go-gemini/examples/auth.go

153 lines
3.5 KiB
Go
Raw Normal View History

2020-10-12 14:34:52 -06:00
// +build ignore
2020-09-27 15:39:44 -06:00
package main
import (
"crypto/tls"
2020-09-27 15:39:44 -06:00
"crypto/x509"
"fmt"
"log"
"time"
2020-09-27 15:39:44 -06:00
2020-10-27 21:35:22 -06:00
"git.sr.ht/~adnano/go-gemini"
2020-09-27 15:39:44 -06:00
)
type user struct {
password string // TODO: use hashes
admin bool
}
type session struct {
username string
authorized bool // whether or not the password was supplied
}
var (
// Map of usernames to user data
logins = map[string]user{
"admin": {"p@ssw0rd", true}, // NOTE: These are bad passwords!
"user1": {"password1", false},
"user2": {"password2", false},
}
// Map of certificate fingerprints to sessions
sessions = map[string]*session{}
)
func main() {
2020-10-27 21:35:22 -06:00
var mux gemini.ServeMux
mux.HandleFunc("/", login)
mux.HandleFunc("/password", loginPassword)
2020-10-21 15:47:34 -06:00
mux.HandleFunc("/profile", profile)
mux.HandleFunc("/admin", admin)
mux.HandleFunc("/logout", logout)
2020-10-27 21:35:22 -06:00
var server gemini.Server
2020-10-28 12:59:45 -06:00
if err := server.Certificates.Load("/var/lib/gemini/certs"); err != nil {
2020-10-11 22:13:24 -06:00
log.Fatal(err)
}
server.CreateCertificate = func(hostname string) (tls.Certificate, error) {
return gemini.CreateCertificate(gemini.CertificateOptions{
DNSNames: []string{hostname},
Duration: time.Hour,
})
}
2020-10-21 15:47:34 -06:00
server.Register("localhost", &mux)
2020-09-27 15:39:44 -06:00
if err := server.ListenAndServe(); err != nil {
log.Fatal(err)
}
}
2020-11-01 12:47:26 -07:00
func getSession(cert *x509.Certificate) (*session, bool) {
fingerprint := gemini.Fingerprint(cert)
2020-09-27 15:39:44 -06:00
session, ok := sessions[fingerprint]
return session, ok
}
2020-10-27 21:35:22 -06:00
func login(w *gemini.ResponseWriter, r *gemini.Request) {
if r.Certificate == nil {
2020-11-01 12:47:26 -07:00
w.WriteStatus(gemini.StatusCertificateRequired)
2020-10-21 15:47:34 -06:00
return
}
2020-11-01 12:47:26 -07:00
username, ok := gemini.Input(r)
2020-10-21 15:47:34 -06:00
if !ok {
2020-11-01 12:47:26 -07:00
w.WriteHeader(gemini.StatusInput, "Username")
2020-10-21 15:47:34 -06:00
return
}
fingerprint := gemini.Fingerprint(r.Certificate.Leaf)
2020-10-21 15:47:34 -06:00
sessions[fingerprint] = &session{
username: username,
}
w.WriteHeader(gemini.StatusRedirect, "/password")
2020-09-27 15:39:44 -06:00
}
2020-10-27 21:35:22 -06:00
func loginPassword(w *gemini.ResponseWriter, r *gemini.Request) {
if r.Certificate == nil {
2020-11-01 12:47:26 -07:00
w.WriteStatus(gemini.StatusCertificateRequired)
2020-10-21 15:47:34 -06:00
return
}
session, ok := getSession(r.Certificate.Leaf)
2020-10-21 15:47:34 -06:00
if !ok {
2020-10-27 21:35:22 -06:00
w.WriteStatus(gemini.StatusCertificateNotAuthorized)
2020-10-21 15:47:34 -06:00
return
}
2020-11-01 12:47:26 -07:00
password, ok := gemini.Input(r)
2020-10-21 15:47:34 -06:00
if !ok {
2020-11-01 12:47:26 -07:00
w.WriteHeader(gemini.StatusSensitiveInput, "Password")
2020-10-21 15:47:34 -06:00
return
}
expected := logins[session.username].password
if password == expected {
session.authorized = true
w.WriteHeader(gemini.StatusRedirect, "/profile")
2020-10-21 15:47:34 -06:00
} else {
2020-11-01 12:47:26 -07:00
w.WriteHeader(gemini.StatusSensitiveInput, "Wrong password. Try again")
2020-10-21 15:47:34 -06:00
}
2020-09-27 15:39:44 -06:00
}
2020-10-27 21:35:22 -06:00
func logout(w *gemini.ResponseWriter, r *gemini.Request) {
if r.Certificate == nil {
2020-11-01 12:47:26 -07:00
w.WriteStatus(gemini.StatusCertificateRequired)
2020-10-21 15:47:34 -06:00
return
}
fingerprint := gemini.Fingerprint(r.Certificate.Leaf)
2020-10-21 15:47:34 -06:00
delete(sessions, fingerprint)
fmt.Fprintln(w, "Successfully logged out.")
2020-09-27 15:39:44 -06:00
}
2020-10-27 21:35:22 -06:00
func profile(w *gemini.ResponseWriter, r *gemini.Request) {
if r.Certificate == nil {
2020-11-01 12:47:26 -07:00
w.WriteStatus(gemini.StatusCertificateRequired)
2020-10-21 15:47:34 -06:00
return
}
session, ok := getSession(r.Certificate.Leaf)
2020-10-21 15:47:34 -06:00
if !ok {
2020-10-27 21:35:22 -06:00
w.WriteStatus(gemini.StatusCertificateNotAuthorized)
2020-10-21 15:47:34 -06:00
return
}
user := logins[session.username]
fmt.Fprintln(w, "Username:", session.username)
fmt.Fprintln(w, "Admin:", user.admin)
fmt.Fprintln(w, "=> /logout Logout")
2020-09-27 15:39:44 -06:00
}
2020-10-27 21:35:22 -06:00
func admin(w *gemini.ResponseWriter, r *gemini.Request) {
if r.Certificate == nil {
2020-11-01 12:47:26 -07:00
w.WriteStatus(gemini.StatusCertificateRequired)
2020-10-21 15:47:34 -06:00
return
}
session, ok := getSession(r.Certificate.Leaf)
2020-10-21 15:47:34 -06:00
if !ok {
2020-10-27 21:35:22 -06:00
w.WriteStatus(gemini.StatusCertificateNotAuthorized)
2020-10-21 15:47:34 -06:00
return
}
user := logins[session.username]
if !user.admin {
2020-10-27 21:35:22 -06:00
w.WriteStatus(gemini.StatusCertificateNotAuthorized)
2020-10-21 15:47:34 -06:00
return
}
fmt.Fprintln(w, "Welcome to the admin portal.")
2020-09-27 15:39:44 -06:00
}