|
@ -3,6 +3,7 @@ package main |
|
|
import ( |
|
|
import ( |
|
|
"bufio" |
|
|
"bufio" |
|
|
"encoding/base64" |
|
|
"encoding/base64" |
|
|
|
|
|
"log" |
|
|
"net/http" |
|
|
"net/http" |
|
|
"os" |
|
|
"os" |
|
|
"strings" |
|
|
"strings" |
|
@ -27,32 +28,25 @@ type AuthOptions struct { |
|
|
type auth struct { |
|
|
type auth struct { |
|
|
successHandler http.Handler |
|
|
successHandler http.Handler |
|
|
failureHandler http.Handler |
|
|
failureHandler http.Handler |
|
|
|
|
|
authKeys []string |
|
|
o AuthOptions |
|
|
o AuthOptions |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
func checkAuth(authFile string, decodedAuth []byte) (result bool, err error) { |
|
|
|
|
|
f, err := os.Open(authFile) |
|
|
|
|
|
if err != nil { |
|
|
|
|
|
return |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
func checkAuth(authKeys []string, decodedAuth []byte) (result bool, err error) { |
|
|
checkKey, err := scrypt.Key([]byte(decodedAuth), []byte(scryptSalt), scryptN, scryptr, scryptp, scryptKeyLen) |
|
|
checkKey, err := scrypt.Key([]byte(decodedAuth), []byte(scryptSalt), scryptN, scryptr, scryptp, scryptKeyLen) |
|
|
if err != nil { |
|
|
if err != nil { |
|
|
return |
|
|
return |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
encodedKey := base64.StdEncoding.EncodeToString(checkKey) |
|
|
encodedKey := base64.StdEncoding.EncodeToString(checkKey) |
|
|
|
|
|
|
|
|
scanner := bufio.NewScanner(bufio.NewReader(f)) |
|
|
|
|
|
for scanner.Scan() { |
|
|
|
|
|
if encodedKey == scanner.Text() { |
|
|
|
|
|
|
|
|
for _, v := range authKeys { |
|
|
|
|
|
if encodedKey == v { |
|
|
result = true |
|
|
result = true |
|
|
return |
|
|
return |
|
|
} |
|
|
} |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
result = false |
|
|
result = false |
|
|
err = scanner.Err() |
|
|
|
|
|
return |
|
|
return |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
@ -75,7 +69,7 @@ func (a auth) ServeHTTP(w http.ResponseWriter, r *http.Request) { |
|
|
return |
|
|
return |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
result, err := checkAuth(a.o.AuthFile, decodedAuth) |
|
|
|
|
|
|
|
|
result, err := checkAuth(a.authKeys, decodedAuth) |
|
|
if err != nil || !result { |
|
|
if err != nil || !result { |
|
|
a.failureHandler.ServeHTTP(w, r) |
|
|
a.failureHandler.ServeHTTP(w, r) |
|
|
return |
|
|
return |
|
@ -85,10 +79,29 @@ func (a auth) ServeHTTP(w http.ResponseWriter, r *http.Request) { |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
func UploadAuth(o AuthOptions) func(http.Handler) http.Handler { |
|
|
func UploadAuth(o AuthOptions) func(http.Handler) http.Handler { |
|
|
|
|
|
var authKeys []string |
|
|
|
|
|
|
|
|
|
|
|
f, err := os.Open(o.AuthFile) |
|
|
|
|
|
if err != nil { |
|
|
|
|
|
log.Fatal("Failed to open authfile: ", err) |
|
|
|
|
|
} |
|
|
|
|
|
defer f.Close() |
|
|
|
|
|
|
|
|
|
|
|
scanner := bufio.NewScanner(f) |
|
|
|
|
|
for scanner.Scan() { |
|
|
|
|
|
authKeys = append(authKeys, scanner.Text()) |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
err = scanner.Err() |
|
|
|
|
|
if err != nil { |
|
|
|
|
|
log.Fatal("Scanner error while reading authfile: ", err) |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
fn := func(h http.Handler) http.Handler { |
|
|
fn := func(h http.Handler) http.Handler { |
|
|
return auth{ |
|
|
return auth{ |
|
|
successHandler: h, |
|
|
successHandler: h, |
|
|
failureHandler: http.HandlerFunc(badAuthorizationHandler), |
|
|
failureHandler: http.HandlerFunc(badAuthorizationHandler), |
|
|
|
|
|
authKeys: authKeys, |
|
|
o: o, |
|
|
o: o, |
|
|
} |
|
|
} |
|
|
} |
|
|
} |
|
|