gitea-group-sync/gitea-group-sync.go

package main

import (
	"crypto/tls"
	"flag"
	"fmt"
	"log"
	"net/url"
	"os"
	"strconv"
	"strings"
	"time"

	"github.com/robfig/cron/v3"
	"gopkg.in/ldap.v3"
	"gopkg.in/yaml.v2"
)

func AddUsersToTeam(apiKeys GiteaKeys, users []Account, team int) bool {

	for i := 0; i < len(users); i++ {

		fullusername := url.PathEscape(fmt.Sprintf("%s", users[i].Full_name))
		apiKeys.Command = "/api/v1/users/search?q=" + fullusername + "&access_token="
		foundUsers := RequestSearchResults(apiKeys)

		for j := 0; j < len(foundUsers.Data); j++ {

			if strings.EqualFold(users[i].Login, foundUsers.Data[j].Login) {
				apiKeys.Command = "/api/v1/teams/" + fmt.Sprintf("%d", team) + "/members/" + foundUsers.Data[j].Login + "?access_token="
				error := RequestPut(apiKeys)
				if len(error) > 0 {
					log.Println("Error (Team does not exist or Not Found User) :", parseJson(error).(map[string]interface{})["message"])
				}
			}
		}
	}
	return true
}

func DelUsersFromTeam(apiKeys GiteaKeys, Users []Account, team int) bool {

	for i := 0; i < len(Users); i++ {

		apiKeys.Command = "/api/v1/users/search?uid=" + fmt.Sprintf("%d", Users[i].Id) + "&access_token="

		foundUser := RequestSearchResults(apiKeys)

		apiKeys.Command = "/api/v1/teams/" + fmt.Sprintf("%d", team) + "/members/" + foundUser.Data[0].Login + "?access_token="
		RequestDel(apiKeys)
	}
	return true
}

var configFlag = flag.String("config", "config.yaml", "Specify YAML Configuration File")

func main() {
	// Parse flags of programm
	flag.Parse()
	mainJob() // First run for check settings

	var repTime string
	if len(os.Getenv("REP_TIME")) == 0 {

	} else {
		repTime = os.Getenv("REP_TIME")
	}

	c := cron.New()
	c.AddFunc(repTime, mainJob)
	c.Start()
	fmt.Println(c.Entries())
	for true {
		time.Sleep(100 * time.Second)
	}
}

// This Function parses the enviroment for application specific variables and returns a Config struct.
// Used for setting all required settings in the application
func importEnvVars() Config {

	// Create temporary structs for creating the final config
	envConfig := Config{}

	// ApiKeys
	envConfig.ApiKeys = GiteaKeys{}
	envConfig.ApiKeys.TokenKey = strings.Split(os.Getenv("GITEA_TOKEN"), ",")
	envConfig.ApiKeys.BaseUrl = os.Getenv("GITEA_URL")

	// LDAP Config
	envConfig.LdapURL = os.Getenv("LDAP_URL")
	envConfig.LdapBindDN = os.Getenv("BIND_DN")
	envConfig.LdapBindPassword = os.Getenv("BIND_PASSWORD")
	envConfig.LdapFilter = os.Getenv("LDAP_FILTER")
	envConfig.LdapUserSearchBase = os.Getenv("LDAP_USER_SEARCH_BASE")

	// Check TLS Settings
	if len(os.Getenv("LDAP_TLS_PORT")) > 0 {
		port, err := strconv.Atoi(os.Getenv("LDAP_TLS_PORT"))
		envConfig.LdapPort = port
		envConfig.LdapTLS = true
		log.Printf("DialTLS:=%v:%d", envConfig.LdapURL, envConfig.LdapPort)
		if err != nil {
			log.Println("LDAP_TLS_PORT is invalid.")
		}
	} else {
		if len(os.Getenv("LDAP_PORT")) > 0 {
			port, err := strconv.Atoi(os.Getenv("LDAP_PORT"))
			envConfig.LdapPort = port
			envConfig.LdapTLS = false
			log.Printf("Dial:=%v:%d", envConfig.LdapURL, envConfig.LdapPort)
			if err != nil {
				log.Println("LDAP_PORT is invalid.")
			}
		}
	}
	// Set defaults for user Attributes
	if len(os.Getenv("LDAP_USER_IDENTITY_ATTRIBUTE")) == 0 {
		envConfig.LdapUserIdentityAttribute = "uid"
		log.Println("By default LDAP_USER_IDENTITY_ATTRIBUTE = 'uid'")
	} else {
		envConfig.LdapUserIdentityAttribute = os.Getenv("LDAP_USER_IDENTITY_ATTRIBUTE")
	}

