Remove LDAP from codebase

* All searching will be moved to a seperate service to allow for more flexibility in how records are searched

Author: JoshuaTheMiller

package.json

@@ -17,9 +17,7 @@
   "devDependencies": {
     "@octokit/types": "^12.4.0",
     "@types/express": "^4.17.17",
-    "@types/js-yaml": "^4.0.5",
-    "@types/ldap-escape": "^2.0.0",
-    "@types/ldapjs": "3.0.6",
+    "@types/js-yaml": "^4.0.5",        
     "@types/node": "^20.4.8",
     "@types/swagger-ui-express": "^4.1.3",
     "nodemon": "^3.0.2",
@@ -34,9 +32,7 @@
     "axios-retry": "^4.0.0",
     "dotenv": "^16.0.3",
     "express": "^4.18.2",
-    "js-yaml": "^4.1.0",
-    "ldap-escape": "^2.0.6",
-    "ldapjs": "^3.0.1",
+    "js-yaml": "^4.1.0",        
     "nocache": "^4.0.0",
     "octokit": "3.1.2",
     "openapi-backend": "^5.9.1",

src/services/ldapClient.ts

@@ -1,60 +1,10 @@
 import { Config } from "../config";
-import ldap from "ldapjs";
-import ldapEscape from "ldap-escape";
 import axios from "axios";
 import axiosRetry from "axios-retry";
-import { Log, LogError, LoggerToUse } from "../logging";
+import { Log, LoggerToUse } from "../logging";
 import { redisClient } from "../app";
 
 const config = Config()
-
-let client: ldap.Client;
-
-if (!process.env.SOURCE_PROXY) {
-    client = ldap.createClient({
-        url: [config.LDAP.Server]        
-    });
-
-    client.bind(config.LDAP.User, config.LDAP.Password, (err) => {
-        if (err) {
-            console.log("Failed to connect to LDAP Server");
-            LogError(JSON.stringify(err) as string);
-        }
-
-        console.log("Connected to LDAP Server");
-    });
-}
-else {
-    Log("Group Proxy is set. LDAP will not be configured for this instance.")
-}
-
-function SearchAsync(groupName: string): Promise<ldap.SearchCallbackResponse> {
-    const component = ldapEscape.filter`${groupName}`;
-    const ldapSearchString = `(&(objectCategory=user)(memberOf=CN=${component},CN=Users,${config.LDAP.GroupBaseDN}))`
-
-    const opts: ldap.SearchOptions = {
-        filter: ldapSearchString,
-        scope: "sub",
-        // paged:true
-        attributes: ['dn', 'cn', 'userPrincipalName'],
-        // paged: {
-        //     pageSize: 250,
-        //     pagePause: true
-        //   }
-    };
-
-    return new Promise((resolve, reject) => {
-        client.search(config.LDAP.GroupBaseDN, opts, (err, res) => {
-            if (err) {
-                LogError(`Error searching for ${component}: ${JSON.stringify(err)}`)
-                return reject(err);
-            }
-
-            return resolve(res);
-        });
-    })
-}
-
 export interface Entry {
     cn: string,
     userPrincipalName: string
@@ -71,56 +21,6 @@ export type SearchAllSucceeded = {
 
