feat(ldap): Add LDAP

* rename: Admin to AdminGroup * update * cleanup * tmp save group mapping * add enableControl(not-test) * verify username exist before create(for LDAP) * add getAllGroupsDn() * rename * adminGroup * enable TLS Verify * init for ldap --------- Co-authored-by: Tao Chen <iamtaochen@outlook.com>
2025-12-03 02:23:16 +00:00 · 2025-02-02 23:56:40 +08:00
parent d9fcfdde6a
commit 0e3f204327
7 changed files with 519 additions and 14 deletions
--- a/service/user.go
+++ b/service/user.go
@@ -46,6 +46,14 @@ func (us *UserService) InfoByOpenid(openid string) *model.User {

 // InfoByUsernamePassword 根据用户名密码取用户信息
 func (us *UserService) InfoByUsernamePassword(username, password string) *model.User {
+	if global.Config.Ldap.Enable {
+		u, err := AllService.LdapService.Authenticate(username, password)
+		if err == nil {
+			return u
+		}
+		global.Logger.Error("LDAP authentication failed, %v", err)
+		global.Logger.Warn("Fallback to local database")
+	}
 	u := &model.User{}
 	global.DB.Where("username = ? and password = ?", username, us.EncryptPassword(password)).First(u)
 	return u
@@ -156,6 +164,9 @@ func (us *UserService) CheckUserEnable(u *model.User) bool {
 // Create 创建
 func (us *UserService) Create(u *model.User) error {
 	// The initial username should be formatted, and the username should be unique
+	if us.IsUsernameExists(u.Username) {
+		return errors.New("UsernameExists")
+	}
 	u.Username = us.formatUsername(u.Username)
 	u.Password = us.EncryptPassword(u.Password)
 	res := global.DB.Create(u).Error
@@ -343,13 +354,10 @@ func (us *UserService) RegisterByOauth(oauthUser *model.OauthUser, op string) (e

 // GenerateUsernameByOauth 生成用户名
 func (us *UserService) GenerateUsernameByOauth(name string) string {
-	u := &model.User{}
-	global.DB.Where("username = ?", name).First(u)
-	if u.Id == 0 {
-		return name
+	for us.IsUsernameExists(name) {
+		name += strconv.Itoa(rand.Intn(10)) // Append a random digit (0-9)
 	}
-	name = name + strconv.FormatInt(rand.Int63n(10), 10)
-	return us.GenerateUsernameByOauth(name)
+	return name
 }

 // UserThirdsByUserId
@@ -394,15 +402,18 @@ func (us *UserService) IsPasswordEmptyByUser(u *model.User) bool {
 	return us.IsPasswordEmptyById(u.Id)
 }

-// Register 注册
+// Register 注册, 如果用户名已存在则返回nil
 func (us *UserService) Register(username string, email string, password string) *model.User {
 	u := &model.User{
 		Username: username,
 		Email:    email,
-		Password: us.EncryptPassword(password),
+		Password: password,
 		GroupId:  1,
 	}
-	global.DB.Create(u)
+	err := us.Create(u)
+	if err != nil {
+		return nil
+	}
 	return u
 }

@@ -468,3 +479,11 @@ func (us *UserService) BatchDeleteUserToken(ids []uint) error {
 func (us *UserService) VerifyJWT(token string) (uint, error) {
 	return global.Jwt.ParseToken(token)
 }
+
+// IsUsernameExists 判断用户名是否存在, it will check the internal database and LDAP(if enabled)
+func (us *UserService) IsUsernameExists(username string) bool {
+	u := &model.User{}
+	global.DB.Where("username = ?", username).First(u)
+	existsInLdap := AllService.LdapService.IsUsernameExists(username)
+	return u.Id != 0 || existsInLdap
+}