-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathauth.go
119 lines (108 loc) · 3.34 KB
/
auth.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
package main
import (
"fmt"
"github.com/apexskier/httpauth"
"golang.org/x/crypto/bcrypt"
"html/template"
"net/http"
)
var (
backend httpauth.GobFileAuthBackend
aaa httpauth.Authorizer
roles map[string]httpauth.Role
authFile = "admin/auth.gob"
)
func initAuth() {
var err error
// authFile must exist in site home.
// could intruduce a way to dynamically create one or just default install it
backend, err = httpauth.NewGobFileAuthBackend(authFile)
if err != nil {
panic(err)
}
// create some default roles
roles = make(map[string]httpauth.Role)
roles["user"] = 30
roles["admin"] = 80
aaa, err = httpauth.NewAuthorizer(backend, []byte("cookie-encryption-key"), "user", roles)
// create a default user
hash, err := bcrypt.GenerateFromPassword([]byte("adminadmin"), bcrypt.DefaultCost)
if err != nil {
panic(err)
}
defaultUser := httpauth.UserData{Username: "admin", Email: "admin@localhost", Hash: hash, Role: "admin"}
err = backend.SaveUser(defaultUser)
if err != nil {
panic(err)
}
}
func isAuth(w http.ResponseWriter, r *http.Request, admin Location, role string) {
// first check if you are logged in to the admin if not then redirect to login page
title := r.URL.Path[len(admin.Root):]
if err := aaa.Authorize(w, r, true); err != nil && title != "login/" {
fmt.Println(err)
http.Redirect(w, r, admin.Root+"login/", http.StatusSeeOther)
return
}
// next check if you have the required role
if err_role := aaa.AuthorizeRole(w, r, role, false); err_role != nil {
fmt.Println(err_role)
return
}
}
func loginHandler(w http.ResponseWriter, r *http.Request, admin Location) {
if r.Method == "POST" {
username := r.PostFormValue("username")
password := r.PostFormValue("password")
if err := aaa.Login(w, r, username, password, "/"); err != nil && err.Error() == "already authenticated" {
http.Redirect(w, r, admin.Root, http.StatusSeeOther)
} else if err != nil {
fmt.Println(err)
http.Redirect(w, r, admin.Root+"/login/", http.StatusSeeOther)
}
} else {
title := r.URL.Path[len(admin.Root+"login/"):]
p := &Content{Path: title}
renderTemplateContent(w, "login.html", p)
}
}
func adminUsersHandler(w http.ResponseWriter, r *http.Request, admin Location) {
isAuth(w, r, admin, "admin")
if r.Method == "POST" {
var user httpauth.UserData
user.Username = r.PostFormValue("username")
user.Email = r.PostFormValue("email")
password := r.PostFormValue("password")
user.Role = r.PostFormValue("role")
if err := aaa.Register(w, r, user, password); err != nil {
// maybe something
}
}
if user, err := aaa.CurrentUser(w, r); err == nil {
type data struct {
User httpauth.UserData
Roles map[string]httpauth.Role
Users []httpauth.UserData
Msg []string
}
messages := aaa.Messages(w, r)
users, err := backend.Users()
if err != nil {
panic(err)
}
d := data{User: user, Roles: roles, Users: users, Msg: messages}
var templates = template.Must(template.ParseGlob("admin/templates/*"))
t_err := templates.ExecuteTemplate(w, "manage-accounts.html", d)
if t_err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
}
}
}
func logoutHandler(w http.ResponseWriter, r *http.Request, admin Location) {
if err := aaa.Logout(w, r); err != nil {
fmt.Println(err)
// this shouldn't happen
return
}
http.Redirect(w, r, admin.Root+"/login/", http.StatusSeeOther)
}