aboutsummaryrefslogtreecommitdiffstats
path: root/main.go
blob: a9e3ab64298e95e404dfab1c3be2fc11d797a707 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85

package main

import (
	"crypto/md5"
	"crypto/subtle"
	"encoding/hex"
	"html/template"
	"log"
	"net/http"
	"os"
	"strconv"
	"time"
)

type App struct {
	Store
	Template *template.Template
}

func logMux(handler http.Handler) http.Handler {
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		t := time.Now()
		handler.ServeHTTP(w, r)
		log.Println(r.Method, r.URL.Path, time.Since(t))
	})
}

func (app *App) validateHandler(w http.ResponseWriter, r *http.Request) {
	c, err := r.Cookie("id")
	//log.Println(r.Header.Get("X-Original-URI"))
	//log.Println(r.Host)
	if err != nil {
		w.WriteHeader(http.StatusUnauthorized)
	} else {
		if s, ok := app.GetSession(c.Value); ok {
			w.Header().Set("X-Remote-User", strconv.FormatInt(s.UserId, 10))
			w.WriteHeader(http.StatusOK)
		} else {
			log.Println("Session does not exist:", c.Value)
			w.WriteHeader(http.StatusForbidden)
		}
	}
}

func (app *App) loginHandler(w http.ResponseWriter, r *http.Request) {
	if r.Method == http.MethodPost {
		username := r.FormValue("username")
		password := r.FormValue("password")
		next := r.FormValue("next")
		hash := md5.Sum([]byte(password))
		dst := make([]byte, hex.EncodedLen(md5.Size))
		hex.Encode(dst, hash[:])
		u, ok := app.GetUser(username)
		if ok && subtle.ConstantTimeCompare(u.Password, dst) == 1 {
			s := app.NewSession(u.Id)
			c := http.Cookie{Name: "id", Value: s.Id, Domain: ".horel.test"}
			http.SetCookie(w, &c)
			http.Redirect(w, r, next, http.StatusSeeOther)
		} else {
			app.Template.ExecuteTemplate(w, "login.tmpl", struct {
				Next string
			}{next})
		}
	} else if r.Method == http.MethodGet {
		next := r.FormValue("next")
		app.Template.ExecuteTemplate(w, "login.tmpl", struct {
			Next string
		}{next})
	}
}

func main() {
	//log.SetFlags(log.LstdFlags)
	if len(os.Args) == 1 {
		log.Fatalf("Usage: %s <connect-string>\n", os.Args[0])
	}
	store := NewPgStore(os.Args[1])
	template := template.Must(template.New("").ParseGlob("templates/*.tmpl"))
	app := &App{store, template}
	http.HandleFunc("/validate", app.validateHandler)
	http.HandleFunc("/login", app.loginHandler)
	if err := http.ListenAndServe(":8080", logMux(http.DefaultServeMux)); err != nil {
		panic(err)
	}
}
generated by cgit v1.2.3-70-g09d2 (git 2.52.0) at 2025-12-21 13:25:24 +0000