added basic auth

2022-05-12 23:37:59 +02:00 · 2022-05-12 23:37:59 +02:00 · 2ae7923efc
commit 2ae7923efc
parent 6f693d48c1
4 changed files with 37 additions and 4 deletions
--- a/cmd/s3share.go
+++ b/cmd/s3share.go
@ -13,6 +13,8 @@ type args struct {
 	S3SecretKey  string `arg:"--s3-secret-key,required,env:S3_SECRET_KEY" placeholder:"SECRET_KEY"`
 	S3DisableSSL bool   `arg:"--s3-disable-ssl,env:S3_DISABLE_SSL" default:"false"`
 	Address      string `arg:"--address,env:ADDRESS" default:":3000" help:"what address to listen on" placeholder:"ADDRESS"`
+	APIUsername  string `arg:"--api-username,required,env:API_USERNAME" help:"username for API" placeholder:"USERNAME"`
+	APIPassword  string `arg:"--api-password,required,env:API_PASSWORD" help:"password for API" placeholder:"PASSWORD"`
 }

 func (args) Version() string {
@ -31,5 +33,7 @@ func main() {
 		S3SSL:       !args.S3DisableSSL,
 		S3Bucket:    args.S3Bucket,
 		Address:     args.Address,
+		APIUsername: args.APIUsername,
+		APIPassword: args.APIPassword,
 	})
 }
--- a/internal/s3Share.go
+++ b/internal/s3Share.go
@ -23,7 +23,7 @@ func Start(config *types.AppConfig) {

 	client := client.NewClient(db, s3Client)

-	err = web.StartWebserver(config.Address, *client)
+	err = web.StartWebserver(config.Address, *client, config.APIUsername, config.APIPassword)
 	if err != nil {
 		logrus.Fatal(err.Error())
 	}
--- a/internal/types/types.go
+++ b/internal/types/types.go
@ -12,6 +12,8 @@ type AppConfig struct {
 	S3SSL       bool
 	S3Bucket    string
 	Address     string
+	APIUsername string
+	APIPassword string
 }

 type Metadata struct {
--- a/internal/web/web.go
+++ b/internal/web/web.go
@ -2,6 +2,7 @@ package web

 import (
 	"encoding/json"
+	"errors"
 	"io"
 	"net/http"
 	"strconv"
@ -20,7 +21,11 @@ type deleteShare struct {
 	Slug string `json:"slug"`
 }

-func StartWebserver(addr string, client client.Client) error {
+func StartWebserver(addr string, client client.Client, username, password string) error {
+	if username == "" || password == "" {
+		return errors.New("API username and password must be set")
+	}
+
 	r := mux.NewRouter()

 	r.HandleFunc("/{slug:[a-zA-Z0-9]{6}}", func(w http.ResponseWriter, r *http.Request) {
@ -53,11 +58,16 @@ func StartWebserver(addr string, client client.Client) error {
 	}).Methods("HEAD")

 	r.HandleFunc("/api/share", func(w http.ResponseWriter, r *http.Request) {
+		if !checkAuth(w, r, username, password) {
+			return
+		}

 	}).Methods("GET")

 	r.HandleFunc("/api/share", func(w http.ResponseWriter, r *http.Request) {
-		// TODO: check auth
+		if !checkAuth(w, r, username, password) {
+			return
+		}

 		var shareParams createShare
 		err := json.NewDecoder(r.Body).Decode(&shareParams)
@ -81,7 +91,9 @@ func StartWebserver(addr string, client client.Client) error {
 	}).Methods("POST")

 	r.HandleFunc("/api/share", func(w http.ResponseWriter, r *http.Request) {
-		//TODO: check auth
+		if !checkAuth(w, r, username, password) {
+			return
+		}

 		var shareParams deleteShare
 		err := json.NewDecoder(r.Body).Decode(&shareParams)
@ -136,3 +148,18 @@ func getShareHead(client client.Client, w http.ResponseWriter, r *http.Request)

 	return share
 }
+
+func checkAuth(w http.ResponseWriter, r *http.Request, username, password string) bool {
+	username, password, ok := r.BasicAuth()
+	if !ok {
+		w.WriteHeader(http.StatusUnauthorized)
+		return false
+	}
+
+	if username != username || password != password {
+		w.WriteHeader(http.StatusUnauthorized)
+		return false
+	}
+
+	return true
+}