CoreID/app/unit/LDAPServerUnit.js

const Unit = require('libflitter/Unit')
const LDAP = require('ldapjs')
const Validator = require('email-validator')
const net = require('net')

// TODO support logging ALL ldap requests when in DEBUG, not just routed ones
// TODO need to support LDAP server auto-discovery/detection features

class LDAPServerUnit extends Unit {
    static get name() {
        return 'ldap_server'
    }

    static get services() {
        return [...super.services, 'configs', 'express', 'output']
    }

    /**
     * Get the standard format for LDAP DNs. Can be passed into
     * ldapjs/DN.format().
     * @returns {object}
     */
    standard_format() {
        return this.configs.get('ldap:server.format')
    }

    /**
     * Get the LDAP.js DN for the user auth base.
     * @returns {ldap/DN}
     */
    auth_dn() {
        return this.build_dn(this.config.schema.authentication_base)
    }

    group_dn() {
        return this.build_dn(this.config.schema.group_base)
    }

    /**
     * Get the anonymous DN.
     * @returns {ldap/DN}
     */
    anonymous() {
        return LDAP.parseDN('cn=anonymous')
    }

    /**
     * Returns true if the string is a valid e-mail address.
     *
     * @see https://stackoverflow.com/questions/46155/how-to-validate-an-email-address-in-javascript
     * @param {string} email
     * @returns {boolean}
     */
    validate_email(email) {
        return Validator.validate(email)
    }

    /**
     * Build an LDAP.js DN object from a set of string RDNs.
     * @param {...string} parts
     * @returns {ldap/DN}
     */
    build_dn(...parts) {
        parts = parts.flat()
        parts.push(this.config.schema.base_dc)
        return LDAP.parseDN(parts.join(','))
    }

    /**
     * Starts the LDAP server.
     * @param {module:libflitter/app/FlitterApp~FlitterApp} app
     * @returns {Promise<void>}
     */
    async go(app) {
        this.config = this.configs.get('ldap:server')
        const server_config = {}

        // If Flitter is configured to use an SSL certificate,
        // use it to enable LDAPS in the server.
        if ( this.express.use_ssl() ) {
            this.output.info('Using configured SSL certificate. The LDAP server will require an ldaps:// connection.')
            server_config.certificate = await this.express.ssl_certificate()
            server_config.key = await this.express.ssl_key()
        }

        this.server = LDAP.createServer(server_config)

        if ( this.config.max_connections ) {
            this.server.maxConnections = this.config.max_connections
        }

        this.output.info(`Will listen on ${this.config.interface}:${this.config.port}`)
        if ( await this.port_free() ) {
            await new Promise((res, rej) => {
                this.server.listen(this.config.port, this.config.interface, (err) => {
                    this.output.success(`LDAP server listening on port ${this.config.port}...`)
                    res()
                })
            })
        } else {
            this.output.error(`LDAP server port ${this.config.port} is not available. The LDAP server was not started.`)
        }
    }

    async port_free() {
        return new Promise((res, rej) => {
            const server = net.createServer()
            server.once('error', (e) => {
                res(false)
            })
            server.once('listening', () => {
                server.close()
                res(true)
            })
            server.listen(this.config.port)
        })
    }

    /**
     * Stops the LDAP server.
     * @param {module:libflitter/app/FlitterApp~FlitterApp} app
     * @returns {Promise<void>}
     */
    async cleanup(app) {
        this.server.close()
    }
}

module.exports = exports = LDAPServerUnit