reorganizing server-related packages

2025-11-08 10:29:37 +00:00 · 2021-04-01 00:24:18 +01:00
parent b04e8c1e93
commit 528df7fb4a
12 changed files with 4 additions and 4 deletions
--- a/src/server/auth/auth.go
+++ b/src/server/auth/auth.go
@@ -0,0 +1,52 @@
+package auth
+
+import (
+	"crypto/hmac"
+	"crypto/sha256"
+	"crypto/subtle"
+	"encoding/hex"
+	"net/http"
+	"strings"
+	"time"
+)
+
+func IsAuthenticated(req *http.Request, username, password string) bool {
+	cookie, _ := req.Cookie("auth")
+	if cookie == nil {
+		return false
+	}
+	parts := strings.Split(cookie.Value, ":")
+	if len(parts) != 2 || !StringsEqual(parts[0], username) {
+		return false
+	}
+	return StringsEqual(parts[1], secret(username, password))
+}
+
+func Authenticate(rw http.ResponseWriter, username, password, basepath string) {
+	http.SetCookie(rw, &http.Cookie{
+		Name:    "auth",
+		Value:   username + ":" + secret(username, password),
+		Expires: time.Now().Add(time.Hour * 24 * 7), // 1 week,
+		Path:    basepath,
+	})
+}
+
+func Logout(rw http.ResponseWriter, basepath string) {
+	http.SetCookie(rw, &http.Cookie{
+		Name:   "auth",
+		Value:  "",
+		MaxAge: -1,
+		Path:   basepath,
+	})
+}
+
+func StringsEqual(p1, p2 string) bool {
+	return subtle.ConstantTimeCompare([]byte(p1), []byte(p2)) == 1
+}
+
+func secret(msg, key string) string {
+	mac := hmac.New(sha256.New, []byte(key))
+	mac.Write([]byte(msg))
+	src := mac.Sum(nil)
+	return hex.EncodeToString(src)
+}
--- a/src/server/auth/middleware.go
+++ b/src/server/auth/middleware.go
@@ -0,0 +1,55 @@
+package auth
+
+import (
+	"net/http"
+	"strings"
+
+	"github.com/nkanaev/yarr/src/assets"
+	"github.com/nkanaev/yarr/src/server/router"
+)
+
+type Middleware struct {
+	Username string
+	Password string
+	BasePath string
+	Public   string
+}
+
+func unsafeMethod(method string) bool {
+	return method == "POST" || method == "PUT" || method == "DELETE"
+}
+
+func (m *Middleware) Handler(c *router.Context) {
+	if strings.HasPrefix(c.Req.URL.Path, m.BasePath+m.Public) {
+		c.Next()
+		return
+	}
+	if IsAuthenticated(c.Req, m.Username, m.Password) {
+		c.Next()
+		return
+	}
+
+	rootUrl := m.BasePath + "/"
+
+	if c.Req.URL.Path != rootUrl {
+		c.Out.WriteHeader(http.StatusUnauthorized)
+		return
+	}
+
+	if c.Req.Method == "POST" {
+		username := c.Req.FormValue("username")
+		password := c.Req.FormValue("password")
+		if StringsEqual(username, m.Username) && StringsEqual(password, m.Password) {
+			Authenticate(c.Out, m.Username, m.Password, m.BasePath)
+			c.Redirect(rootUrl)
+			return
+		} else {
+			c.HTML(http.StatusOK, assets.Template("login.html"), map[string]string{
+				"username": username,
+				"error":    "Invalid username/password",
+			})
+			return
+		}
+	}
+	c.HTML(http.StatusOK, assets.Template("login.html"), nil)
+}