add some auth

This commit is contained in:
Joren Schipman 2024-05-04 01:51:52 +02:00
parent ef554197e6
commit 945695f148
Signed by untrusted user who does not match committer: Joren
GPG Key ID: 280E33DFBC0F1B55

View File

@ -13,6 +13,7 @@ import (
var (
password = "hardcodedpassword"
lootPath = "Loot"
sessionCookieName = "auth_session"
)
type PageData struct {
@ -44,6 +45,12 @@ func loginHandler(w http.ResponseWriter, r *http.Request) {
}
if r.FormValue("password") == password {
http.SetCookie(w, &http.Cookie{
Name: sessionCookieName,
Value: "authenticated",
Path: "/",
MaxAge: 3600,
})
http.Redirect(w, r, "/loot", http.StatusSeeOther)
return
}
@ -52,10 +59,7 @@ func loginHandler(w http.ResponseWriter, r *http.Request) {
}
func lootHandler(w http.ResponseWriter, r *http.Request) {
if !isAuthenticated(r) {
http.Redirect(w, r, "/", http.StatusSeeOther)
return
}
checkAuth(w, r)
uids, err := getDeviceUIDs()
if err != nil {
@ -68,12 +72,20 @@ func lootHandler(w http.ResponseWriter, r *http.Request) {
}
func fileHandler(w http.ResponseWriter, r *http.Request) {
checkAuth(w, r)
requestedPath := strings.TrimPrefix(r.URL.Path, "/files/")
filePath := filepath.Join(lootPath, requestedPath)
http.ServeFile(w, r, filePath)
}
func logoutHandler(w http.ResponseWriter, r *http.Request) {
http.SetCookie(w, &http.Cookie{
Name: sessionCookieName,
Value: "",
Path: "/",
MaxAge: -1,
})
http.Redirect(w, r, "/", http.StatusSeeOther)
}
@ -87,6 +99,10 @@ func renderTemplate(w http.ResponseWriter, tmpl string, data interface{}) {
}
func isAuthenticated(r *http.Request) bool {
sessionCookie, err := r.Cookie(sessionCookieName)
if err != nil || sessionCookie.Value != "authenticated" {
return false
}
return true
}
@ -104,3 +120,10 @@ func getDeviceUIDs() ([]string, error) {
return uids, nil
}
func checkAuth(w http.ResponseWriter, r *http.Request) {
if !isAuthenticated(r) {
http.Redirect(w, r, "/", http.StatusSeeOther)
return
}
}