	if len(os.Getenv("LDAP_USER_FULL_NAME")) == 0 {
		envConfig.LdapUserFullName = "sn" //change to cn if you need it
		log.Println("By default LDAP_USER_FULL_NAME = 'sn'")
	} else {
		envConfig.LdapUserFullName = os.Getenv("LDAP_USER_FULL_NAME")
	}

	return envConfig // return the config struct for use.
}

func importYAMLConfig(path string) (Config, error) {
	// Open Config File
	f, err := os.Open(path)
	if err != nil {
		return Config{}, err // Aborting
	}
	defer f.Close()

	// Parse File into Config Struct
	var cfg Config
	decoder := yaml.NewDecoder(f)
	err = decoder.Decode(&cfg)
	if err != nil {
		return Config{}, err // Aborting
	}
	return cfg, nil
}

func (c Config) checkConfig() {
	if len(c.ApiKeys.TokenKey) <= 0 {
		log.Println("GITEA_TOKEN is empty or invalid.")
	}
	if len(c.ApiKeys.BaseUrl) == 0 {
		log.Println("GITEA_URL is empty")
	}
	if len(c.LdapURL) == 0 {
		log.Println("LDAP_URL is empty")
	}
	if c.LdapPort <= 0 {
		log.Println("LDAP_TLS_PORT is invalid.")
	} else {
		log.Printf("DialTLS:=%v:%d", c.LdapURL, c.LdapPort)
	}
	if len(c.LdapBindDN) > 0 && len(c.LdapBindPassword) == 0 {
		log.Println("BIND_DN supplied, but BIND_PASSWORD is empty")
	}
	if len(c.LdapFilter) == 0 {
		log.Println("LDAP_FILTER is empty")
	}
	if len(c.LdapUserSearchBase) == 0 {
		log.Println("LDAP_USER_SEARCH_BASE is empty")
	}
	if len(c.LdapUserIdentityAttribute) == 0 {
		c.LdapUserIdentityAttribute = "uid"
		log.Println("By default LDAP_USER_IDENTITY_ATTRIBUTE = 'uid'")
	}
	if len(c.LdapUserFullName) == 0 {
		c.LdapUserFullName = "sn" //change to cn if you need it
		log.Println("By default LDAP_USER_FULL_NAME = 'sn'")
	}
}

func mainJob() {

	//------------------------------
	//  Check and Set input settings
	//------------------------------
	var cfg Config

	cfg, importErr := importYAMLConfig(*configFlag)
	if importErr != nil {
		log.Println("Fallback: Importing Settings from Enviroment Variables ")
		cfg = importEnvVars()
	} else {
		log.Println("Successfully imported YAML Config from " + *configFlag)
		fmt.Println(cfg)
	}
	// Checks Config
	cfg.checkConfig()
	log.Println("Checked config elements")

	// Prepare LDAP Connection
	var l *ldap.Conn
	var err error
	if cfg.LdapTLS {
		l, err = ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", cfg.LdapURL, cfg.LdapPort), &tls.Config{InsecureSkipVerify: true})
	} else {
		l, err = ldap.Dial("tcp", fmt.Sprintf("%s:%d", cfg.LdapURL, cfg.LdapPort))
	}

	if err != nil {
		fmt.Println(err)
		fmt.Println("Please set the correct values for all specifics.")
		os.Exit(1)
	}
	defer l.Close()

	if len(cfg.LdapBindDN) == 0 {
		err = l.UnauthenticatedBind("")
	} else {
		err = l.Bind(cfg.LdapBindDN, cfg.LdapBindPassword)
	}

