diff --git a/assets/login.html b/assets/login.html
index b76a8a2..8de1cd9 100644
--- a/assets/login.html
+++ b/assets/login.html
@@ -26,11 +26,11 @@
-
+
-
+
diff --git a/server/auth.go b/server/auth.go
index 121d3bf..3d8e5ff 100644
--- a/server/auth.go
+++ b/server/auth.go
@@ -2,6 +2,8 @@ package server
import (
"net/http"
+ "crypto/subtle"
+ "time"
)
@@ -18,5 +20,11 @@ func userIsAuthenticated(req *http.Request, username, password string) bool {
}
func userAuthenticate(rw http.ResponseWriter, username, password string) {
-
+ expires := time.Now().Add(time.Hour * 24 * 7) // 1 week
+ cookie := http.Cookie{Name: "auth", Value: username, Expires: expires}
+ http.SetCookie(rw, &cookie)
+}
+
+func safeCompare(p1, p2 string) bool {
+ return subtle.ConstantTimeCompare([]byte(p1), []byte(p2)) == 1
}
diff --git a/server/handlers.go b/server/handlers.go
index 858f866..a67bf8c 100644
--- a/server/handlers.go
+++ b/server/handlers.go
@@ -93,7 +93,13 @@ func IndexHandler(rw http.ResponseWriter, req *http.Request) {
h := handler(req)
if h.requiresAuth() && !userIsAuthenticated(req, h.Username, h.Password) {
if req.Method == "POST" {
- // TODO: implement
+ username := req.FormValue("username")
+ password := req.FormValue("password")
+ if safeCompare(username, h.Username) && safeCompare(password, h.Password) {
+ userAuthenticate(rw, username, password)
+ http.Redirect(rw, req, req.URL.Path, http.StatusFound)
+ return
+ }
}
if assets != nil {