Migrate to cookie based session (secure cookie)
finish sign-in sign-up
This commit is contained in:
Wancat
37
auth/auth.go
37
auth/auth.go
@@ -6,24 +6,34 @@ import (
|
|||||||
"fmt"
|
"fmt"
|
||||||
"os"
|
"os"
|
||||||
"strings"
|
"strings"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"github.com/gorilla/securecookie"
|
||||||
"golang.org/x/crypto/bcrypt"
|
"golang.org/x/crypto/bcrypt"
|
||||||
)
|
)
|
||||||
|
|
||||||
type AuthStore interface {
|
type AuthStore interface {
|
||||||
Register(user, pass string) error
|
Register(user, pass string) error
|
||||||
Authenticate(user, pass string) error
|
Login(user, pass string) (token string, err error)
|
||||||
|
Verify(token string) (session Session, err error)
|
||||||
Remove(user string) error
|
Remove(user string) error
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type Session struct {
|
||||||
|
User string
|
||||||
|
Expiry time.Time
|
||||||
|
}
|
||||||
|
|
||||||
type Htpasswd struct {
|
type Htpasswd struct {
|
||||||
accounts map[string]string
|
accounts map[string]string
|
||||||
filePath string
|
filePath string
|
||||||
|
cookie *securecookie.SecureCookie
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewHtpasswd(path string) (AuthStore, error) {
|
func New(path string, hashKey []byte) (AuthStore, error) {
|
||||||
s := Htpasswd{
|
s := Htpasswd{
|
||||||
filePath: path,
|
filePath: path,
|
||||||
|
cookie: securecookie.New(hashKey, nil),
|
||||||
}
|
}
|
||||||
err := s.read()
|
err := s.read()
|
||||||
return s, err
|
return s, err
|
||||||
@@ -40,12 +50,29 @@ func (s Htpasswd) Register(user, pass string) (err error) {
|
|||||||
return s.write()
|
return s.write()
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s Htpasswd) Authenticate(user, pass string) (err error) {
|
func (s Htpasswd) Login(user, pass string) (token string, err error) {
|
||||||
hashed, ok := s.accounts[user]
|
hashed, ok := s.accounts[user]
|
||||||
if !ok {
|
if !ok {
|
||||||
return errors.New("user not found")
|
return "", errors.New("user not found")
|
||||||
}
|
}
|
||||||
return bcrypt.CompareHashAndPassword([]byte(hashed), []byte(pass))
|
err = bcrypt.CompareHashAndPassword([]byte(hashed), []byte(pass))
|
||||||
|
if err != nil {
|
||||||
|
return "", errors.New("wrong password")
|
||||||
|
}
|
||||||
|
session := Session{
|
||||||
|
User: user,
|
||||||
|
Expiry: time.Now().AddDate(0, 0, 7),
|
||||||
|
}
|
||||||
|
token, err = s.cookie.Encode("session", session)
|
||||||
|
if err != nil {
|
||||||
|
panic(err)
|
||||||
|
}
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s Htpasswd) Verify(token string) (session Session, err error) {
|
||||||
|
err = s.cookie.Decode("session", token, &session)
|
||||||
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s Htpasswd) Remove(user string) (err error) {
|
func (s Htpasswd) Remove(user string) (err error) {
|
||||||
|
|||||||
@@ -5,6 +5,8 @@ import (
|
|||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"strings"
|
"strings"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
|
"github.com/gorilla/securecookie"
|
||||||
)
|
)
|
||||||
|
|
||||||
type User struct {
|
type User struct {
|
||||||
@@ -14,6 +16,7 @@ type User struct {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func TestHtpasswdSuccess(t *testing.T) {
|
func TestHtpasswdSuccess(t *testing.T) {
|
||||||
|
hashKey := securecookie.GenerateRandomKey(32)
|
||||||
path := "/tmp/.htpasswd"
|
path := "/tmp/.htpasswd"
|
||||||
user1 := User{
|
user1 := User{
|
||||||
user: "user",
|
user: "user",
|
||||||
@@ -25,15 +28,23 @@ func TestHtpasswdSuccess(t *testing.T) {
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatal(err)
|
t.Fatal(err)
|
||||||
}
|
}
|
||||||
store, err := NewHtpasswd(path)
|
store, err := New(path, hashKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatal(err)
|
t.Fatal(err)
|
||||||
}
|
}
