78 lines
1.8 KiB
Go
78 lines
1.8 KiB
Go
package web
|
|
|
|
import (
|
|
"errors"
|
|
"net/http"
|
|
"time"
|
|
|
|
"git.ulra.eu/adro/miniwol/config"
|
|
|
|
"github.com/google/uuid"
|
|
"github.com/labstack/echo/v4"
|
|
"golang.org/x/crypto/bcrypt"
|
|
)
|
|
|
|
var sessions map[string]time.Time
|
|
|
|
func init() {
|
|
sessions = make(map[string]time.Time)
|
|
}
|
|
|
|
func checkAuth(token string) error {
|
|
for sToken, expiree := range sessions {
|
|
// Expire old sessions
|
|
if time.Now().After(expiree) {
|
|
delete(sessions, sToken)
|
|
continue
|
|
}
|
|
// Check for valid session of token
|
|
if token == sToken {
|
|
return nil
|
|
}
|
|
}
|
|
|
|
return errors.New("this token is not associated with a valid session")
|
|
}
|
|
|
|
func withAuth(handler echo.HandlerFunc) echo.HandlerFunc {
|
|
return func(c echo.Context) error {
|
|
session, err := c.Cookie("session")
|
|
// Redirect to login if session expired/invalid
|
|
if err != nil || checkAuth(session.Value) != nil {
|
|
return c.Redirect(http.StatusSeeOther, "/")
|
|
}
|
|
// Refresh session
|
|
sessions[session.Value] = time.Now().Add(time.Second * time.Duration(config.Config.SessionTTL*60))
|
|
return handler(c)
|
|
}
|
|
}
|
|
|
|
// Handlers
|
|
func auth(c echo.Context) error {
|
|
password := c.FormValue("Password")
|
|
if bcrypt.CompareHashAndPassword([]byte(config.Config.PassHash), []byte(password)) != nil {
|
|
return c.String(401, "Wrong Password")
|
|
}
|
|
token := uuid.New().String()
|
|
sessions[token] = time.Now().Add(time.Second * time.Duration(config.Config.SessionTTL*60))
|
|
c.SetCookie(&http.Cookie{
|
|
Name: "session",
|
|
Value: token,
|
|
Path: "/",
|
|
Secure: config.Config.StrictCookies,
|
|
HttpOnly: true,
|
|
SameSite: http.SameSiteStrictMode,
|
|
})
|
|
return c.Redirect(http.StatusSeeOther, "/")
|
|
}
|
|
|
|
func deauth(c echo.Context) error {
|
|
session, err := c.Cookie("session")
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
delete(sessions, session.Value)
|
|
return c.Redirect(http.StatusSeeOther, "/")
|
|
}
|