diff --git a/abyss.go b/abyss.go index c8d28a6..32b8ae9 100644 --- a/abyss.go +++ b/abyss.go @@ -93,6 +93,8 @@ func setupHandlers(mux *http.ServeMux, app *Application) { mux.HandleFunc("/last", app.lastUploadedHandler) + mux.HandleFunc("/token", BasicAuth(app.createTokenHandler, app)) + mux.HandleFunc("/files/", app.fileHandler) if app.authText == "yes" { diff --git a/go.mod b/go.mod index bd2aaf7..552829e 100644 --- a/go.mod +++ b/go.mod @@ -3,3 +3,5 @@ module github.com/jabuxas/abyss go 1.22.6 require github.com/joho/godotenv v1.5.1 + +require github.com/golang-jwt/jwt/v5 v5.2.1 // indirect diff --git a/go.sum b/go.sum index d61b19e..4500056 100644 --- a/go.sum +++ b/go.sum @@ -1,2 +1,4 @@ +github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk= +github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= github.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0= github.com/joho/godotenv v1.5.1/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4= diff --git a/handlers.go b/handlers.go index d0945fe..6b0d105 100644 --- a/handlers.go +++ b/handlers.go @@ -9,6 +9,9 @@ import ( "os" "path/filepath" "strings" + "time" + + "github.com/golang-jwt/jwt/v5" ) type Application struct { @@ -198,3 +201,17 @@ func (app *Application) publicURL(file io.Reader, extension string) string { return filename } + +func (app *Application) createTokenHandler(w http.ResponseWriter, r *http.Request) { + token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{ + "exp": time.Now().Add(time.Hour * 2).Unix(), + }) + + tokenString, err := token.SignedString([]byte(app.key)) + if err != nil { + http.Error(w, "Error generating token", http.StatusInternalServerError) + return + } + + fmt.Fprintf(w, "%s", tokenString) +} diff --git a/helpers.go b/helpers.go index 18168fa..a799e62 100644 --- a/helpers.go +++ b/helpers.go @@ -9,6 +9,8 @@ import ( "io" "net/http" "os" + + "github.com/golang-jwt/jwt/v5" ) type FileInfo struct { @@ -27,7 +29,31 @@ type TemplateData struct { } func CheckAuth(r *http.Request, key string) bool { - return r.Header.Get("X-Auth") == key + receivedKey := r.Header.Get("X-Auth") + if receivedKey == key { + return true + } else if err := validateToken(receivedKey, key); err == nil { + return true + } + return false +} + +func validateToken(tokenString, key string) error { + token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) { + if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok { + return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"]) + } + return []byte(key), nil + }) + if err != nil { + return err + } + + if _, ok := token.Claims.(jwt.MapClaims); ok && token.Valid { + return nil + } else { + return fmt.Errorf("invalid token") + } } func FormatFileSize(size int64) string {