From 2ae7923efc91d340169e9ffe935e2cf895b64b35 Mon Sep 17 00:00:00 2001 From: Djeeberjr Date: Thu, 12 May 2022 23:37:59 +0200 Subject: [PATCH] added basic auth --- cmd/s3share.go | 4 ++++ internal/s3Share.go | 2 +- internal/types/types.go | 2 ++ internal/web/web.go | 33 ++++++++++++++++++++++++++++++--- 4 files changed, 37 insertions(+), 4 deletions(-) diff --git a/cmd/s3share.go b/cmd/s3share.go index 5de869b..c4ef771 100644 --- a/cmd/s3share.go +++ b/cmd/s3share.go @@ -13,6 +13,8 @@ type args struct { S3SecretKey string `arg:"--s3-secret-key,required,env:S3_SECRET_KEY" placeholder:"SECRET_KEY"` S3DisableSSL bool `arg:"--s3-disable-ssl,env:S3_DISABLE_SSL" default:"false"` Address string `arg:"--address,env:ADDRESS" default:":3000" help:"what address to listen on" placeholder:"ADDRESS"` + APIUsername string `arg:"--api-username,required,env:API_USERNAME" help:"username for API" placeholder:"USERNAME"` + APIPassword string `arg:"--api-password,required,env:API_PASSWORD" help:"password for API" placeholder:"PASSWORD"` } func (args) Version() string { @@ -31,5 +33,7 @@ func main() { S3SSL: !args.S3DisableSSL, S3Bucket: args.S3Bucket, Address: args.Address, + APIUsername: args.APIUsername, + APIPassword: args.APIPassword, }) } diff --git a/internal/s3Share.go b/internal/s3Share.go index 2463a70..e4bf229 100644 --- a/internal/s3Share.go +++ b/internal/s3Share.go @@ -23,7 +23,7 @@ func Start(config *types.AppConfig) { client := client.NewClient(db, s3Client) - err = web.StartWebserver(config.Address, *client) + err = web.StartWebserver(config.Address, *client, config.APIUsername, config.APIPassword) if err != nil { logrus.Fatal(err.Error()) } diff --git a/internal/types/types.go b/internal/types/types.go index 588d605..bea55c2 100644 --- a/internal/types/types.go +++ b/internal/types/types.go @@ -12,6 +12,8 @@ type AppConfig struct { S3SSL bool S3Bucket string Address string + APIUsername string + APIPassword string } type Metadata struct { diff --git a/internal/web/web.go b/internal/web/web.go index 52fe838..2945104 100644 --- a/internal/web/web.go +++ b/internal/web/web.go @@ -2,6 +2,7 @@ package web import ( "encoding/json" + "errors" "io" "net/http" "strconv" @@ -20,7 +21,11 @@ type deleteShare struct { Slug string `json:"slug"` } -func StartWebserver(addr string, client client.Client) error { +func StartWebserver(addr string, client client.Client, username, password string) error { + if username == "" || password == "" { + return errors.New("API username and password must be set") + } + r := mux.NewRouter() r.HandleFunc("/{slug:[a-zA-Z0-9]{6}}", func(w http.ResponseWriter, r *http.Request) { @@ -53,11 +58,16 @@ func StartWebserver(addr string, client client.Client) error { }).Methods("HEAD") r.HandleFunc("/api/share", func(w http.ResponseWriter, r *http.Request) { + if !checkAuth(w, r, username, password) { + return + } }).Methods("GET") r.HandleFunc("/api/share", func(w http.ResponseWriter, r *http.Request) { - // TODO: check auth + if !checkAuth(w, r, username, password) { + return + } var shareParams createShare err := json.NewDecoder(r.Body).Decode(&shareParams) @@ -81,7 +91,9 @@ func StartWebserver(addr string, client client.Client) error { }).Methods("POST") r.HandleFunc("/api/share", func(w http.ResponseWriter, r *http.Request) { - //TODO: check auth + if !checkAuth(w, r, username, password) { + return + } var shareParams deleteShare err := json.NewDecoder(r.Body).Decode(&shareParams) @@ -136,3 +148,18 @@ func getShareHead(client client.Client, w http.ResponseWriter, r *http.Request) return share } + +func checkAuth(w http.ResponseWriter, r *http.Request, username, password string) bool { + username, password, ok := r.BasicAuth() + if !ok { + w.WriteHeader(http.StatusUnauthorized) + return false + } + + if username != username || password != password { + w.WriteHeader(http.StatusUnauthorized) + return false + } + + return true +}