go-gemini/examples/auth.go

// +build ignore

package main

import (
	"crypto/x509"
	"fmt"
	"log"

	gmi "git.sr.ht/~adnano/go-gemini"
)

type user struct {
	password string // TODO: use hashes
	admin    bool
}

type session struct {
	username   string
	authorized bool // whether or not the password was supplied
}

var (
	// Map of usernames to user data
	logins = map[string]user{
		"admin": {"p@ssw0rd", true}, // NOTE: These are bad passwords!
		"user1": {"password1", false},
		"user2": {"password2", false},
	}

	// Map of certificate fingerprints to sessions
	sessions = map[string]*session{}
)

func main() {
	var mux gmi.ServeMux
	mux.HandleFunc("/", welcome)
	mux.HandleFunc("/login", login)
	mux.HandleFunc("/login/password", loginPassword)
	mux.HandleFunc("/profile", profile)
	mux.HandleFunc("/admin", admin)
	mux.HandleFunc("/logout", logout)

	var server gmi.Server
	if err := server.CertificateStore.Load("/var/lib/gemini/certs"); err != nil {
		log.Fatal(err)
	}
	server.Register("localhost", &mux)

	if err := server.ListenAndServe(); err != nil {
		log.Fatal(err)
	}
}

func getSession(crt *x509.Certificate) (*session, bool) {
	fingerprint := gmi.Fingerprint(crt)
	session, ok := sessions[fingerprint]
	return session, ok
}

func welcome(w *gmi.ResponseWriter, r *gmi.Request) {
	fmt.Fprintln(w, "Welcome to this example.")
	fmt.Fprintln(w, "=> /login Login")
}

func login(w *gmi.ResponseWriter, r *gmi.Request) {
	cert, ok := gmi.Certificate(w, r)
	if !ok {
		return
	}
	username, ok := gmi.Input(w, r, "Username")
	if !ok {
		return
	}
	fingerprint := gmi.Fingerprint(cert)
	sessions[fingerprint] = &session{
		username: username,
	}
	gmi.Redirect(w, "/login/password")
}

func loginPassword(w *gmi.ResponseWriter, r *gmi.Request) {
	cert, ok := gmi.Certificate(w, r)
	if !ok {
		return
	}
	session, ok := getSession(cert)
	if !ok {
		w.WriteStatus(gmi.StatusCertificateNotAuthorized)
		return
	}

	password, ok := gmi.SensitiveInput(w, r, "Password")
	if !ok {
		return
	}
	expected := logins[session.username].password
	if password == expected {
		session.authorized = true
		gmi.Redirect(w, "/profile")
	} else {
		gmi.SensitiveInput(w, r, "Wrong password. Try again")
	}
}

func logout(w *gmi.ResponseWriter, r *gmi.Request) {
	cert, ok := gmi.Certificate(w, r)
	if !ok {
		return
	}
	fingerprint := gmi.Fingerprint(cert)
	delete(sessions, fingerprint)
	fmt.Fprintln(w, "Successfully logged out.")
}

func profile(w *gmi.ResponseWriter, r *gmi.Request) {
	cert, ok := gmi.Certificate(w, r)
	if !ok {
		return
	}
	session, ok := getSession(cert)
	if !ok {
		w.WriteStatus(gmi.StatusCertificateNotAuthorized)
		return
	}
	user := logins[session.username]
	fmt.Fprintln(w, "Username:", session.username)
	fmt.Fprintln(w, "Admin:", user.admin)
	fmt.Fprintln(w, "=> /logout Logout")
}

func admin(w *gmi.ResponseWriter, r *gmi.Request) {
	cert, ok := gmi.Certificate(w, r)
	if !ok {
		return
	}
	session, ok := getSession(cert)
	if !ok {
		w.WriteStatus(gmi.StatusCertificateNotAuthorized)
		return
	}
	user := logins[session.username]
	if !user.admin {
		w.WriteStatus(gmi.StatusCertificateNotAuthorized)
		return
	}
	fmt.Fprintln(w, "Welcome to the admin portal.")
}
Update documentation 2020-10-12 20:34:52 +00:00			`// +build ignore`
Add client authorization example 2020-09-27 21:39:44 +00:00
			`package main`

			`import (`
			`"crypto/x509"`
			`"fmt"`
			`"log"`

Rename repository to go-gemini 2020-10-24 19:15:32 +00:00			`gmi "git.sr.ht/~adnano/go-gemini"`
Add client authorization example 2020-09-27 21:39:44 +00:00			`)`

			`type user struct {`
			`password string // TODO: use hashes`
			`admin bool`
			`}`

			`type session struct {`
			`username string`
			`authorized bool // whether or not the password was supplied`
			`}`

			`var (`
			`// Map of usernames to user data`
			`logins = map[string]user{`
			`"admin": {"p@ssw0rd", true}, // NOTE: These are bad passwords!`
			`"user1": {"password1", false},`
			`"user2": {"password2", false},`
			`}`

			`// Map of certificate fingerprints to sessions`
			`sessions = map[string]*session{}`
			`)`

			`func main() {`
Add Certificate helper function 2020-10-21 21:47:34 +00:00			`var mux gmi.ServeMux`
			`mux.HandleFunc("/", welcome)`
			`mux.HandleFunc("/login", login)`
			`mux.HandleFunc("/login/password", loginPassword)`
			`mux.HandleFunc("/profile", profile)`
			`mux.HandleFunc("/admin", admin)`
			`mux.HandleFunc("/logout", logout)`

