go-gemini/examples/auth.go

// +build ignore

package main

import (
	"crypto/tls"
	"crypto/x509"
	"fmt"
	"log"
	"time"

	"git.sr.ht/~adnano/go-gemini"
)

type user struct {
	password string // TODO: use hashes
	admin    bool
}

type session struct {
	username   string
	authorized bool // whether or not the password was supplied
}

var (
	// Map of usernames to user data
	logins = map[string]user{
		"admin": {"p@ssw0rd", true}, // NOTE: These are bad passwords!
		"user1": {"password1", false},
		"user2": {"password2", false},
	}

	// Map of certificate fingerprints to sessions
	sessions = map[string]*session{}
)

func main() {
	var mux gemini.ServeMux
	mux.HandleFunc("/", login)
	mux.HandleFunc("/password", loginPassword)
	mux.HandleFunc("/profile", profile)
	mux.HandleFunc("/admin", admin)
	mux.HandleFunc("/logout", logout)

	var server gemini.Server
	if err := server.Certificates.Load("/var/lib/gemini/certs"); err != nil {
		log.Fatal(err)
	}
	server.CreateCertificate = func(hostname string) (tls.Certificate, error) {
		return gemini.CreateCertificate(gemini.CertificateOptions{
			DNSNames: []string{hostname},
			Duration: time.Hour,
		})
	}
	server.Register("localhost", &mux)

	if err := server.ListenAndServe(); err != nil {
		log.Fatal(err)
	}
}

func getSession(cert *x509.Certificate) (*session, bool) {
	fingerprint := gemini.Fingerprint(cert)
	session, ok := sessions[fingerprint]
	return session, ok
}

func login(w *gemini.ResponseWriter, r *gemini.Request) {
	if r.Certificate == nil {
		w.WriteStatus(gemini.StatusCertificateRequired)
		return
	}
	username, ok := gemini.Input(r)
	if !ok {
		w.WriteHeader(gemini.StatusInput, "Username")
		return
	}
	fingerprint := gemini.Fingerprint(r.Certificate.Leaf)
	sessions[fingerprint] = &session{
		username: username,
	}
	w.WriteHeader(gemini.StatusRedirect, "/password")
}

func loginPassword(w *gemini.ResponseWriter, r *gemini.Request) {
	if r.Certificate == nil {
		w.WriteStatus(gemini.StatusCertificateRequired)
		return
	}
	session, ok := getSession(r.Certificate.Leaf)
	if !ok {
		w.WriteStatus(gemini.StatusCertificateNotAuthorized)
		return
	}

	password, ok := gemini.Input(r)
	if !ok {
		w.WriteHeader(gemini.StatusSensitiveInput, "Password")
		return
	}
	expected := logins[session.username].password
	if password == expected {
		session.authorized = true
		w.WriteHeader(gemini.StatusRedirect, "/profile")
	} else {
		w.WriteHeader(gemini.StatusSensitiveInput, "Wrong password. Try again")
	}
}

func logout(w *gemini.ResponseWriter, r *gemini.Request) {
	if r.Certificate == nil {
		w.WriteStatus(gemini.StatusCertificateRequired)
		return
	}
	fingerprint := gemini.Fingerprint(r.Certificate.Leaf)
	delete(sessions, fingerprint)
	fmt.Fprintln(w, "Successfully logged out.")
}

func profile(w *gemini.ResponseWriter, r *gemini.Request) {
	if r.Certificate == nil {
		w.WriteStatus(gemini.StatusCertificateRequired)
		return
	}
	session, ok := getSession(r.Certificate.Leaf)
	if !ok {
		w.WriteStatus(gemini.StatusCertificateNotAuthorized)
		return
	}
	user := logins[session.username]
	fmt.Fprintln(w, "Username:", session.username)
	fmt.Fprintln(w, "Admin:", user.admin)
	fmt.Fprintln(w, "=> /logout Logout")
}

func admin(w *gemini.ResponseWriter, r *gemini.Request) {
	if r.Certificate == nil {
		w.WriteStatus(gemini.StatusCertificateRequired)
		return
	}
	session, ok := getSession(r.Certificate.Leaf)
	if !ok {
		w.WriteStatus(gemini.StatusCertificateNotAuthorized)
		return
	}
	user := logins[session.username]
	if !user.admin {
		w.WriteStatus(gemini.StatusCertificateNotAuthorized)
		return
	}
	fmt.Fprintln(w, "Welcome to the admin portal.")
}
Update documentation 2020-10-12 20:34:52 +00:00			`// +build ignore`
Add client authorization example 2020-09-27 21:39:44 +00:00
			`package main`

			`import (`
server: Populate (*Request).Certificate field 2020-11-01 21:25:59 +00:00			`"crypto/tls"`
Add client authorization example 2020-09-27 21:39:44 +00:00			`"crypto/x509"`
			`"fmt"`
			`"log"`
server: Populate (*Request).Certificate field 2020-11-01 21:25:59 +00:00			`"time"`
Add client authorization example 2020-09-27 21:39:44 +00:00
Add Client.GetInput field 2020-10-28 03:35:22 +00:00			`"git.sr.ht/~adnano/go-gemini"`
Add client authorization example 2020-09-27 21:39:44 +00:00			`)`