|
||||||
err = store.Authenticate(user1.user, user1.pass)
|
token, err := store.Login(user1.user, user1.pass)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Error(err)
|
t.Error(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
session, err := store.Verify(token)
|
||||||
|
if err != nil {
|
||||||
|
t.Error(err)
|
||||||
|
}
|
||||||
|
if session.User != user1.user {
|
||||||
|
t.Fatalf("expected %s, got %s", user1.user, session.User)
|
||||||
|
}
|
||||||
|
|
||||||
user2 := User{
|
user2 := User{
|
||||||
user: "foo",
|
user: "foo",
|
||||||
pass: "bar",
|
pass: "bar",
|
||||||
|
|||||||
1
go.mod
1
go.mod
@@ -10,6 +10,7 @@ require (
|
|||||||
github.com/go-playground/universal-translator v0.18.0 // indirect
|
github.com/go-playground/universal-translator v0.18.0 // indirect
|
||||||
github.com/go-playground/validator/v10 v10.10.0 // indirect
|
github.com/go-playground/validator/v10 v10.10.0 // indirect
|
||||||
github.com/goccy/go-json v0.9.7 // indirect
|
github.com/goccy/go-json v0.9.7 // indirect
|
||||||
|
github.com/gorilla/securecookie v1.1.1 // indirect
|
||||||
github.com/json-iterator/go v1.1.12 // indirect
|
github.com/json-iterator/go v1.1.12 // indirect
|
||||||
github.com/leodido/go-urn v1.2.1 // indirect
|
github.com/leodido/go-urn v1.2.1 // indirect
|
||||||
github.com/mattn/go-isatty v0.0.14 // indirect
|
github.com/mattn/go-isatty v0.0.14 // indirect
|
||||||
|
|||||||
2
go.sum
2
go.sum
@@ -19,6 +19,8 @@ github.com/goccy/go-json v0.9.7/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGF
|
|||||||
github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
|
github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
|
||||||
github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
|
github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
|
||||||
github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
|
github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
|
||||||
|
github.com/gorilla/securecookie v1.1.1 h1:miw7JPhV+b/lAHSXz4qd/nN9jRiAFV5FwjeKyCS8BvQ=
|
||||||
|
github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4=
|
||||||
github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
|
github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
|
||||||
github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
|
github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
|
||||||
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
|
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
|
||||||
|
|||||||
48
main.go
48
main.go
@@ -1,12 +1,13 @@
|
|||||||
package main
|
package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"errors"
|
|
||||||
"flag"
|
"flag"
|
||||||
"log"
|
"log"
|
||||||
|
"net/http"
|
||||||
"text/template"
|
"text/template"
|
||||||
|
|
||||||
"github.com/gin-gonic/gin"
|
"github.com/gin-gonic/gin"
|
||||||
|
"github.com/gorilla/securecookie"
|
||||||
"github.com/lancatlin/ledger-quicknote/auth"
|
"github.com/lancatlin/ledger-quicknote/auth"
|
||||||
)
|
)
|
||||||
|
|
||||||
@@ -33,9 +34,16 @@ func init() {
|
|||||||
flag.StringVar(&LEDGER_INIT, "i", "", "ledger initiation file")
|
flag.StringVar(&LEDGER_INIT, "i", "", "ledger initiation file")
|
||||||
flag.StringVar(&WORKING_DIR, "w", "", "ledger working directory")
|
flag.StringVar(&WORKING_DIR, "w", "", "ledger working directory")
|
||||||
flag.StringVar(&HOST, "b", "127.0.0.1:8000", "binding address")
|
flag.StringVar(&HOST, "b", "127.0.0.1:8000", "binding address")
|
||||||
|
var hashKey string
|
||||||
|
flag.StringVar(&hashKey, "s", "", "session secret")
|
||||||
flag.Parse()
|
flag.Parse()
|
||||||
|
|
||||||
|
if hashKey == "" {
|
||||||
|
hashKey = string(securecookie.GenerateRandomKey(32))
|
||||||
|
log.Printf("Generate random session key: %s", hashKey)
|
||||||
|
}
|
||||||
var err error
|
var err error
|
||||||
store, err = auth.NewHtpasswd(HTPASSWD_FILE)