	if err != nil {
		log.Fatal(err)
	}

	page := 1
	cfg.ApiKeys.BruteforceTokenKey = 0
	cfg.ApiKeys.Command = "/api/v1/admin/orgs?page=" + fmt.Sprintf("%d", page) + "&limit=20&access_token=" // List all organizations
	organizationList := RequestOrganizationList(cfg.ApiKeys)

	log.Printf("%d organizations were found on the server: %s", len(organizationList), cfg.ApiKeys.BaseUrl)

	for 0 < len(organizationList) {

		for i := 0; i < len(organizationList); i++ {

			log.Println(organizationList)

			log.Printf("Begin an organization review: OrganizationName= %v, OrganizationId= %d \n", organizationList[i].Name, organizationList[i].Id)

			cfg.ApiKeys.Command = "/api/v1/orgs/" + organizationList[i].Name + "/teams?access_token="
			teamList := RequestTeamList(cfg.ApiKeys)
			log.Printf("%d teams were found in %s organization", len(teamList), organizationList[i].Name)
			cfg.ApiKeys.BruteforceTokenKey = 0

			for j := 0; j < len(teamList); j++ {

				// preparing request to ldap server
				filter := fmt.Sprintf(cfg.LdapFilter, teamList[j].Name)
				searchRequest := ldap.NewSearchRequest(
					cfg.LdapUserSearchBase, // The base dn to search
					ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
					filter, // The filter to apply
					[]string{"cn", "uid", "mailPrimaryAddress, sn", cfg.LdapUserIdentityAttribute}, // A list attributes to retrieve
					nil,
				)
				// make request to ldap server
				sr, err := l.Search(searchRequest)
				if err != nil {
					log.Fatal(err)
				}
				AccountsLdap := make(map[string]Account)
				AccountsGitea := make(map[string]Account)
				var addUserToTeamList, delUserToTeamlist []Account
				if len(sr.Entries) > 0 {
					log.Printf("The LDAP %s has %d users corresponding to team %s", cfg.LdapURL, len(sr.Entries), teamList[j].Name)
					for _, entry := range sr.Entries {

						AccountsLdap[entry.GetAttributeValue(cfg.LdapUserIdentityAttribute)] = Account{
							Full_name: entry.GetAttributeValue(cfg.LdapUserFullName),
							Login:     entry.GetAttributeValue(cfg.LdapUserIdentityAttribute),
						}
					}

					cfg.ApiKeys.Command = "/api/v1/teams/" + fmt.Sprintf("%d", teamList[j].Id) + "/members?access_token="
					AccountsGitea, cfg.ApiKeys.BruteforceTokenKey = RequestUsersList(cfg.ApiKeys)
					log.Printf("The gitea %s has %d users corresponding to team %s Teamid=%d", cfg.ApiKeys.BaseUrl, len(AccountsGitea), teamList[j].Name, teamList[j].Id)

					for k, v := range AccountsLdap {
						if AccountsGitea[k].Login != v.Login {
							addUserToTeamList = append(addUserToTeamList, v)
						}
					}
					log.Printf("can be added users list %v", addUserToTeamList)
					AddUsersToTeam(cfg.ApiKeys, addUserToTeamList, teamList[j].Id)

					for k, v := range AccountsGitea {
						if AccountsLdap[k].Login != v.Login {
							delUserToTeamlist = append(delUserToTeamlist, v)
						}
					}
					log.Printf("must be del users list %v", delUserToTeamlist)
					DelUsersFromTeam(cfg.ApiKeys, delUserToTeamlist, teamList[j].Id)

				} else {
					log.Printf("The LDAP %s not found users corresponding to team %s", cfg.LdapURL, teamList[j].Name)
				}
			}
		}

		page++
		cfg.ApiKeys.BruteforceTokenKey = 0
		cfg.ApiKeys.Command = "/api/v1/admin/orgs?page=" + fmt.Sprintf("%d", page) + "&limit=20&access_token=" // List all organizations
		organizationList = RequestOrganizationList(cfg.ApiKeys)
		log.Printf("%d organizations were found on the server: %s", len(organizationList), cfg.ApiKeys.BaseUrl)
	}
}