sashakoshka/go-gemini
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix known hosts expiration timestamps

Browse Source
This commit is contained in:
Adnan Maolood 2020-11-25 14:24:49 -05:00
parent 8ee55ee009
commit 3c7940f153
2 changed files with 32 additions and 98 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

128
examples/auth.go
View File

@ -3,6 +3,7 @@
package main package main
import ( import (
"crypto/sha512"
"crypto/tls" "crypto/tls"
"crypto/x509" "crypto/x509"
"crypto/x509/pkix" "crypto/x509/pkix"
@ -13,35 +14,20 @@ import (
"git.sr.ht/~adnano/go-gemini" "git.sr.ht/~adnano/go-gemini"
) )
type user struct { type User struct {
password string // TODO: use hashes Name string
admin bool
}
type session struct {
username string
authorized bool // whether or not the password was supplied
} }
var ( var (
// Map of usernames to user data // Map of certificate hashes to users
logins = map[string]user{ users = map[string]*User{}
"admin": {"p@ssw0rd", true}, // NOTE: These are bad passwords!
"user1": {"password1", false},
"user2": {"password2", false},
}
// Map of certificate fingerprints to sessions
sessions = map[string]*session{}
) )
func main() { func main() {
var mux gemini.ServeMux var mux gemini.ServeMux
mux.HandleFunc("/", login) mux.HandleFunc("/", profile)
mux.HandleFunc("/password", loginPassword) mux.HandleFunc("/username", changeUsername)
mux.HandleFunc("/profile", profile) mux.HandleFunc("/delete", deleteAccount)
mux.HandleFunc("/admin", admin)
mux.HandleFunc("/logout", logout)
var server gemini.Server var server gemini.Server
if err := server.Certificates.Load("/var/lib/gemini/certs"); err != nil { if err := server.Certificates.Load("/var/lib/gemini/certs"); err != nil {
@ -63,65 +49,9 @@ func main() {
} }
} }
func getSession(cert *x509.Certificate) (*session, bool) { func fingerprint(cert *x509.Certificate) string {
fingerprint := gemini.NewFingerprint(cert.Raw, cert.NotAfter) b := sha512.Sum512(cert.Raw)
session, ok := sessions[fingerprint.Hex] return string(b[:])
return session, ok
}
func login(w *gemini.ResponseWriter, r *gemini.Request) {
if r.Certificate == nil {
w.WriteStatus(gemini.StatusCertificateRequired)
return
}
username, ok := gemini.Input(r)
if !ok {
w.WriteHeader(gemini.StatusInput, "Username")
return
}
cert := r.Certificate.Leaf
fingerprint := gemini.NewFingerprint(cert.Raw, cert.NotAfter)
sessions[fingerprint.Hex] = &session{
username: username,
}
w.WriteHeader(gemini.StatusRedirect, "/password")
}
func loginPassword(w *gemini.ResponseWriter, r *gemini.Request) {
if r.Certificate == nil {
w.WriteStatus(gemini.StatusCertificateRequired)
return
}
session, ok := getSession(r.Certificate.Leaf)
if !ok {
w.WriteStatus(gemini.StatusCertificateNotAuthorized)
return
}
password, ok := gemini.Input(r)
if !ok {
w.WriteHeader(gemini.StatusSensitiveInput, "Password")
return
}
expected := logins[session.username].password
if password == expected {
session.authorized = true
w.WriteHeader(gemini.StatusRedirect, "/profile")
} else {
w.WriteHeader(gemini.StatusSensitiveInput, "Password")
}
}
func logout(w *gemini.ResponseWriter, r *gemini.Request) {
if r.Certificate == nil {
w.WriteStatus(gemini.StatusCertificateRequired)
return
}
cert := r.Certificate.Leaf
fingerprint := gemini.NewFingerprint(cert.Raw, cert.NotAfter)
delete(sessions, fingerprint.Hex)
fmt.Fprintln(w, "Successfully logged out.")
fmt.Fprintln(w, "=> / Index")
} }
func profile(w *gemini.ResponseWriter, r *gemini.Request) { func profile(w *gemini.ResponseWriter, r *gemini.Request) {
@ -129,31 +59,35 @@ func profile(w *gemini.ResponseWriter, r *gemini.Request) {
w.WriteStatus(gemini.StatusCertificateRequired) w.WriteStatus(gemini.StatusCertificateRequired)
return return
} }
session, ok := getSession(r.Certificate.Leaf) fingerprint := fingerprint(r.Certificate.Leaf)
user, ok := users[fingerprint]
if !ok { if !ok {
w.WriteStatus(gemini.StatusCertificateNotAuthorized) user = &User{}
return users[fingerprint] = user
} }
user := logins[session.username] fmt.Fprintln(w, "Username:", user.Name)
fmt.Fprintln(w, "Username:", session.username) fmt.Fprintln(w, "=> /username Change username")
fmt.Fprintln(w, "Admin:", user.admin) fmt.Fprintln(w, "=> /delete Delete account")
fmt.Fprintln(w, "=> /logout Logout")
} }
func admin(w *gemini.ResponseWriter, r *gemini.Request) { func changeUsername(w *gemini.ResponseWriter, r *gemini.Request) {
if r.Certificate == nil { if r.Certificate == nil {
w.WriteStatus(gemini.StatusCertificateRequired) w.WriteStatus(gemini.StatusCertificateRequired)
return return
} }
session, ok := getSession(r.Certificate.Leaf)
username, ok := gemini.Input(r)
if !ok { if !ok {
w.WriteStatus(gemini.StatusCertificateNotAuthorized) w.WriteHeader(gemini.StatusInput, "Username")
return return
} }
user := logins[session.username] users[fingerprint(r.Certificate.Leaf)].Name = username
if !user.admin { fmt.Fprintln(w, "Successfully changed username")
w.WriteStatus(gemini.StatusCertificateNotAuthorized) }
return
} func deleteAccount(w *gemini.ResponseWriter, r *gemini.Request) {
fmt.Fprintln(w, "Welcome to the admin portal.") if r.Certificate != nil {
delete(users, fingerprint(r.Certificate.Leaf))
}
fmt.Fprintln(w, "Account deleted")
} }

2
tofu.go
View File

@ -71,7 +71,7 @@ func (k *KnownHostsFile) WriteAll(w io.Writer) error {
// writeKnownHost writes a known host to the provided io.Writer. // writeKnownHost writes a known host to the provided io.Writer.
func (k *KnownHostsFile) writeKnownHost(w io.Writer, hostname string, f Fingerprint) (int, error) { func (k *KnownHostsFile) writeKnownHost(w io.Writer, hostname string, f Fingerprint) (int, error) {
s := base64.StdEncoding.EncodeToString([]byte(f.Raw)) s := base64.StdEncoding.EncodeToString([]byte(f.Raw))
return fmt.Fprintf(w, "%s %s %s %d\n", hostname, f.Algorithm, s, f.Expires) return fmt.Fprintf(w, "%s %s %s %d\n", hostname, f.Algorithm, s, f.Expires.Unix())
} }
// Load loads the known hosts from the provided path. // Load loads the known hosts from the provided path.