	return &Provider{}
+func NewProvider(opts ...Option) auth.Provider {
+	provider := &Provider{}
+	for _, opt := range opts {
+		opt(provider)
+	}
+	return provider
 }
 
 // Authenticate ..
@@ -53,9 +64,8 @@ func (p *Provider) Authenticate(user, password string) (*auth.ExternalAccount, e
 	}
 	defer client.Close()
 
-	resp := map[string]string{}
 	authVerify, resp, err := client.Authenticate(user, password)
-	if authVerify == false {
+	if !authVerify {
 		if err != nil {
 			log.Log.Error("authVerify error: %s", err.Error())
 		}
diff --git a/pkg/auth/ldap/options.go b/pkg/auth/ldap/options.go
new file mode 100644
index 00000000..2beda021
--- /dev/null
+++ b/pkg/auth/ldap/options.go
@@ -0,0 +1,39 @@
+package ldap
+
+type Option func(*Provider)
+
+func BaseDN(baseDN string) Option {
+	return func(p *Provider) {
+		p.baseDN = baseDN
+	}
+}
+
+func Host(host string) Option {
+	return func(p *Provider) {
+		p.host = host
+	}
+}
+
+func Port(port int) Option {
+	return func(p *Provider) {
+		p.port = port
+	}
+}
+
+func BindDN(bindDN string) Option {
+	return func(p *Provider) {
+		p.bindDN = bindDN
+	}
+}
+
+func BindPassword(bindPassword string) Option {
+	return func(p *Provider) {
+		p.bindPassword = bindPassword
+	}
+}
+
+func UserFilter(userFilter string) Option {
+	return func(p *Provider) {
+		p.userFilter = userFilter
+	}
+}
diff --git a/internal/core/auth/local/local.go b/pkg/auth/local/local.go
similarity index 75%
rename from internal/core/auth/local/local.go
rename to pkg/auth/local/local.go
index 00467083..8239df5e 100644
--- a/internal/core/auth/local/local.go
+++ b/pkg/auth/local/local.go
@@ -19,39 +19,41 @@ package local
 import (
 	"fmt"
 
-	"github.com/go-atomci/atomci/internal/core/auth"
-	"github.com/go-atomci/atomci/internal/dao"
 	"github.com/go-atomci/atomci/internal/middleware/log"
+	"github.com/go-atomci/atomci/pkg/auth"
 
 	"golang.org/x/crypto/bcrypt"
 )
 
 // Provider a local authentication provider.
 // TODO: support configuration later
-type Provider struct{}
+type Provider struct {
+	name     string
+	email    string
+	user     string
+	password string
+}
 
 // NewProvider creates a new local authentication provider.
-func NewProvider() auth.Provider {
-	return &Provider{}
+func NewProvider(opts ...Option) auth.Provider {
+	provider := &Provider{}
+	for _, opt := range opts {
+		opt(provider)
+	}
+	return provider
 }
 
 // Authenticate ..
 func (p *Provider) Authenticate(loginUser, password string) (*auth.ExternalAccount, error) {
-	userModel, err := dao.GetUser(loginUser)
-	if err != nil {
-		log.Log.Error("get user error: %v", err.Error())
-		return nil, fmt.Errorf("用户不存在或密码错误")
-	}
-
-	_, err = CompareHashAndPassword(userModel.Password, password)
+	_, err := CompareHashAndPassword(p.password, password)
 	if err != nil {
 		log.Log.Error("comparehas password, error: %v", err.Error())
 		return nil, fmt.Errorf("用户不存在或密码错误")
 	}
 	return &auth.ExternalAccount{
-		Name:  userModel.Name,
-		Email: userModel.Email,
-		User:  userModel.User,
+		Name:  p.name,
+		Email: p.email,
+		User:  p.user,
 	}, nil
 
 }
diff --git a/pkg/auth/local/options.go b/pkg/auth/local/options.go
new file mode 100644
index 00000000..e81713b3
--- /dev/null
+++ b/pkg/auth/local/options.go
@@ -0,0 +1,27 @@
+package local
+
+type Option func(*Provider)
+
+func Name(name string) Option {
+	return func(p *Provider) {
+		p.name = name
+	}
+}
+
+func Email(email string) Option {
+	return func(p *Provider) {
+		p.email = email
+	}
+}
+
+func User(user string) Option {
+	return func(p *Provider) {
+		p.user = user
+	}
+}
+
+func Password(password string) Option {
+	return func(p *Provider) {
+		p.password = password
+	}
+}