 export type SearchAllResponse = Promise<SearchAllFailed | SearchAllSucceeded>
 
-async function SearchAllAsyncNoExceptionHandling(groupName: string): SearchAllResponse {
-    // TODO: implement paging somehow!!
-    const response = await SearchAsync(groupName);
-
-    const entries: Entry[] = [];    
-
-    type rawEntry = {
-        pojo: {
-            attributes: {
-                type:string,
-                values:string[]
-            }[]
-        }
-    }
-
-    return new Promise((resolve, reject) => {
-        response.on('searchEntry', (entry: rawEntry) => {
-            const attributes = entry.pojo.attributes.map((a) => {
-                return [
-                    a.type,
-                    a.values[0]
-                ]
-            })
-            entries.push(Object.fromEntries(attributes) as Entry);
-        });
-
-        type result = {
-            status:number
-        }
-
-        response.on('end', (result: result) => {
-            Log(`Search Ended for Group '${groupName}' with result '${JSON.stringify(result)}'`)
-
-            if (result == null || result == undefined || result.status !== 0) {
-                return reject(result.status);
-            }
-
-            return resolve({
-                entries: entries,                
-                Succeeded: true
-            });
-        });
-
-        response.on('error', (err: unknown) => {
-            LogError(`Search Errored for Group '${groupName}': ${JSON.stringify(err)}`);
-            return reject();
-        });
-    });
-}
-
 export async function SearchAllAsync(groupName: string): SearchAllResponse {
     const cacheKey = `sot-group:${groupName}`;
 
@@ -138,7 +38,8 @@ export async function SearchAllAsync(groupName: string): SearchAllResponse {
         return JSON.parse(result) as SearchAllResponse
     }
 
-    const actualResult = await PrivateSearchAllAsync(groupName);
+    // Make API call here
+    const actualResult = await ForwardSearch(groupName);
 
     // Slightly complex for caching logic, but we don't want to cache useless results
     if (actualResult.Succeeded && actualResult.entries.length > 0) {
@@ -150,28 +51,11 @@ export async function SearchAllAsync(groupName: string): SearchAllResponse {
     return actualResult;
 }
 
-async function PrivateSearchAllAsync(groupName: string): SearchAllResponse {
-    try {
-        if (process.env.SOURCE_PROXY) {
-            return await ForwardSearch(groupName);
-        }
-
-        return await SearchAllAsyncNoExceptionHandling(groupName);
-    }
-    catch (ex: unknown) {
-        Log(JSON.stringify(ex));
-
-        return {
-            Succeeded: false
-        }
-    }
-}
-
 // TODO: do not directly use axios.create from within a function like this
 // it will cause a new client to be made per request.
 const httpClient = axios.create();
 axiosRetry(httpClient, {
-    retries: 5,
+    retries: 2,
     retryDelay: (retryCount) => {
         Log(`Retry attempt: ${retryCount}`);
         return retryCount * 2000;
@@ -188,15 +72,29 @@ axiosRetry(httpClient, {
 async function ForwardSearch(groupName: string): SearchAllResponse {
     Log(`Forwarding request to '${process.env.SOURCE_PROXY}'`);
 
-    const requestUrl = `${process.env.SOURCE_PROXY}/api/get-source-team?teamName=${groupName}`;
+    const requestUrl = `${process.env.SOURCE_PROXY}/search/${groupName}`;
 
     Log(`Retrieving group (${groupName}) information from '${requestUrl}'`);
     try {
-        const result = await httpClient.get(requestUrl);
-        Log(`Results for ${groupName}: ${result}`);
+        const httpResponse = await httpClient.get(requestUrl);
+        Log(`Results for ${groupName}: ${JSON.stringify(httpResponse.data)}`);
+
+        if(httpResponse.status < 200 || httpResponse.status > 299) {
+            return {
+                Succeeded: false
+            }
+        }        
+
+        const response = httpResponse.data as SuccessResponse;
+        
         return {
             Succeeded: true,
-            ...result.data
+            entries: response.users.map(u => {
+                return {
+                    cn: u.username,
+                    userPrincipalName: u.email
+                }
+            })
         }
     }
     catch (e) {
@@ -207,3 +105,18 @@ async function ForwardSearch(groupName: string): SearchAllResponse {
         Succeeded: false
     }
 }
+
+export interface User {
+    username: string
+    email: string
+}
+
+export interface SuccessResponse {    
+    users: User[]    
+}
+
+export interface FailedResponse {    
+    Message: string
+}
+
+export type SearchResponse = SuccessResponse | FailedResponse