			`type user struct {`
			`password string // TODO: use hashes`
			`admin bool`
			`}`

			`type session struct {`
			`username string`
			`authorized bool // whether or not the password was supplied`
			`}`

			`var (`
			`// Map of usernames to user data`
			`logins = map[string]user{`
			`"admin": {"p@ssw0rd", true}, // NOTE: These are bad passwords!`
			`"user1": {"password1", false},`
			`"user2": {"password2", false},`
			`}`

			`// Map of certificate fingerprints to sessions`
			`sessions = map[string]*session{}`
			`)`

			`func main() {`
Add Client.GetInput field 2020-10-28 03:35:22 +00:00			`var mux gemini.ServeMux`
			`mux.HandleFunc("/", login)`
			`mux.HandleFunc("/password", loginPassword)`
Add Certificate helper function 2020-10-21 21:47:34 +00:00			`mux.HandleFunc("/profile", profile)`
			`mux.HandleFunc("/admin", admin)`
			`mux.HandleFunc("/logout", logout)`

Add Client.GetInput field 2020-10-28 03:35:22 +00:00			`var server gemini.Server`
Refactor server certificates 2020-10-28 18:59:45 +00:00			`if err := server.Certificates.Load("/var/lib/gemini/certs"); err != nil {`
Update examples 2020-10-12 04:13:24 +00:00			`log.Fatal(err)`
			`}`
server: Populate (*Request).Certificate field 2020-11-01 21:25:59 +00:00			`server.CreateCertificate = func(hostname string) (tls.Certificate, error) {`
			`return gemini.CreateCertificate(gemini.CertificateOptions{`
			`DNSNames: []string{hostname},`
			`Duration: time.Hour,`
			`})`
			`}`
Add Certificate helper function 2020-10-21 21:47:34 +00:00			`server.Register("localhost", &mux)`
Add client authorization example 2020-09-27 21:39:44 +00:00
			`if err := server.ListenAndServe(); err != nil {`
			`log.Fatal(err)`
			`}`
			`}`

Update examples/auth.go 2020-11-01 19:47:26 +00:00			`func getSession(cert x509.Certificate) (session, bool) {`
			`fingerprint := gemini.Fingerprint(cert)`
Add client authorization example 2020-09-27 21:39:44 +00:00			`session, ok := sessions[fingerprint]`
			`return session, ok`
			`}`

Add Client.GetInput field 2020-10-28 03:35:22 +00:00			`func login(w gemini.ResponseWriter, r gemini.Request) {`
server: Populate (*Request).Certificate field 2020-11-01 21:25:59 +00:00			`if r.Certificate == nil {`
Update examples/auth.go 2020-11-01 19:47:26 +00:00			`w.WriteStatus(gemini.StatusCertificateRequired)`
Add Certificate helper function 2020-10-21 21:47:34 +00:00			`return`
			`}`
Update examples/auth.go 2020-11-01 19:47:26 +00:00			`username, ok := gemini.Input(r)`
Add Certificate helper function 2020-10-21 21:47:34 +00:00			`if !ok {`
Update examples/auth.go 2020-11-01 19:47:26 +00:00			`w.WriteHeader(gemini.StatusInput, "Username")`
Add Certificate helper function 2020-10-21 21:47:34 +00:00			`return`
			`}`
server: Populate (*Request).Certificate field 2020-11-01 21:25:59 +00:00			`fingerprint := gemini.Fingerprint(r.Certificate.Leaf)`
Add Certificate helper function 2020-10-21 21:47:34 +00:00			`sessions[fingerprint] = &session{`
			`username: username,`
			`}`
Remove Redirect and PermanentRedirect functions Use (*ResponseWriter).WriteHeader instead. 2020-10-31 20:51:10 +00:00			`w.WriteHeader(gemini.StatusRedirect, "/password")`
Add client authorization example 2020-09-27 21:39:44 +00:00			`}`

Add Client.GetInput field 2020-10-28 03:35:22 +00:00			`func loginPassword(w gemini.ResponseWriter, r gemini.Request) {`
server: Populate (*Request).Certificate field 2020-11-01 21:25:59 +00:00			`if r.Certificate == nil {`
Update examples/auth.go 2020-11-01 19:47:26 +00:00			`w.WriteStatus(gemini.StatusCertificateRequired)`
Add Certificate helper function 2020-10-21 21:47:34 +00:00			`return`
			`}`
server: Populate (*Request).Certificate field 2020-11-01 21:25:59 +00:00			`session, ok := getSession(r.Certificate.Leaf)`
Add Certificate helper function 2020-10-21 21:47:34 +00:00			`if !ok {`
Add Client.GetInput field 2020-10-28 03:35:22 +00:00			`w.WriteStatus(gemini.StatusCertificateNotAuthorized)`
Add Certificate helper function 2020-10-21 21:47:34 +00:00			`return`
			`}`

