feat(cli): allow setting config vars via cli
This commit is contained in:
parent
e8b9462c58
commit
d9ff95bbbb
14
config.js
14
config.js
@ -23,10 +23,10 @@ module.exports = {
|
|||||||
authentication: 'GoogleLDAPAuth',
|
authentication: 'GoogleLDAPAuth',
|
||||||
authenticationOptions: {
|
authenticationOptions: {
|
||||||
base: 'dc=hokify,dc=com',
|
base: 'dc=hokify,dc=com',
|
||||||
tlsOptions: {
|
// get your keys from http://admin.google.com/ -> Apps -> LDAP -> Client
|
||||||
// get your keys from http://admin.google.com/ -> Apps -> LDAP -> Client
|
tls: {
|
||||||
key: fs.readFileSync('ldap.gsuite.key'),
|
keyFile: 'ldap.gsuite.key',
|
||||||
cert: fs.readFileSync('ldap.gsuite.crt')
|
certFile: 'ldap.gsuite.crt'
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -35,9 +35,11 @@ module.exports = {
|
|||||||
authenticationOptions: {
|
authenticationOptions: {
|
||||||
url: 'ldaps://ldap.google.com',
|
url: 'ldaps://ldap.google.com',
|
||||||
base: 'dc=hokify,dc=com',
|
base: 'dc=hokify,dc=com',
|
||||||
|
tls: {
|
||||||
|
keyFile: 'ldap.gsuite.key',
|
||||||
|
certFile: 'ldap.gsuite.crt'
|
||||||
|
},
|
||||||
tlsOptions: {
|
tlsOptions: {
|
||||||
key: fs.readFileSync('ldap.gsuite.key'),
|
|
||||||
cert: fs.readFileSync('ldap.gsuite.crt'),
|
|
||||||
servername: 'ldap.google.com'
|
servername: 'ldap.google.com'
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
23
src/app.ts
23
src/app.ts
@ -1,3 +1,4 @@
|
|||||||
|
import * as yargs from 'yargs';
|
||||||
import { UDPServer } from './server/UDPServer';
|
import { UDPServer } from './server/UDPServer';
|
||||||
import { RadiusService } from './radius/RadiusService';
|
import { RadiusService } from './radius/RadiusService';
|
||||||
|
|
||||||
@ -15,9 +16,25 @@ if (typeof (testSocket.tls as any).exportKeyingMaterial !== 'function') {
|
|||||||
process.exit(-1);
|
process.exit(-1);
|
||||||
}
|
}
|
||||||
|
|
||||||
console.log(`Listener Port: ${config.port || 1812}`);
|
const { argv } = yargs
|
||||||
console.log(`RADIUS Secret: ${config.secret}`);
|
.usage('NODE RADIUS Server\nUsage: radius-server')
|
||||||
console.log(`Auth Mode: ${config.authentication}`);
|
.example('radius-server --port 1812 -s radiussecret')
|
||||||
|
.default({
|
||||||
|
port: config.port || 1812,
|
||||||
|
s: config.secret || 'testing123',
|
||||||
|
authentication: config.authentication,
|
||||||
|
authenticationOptions: config.authenticationOptions
|
||||||
|
})
|
||||||
|
.describe('port', 'RADIUS server listener port')
|
||||||
|
.alias('s', 'secret')
|
||||||
|
.describe('secret', 'RADIUS secret')
|
||||||
|
.number('port')
|
||||||
|
.string(['secret', 'authentication']);
|
||||||
|
|
||||||
|
console.log(`Listener Port: ${argv.port || 1812}`);
|
||||||
|
console.log(`RADIUS Secret: ${argv.secret}`);
|
||||||
|
console.log(`Auth ${argv.authentication}`);
|
||||||
|
console.log(`Auth Config: ${JSON.stringify(argv.authenticationOptions, undefined, 3)}`);
|
||||||
|
|
||||||
(async () => {
|
(async () => {
|
||||||
/* configure auth mechansim */
|
/* configure auth mechansim */
|
||||||
|
@ -1,6 +1,7 @@
|
|||||||
import { ClientOptions, createClient } from 'ldapjs';
|
import { ClientOptions, createClient } from 'ldapjs';
|
||||||
import debug from 'debug';
|
import debug from 'debug';
|
||||||
import * as tls from 'tls';
|
import * as tls from 'tls';
|
||||||
|
import * as fs from 'fs';
|
||||||
import { IAuthentication } from '../types/Authentication';
|
import { IAuthentication } from '../types/Authentication';
|
||||||
|
|
||||||
const usernameFields = ['posixUid', 'mail'];
|
const usernameFields = ['posixUid', 'mail'];
|
||||||
