feat(auth): add basic authentication when accessing /tree/
This commit is contained in:
Lucas Barbieri
parent
e2284d404c
commit
a5460e9e52
105
main.go
105
main.go
@ -1,6 +1,8 @@
|
|||||||
package main
|
package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"crypto/sha256"
|
||||||
|
"crypto/subtle"
|
||||||
"fmt"
|
"fmt"
|
||||||
"io"
|
"io"
|
||||||
"log"
|
"log"
|
||||||
@ -11,22 +13,61 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
port = ":8080"
|
|
||||||
filesDir = "./files"
|
filesDir = "./files"
|
||||||
maxFileSize = 20 * 1024 * 1024 // 20MiB
|
port = ":8080"
|
||||||
)
|
)
|
||||||
|
|
||||||
var url string = os.Getenv("URL")
|
type application struct {
|
||||||
|
auth struct {
|
||||||
func main() {
|
username string
|
||||||
http.HandleFunc("/upload", uploadHandler)
|
password string
|
||||||
http.Handle("/tree/", http.StripPrefix("/tree", http.FileServer(http.Dir(filesDir))))
|
}
|
||||||
http.HandleFunc("/", fileHandler)
|
url string
|
||||||
log.Printf("Server running on port %s\n", port)
|
|
||||||
log.Fatal(http.ListenAndServe(port, nil))
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func fileHandler(w http.ResponseWriter, r *http.Request) {
|
func main() {
|
||||||
|
app := new(application)
|
||||||
|
|
||||||
|
app.auth.username = os.Getenv("AUTH_USERNAME")
|
||||||
|
app.auth.password = os.Getenv("AUTH_PASSWORD")
|
||||||
|
app.url = os.Getenv("URL")
|
||||||
|
|
||||||
|
if app.auth.username == "" {
|
||||||
|
log.Fatal("basic auth username must be provided")
|
||||||
|
}
|
||||||
|
|
||||||
|
if app.auth.password == "" {
|
||||||
|
log.Fatal("basic auth password must be provided")
|
||||||
|
}
|
||||||
|
|
||||||
|
mux := http.NewServeMux()
|
||||||
|
mux.HandleFunc("/", app.fileHandler)
|
||||||
|
mux.HandleFunc(
|
||||||
|
"/tree/",
|
||||||
|
app.basicAuth(app.treeHandler),
|
||||||
|
)
|
||||||
|
mux.HandleFunc("/upload", app.uploadHandler)
|
||||||
|
|
||||||
|
srv := &http.Server{
|
||||||
|
Addr: port,
|
||||||
|
Handler: mux,
|
||||||
|
IdleTimeout: time.Minute,
|
||||||
|
ReadTimeout: 10 * time.Second,
|
||||||
|
WriteTimeout: 60 * time.Second,
|
||||||
|
}
|
||||||
|
|
||||||
|
log.Printf("starting server on %s", srv.Addr)
|
||||||
|
|
||||||
|
if err := srv.ListenAndServe(); err != nil {
|
||||||
|
log.Fatalf("Failed to start server: %v", err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (app *application) treeHandler(w http.ResponseWriter, r *http.Request) {
|
||||||
|
http.StripPrefix("/tree/", http.FileServer(http.Dir(filesDir))).ServeHTTP(w, r)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (app *application) fileHandler(w http.ResponseWriter, r *http.Request) {
|
||||||
name := filepath.Clean(r.URL.Path)
|
name := filepath.Clean(r.URL.Path)
|
||||||
path := filepath.Join(filesDir, name)
|
path := filepath.Join(filesDir, name)
|
||||||
|
|
||||||
@ -42,7 +83,7 @@ func fileHandler(w http.ResponseWriter, r *http.Request) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func uploadHandler(w http.ResponseWriter, r *http.Request) {
|
func (app *application) uploadHandler(w http.ResponseWriter, r *http.Request) {
|
||||||
if r.Method != http.MethodPost {
|
if r.Method != http.MethodPost {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
@ -52,11 +93,9 @@ func uploadHandler(w http.ResponseWriter, r *http.Request) {
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
r.Body = http.MaxBytesReader(w, r.Body, maxFileSize)
|
|
||||||
|
|
||||||
file, _, err := r.FormFile("file")
|
file, _, err := r.FormFile("file")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
http.Error(w, "Error retrieving the file or file size exceeds limit", http.StatusBadRequest)
|
http.Error(w, "Error retrieving the file", http.StatusBadRequest)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
defer file.Close()
|
defer file.Close()
|
||||||
@ -81,14 +120,44 @@ func uploadHandler(w http.ResponseWriter, r *http.Request) {
|
|||||||
http.Error(w, "Error copying the file", http.StatusInternalServerError)
|
http.Error(w, "Error copying the file", http.StatusInternalServerError)
|
||||||
}
|
}
|
||||||
|
|
||||||
if url == "" {
|
if app.url == "" {
|
||||||
fmt.Fprintf(w, "http://localhost%s/%d\n", port, time)
|
fmt.Fprintf(w, "http://localhost%s/%d\n", port, time)
|
||||||
} else {
|
} else {
|
||||||
fmt.Fprintf(w, "http://%s/%d\n", url, time)
|
fmt.Fprintf(w, "http://%s/%d\n", app.url, time)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func checkAuth(w http.ResponseWriter, r *http.Request) bool {
|
func checkAuth(w http.ResponseWriter, r *http.Request) bool {
|
||||||
authKey, _ := os.ReadFile(".key")
|
authKey, err := os.ReadFile(".key")
|
||||||
|
if err != nil {
|
||||||
|
http.Error(w, "Couldn't find your .key", http.StatusNotFound)
|
||||||
|
}
|
||||||
return r.Header.Get("X-Auth")+"\n" == string(authKey)
|
return r.Header.Get("X-Auth")+"\n" == string(authKey)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (app *application) basicAuth(next http.HandlerFunc) http.HandlerFunc {
|
||||||
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||||
|
username, password, ok := r.BasicAuth()
|
||||||
|
if ok {
|
||||||
|
// hash password received
|
||||||
|
usernameHash := sha256.Sum256([]byte(username))
|
||||||
|
passwordHash := sha256.Sum256([]byte(password))
|
||||||
|
|
||||||
|
// hash our password
|
||||||
|
expectedUsernameHash := sha256.Sum256([]byte(app.auth.username))
|
||||||
|
expectedPasswordHash := sha256.Sum256([]byte(app.auth.password))
|
||||||
|
|
||||||
|
// compare hashes
|
||||||
|
usernameMatch := (subtle.ConstantTimeCompare(usernameHash[:], expectedUsernameHash[:]) == 1)
|
||||||
|
passwordMatch := (subtle.ConstantTimeCompare(passwordHash[:], expectedPasswordHash[:]) == 1)
|
||||||
|
|
||||||
|
if usernameMatch && passwordMatch {
|
||||||
|
next.ServeHTTP(w, r)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
w.Header().Set("WWW-Authenticate", `Basic realm="restricted", charset="UTF-8`)
|
||||||
|
http.Error(w, "Unauthorized", http.StatusUnauthorized)
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user