db4s, common: Add a basic system for banning users

justinclift · justinclift · commit e3607767c251 · 2023-03-24T13:11:06.000+11:00
diff --git a/api/handlers.go b/api/handlers.go
@@ -1223,7 +1223,7 @@ func uploadHandler(w http.ResponseWriter, r *http.Request) {
 
 	// Set the maximum accepted database size for uploading
 	oversizeAllowed := false
-	for _, user := range com.Conf.Environment.SizeOverrideUsers {
+	for _, user := range com.Conf.UserMgmt.SizeOverrideUsers {
 		if loggedInUser == user {
 			oversizeAllowed = true
 		}
diff --git a/common/config_types.go b/common/config_types.go
@@ -17,6 +17,7 @@ type TomlConfig struct {
 	MQ          MQInfo
 	Pg          PGInfo
 	Sign        SigningInfo
+	UserMgmt    UserMgmtInfo
 	Web         WebInfo
 }
 
@@ -55,9 +56,8 @@ type DiskCacheInfo struct {
 // EnvInfo holds information about the purpose of the running server.  eg "is this a production, docker,
 // or development" instance?
 type EnvInfo struct {
-	Environment       string
-	UserOverride      string   `toml:"user_override"`
-	SizeOverrideUsers []string `toml:"size_override_users"` // List of users allowed to override the database upload size limits
+	Environment  string
+	UserOverride string `toml:"user_override"`
 }
 
 // EventProcessingInfo hold configuration for the event processing loop
@@ -122,6 +122,12 @@ type SigningInfo struct {
 	IntermediateKey  string `toml:"intermediate_key"`
 }
 
+// UserMgmtInfo contains the various settings for specific users, or groups of users
+type UserMgmtInfo struct {
+	BannedUsers       []string `toml:"banned_users"`        // List of users banned from the service
+	SizeOverrideUsers []string `toml:"size_override_users"` // List of users allowed to override the database upload size limits
+}
+
 // WebInfo contains configuration info for the webUI daemon
 type WebInfo struct {
 	BaseDir              string `toml:"base_dir"`
diff --git a/db4s/main.go b/db4s/main.go
@@ -200,6 +200,15 @@ func extractUserAndServer(w http.ResponseWriter, r *http.Request) (userAcc strin
 		return
 	}
 
+	// If the user has been banned, reject their authentication
+	for _, u := range com.Conf.UserMgmt.BannedUsers {
+		if u == userAcc {
+			log.Printf("Banned user '%s' attempted to connect using DB4S", userAcc)
+			err = errors.New("User has been banned.  Get in contact with us if you want the ban removed.")
+			return
+		}
+	}
+
 	// Everything is ok, so return
 	return
 }
@@ -785,7 +794,7 @@ func metadataGetHandler(w http.ResponseWriter, r *http.Request) {
 func postHandler(w http.ResponseWriter, r *http.Request, userAcc string) {
 	// Set the maximum accepted database size for uploading
 	oversizeAllowed := false
-	for _, user := range com.Conf.Environment.SizeOverrideUsers {
+	for _, user := range com.Conf.UserMgmt.SizeOverrideUsers {
 		if userAcc == user {
 			oversizeAllowed = true
 		}
diff --git a/docker/config.toml b/docker/config.toml
@@ -1,3 +1,13 @@
+[api]
+base_dir = "/dbhub.io"
+bind_address = ":9444"
+server_name = "docker-dev.dbhub.io:9444"
+certificate = "/dbhub.io/docker/certs/docker-dev.dbhub.io.cert.pem"
+certificate_key = "/dbhub.io/docker/certs/docker-dev.dbhub.io.key.pem"
+request_log = "/var/log/dbhub/api_request.log"
+session_store_password = "example2"
+website_name = "DBHub.io"
+
 [db4s]
 server = "docker-dev.dbhub.io"
 port = 5550
@@ -11,7 +21,6 @@ directory = "/home/dbhub/.dbhub/disk_cache"
 [environment]
 environment = "test"
 user_override = "default"
-size_override_users = ["default"]
 
 [event]
 delay = 2
@@ -57,6 +66,10 @@ cert_days_valid = 365
 intermediate_cert = "/dbhub.io/docker/certs/intermediate-docker.cert.pem"
 intermediate_key = "/dbhub.io/docker/certs/intermediate-docker.key.pem"
 
+[usermgmt]
+banned_users = [""]
+size_override_users = ["default"]
+
 [web]
 base_dir = "/dbhub.io"
 bind_address = ":9443"
@@ -65,13 +78,3 @@ certificate = "/dbhub.io/docker/certs/docker-dev.dbhub.io.cert.pem"
 certificate_key = "/dbhub.io/docker/certs/docker-dev.dbhub.io.key.pem"
 request_log = "/var/log/dbhub/request.log"
 session_store_password = "example"
-
-[api]
-base_dir = "/dbhub.io"
-bind_address = ":9444"
-server_name = "docker-dev.dbhub.io:9444"
-certificate = "/dbhub.io/docker/certs/docker-dev.dbhub.io.cert.pem"
-certificate_key = "/dbhub.io/docker/certs/docker-dev.dbhub.io.key.pem"
-request_log = "/var/log/dbhub/api_request.log"
-session_store_password = "example2"
-website_name = "DBHub.io"
diff --git a/webui/main.go b/webui/main.go
@@ -5192,7 +5192,7 @@ func uploadDataHandler(w http.ResponseWriter, r *http.Request) {
 
 	// Set the maximum accepted database size for uploading
 	oversizeAllowed := false
-	for _, user := range com.Conf.Environment.SizeOverrideUsers {
+	for _, user := range com.Conf.UserMgmt.SizeOverrideUsers {
 		if loggedInUser == user {
 			oversizeAllowed = true
 		}

Original file line number	Diff line number	Diff line change
`@@ -1223,7 +1223,7 @@ func uploadHandler(w http.ResponseWriter, r *http.Request) {`
`1223`	`1223`
`1224`	`1224`	`// Set the maximum accepted database size for uploading`
`1225`	`1225`	`oversizeAllowed := false`
`1226`		`- for _, user := range com.Conf.Environment.SizeOverrideUsers {`
	`1226`	`+ for _, user := range com.Conf.UserMgmt.SizeOverrideUsers {`
`1227`	`1227`	`if loggedInUser == user {`
`1228`	`1228`	`oversizeAllowed = true`
`1229`	`1229`	`}`
Original file line number	Diff line number	Diff line change
`@@ -5192,7 +5192,7 @@ func uploadDataHandler(w http.ResponseWriter, r *http.Request) {`
`5192`	`5192`
`5193`	`5193`	`// Set the maximum accepted database size for uploading`
`5194`	`5194`	`oversizeAllowed := false`
`5195`		`- for _, user := range com.Conf.Environment.SizeOverrideUsers {`
	`5195`	`+ for _, user := range com.Conf.UserMgmt.SizeOverrideUsers {`
`5196`	`5196`	`if loggedInUser == user {`
`5197`	`5197`	`oversizeAllowed = true`
`5198`	`5198`	`}`