feature (template): additional template vars

server/ctrl/session.go

@@ -1,17 +1,14 @@
 package ctrl
 
 import (
-	"bytes"
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
 	"net"
 	"net/http"
 	"net/url"
-	"os"
 	"slices"
 	"strings"
-	"text/template"
 	"time"
 
 	. "github.com/mickael-kerjean/filestash/server/common"
@@ -270,7 +267,7 @@ func SessionAuthMiddleware(ctx *App, res http.ResponseWriter, req *http.Request)
 		}
 	}
 
-	idpParams := map[string]string{}
+	idpParams := TmplParams(map[string]string{})
 	if err := json.Unmarshal(
 		[]byte(Config.Get("middleware.identity_provider.params").String()),
 		&idpParams,
@@ -282,6 +279,18 @@ func SessionAuthMiddleware(ctx *App, res http.ResponseWriter, req *http.Request)
 		)
 		return
 	}
+	for k, v := range idpParams {
+		out, err := TmplExec(NewStringFromInterface(v), idpParams)
+		if err != nil {
+			http.Redirect(
+				res, req,
+				"/?error=Not%20Valid&trace=idp - "+err.Error(),
+				http.StatusTemporaryRedirect,
+			)
+			return
+		}
+		idpParams[k] = out
+	}
 
 	// Step1: Entrypoint of the authentication process is handled by the plugin
 	if req.Method == "GET" && _get.Get("action") == "redirect" {
@@ -331,14 +340,7 @@ func SessionAuthMiddleware(ctx *App, res http.ResponseWriter, req *http.Request)
 	} else if err != nil { // response handled directly within a plugin
 		return
 	}
-
-	templateBind["machine_id"] = GenerateMachineID()
-	for _, value := range os.Environ() {
-		pair := strings.SplitN(value, "=", 2)
-		if len(pair) == 2 {
-			templateBind[fmt.Sprintf("ENV_%s", pair[0])] = pair[1]
-		}
-	}
+	templateBind = TmplParams(templateBind)
 
 	var (
 		label = ""
@@ -417,25 +419,11 @@ func SessionAuthMiddleware(ctx *App, res http.ResponseWriter, req *http.Request)
 		}
 		mappingToUse := map[string]string{}
 		for k, v := range globalMapping[label] {
-			str := NewStringFromInterface(v)
-			if str == "" {
-				continue
-			}
-			tmpl, err := template.
-				New("ctrl::session::auth_middleware").
-				Funcs(tmplFuncs).
-				Parse(str)
-			mappingToUse[k] = str
+			out, err := TmplExec(NewStringFromInterface(v), tb)
 			if err != nil {
-				Log.Debug("session::authMiddleware 'template creation failed %s'", err.Error())
-				continue
+				Log.Debug("session::authMiddleware action=tmplExec err=%s", err.Error())
 			}
-			var b bytes.Buffer
-			if err = tmpl.Execute(&b, tb); err != nil {
-				Log.Debug("session::authMiddleware 'template execution failed %s'", err.Error())
-				continue
-			}
-			mappingToUse[k] = b.String()
+			mappingToUse[k] = out
 		}
 		mappingToUse["timestamp"] = time.Now().Format(time.RFC3339)
 		return mappingToUse, nil

server/ctrl/tmpl.go

@@ -1,11 +1,13 @@
 package ctrl
 
 import (
+	"bytes"
 	"crypto/rsa"
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
 	"math/big"
+	"os"
 	"regexp"
 	"strings"
 	"text/template"
@@ -15,6 +17,37 @@ import (
 	"github.com/golang-jwt/jwt/v5"
 )
 
+func TmplExec(params string, input map[string]string) (string, error) {
+	if params == "" {
+		return "", nil
+	}
+	tmpl, err := template.
+		New("ctrl::session::auth_middleware").
+		Funcs(tmplFuncs).
+		Parse(params)
+	if err != nil {
+		Log.Debug("tmpl::execute action=parse err=%s", err.Error())
+		return params, err
+	}
+	var b bytes.Buffer
+	if err = tmpl.Execute(&b, input); err != nil {
+		Log.Debug("tmpl::execute action=execute err%s", err.Error())
+		return params, err
+	}
+	return b.String(), nil
+}
+
+func TmplParams(data map[string]string) map[string]string {
+	data["machine_id"] = GenerateMachineID()
+	for _, value := range os.Environ() {
+		pair := strings.SplitN(value, "=", 2)
+		if len(pair) == 2 {
+			data[fmt.Sprintf("ENV_%s", pair[0])] = pair[1]
+		}
+	}
+	return data
+}
+
 var tmplFuncs = template.FuncMap{
 	"split": func(s, sep string) []string {
 		return strings.Split(sep, s)