diff options
Diffstat (limited to 'main.go')
| -rw-r--r-- | main.go | 64 |
1 files changed, 42 insertions, 22 deletions
@@ -1,9 +1,7 @@ package main import ( - "crypto/md5" "crypto/subtle" - "encoding/hex" "flag" "fmt" "html/template" @@ -29,35 +27,50 @@ func logMux(handler http.Handler) http.Handler { }) } -func (app *App) validateHandler(w http.ResponseWriter, r *http.Request) { +func (app *App) validate(r *http.Request) (*Session, bool) { c, err := r.Cookie("id") - //log.Println(r.Header.Get("X-Original-URI")) - //log.Println(r.Host) if err != nil { + return nil, false + } else if s, ok := app.GetSession(c.Value); ok { + return s, true + } else { + return nil, false + } +} + +func (app *App) validateHandler(w http.ResponseWriter, r *http.Request) { + if s, ok := app.validate(r); ok { + w.Header().Set("X-Remote-User", strconv.FormatInt(s.UserId, 10)) + w.WriteHeader(http.StatusOK) + } else { w.WriteHeader(http.StatusUnauthorized) + } +} + +func (app *App) rootHandler(w http.ResponseWriter, r *http.Request) { + if s, ok := app.validate(r); ok { + app.Template.ExecuteTemplate(w, "index.tmpl", s) } else { - if s, ok := app.GetSession(c.Value); ok { - w.Header().Set("X-Remote-User", strconv.FormatInt(s.UserId, 10)) - w.WriteHeader(http.StatusOK) - } else { - log.Println("Session does not exist:", c.Value) - w.WriteHeader(http.StatusUnauthorized) - } + http.Redirect(w, r, "/login", http.StatusSeeOther) } } func (app *App) loginHandler(w http.ResponseWriter, r *http.Request) { - if r.Method == http.MethodPost { + if _, ok := app.validate(r); ok { + http.Redirect(w, r, "/", http.StatusSeeOther) + return + } else if r.Method == http.MethodPost { username := r.FormValue("username") - password := r.FormValue("password") + hash := md5hex([]byte(r.FormValue("password"))) next := r.FormValue("next") - hash := md5.Sum([]byte(password)) - dst := make([]byte, hex.EncodedLen(md5.Size)) - hex.Encode(dst, hash[:]) u, ok := app.GetUser(username) - if ok && subtle.ConstantTimeCompare(u.Password, dst) == 1 { + if ok && subtle.ConstantTimeCompare(u.Password, hash) == 1 { s := app.NewSession(u.Id) - c := http.Cookie{Name: "id", Value: s.Id, Domain: "." + app.Domain} + c := http.Cookie{ + Name: "id", + Value: s.Id, + Domain: "." + app.Domain, + } http.SetCookie(w, &c) http.Redirect(w, r, next, http.StatusSeeOther) } else { @@ -74,13 +87,17 @@ func (app *App) loginHandler(w http.ResponseWriter, r *http.Request) { } func (app *App) logoutHandler(w http.ResponseWriter, r *http.Request) { - c := http.Cookie{Name: "id", Value: "", Domain: "." + app.Domain, MaxAge: 0} + c := http.Cookie{ + Name: "id", + Value: "", + Domain: "." + app.Domain, + MaxAge: 0, + } http.SetCookie(w, &c) http.Redirect(w, r, "/login", http.StatusSeeOther) } func main() { - flag.Usage = func() { fmt.Fprintf( flag.CommandLine.Output(), @@ -99,11 +116,14 @@ func main() { } store := NewPgStore(flag.Args()[0]) - template := template.Must(template.New("").ParseGlob(filepath.Join(*templateDir, "*.tmpl"))) + template := template.Must( + template.New("").ParseGlob(filepath.Join(*templateDir, "*.tmpl")), + ) app := &App{store, template, flag.Args()[1]} http.HandleFunc("/validate", app.validateHandler) http.HandleFunc("/login", app.loginHandler) http.HandleFunc("/logout", app.logoutHandler) + http.HandleFunc("/", app.rootHandler) if err := http.ListenAndServe(*address, logMux(http.DefaultServeMux)); err != nil { panic(err) } |