Use simple auth for ftp

CloudronManifest.json

@@ -15,7 +15,8 @@
     "mysql": {},
     "localstorage": {},
     "sendmail": {},
-    "ldap": {}
+    "ldap": {},
+    "simpleauth": {}
   },
   "tcpPorts": {
     "FTP_PORT": {
@@ -25,13 +26,23 @@
     },
     "FTP_PORT_PASSV_0": {
       "title": "FTP PASSV Port 0",
-      "description": "FTP data port 0. Has to be exactly one lower than port 1.",
+      "description": "FTP data port 0. Ports have to be consecutive numbers.",
       "defaultValue": 29601
     },
     "FTP_PORT_PASSV_1": {
       "title": "FTP PASSV Port 1",
-      "description": "FTP data port 1. Has to be exactly one higher than port 0.",
+      "description": "FTP data port 1. Ports have to be consecutive numbers.",
       "defaultValue": 29602
+    },
+    "FTP_PORT_PASSV_2": {
+      "title": "FTP PASSV Port 2",
+      "description": "FTP data port 2. Ports have to be consecutive numbers.",
+      "defaultValue": 29603
+    },
+    "FTP_PORT_PASSV_3": {
+      "title": "FTP PASSV Port 3",
+      "description": "FTP data port 3. Ports have to be consecutive numbers.",
+      "defaultValue": 29604
     }
   },
   "tags": [ "apache", "php", "mysql", "linux" ],

Dockerfile

@@ -21,17 +21,17 @@ RUN sed -e 's/upload_max_filesize = .*/upload_max_filesize = 8M/' \
 RUN ln -sf /app/data/apache2-app.conf /etc/apache2/sites-available/app.conf
 RUN ln -sf /etc/apache2/sites-available/app.conf /etc/apache2/sites-enabled/app.conf
 
+# configure supervisor
+RUN sed -e 's,^logfile=.*$,logfile=/run/app/supervisord.log,' -i /etc/supervisor/supervisord.conf
+ADD supervisor/ /etc/supervisor/conf.d/
+
 ENV PATH /usr/local/node-4.2.1/bin:$PATH
 
-RUN cd /app/code && npm install ftpd
+RUN cd /app/code && npm install ftpd superagent
 
 ADD apache2-app.conf /app/code/apache2-app.conf
 ADD index.html /app/code/index.html
 ADD start.sh /app/code/start.sh
 ADD ftp.js /app/code/ftp.js
 
-# configure supervisor
-RUN sed -e 's,^logfile=.*$,logfile=/run/app/supervisord.log,' -i /etc/supervisor/supervisord.conf
-ADD supervisor/ /etc/supervisor/conf.d/
-
 CMD [ "/app/code/start.sh" ]

ftp.js

@@ -1,7 +1,31 @@
 var ftpd = require('ftpd'),
     fs = require('fs'),
+    superagent = require('superagent'),
     path = require('path');
 
+var simpleAuth = process.env.SIMPLE_AUTH_URL && process.env.SIMPLE_AUTH_CLIENT_ID && process.env.API_ORIGIN;
+
+function verifyUser(username, password, callback) {
+    if (!simpleAuth) {
+        if (username === 'test' && password === 'test') return callback(null);
+        else return callback(new Error('auth failed'));
+    }
+
+    var authPayload = {
+        clientId: process.env.SIMPLE_AUTH_CLIENT_ID,
+        username: username,
+        password: password
+    };
+
+    superagent.post(process.env.SIMPLE_AUTH_URL + '/api/v1/login').send(authPayload).end(function (error, result) {
+        if (error && error.status === 401) return callback(new Error('auth failed'));
+        if (error) return callback(wrapRestError(error));
+        if (result.status !== 200) return callback(new Error('auth failed'));
+
+        callback(null);
+    });
+}
+
 var server;
 var options = {
     host: '0.0.0.0',
@@ -17,7 +41,7 @@ server = new ftpd.FtpServer(options.host, {
       return '/app/data/public';
     },
     pasvPortRangeStart: process.env.FTP_PORT_PASSV_0 || 7003,
-    pasvPortRangeEnd: process.env.FTP_PORT_PASSV_1 || 7004,
+    pasvPortRangeEnd: process.env.FTP_PORT_PASSV_3 || 7006,
     tlsOptions: options.tls,
     allowUnauthorizedTls: true,
     useWriteFile: false,
@@ -32,7 +56,7 @@ server.on('client:connected', function(connection) {
     var username = null;
     console.log('client connected: ' + connection.remoteAddress);
     connection.on('command:user', function(user, success, failure) {
-        if (user === 'nebulon') {
+        if (user) {
             username = user;
             success();
         } else {
@@ -40,12 +64,13 @@ server.on('client:connected', function(connection) {
         }
     });
 
-    connection.on('command:pass', function(pass, success, failure) {
-        if (pass === 'manda') {
-            success(username);
-        } else {
-            failure();
-        }
+    connection.on('command:pass', function(password, success, failure) {
+        if (!password) return failure();
+
+        verifyUser(username, password, function (error) {
+            if (error) failure();
+            else success(username);
+        });
     });
 });