You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
94 lines
3.1 KiB
94 lines
3.1 KiB
package dash
|
|
|
|
import (
|
|
"crypto/subtle"
|
|
"net/http"
|
|
|
|
"github.com/gorilla/sessions"
|
|
"github.com/seaweedfs/seaweedfs/weed/glog"
|
|
)
|
|
|
|
// ShowLogin displays the login page.
|
|
func (s *AdminServer) ShowLogin(w http.ResponseWriter, r *http.Request) {
|
|
http.Redirect(w, r, "/login", http.StatusSeeOther)
|
|
}
|
|
|
|
// HandleLogin handles login form submission.
|
|
func (s *AdminServer) HandleLogin(store sessions.Store, adminUser, adminPassword, readOnlyUser, readOnlyPassword string) http.HandlerFunc {
|
|
return func(w http.ResponseWriter, r *http.Request) {
|
|
if err := r.ParseForm(); err != nil {
|
|
http.Redirect(w, r, "/login?error=Invalid form submission", http.StatusSeeOther)
|
|
return
|
|
}
|
|
session, err := store.Get(r, sessionName)
|
|
if err != nil {
|
|
http.Redirect(w, r, "/login?error=Unable to create session. Please try again or contact administrator.", http.StatusSeeOther)
|
|
return
|
|
}
|
|
|
|
if err := ValidateSessionCSRFToken(session, r); err != nil {
|
|
http.Redirect(w, r, "/login?error=Invalid CSRF token", http.StatusSeeOther)
|
|
return
|
|
}
|
|
|
|
loginUsername := r.FormValue("username")
|
|
loginPassword := r.FormValue("password")
|
|
|
|
var role string
|
|
var authenticated bool
|
|
|
|
// Check admin credentials.
|
|
if adminPassword != "" && loginUsername == adminUser && subtle.ConstantTimeCompare([]byte(loginPassword), []byte(adminPassword)) == 1 {
|
|
role = "admin"
|
|
authenticated = true
|
|
} else if readOnlyPassword != "" && loginUsername == readOnlyUser && subtle.ConstantTimeCompare([]byte(loginPassword), []byte(readOnlyPassword)) == 1 {
|
|
// Check read-only credentials.
|
|
role = "readonly"
|
|
authenticated = true
|
|
}
|
|
|
|
if authenticated {
|
|
for key := range session.Values {
|
|
delete(session.Values, key)
|
|
}
|
|
session.Values["authenticated"] = true
|
|
session.Values["username"] = loginUsername
|
|
session.Values["role"] = role
|
|
csrfToken, err := generateCSRFToken()
|
|
if err != nil {
|
|
http.Redirect(w, r, "/login?error=Unable to create session. Please try again or contact administrator.", http.StatusSeeOther)
|
|
return
|
|
}
|
|
session.Values[sessionCSRFTokenKey] = csrfToken
|
|
if err := session.Save(r, w); err != nil {
|
|
// Log the detailed error server-side for diagnostics.
|
|
glog.Errorf("Failed to save session for user %s: %v", loginUsername, err)
|
|
http.Redirect(w, r, "/login?error=Unable to create session. Please try again or contact administrator.", http.StatusSeeOther)
|
|
return
|
|
}
|
|
|
|
http.Redirect(w, r, "/admin", http.StatusSeeOther)
|
|
return
|
|
}
|
|
|
|
// Authentication failed.
|
|
http.Redirect(w, r, "/login?error=Invalid credentials", http.StatusSeeOther)
|
|
}
|
|
}
|
|
|
|
// HandleLogout handles user logout.
|
|
func (s *AdminServer) HandleLogout(store sessions.Store, w http.ResponseWriter, r *http.Request) {
|
|
session, err := store.Get(r, sessionName)
|
|
if err != nil {
|
|
http.Redirect(w, r, "/login", http.StatusSeeOther)
|
|
return
|
|
}
|
|
for key := range session.Values {
|
|
delete(session.Values, key)
|
|
}
|
|
session.Options.MaxAge = -1
|
|
if err := session.Save(r, w); err != nil {
|
|
glog.Warningf("Failed to save session during logout: %v", err)
|
|
}
|
|
http.Redirect(w, r, "/login", http.StatusSeeOther)
|
|
}
|