From d9ff95bbbbea9ade9721e3f5d4dc2323988da3d6 Mon Sep 17 00:00:00 2001
From: simon <simon.tretter@hokify.com>
Date: Fri, 28 Feb 2020 10:31:14 +0100
Subject: [PATCH] feat(cli): allow setting config vars via cli

---
 config.js                  | 14 ++++++++------
 src/app.ts                 | 23 ++++++++++++++++++++---
 src/auth/GoogleLDAPAuth.ts | 19 ++++++++++++++-----
 src/auth/LDAPAuth.ts       | 24 +++++++++++++++++-------
 4 files changed, 59 insertions(+), 21 deletions(-)

diff --git a/config.js b/config.js
index e5b1bb2..c91d43a 100644
--- a/config.js
+++ b/config.js
@@ -23,10 +23,10 @@ module.exports = {
 	authentication: 'GoogleLDAPAuth',
 	authenticationOptions: {
 		base: 'dc=hokify,dc=com',
-		tlsOptions: {
-			// get your keys from http://admin.google.com/ -> Apps -> LDAP -> Client
-			key: fs.readFileSync('ldap.gsuite.key'),
-			cert: fs.readFileSync('ldap.gsuite.crt')
+		// get your keys from http://admin.google.com/ -> Apps -> LDAP -> Client
+		tls: {
+			keyFile: 'ldap.gsuite.key',
+			certFile: 'ldap.gsuite.crt'
 		}
 	}
 
@@ -35,9 +35,11 @@ module.exports = {
 	authenticationOptions: {
 		url: 'ldaps://ldap.google.com',
 		base: 'dc=hokify,dc=com',
+		tls: {
+			keyFile: 'ldap.gsuite.key',
+			certFile: 'ldap.gsuite.crt'
+		},
 		tlsOptions: {
-			key: fs.readFileSync('ldap.gsuite.key'),
-			cert: fs.readFileSync('ldap.gsuite.crt'),
 			servername: 'ldap.google.com'
 		}
 	}
diff --git a/src/app.ts b/src/app.ts
index 09514ec..b8006d6 100644
--- a/src/app.ts
+++ b/src/app.ts
@@ -1,3 +1,4 @@
+import * as yargs from 'yargs';
 import { UDPServer } from './server/UDPServer';
 import { RadiusService } from './radius/RadiusService';
 
@@ -15,9 +16,25 @@ if (typeof (testSocket.tls as any).exportKeyingMaterial !== 'function') {
 	process.exit(-1);
 }
 
-console.log(`Listener Port: ${config.port || 1812}`);
-console.log(`RADIUS Secret: ${config.secret}`);
-console.log(`Auth Mode: ${config.authentication}`);
+const { argv } = yargs
+	.usage('NODE RADIUS Server\nUsage: radius-server')
+	.example('radius-server --port 1812 -s radiussecret')
+	.default({
+		port: config.port || 1812,
+		s: config.secret || 'testing123',
+		authentication: config.authentication,
+		authenticationOptions: config.authenticationOptions
+	})
+	.describe('port', 'RADIUS server listener port')
+	.alias('s', 'secret')
+	.describe('secret', 'RADIUS secret')
+	.number('port')
+	.string(['secret', 'authentication']);
+
+console.log(`Listener Port: ${argv.port || 1812}`);
+console.log(`RADIUS Secret: ${argv.secret}`);
+console.log(`Auth ${argv.authentication}`);
+console.log(`Auth Config: ${JSON.stringify(argv.authenticationOptions, undefined, 3)}`);
 
 (async () => {
 	/* configure auth mechansim */
diff --git a/src/auth/GoogleLDAPAuth.ts b/src/auth/GoogleLDAPAuth.ts
index 13b1b61..69d4fe0 100644
--- a/src/auth/GoogleLDAPAuth.ts
+++ b/src/auth/GoogleLDAPAuth.ts
@@ -1,6 +1,7 @@
 import { ClientOptions, createClient } from 'ldapjs';
 import debug from 'debug';
 import * as tls from 'tls';
+import * as fs from 'fs';
 import { IAuthentication } from '../types/Authentication';
 
 const usernameFields = ['posixUid', 'mail'];
@@ -13,12 +14,16 @@ interface IGoogleLDAPAuthOptions {
 	/** base DN
 	 *  e.g. 'dc=hokify,dc=com', */
 	base: string;
+	tls: {
+		keyFile: string;
+		certFile: string;
+	};
 	/** tls options
 	 * e.g. {
 			key: fs.readFileSync('ldap.gsuite.key'),
 			cert: fs.readFileSync('ldap.gsuite.crt')
 		} */
-	tlsOptions: tls.TlsOptions;
+	tlsOptions?: tls.TlsOptions;
 }
 
 export class GoogleLDAPAuth implements IAuthentication {
@@ -33,12 +38,16 @@ export class GoogleLDAPAuth implements IAuthentication {
 	constructor(config: IGoogleLDAPAuthOptions) {
 		this.base = config.base;
 
+		const tlsOptions = {
+			key: fs.readFileSync(config.tls.keyFile),
+			cert: fs.readFileSync(config.tls.certFile),
+			servername: 'ldap.google.com',
+			...config.tlsOptions
+		};
+
 		this.config = {
 			url: 'ldaps://ldap.google.com:636',
-			tlsOptions: {
-				...config.tlsOptions,
-				servername: 'ldap.google.com'
-			}
+			tlsOptions
 		};
 
 		this.fetchDNs();
diff --git a/src/auth/LDAPAuth.ts b/src/auth/LDAPAuth.ts
index b994929..47daa86 100644
--- a/src/auth/LDAPAuth.ts
+++ b/src/auth/LDAPAuth.ts
@@ -1,4 +1,5 @@
 import * as LdapAuth from 'ldapauth-fork';
+import * as fs from 'fs';
 import { IAuthentication } from '../types/Authentication';
 
 interface ILDAPAuthOptions {
@@ -9,10 +10,13 @@ interface ILDAPAuthOptions {
 	/** base DN
 	 *  e.g. 'dc=hokify,dc=com', */
 	base: string;
+
+	tls: {
+		keyFile: string;
+		certFile: string;
+	};
 	/** tls options
 	 * e.g. {
-			key: fs.readFileSync('ldap.gsuite.key'),
-			cert: fs.readFileSync('ldap.gsuite.crt'),
 			servername: 'ldap.google.com'
 		} */
 	tlsOptions?: any;
@@ -25,12 +29,18 @@ interface ILDAPAuthOptions {
 export class LDAPAuth implements IAuthentication {
 	private ldap: LdapAuth;
 
-	constructor(options: ILDAPAuthOptions) {
+	constructor(config: ILDAPAuthOptions) {
+		const tlsOptions = {
+			key: fs.readFileSync(config.tls.keyFile),
+			cert: fs.readFileSync(config.tls.certFile),
+			...config.tlsOptions
+		};
+
 		this.ldap = new LdapAuth({
-			url: options.url,
-			searchBase: options.base,
-			tlsOptions: options.tlsOptions,
-			searchFilter: options.searchFilter || '(uid={{username}})',
+			url: config.url,
+			searchBase: config.base,
+			tlsOptions,
+			searchFilter: config.searchFilter || '(uid={{username}})',
 			reconnect: true
 		});
 		this.ldap.on('error', function(err) {