move authmiddleware to auth package

2025-09-13 18:00:05 +00:00 · 2021-03-17 16:38:21 +00:00
parent 0b1c90718d
commit eb0ad7f22e
2 changed files with 18 additions and 20 deletions
--- a/src/auth/middleware.go
+++ b/src/auth/middleware.go
@@ -0,0 +1,55 @@
+package auth
+
+import (
+	"net/http"
+	"strings"
+
+	"github.com/nkanaev/yarr/src/assets"
+	"github.com/nkanaev/yarr/src/router"
+)
+
+type Middleware struct {
+	Username string
+	Password string
+	BasePath string
+	Public   string
+}
+
+func unsafeMethod(method string) bool {
+	return method == "POST" || method == "PUT" || method == "DELETE"
+}
+
+func (m *Middleware) Handler(c *router.Context) {
+	if strings.HasPrefix(c.Req.URL.Path, m.BasePath + m.Public) {
+		c.Next()
+		return
+	}
+	if IsAuthenticated(c.Req, m.Username, m.Password) {
+		c.Next()
+		return
+	}
+
+	rootUrl := m.BasePath + "/"
+
+	if c.Req.URL.Path != rootUrl {
+		c.Out.WriteHeader(http.StatusUnauthorized)
+		return
+	}
+
+	if c.Req.Method == "POST" {
+		username := c.Req.FormValue("username")
+		password := c.Req.FormValue("password")
+		if StringsEqual(username, m.Username) && StringsEqual(password, m.Password) {
+			Authenticate(c.Out, m.Username, m.Password, m.BasePath)
+			c.Redirect(rootUrl)
+			return
+		} else {
+			c.HTML(http.StatusOK, assets.Template("login.html"), map[string]string{
+				"username": username,
+				"error": "Invalid username/password",
+			})
+			return
+		}
+	}
+	c.HTML(http.StatusOK, assets.Template("login.html"), nil)
+}