@ -13,12 +14,16 @@ interface IGoogleLDAPAuthOptions {
|
|||||||
/** base DN
|
/** base DN
|
||||||
* e.g. 'dc=hokify,dc=com', */
|
* e.g. 'dc=hokify,dc=com', */
|
||||||
base: string;
|
base: string;
|
||||||
|
tls: {
|
||||||
|
keyFile: string;
|
||||||
|
certFile: string;
|
||||||
|
};
|
||||||
/** tls options
|
/** tls options
|
||||||
* e.g. {
|
* e.g. {
|
||||||
key: fs.readFileSync('ldap.gsuite.key'),
|
key: fs.readFileSync('ldap.gsuite.key'),
|
||||||
cert: fs.readFileSync('ldap.gsuite.crt')
|
cert: fs.readFileSync('ldap.gsuite.crt')
|
||||||
} */
|
} */
|
||||||
tlsOptions: tls.TlsOptions;
|
tlsOptions?: tls.TlsOptions;
|
||||||
}
|
}
|
||||||
|
|
||||||
export class GoogleLDAPAuth implements IAuthentication {
|
export class GoogleLDAPAuth implements IAuthentication {
|
||||||
@ -33,12 +38,16 @@ export class GoogleLDAPAuth implements IAuthentication {
|
|||||||
constructor(config: IGoogleLDAPAuthOptions) {
|
constructor(config: IGoogleLDAPAuthOptions) {
|
||||||
this.base = config.base;
|
this.base = config.base;
|
||||||
|
|
||||||
|
const tlsOptions = {
|
||||||
|
key: fs.readFileSync(config.tls.keyFile),
|
||||||
|
cert: fs.readFileSync(config.tls.certFile),
|
||||||
|
servername: 'ldap.google.com',
|
||||||
|
...config.tlsOptions
|
||||||
|
};
|
||||||
|
|
||||||
this.config = {
|
this.config = {
|
||||||
url: 'ldaps://ldap.google.com:636',
|
url: 'ldaps://ldap.google.com:636',
|
||||||
tlsOptions: {
|
tlsOptions
|
||||||
...config.tlsOptions,
|
|
||||||
servername: 'ldap.google.com'
|
|
||||||
}
|
|
||||||
};
|
};
|
||||||
|
|
||||||
this.fetchDNs();
|
this.fetchDNs();
|
||||||
|
@ -1,4 +1,5 @@
|
|||||||
import * as LdapAuth from 'ldapauth-fork';
|
import * as LdapAuth from 'ldapauth-fork';
|
||||||
|
import * as fs from 'fs';
|
||||||
import { IAuthentication } from '../types/Authentication';
|
import { IAuthentication } from '../types/Authentication';
|
||||||
|
|
||||||
interface ILDAPAuthOptions {
|
interface ILDAPAuthOptions {
|
||||||
@ -9,10 +10,13 @@ interface ILDAPAuthOptions {
|
|||||||
/** base DN
|
/** base DN
|
||||||
* e.g. 'dc=hokify,dc=com', */
|
* e.g. 'dc=hokify,dc=com', */
|
||||||
base: string;
|
base: string;
|
||||||
|
|
||||||
|
tls: {
|
||||||
|
keyFile: string;
|
||||||
|
certFile: string;
|
||||||
|
};
|
||||||
/** tls options
|
/** tls options
|
||||||
* e.g. {
|
* e.g. {
|
||||||
key: fs.readFileSync('ldap.gsuite.key'),
|
|
||||||
cert: fs.readFileSync('ldap.gsuite.crt'),
|
|
||||||
servername: 'ldap.google.com'
|
servername: 'ldap.google.com'
|
||||||
} */
|
} */
|
||||||
tlsOptions?: any;
|
tlsOptions?: any;
|
||||||
@ -25,12 +29,18 @@ interface ILDAPAuthOptions {
|
|||||||
export class LDAPAuth implements IAuthentication {
|
export class LDAPAuth implements IAuthentication {
|
||||||
private ldap: LdapAuth;
|
private ldap: LdapAuth;
|
||||||
|
|
||||||
constructor(options: ILDAPAuthOptions) {
|
constructor(config: ILDAPAuthOptions) {
|
||||||
|
const tlsOptions = {
|
||||||
|
key: fs.readFileSync(config.tls.keyFile),
|
||||||
|
cert: fs.readFileSync(config.tls.certFile),
|
||||||
|
...config.tlsOptions
|
||||||
|
};
|
||||||
|
|
||||||
this.ldap = new LdapAuth({
|
this.ldap = new LdapAuth({
|
||||||
url: options.url,
|
url: config.url,
|
||||||
searchBase: options.base,
|
searchBase: config.base,
|
||||||
tlsOptions: options.tlsOptions,
|
tlsOptions,
|
||||||
searchFilter: options.searchFilter || '(uid={{username}})',
|
searchFilter: config.searchFilter || '(uid={{username}})',
|
||||||
reconnect: true
|
reconnect: true
|
||||||
});
|
});
|
||||||
this.ldap.on('error', function(err) {
|
this.ldap.on('error', function(err) {
|
||||||
|
Loading…
Reference in New Issue
Block a user