From c9bfdb51c4eaa8e9c9af64a2c9a2f8687791cff5 Mon Sep 17 00:00:00 2001 From: MickaelK Date: Mon, 10 Nov 2025 18:10:35 +1100 Subject: [PATCH] feature (template): additional template vars --- server/ctrl/session.go | 46 ++++++++++++++++-------------------------- server/ctrl/tmpl.go | 33 ++++++++++++++++++++++++++++++ 2 files changed, 50 insertions(+), 29 deletions(-) diff --git a/server/ctrl/session.go b/server/ctrl/session.go index d808139a..dad60ea0 100644 --- a/server/ctrl/session.go +++ b/server/ctrl/session.go @@ -1,17 +1,14 @@ package ctrl import ( - "bytes" "encoding/base64" "encoding/json" "fmt" "net" "net/http" "net/url" - "os" "slices" "strings" - "text/template" "time" . "github.com/mickael-kerjean/filestash/server/common" @@ -270,7 +267,7 @@ func SessionAuthMiddleware(ctx *App, res http.ResponseWriter, req *http.Request) } } - idpParams := map[string]string{} + idpParams := TmplParams(map[string]string{}) if err := json.Unmarshal( []byte(Config.Get("middleware.identity_provider.params").String()), &idpParams, @@ -282,6 +279,18 @@ func SessionAuthMiddleware(ctx *App, res http.ResponseWriter, req *http.Request) ) return } + for k, v := range idpParams { + out, err := TmplExec(NewStringFromInterface(v), idpParams) + if err != nil { + http.Redirect( + res, req, + "/?error=Not%20Valid&trace=idp - "+err.Error(), + http.StatusTemporaryRedirect, + ) + return + } + idpParams[k] = out + } // Step1: Entrypoint of the authentication process is handled by the plugin if req.Method == "GET" && _get.Get("action") == "redirect" { @@ -331,14 +340,7 @@ func SessionAuthMiddleware(ctx *App, res http.ResponseWriter, req *http.Request) } else if err != nil { // response handled directly within a plugin return } - - templateBind["machine_id"] = GenerateMachineID() - for _, value := range os.Environ() { - pair := strings.SplitN(value, "=", 2) - if len(pair) == 2 { - templateBind[fmt.Sprintf("ENV_%s", pair[0])] = pair[1] - } - } + templateBind = TmplParams(templateBind) var ( label = "" @@ -417,25 +419,11 @@ func SessionAuthMiddleware(ctx *App, res http.ResponseWriter, req *http.Request) } mappingToUse := map[string]string{} for k, v := range globalMapping[label] { - str := NewStringFromInterface(v) - if str == "" { - continue - } - tmpl, err := template. - New("ctrl::session::auth_middleware"). - Funcs(tmplFuncs). - Parse(str) - mappingToUse[k] = str + out, err := TmplExec(NewStringFromInterface(v), tb) if err != nil { - Log.Debug("session::authMiddleware 'template creation failed %s'", err.Error()) - continue + Log.Debug("session::authMiddleware action=tmplExec err=%s", err.Error()) } - var b bytes.Buffer - if err = tmpl.Execute(&b, tb); err != nil { - Log.Debug("session::authMiddleware 'template execution failed %s'", err.Error()) - continue - } - mappingToUse[k] = b.String() + mappingToUse[k] = out } mappingToUse["timestamp"] = time.Now().Format(time.RFC3339) return mappingToUse, nil diff --git a/server/ctrl/tmpl.go b/server/ctrl/tmpl.go index 06c35f49..3768b3c3 100644 --- a/server/ctrl/tmpl.go +++ b/server/ctrl/tmpl.go @@ -1,11 +1,13 @@ package ctrl import ( + "bytes" "crypto/rsa" "encoding/base64" "encoding/json" "fmt" "math/big" + "os" "regexp" "strings" "text/template" @@ -15,6 +17,37 @@ import ( "github.com/golang-jwt/jwt/v5" ) +func TmplExec(params string, input map[string]string) (string, error) { + if params == "" { + return "", nil + } + tmpl, err := template. + New("ctrl::session::auth_middleware"). + Funcs(tmplFuncs). + Parse(params) + if err != nil { + Log.Debug("tmpl::execute action=parse err=%s", err.Error()) + return params, err + } + var b bytes.Buffer + if err = tmpl.Execute(&b, input); err != nil { + Log.Debug("tmpl::execute action=execute err%s", err.Error()) + return params, err + } + return b.String(), nil +} + +func TmplParams(data map[string]string) map[string]string { + data["machine_id"] = GenerateMachineID() + for _, value := range os.Environ() { + pair := strings.SplitN(value, "=", 2) + if len(pair) == 2 { + data[fmt.Sprintf("ENV_%s", pair[0])] = pair[1] + } + } + return data +} + var tmplFuncs = template.FuncMap{ "split": func(s, sep string) []string { return strings.Split(sep, s)