james/yarr
4
0
Fork 0
mirror of https://github.com/nkanaev/yarr.git synced 2025-10-30 06:31:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

auth middleware

Browse Source
This commit is contained in:
Nazar Kanaev
2021-03-17 11:40:21 +00:00
parent dfb32d4ebe
commit e9f6a0a1d2
3 changed files with 73 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/router/context.go
View File

@@ -45,3 +45,10 @@ func (c *Context) QueryInt64(key string) (int64, error) {
query := c.Req.URL.Query() query := c.Req.URL.Query()
return strconv.ParseInt(query.Get("page"), 10, 64) return strconv.ParseInt(query.Get("page"), 10, 64)
} }
func (c *Context) Redirect(url string) {
if url == "" {
url = "/"
}
http.Redirect(c.Out, c.Req, url, http.StatusFound)
}

57
src/server/middleware.go Normal file
View File

@@ -0,0 +1,57 @@
package server
import (
"net/http"
"strings"
"github.com/nkanaev/yarr/src/assets"
"github.com/nkanaev/yarr/src/auth"
"github.com/nkanaev/yarr/src/router"
)
type authMiddleware struct {
username string
password string
basepath string
public string
}
func (m *authMiddleware) handler(c *router.Context) {
basepath := m.basepath
if basepath == "" {
basepath = "/"
}
if strings.HasPrefix(c.Req.URL.Path, m.public) {
c.Next()
return
}
if auth.IsAuthenticated(c.Req, m.username, m.password) {
c.Next()
return
}
if c.Req.URL.Path != basepath {
// TODO: check ajax
c.Out.WriteHeader(http.StatusForbidden)
return
}
if c.Req.Method == "POST" {
username := c.Req.FormValue("username")
password := c.Req.FormValue("password")
if auth.StringsEqual(username, m.username) && auth.StringsEqual(password, m.password) {
auth.Authenticate(c.Out, m.username, m.password, m.basepath)
c.Redirect(m.basepath)
return
} else {
// TODO: show error
c.Out.Header().Set("Content-Type", "text/html")
assets.Render("login.html", c.Out, nil)
return
}
}
c.Out.Header().Set("Content-Type", "text/html")
assets.Render("login.html", c.Out, nil)
}

24
src/server/routes.go
View File

@@ -19,6 +19,15 @@ func (s *Server) handler() http.Handler {
r := router.NewRouter() r := router.NewRouter()
// TODO: auth, base, security // TODO: auth, base, security
if s.Username != "" && s.Password != "" {
a := &authMiddleware{
username: s.Username,
password: s.Password,
basepath: BasePath,
public: BasePath + "/static",
}
r.Use(a.handler)
}
r.For("/", s.handleIndex) r.For("/", s.handleIndex)
r.For("/static/*path", s.handleStatic) r.For("/static/*path", s.handleStatic)
@@ -42,21 +51,6 @@ func (s *Server) handler() http.Handler {
} }
func (s *Server) handleIndex(c *router.Context) { func (s *Server) handleIndex(c *router.Context) {
if s.requiresAuth() && !auth.IsAuthenticated(c.Req, s.Username, s.Password) {
if c.Req.Method == "POST" {
username := c.Req.FormValue("username")
password := c.Req.FormValue("password")
if auth.StringsEqual(username, s.Username) && auth.StringsEqual(password, s.Password) {
auth.Authenticate(c.Out, username, password, BasePath)
http.Redirect(c.Out, c.Req, c.Req.URL.Path, http.StatusFound)
return
}
}
c.Out.Header().Set("Content-Type", "text/html")
assets.Render("login.html", c.Out, nil)
return
}
c.Out.Header().Set("Content-Type", "text/html") c.Out.Header().Set("Content-Type", "text/html")
assets.Render("index.html", c.Out, nil) assets.Render("index.html", c.Out, nil)
} }