|
store, err = auth.New(HTPASSWD_FILE, []byte(hashKey))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
panic(err)
|
panic(err)
|
||||||
}
|
}
|
||||||
@@ -49,20 +57,14 @@ func main() {
|
|||||||
c.HTML(200, "signup.html", nil)
|
c.HTML(200, "signup.html", nil)
|
||||||
})
|
})
|
||||||
|
|
||||||
r.POST("/signup", func(c *gin.Context) {
|
r.GET("/signin", func(c *gin.Context) {
|
||||||
var user UserLogin
|
c.HTML(200, "signin.html", nil)
|
||||||
if err := c.ShouldBind(&user); err != nil {
|
|
||||||
c.HTML(400, "signup.html", err)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
if err := store.Register(user.Email, user.Password); err != nil {
|
|
||||||
c.HTML(400, "signup.html", err)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
c.Request.SetBasicAuth(user.Email, user.Password)
|
|
||||||
c.Redirect(303, "/dashboard")
|
|
||||||
})
|
})
|
||||||
|
|
||||||
|
r.POST("/signup", signup)
|
||||||
|
|
||||||
|
r.POST("/signin", signin)
|
||||||
|
|
||||||
authZone := r.Group("", basicAuth)
|
authZone := r.Group("", basicAuth)
|
||||||
|
|
||||||
authZone.GET("/dashboard", func(c *gin.Context) {
|
authZone.GET("/dashboard", func(c *gin.Context) {
|
||||||
@@ -117,18 +119,18 @@ func main() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func basicAuth(c *gin.Context) {
|
func basicAuth(c *gin.Context) {
|
||||||
var user UserLogin
|
cookie, err := c.Cookie("session")
|
||||||
var ok bool
|
if err == http.ErrNoCookie {
|
||||||
user.Email, user.Password, ok = c.Request.BasicAuth()
|
c.Redirect(303, "/signin")
|
||||||
if !ok {
|
|
||||||
c.Header("WWW-Authenticate", "basic realm=\"Login to continue\"")
|
|
||||||
c.AbortWithError(401, errors.New("login required"))
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if err := store.Authenticate(user.Email, user.Password); err != nil {
|
session, err := store.Verify(cookie)
|
||||||
c.AbortWithError(401, err)
|
if err != nil {
|
||||||
|
c.Redirect(303, "/signin")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
c.Set("user", user)
|
c.Set("user", UserLogin{
|
||||||
|
Email: session.User,
|
||||||
|
})
|
||||||
c.Next()
|
c.Next()
|
||||||
}
|
}
|
||||||
|
|||||||
31
session.go
Normal file
31
session.go
Normal file
@@ -0,0 +1,31 @@
|
|||||||
|
package main
|
||||||
|
|
||||||
|
import "github.com/gin-gonic/gin"
|
||||||
|
|
||||||
|
func signup(c *gin.Context) {
|
||||||
|
var user UserLogin
|
||||||
|
if err := c.ShouldBind(&user); err != nil {
|
||||||
|
c.HTML(400, "signup.html", err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
if err := store.Register(user.Email, user.Password); err != nil {
|
||||||
|
c.HTML(400, "signup.html", err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
signin(c)
|
||||||
|
}
|
||||||
|
|
||||||
|
func signin(c *gin.Context) {
|
||||||
|
var user UserLogin
|
||||||
|
if err := c.ShouldBind(&user); err != nil {
|
||||||
|
c.HTML(400, "signin.html", err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
token, err := store.Login(user.Email, user.Password)
|
||||||
|
if err != nil {
|
||||||
|
c.HTML(401, "signin.html", err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
c.SetCookie("session", token, 60*60*24*7, "", "", false, false)
|
||||||
|
c.Redirect(303, "/dashboard")
|
||||||
|
}
|
||||||
10
templates/signin.html
Normal file
10
templates/signin.html
Normal file
@@ -0,0 +1,10 @@
|
|||||||
|
{{ define "title" }}Sign Up{{ end }}
|
||||||
|
{{ define "main" }}
|
||||||
|
<h1>Sign In</h1>
|
||||||
|
<form action="/signin" method="POST">
|
||||||
|
<label>Email: <input type="text" name="email"></label><br>
|
||||||
|
<label>Password: <input type="password" name="password"></label><br>
|
||||||
|
{{ with .Error }}<p class="error">{{ . }}</p>{{ end }}
|
||||||
|
<input type="submit" value="Sign Up">
|
||||||
|
</form>
|
||||||
|
{{ end }}
|
||||||
Reference in New Issue
Block a user