			`var server gmi.Server`
Update examples 2020-10-12 04:13:24 +00:00			`if err := server.CertificateStore.Load("/var/lib/gemini/certs"); err != nil {`
			`log.Fatal(err)`
			`}`
Add Certificate helper function 2020-10-21 21:47:34 +00:00			`server.Register("localhost", &mux)`
Add client authorization example 2020-09-27 21:39:44 +00:00
			`if err := server.ListenAndServe(); err != nil {`
			`log.Fatal(err)`
			`}`
			`}`

			`func getSession(crt x509.Certificate) (session, bool) {`
Change package name to gmi 2020-09-28 00:20:59 +00:00			`fingerprint := gmi.Fingerprint(crt)`
Add client authorization example 2020-09-27 21:39:44 +00:00			`session, ok := sessions[fingerprint]`
			`return session, ok`
			`}`

Rename rw, req to w, r 2020-10-14 00:22:12 +00:00			`func welcome(w gmi.ResponseWriter, r gmi.Request) {`
Add Certificate helper function 2020-10-21 21:47:34 +00:00			`fmt.Fprintln(w, "Welcome to this example.")`
			`fmt.Fprintln(w, "=> /login Login")`
Add client authorization example 2020-09-27 21:39:44 +00:00			`}`

Rename rw, req to w, r 2020-10-14 00:22:12 +00:00			`func login(w gmi.ResponseWriter, r gmi.Request) {`
Add Certificate helper function 2020-10-21 21:47:34 +00:00			`cert, ok := gmi.Certificate(w, r)`
			`if !ok {`
			`return`
			`}`
			`username, ok := gmi.Input(w, r, "Username")`
			`if !ok {`
			`return`
			`}`
			`fingerprint := gmi.Fingerprint(cert)`
			`sessions[fingerprint] = &session{`
			`username: username,`
			`}`
Fix examples 2020-10-27 18:17:14 +00:00			`gmi.Redirect(w, "/login/password")`
Add client authorization example 2020-09-27 21:39:44 +00:00			`}`

Rename rw, req to w, r 2020-10-14 00:22:12 +00:00			`func loginPassword(w gmi.ResponseWriter, r gmi.Request) {`
Add Certificate helper function 2020-10-21 21:47:34 +00:00			`cert, ok := gmi.Certificate(w, r)`
			`if !ok {`
			`return`
			`}`
			`session, ok := getSession(cert)`
			`if !ok {`
Fix examples 2020-10-27 18:17:14 +00:00			`w.WriteStatus(gmi.StatusCertificateNotAuthorized)`
Add Certificate helper function 2020-10-21 21:47:34 +00:00			`return`
			`}`

			`password, ok := gmi.SensitiveInput(w, r, "Password")`
			`if !ok {`
			`return`
			`}`
			`expected := logins[session.username].password`
			`if password == expected {`
			`session.authorized = true`
Fix examples 2020-10-27 18:17:14 +00:00			`gmi.Redirect(w, "/profile")`
Add Certificate helper function 2020-10-21 21:47:34 +00:00			`} else {`
			`gmi.SensitiveInput(w, r, "Wrong password. Try again")`
			`}`
Add client authorization example 2020-09-27 21:39:44 +00:00			`}`

Rename rw, req to w, r 2020-10-14 00:22:12 +00:00			`func logout(w gmi.ResponseWriter, r gmi.Request) {`
Add Certificate helper function 2020-10-21 21:47:34 +00:00			`cert, ok := gmi.Certificate(w, r)`
			`if !ok {`
			`return`
			`}`
			`fingerprint := gmi.Fingerprint(cert)`
			`delete(sessions, fingerprint)`
			`fmt.Fprintln(w, "Successfully logged out.")`
Add client authorization example 2020-09-27 21:39:44 +00:00			`}`

Rename rw, req to w, r 2020-10-14 00:22:12 +00:00			`func profile(w gmi.ResponseWriter, r gmi.Request) {`
Add Certificate helper function 2020-10-21 21:47:34 +00:00			`cert, ok := gmi.Certificate(w, r)`
			`if !ok {`
			`return`
			`}`
			`session, ok := getSession(cert)`
			`if !ok {`
Fix examples 2020-10-27 18:17:14 +00:00			`w.WriteStatus(gmi.StatusCertificateNotAuthorized)`
Add Certificate helper function 2020-10-21 21:47:34 +00:00			`return`
			`}`
			`user := logins[session.username]`
			`fmt.Fprintln(w, "Username:", session.username)`
			`fmt.Fprintln(w, "Admin:", user.admin)`
			`fmt.Fprintln(w, "=> /logout Logout")`
Add client authorization example 2020-09-27 21:39:44 +00:00			`}`

Rename rw, req to w, r 2020-10-14 00:22:12 +00:00			`func admin(w gmi.ResponseWriter, r gmi.Request) {`
Add Certificate helper function 2020-10-21 21:47:34 +00:00			`cert, ok := gmi.Certificate(w, r)`
			`if !ok {`
			`return`
			`}`
			`session, ok := getSession(cert)`
			`if !ok {`
Fix examples 2020-10-27 18:17:14 +00:00			`w.WriteStatus(gmi.StatusCertificateNotAuthorized)`
Add Certificate helper function 2020-10-21 21:47:34 +00:00			`return`
			`}`
			`user := logins[session.username]`
			`if !user.admin {`
Fix examples 2020-10-27 18:17:14 +00:00			`w.WriteStatus(gmi.StatusCertificateNotAuthorized)`
Add Certificate helper function 2020-10-21 21:47:34 +00:00			`return`
			`}`
			`fmt.Fprintln(w, "Welcome to the admin portal.")`
Add client authorization example 2020-09-27 21:39:44 +00:00			`}`