Update examples/auth.go 2020-11-01 19:47:26 +00:00			`password, ok := gemini.Input(r)`
Add Certificate helper function 2020-10-21 21:47:34 +00:00			`if !ok {`
Update examples/auth.go 2020-11-01 19:47:26 +00:00			`w.WriteHeader(gemini.StatusSensitiveInput, "Password")`
Add Certificate helper function 2020-10-21 21:47:34 +00:00			`return`
			`}`
			`expected := logins[session.username].password`
			`if password == expected {`
			`session.authorized = true`
Remove Redirect and PermanentRedirect functions Use (*ResponseWriter).WriteHeader instead. 2020-10-31 20:51:10 +00:00			`w.WriteHeader(gemini.StatusRedirect, "/profile")`
Add Certificate helper function 2020-10-21 21:47:34 +00:00			`} else {`
Update examples/auth.go 2020-11-01 19:47:26 +00:00			`w.WriteHeader(gemini.StatusSensitiveInput, "Wrong password. Try again")`
Add Certificate helper function 2020-10-21 21:47:34 +00:00			`}`
Add client authorization example 2020-09-27 21:39:44 +00:00			`}`

Add Client.GetInput field 2020-10-28 03:35:22 +00:00			`func logout(w gemini.ResponseWriter, r gemini.Request) {`
server: Populate (*Request).Certificate field 2020-11-01 21:25:59 +00:00			`if r.Certificate == nil {`
Update examples/auth.go 2020-11-01 19:47:26 +00:00			`w.WriteStatus(gemini.StatusCertificateRequired)`
Add Certificate helper function 2020-10-21 21:47:34 +00:00			`return`
			`}`
server: Populate (*Request).Certificate field 2020-11-01 21:25:59 +00:00			`fingerprint := gemini.Fingerprint(r.Certificate.Leaf)`
Add Certificate helper function 2020-10-21 21:47:34 +00:00			`delete(sessions, fingerprint)`
			`fmt.Fprintln(w, "Successfully logged out.")`
Add client authorization example 2020-09-27 21:39:44 +00:00			`}`

Add Client.GetInput field 2020-10-28 03:35:22 +00:00			`func profile(w gemini.ResponseWriter, r gemini.Request) {`
server: Populate (*Request).Certificate field 2020-11-01 21:25:59 +00:00			`if r.Certificate == nil {`
Update examples/auth.go 2020-11-01 19:47:26 +00:00			`w.WriteStatus(gemini.StatusCertificateRequired)`
Add Certificate helper function 2020-10-21 21:47:34 +00:00			`return`
			`}`
server: Populate (*Request).Certificate field 2020-11-01 21:25:59 +00:00			`session, ok := getSession(r.Certificate.Leaf)`
Add Certificate helper function 2020-10-21 21:47:34 +00:00			`if !ok {`
Add Client.GetInput field 2020-10-28 03:35:22 +00:00			`w.WriteStatus(gemini.StatusCertificateNotAuthorized)`
Add Certificate helper function 2020-10-21 21:47:34 +00:00			`return`
			`}`
			`user := logins[session.username]`
			`fmt.Fprintln(w, "Username:", session.username)`
			`fmt.Fprintln(w, "Admin:", user.admin)`
			`fmt.Fprintln(w, "=> /logout Logout")`
Add client authorization example 2020-09-27 21:39:44 +00:00			`}`

Add Client.GetInput field 2020-10-28 03:35:22 +00:00			`func admin(w gemini.ResponseWriter, r gemini.Request) {`
server: Populate (*Request).Certificate field 2020-11-01 21:25:59 +00:00			`if r.Certificate == nil {`
Update examples/auth.go 2020-11-01 19:47:26 +00:00			`w.WriteStatus(gemini.StatusCertificateRequired)`
Add Certificate helper function 2020-10-21 21:47:34 +00:00			`return`
			`}`
server: Populate (*Request).Certificate field 2020-11-01 21:25:59 +00:00			`session, ok := getSession(r.Certificate.Leaf)`
Add Certificate helper function 2020-10-21 21:47:34 +00:00			`if !ok {`
Add Client.GetInput field 2020-10-28 03:35:22 +00:00			`w.WriteStatus(gemini.StatusCertificateNotAuthorized)`
Add Certificate helper function 2020-10-21 21:47:34 +00:00			`return`
			`}`
			`user := logins[session.username]`
			`if !user.admin {`
Add Client.GetInput field 2020-10-28 03:35:22 +00:00			`w.WriteStatus(gemini.StatusCertificateNotAuthorized)`
Add Certificate helper function 2020-10-21 21:47:34 +00:00			`return`
			`}`
			`fmt.Fprintln(w, "Welcome to the admin portal.")`
Add client authorization example 2020-09-27 21:39:44 +00:00			`}`