go-gemini/examples/auth.go

133 lines
3.1 KiB
Go
Raw Normal View History

2020-10-12 14:34:52 -06:00
// +build ignore
2020-09-27 15:39:44 -06:00
package main
import (
"crypto/x509"
"fmt"
"log"
2020-09-28 16:19:59 -06:00
"git.sr.ht/~adnano/gmi"
2020-09-27 15:39:44 -06:00
)
type user struct {
password string // TODO: use hashes
admin bool
}
type session struct {
username string
authorized bool // whether or not the password was supplied
}
var (
// Map of usernames to user data
logins = map[string]user{
"admin": {"p@ssw0rd", true}, // NOTE: These are bad passwords!
"user1": {"password1", false},
"user2": {"password2", false},
}
// Map of certificate fingerprints to sessions
sessions = map[string]*session{}
)
func main() {
2020-09-27 18:20:59 -06:00
handler := &gmi.ServeMux{}
2020-09-27 20:03:09 -06:00
handler.HandleFunc("/", welcome)
2020-09-28 14:02:32 -06:00
handler.HandleFunc("/login", login)
handler.HandleFunc("/login/password", loginPassword)
handler.HandleFunc("/profile", profile)
handler.HandleFunc("/admin", admin)
handler.HandleFunc("/logout", logout)
2020-09-27 15:39:44 -06:00
2020-10-11 21:48:18 -06:00
server := &gmi.Server{}
2020-10-11 22:13:24 -06:00
if err := server.CertificateStore.Load("/var/lib/gemini/certs"); err != nil {
log.Fatal(err)
}
server.Handle("localhost", handler)
2020-09-27 15:39:44 -06:00
if err := server.ListenAndServe(); err != nil {
log.Fatal(err)
}
}
func getSession(crt *x509.Certificate) (*session, bool) {
2020-09-27 18:20:59 -06:00
fingerprint := gmi.Fingerprint(crt)
2020-09-27 15:39:44 -06:00
session, ok := sessions[fingerprint]
return session, ok
}
2020-10-13 18:22:12 -06:00
func welcome(w *gmi.ResponseWriter, r *gmi.Request) {
w.Write([]byte("Welcome to this example.\n=> /login Login\n"))
2020-09-27 15:39:44 -06:00
}
2020-10-13 18:22:12 -06:00
func login(w *gmi.ResponseWriter, r *gmi.Request) {
gmi.WithCertificate(w, r, func(cert *x509.Certificate) {
gmi.WithInput(w, r, "Username", func(username string) {
fingerprint := gmi.Fingerprint(cert)
2020-09-27 15:39:44 -06:00
sessions[fingerprint] = &session{
username: username,
}
2020-10-13 18:22:12 -06:00
gmi.Redirect(w, r, "/login/password")
2020-09-28 00:05:37 -06:00
})
})
2020-09-27 15:39:44 -06:00
}
2020-10-13 18:22:12 -06:00
func loginPassword(w *gmi.ResponseWriter, r *gmi.Request) {
gmi.WithCertificate(w, r, func(cert *x509.Certificate) {
session, ok := getSession(cert)
2020-09-27 15:39:44 -06:00
if !ok {
2020-10-13 18:22:12 -06:00
gmi.CertificateNotAuthorized(w, r)
2020-09-27 15:39:44 -06:00
return
}
2020-10-13 18:22:12 -06:00
gmi.WithSensitiveInput(w, r, "Password", func(password string) {
2020-09-27 15:39:44 -06:00
expected := logins[session.username].password
if password == expected {
session.authorized = true
2020-10-13 18:22:12 -06:00
gmi.Redirect(w, r, "/profile")
2020-09-27 15:39:44 -06:00
} else {
2020-10-13 18:22:12 -06:00
gmi.SensitiveInput(w, r, "Wrong password. Try again")
2020-09-27 15:39:44 -06:00
}
2020-09-28 00:05:37 -06:00
})
})
2020-09-27 15:39:44 -06:00
}
2020-10-13 18:22:12 -06:00
func logout(w *gmi.ResponseWriter, r *gmi.Request) {
gmi.WithCertificate(w, r, func(cert *x509.Certificate) {
fingerprint := gmi.Fingerprint(cert)
2020-09-27 15:39:44 -06:00
delete(sessions, fingerprint)
})
2020-10-13 18:22:12 -06:00
w.Write([]byte("Successfully logged out.\n"))
2020-09-27 15:39:44 -06:00
}
2020-10-13 18:22:12 -06:00
func profile(w *gmi.ResponseWriter, r *gmi.Request) {
gmi.WithCertificate(w, r, func(cert *x509.Certificate) {
session, ok := getSession(cert)
2020-09-27 15:39:44 -06:00
if !ok {
2020-10-13 18:22:12 -06:00
gmi.CertificateNotAuthorized(w, r)
2020-09-27 15:39:44 -06:00
return
}
user := logins[session.username]
profile := fmt.Sprintf("Username: %s\nAdmin: %t\n=> /logout Logout", session.username, user.admin)
2020-10-13 18:22:12 -06:00
w.Write([]byte(profile))
})
2020-09-27 15:39:44 -06:00
}
2020-10-13 18:22:12 -06:00
func admin(w *gmi.ResponseWriter, r *gmi.Request) {
gmi.WithCertificate(w, r, func(cert *x509.Certificate) {
session, ok := getSession(cert)
2020-09-27 15:39:44 -06:00
if !ok {
2020-10-13 18:22:12 -06:00
gmi.CertificateNotAuthorized(w, r)
2020-09-27 15:39:44 -06:00
return
}
user := logins[session.username]
if !user.admin {
2020-10-13 18:22:12 -06:00
gmi.CertificateNotAuthorized(w, r)
2020-09-27 15:39:44 -06:00
return
}
2020-10-13 18:22:12 -06:00
w.Write([]byte("Welcome to the admin portal.\n"))
})
2020-09-27 15:39:44 -06:00
}