all repos — quartzgun @ 2f41f53ebfba7cf71cd127c8354999c21e3188cb

lightweight web framework in go

middleware/middleware.go (raw)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
 
package middleware

import (
	"context"
	"fmt"
	"net/http"
	"nilfm.cc/git/quartzgun/auth"
	"nilfm.cc/git/quartzgun/cookie"
)

func Protected(next http.Handler, method string, userStore auth.UserStore, login string) http.Handler {
	handlerFunc := func(w http.ResponseWriter, req *http.Request) {
		user, err := cookie.GetToken("user", req)
		if err == nil {
			session, err := cookie.GetToken("session", req)
			if err == nil {
				login, err := userStore.ValidateUser(user, session)
				if err == nil && login {
					fmt.Printf("authorized!\n")
					fmt.Printf("user: %s, session: %s\n", user, session)
					req.Method = method
					next.ServeHTTP(w, req)
					return
				}
			}
		}
		fmt.Printf("unauthorized...\n")
		req.Method = http.MethodGet
		http.Redirect(w, req, login, http.StatusSeeOther)
	}

	return http.HandlerFunc(handlerFunc)
}

func Bunt(next string, userStore auth.UserStore, denied string) http.Handler {
	handlerFunc := func(w http.ResponseWriter, req *http.Request) {
		user, err := cookie.GetToken("user", req)
		if err == nil {
			err := auth.Logout(
				user,
				userStore,
				w)
			if err == nil {
				req.Method = http.MethodGet
				http.Redirect(w, req, next, http.StatusSeeOther)
				return
			}
		}
		req.Method = http.MethodGet
		http.Redirect(w, req, denied, http.StatusUnauthorized)
	}

	return http.HandlerFunc(handlerFunc)
}

func Authorize(next string, userStore auth.UserStore, denied string) http.Handler {
	handlerFunc := func(w http.ResponseWriter, req *http.Request) {
		err := auth.Login(
			req.FormValue("user"),
			req.FormValue("password"),
			userStore,
			w,
			24*7*52)
		if err == nil {
			req.Method = http.MethodGet
			fmt.Printf("logged in as %s\n", req.FormValue("user"))
			http.Redirect(w, req, next, http.StatusSeeOther)
		} else {
			fmt.Printf("login failed!\n")
			req.Method = http.MethodGet
			http.Redirect(w, req, denied, http.StatusSeeOther)
		}
	}

	return http.HandlerFunc(handlerFunc)
}

func Fortify(next http.Handler) http.Handler {
	handlerFunc := func(w http.ResponseWriter, req *http.Request) {
		token, err := cookie.GetToken("csrfToken", req)
		if err == nil {
			*req = *req.WithContext(
				context.WithValue(
					req.Context(),
					"csrfToken",
					token))
		}
		next.ServeHTTP(w, req)
	}

	return http.HandlerFunc(handlerFunc)
}

func Defend(next http.Handler, userStore auth.UserStore, denied string) http.Handler {
	handlerFunc := func(w http.ResponseWriter, req *http.Request) {
		user, err := cookie.GetToken("user", req)
		if err == nil {
			masterToken, err := userStore.GetData(user, "csrfToken")
			if err == nil {
				cookieToken, err := cookie.GetToken("csrfToken", req)
				if err == nil {
					formToken := req.FormValue("csrfToken")
					if formToken == cookieToken && formToken == masterToken.(string) {
						next.ServeHTTP(w, req)
						return
					}
				}
			}
		}
		http.Redirect(w, req, denied, http.StatusUnauthorized)
	}

	return http.HandlerFunc(handlerFunc)
}