This commit is contained in:
Joren Schipman 2024-05-04 02:07:20 +02:00
parent 945695f148
commit fbc0738bf6
Signed by untrusted user who does not match committer: Joren
GPG Key ID: 280E33DFBC0F1B55
3 changed files with 46 additions and 7 deletions

5
go.mod
View File

@ -2,4 +2,7 @@ module MalwareServer
go 1.22.2 go 1.22.2
require github.com/liamg/magic v0.0.1 // indirect require (
github.com/dgrijalva/jwt-go v3.2.0+incompatible // indirect
github.com/liamg/magic v0.0.1 // indirect
)

2
go.sum
View File

@ -1,2 +1,4 @@
github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM=
github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
github.com/liamg/magic v0.0.1 h1:Ru22ElY+sCh6RvRTWjQzKKCxsEco8hE0co8n1qe7TBM= github.com/liamg/magic v0.0.1 h1:Ru22ElY+sCh6RvRTWjQzKKCxsEco8hE0co8n1qe7TBM=
github.com/liamg/magic v0.0.1/go.mod h1:yQkOmZZI52EA+SQ2xyHpVw8fNvTBruF873Y+Vt6S+fk= github.com/liamg/magic v0.0.1/go.mod h1:yQkOmZZI52EA+SQ2xyHpVw8fNvTBruF873Y+Vt6S+fk=

View File

@ -8,19 +8,27 @@ import (
"net/http" "net/http"
"path/filepath" "path/filepath"
"strings" "strings"
"time"
"github.com/dgrijalva/jwt-go"
) )
var ( var (
password = "hardcodedpassword" password = "hardcodedpassword"
lootPath = "Loot" lootPath = "Loot"
sessionCookieName = "auth_session" sessionCookieName = "auth_session"
) secretKey = []byte("key"))
type PageData struct { type PageData struct {
UIDs []string UIDs []string
Files []string Files []string
} }
type Claims struct {
Username string `json:"username"`
jwt.StandardClaims
}
func main() { func main() {
http.HandleFunc("/", logMiddleware(loginHandler)) http.HandleFunc("/", logMiddleware(loginHandler))
http.HandleFunc("/loot", logMiddleware(lootHandler)) http.HandleFunc("/loot", logMiddleware(lootHandler))
@ -45,12 +53,28 @@ func loginHandler(w http.ResponseWriter, r *http.Request) {
} }
if r.FormValue("password") == password { if r.FormValue("password") == password {
expirationTime := time.Now().Add(1 * time.Hour)
claims := &Claims{
Username: "root",
StandardClaims: jwt.StandardClaims{
ExpiresAt: expirationTime.Unix(),
},
}
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
tokenString, err := token.SignedString(secretKey)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
http.SetCookie(w, &http.Cookie{ http.SetCookie(w, &http.Cookie{
Name: sessionCookieName, Name: sessionCookieName,
Value: "authenticated", Value: tokenString,
Expires: expirationTime,
Path: "/", Path: "/",
MaxAge: 3600,
}) })
http.Redirect(w, r, "/loot", http.StatusSeeOther) http.Redirect(w, r, "/loot", http.StatusSeeOther)
return return
} }
@ -100,9 +124,19 @@ func renderTemplate(w http.ResponseWriter, tmpl string, data interface{}) {
func isAuthenticated(r *http.Request) bool { func isAuthenticated(r *http.Request) bool {
sessionCookie, err := r.Cookie(sessionCookieName) sessionCookie, err := r.Cookie(sessionCookieName)
if err != nil || sessionCookie.Value != "authenticated" { if err != nil {
return false return false
} }
tokenString := sessionCookie.Value
token, err := jwt.ParseWithClaims(tokenString, &Claims{}, func(token *jwt.Token) (interface{}, error) {
return secretKey, nil
})
if err != nil || !token.Valid {
return false
}
return true return true
} }