diff --git a/assets/login.html b/assets/login.html
new file mode 100644
index 0000000..b76a8a2
--- /dev/null
+++ b/assets/login.html
@@ -0,0 +1,38 @@
+
+
+
+
+ yarr!
+
+
+
+
+
+
+
+
+
+
diff --git a/server/auth.go b/server/auth.go
new file mode 100644
index 0000000..121d3bf
--- /dev/null
+++ b/server/auth.go
@@ -0,0 +1,22 @@
+package server
+
+import (
+ "net/http"
+)
+
+
+func userIsAuthenticated(req *http.Request, username, password string) bool {
+ cookie, _ := req.Cookie("auth")
+ if cookie == nil {
+ return false
+ }
+ // TODO: change to something sane
+ if cookie.Value != username {
+ return false
+ }
+ return true
+}
+
+func userAuthenticate(rw http.ResponseWriter, username, password string) {
+
+}
diff --git a/server/handlers.go b/server/handlers.go
index 1556b0f..bfae5be 100644
--- a/server/handlers.go
+++ b/server/handlers.go
@@ -22,8 +22,8 @@ import (
)
var routes []Route = []Route{
- p("/", IndexHandler),
- p("/static/*path", StaticHandler),
+ p("/", IndexHandler).SkipAuth(),
+ p("/static/*path", StaticHandler).SkipAuth(),
p("/api/status", StatusHandler),
p("/api/folders", FolderListHandler),
p("/api/folders/:id", FolderHandler),
@@ -38,7 +38,7 @@ var routes []Route = []Route{
p("/opml/import", OPMLImportHandler),
p("/opml/export", OPMLExportHandler),
p("/page", PageCrawlHandler),
- p("/fever/", FeverHandler),
+ p("/fever/", FeverHandler).SkipAuth(),
}
type asset struct {
@@ -90,6 +90,29 @@ type ItemUpdateForm struct {
}
func IndexHandler(rw http.ResponseWriter, req *http.Request) {
+ h := handler(req)
+ if h.requiresAuth() && !userIsAuthenticated(req, h.Username, h.Password) {
+ if req.Method == "POST" {
+ // TODO: implement
+ }
+
+ if assets != nil {
+ asset := assets["login.html"]
+ rw.Header().Set("Content-Type", "text/html")
+ rw.Header().Set("Content-Encoding", "gzip")
+ rw.Write(*asset.gzip())
+ return
+ } else {
+ f, err := os.Open("assets/login.html")
+ if err != nil {
+ handler(req).log.Print(err)
+ return
+ }
+ io.Copy(rw, f)
+ return
+ }
+ }
+
if assets != nil {
asset := assets["index.html"]
diff --git a/server/router.go b/server/router.go
index 439c1a0..e6dc32f 100644
--- a/server/router.go
+++ b/server/router.go
@@ -9,6 +9,12 @@ type Route struct {
url string
urlRegex *regexp.Regexp
handler func(http.ResponseWriter, *http.Request)
+ skipAuth bool
+}
+
+func (r Route) SkipAuth() Route {
+ r.skipAuth = true
+ return r
}
func p(path string, handler func(http.ResponseWriter, *http.Request)) Route {
diff --git a/server/server.go b/server/server.go
index f73fb2d..11937c1 100644
--- a/server/server.go
+++ b/server/server.go
@@ -49,6 +49,14 @@ func (h Handler) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
rw.WriteHeader(http.StatusNotFound)
return
}
+
+ if h.requiresAuth() && !route.skipAuth {
+ if !userIsAuthenticated(req, h.Username, h.Password) {
+ rw.WriteHeader(http.StatusUnauthorized)
+ return
+ }
+ }
+
ctx := context.WithValue(req.Context(), ctxHandler, &h)
ctx = context.WithValue(ctx, ctxVars, vars)
route.handler(rw, req.WithContext(ctx))
@@ -137,6 +145,10 @@ func (h *Handler) startJobs() {
}
}
+func (h Handler) requiresAuth() bool {
+ return h.Username != "" && h.Password != ""
+}
+
func (h *Handler) fetchAllFeeds() {
h.log.Print("Refreshing all feeds")
for _, feed := range h.db.ListFeeds() {