From 46edc844219a97e8d2c483fcd1e45c72efd85b13 Mon Sep 17 00:00:00 2001 From: DiddiZ Date: Thu, 2 Feb 2017 22:15:48 +0100 Subject: [PATCH] Added BasicAuth to admin handlers. (SommerEngineering/KPIManager#8) --- ConfigurationDB/CheckConfiguration.go | 1 + Handlers/AddHandler.go | 3 ++- Handlers/BasicAuth.go | 30 +++++++++++++++++++++++++++ System/Version/Variables.go | 2 +- 4 files changed, 34 insertions(+), 2 deletions(-) create mode 100644 Handlers/BasicAuth.go diff --git a/ConfigurationDB/CheckConfiguration.go b/ConfigurationDB/CheckConfiguration.go index bc85c5e..f347337 100644 --- a/ConfigurationDB/CheckConfiguration.go +++ b/ConfigurationDB/CheckConfiguration.go @@ -14,6 +14,7 @@ func checkConfiguration() { CheckSingleConfigurationPresentsAndAddIfMissing(`DefaultLanguageCode`, `en-GB`) CheckSingleConfigurationPresentsAndAddIfMissing(`AdminWebServerBinding`, `127.0.0.1:60000`) CheckSingleConfigurationPresentsAndAddIfMissing(`AdminWebServerEnabled`, `True`) + CheckSingleConfigurationPresentsAndAddIfMissing(`AdminWebServerPassword`, ``) CheckSingleConfigurationPresentsAndAddIfMissing(`AdminWebServerUseTLS`, `False`) CheckSingleConfigurationPresentsAndAddIfMissing(`AdminWebServerTLSCertificateName`, `certificateAdmin.pem`) CheckSingleConfigurationPresentsAndAddIfMissing(`AdminWebServerTLSPrivateKey`, `privateKeyAdmin.pem`) diff --git a/Handlers/AddHandler.go b/Handlers/AddHandler.go index 5cf3620..da06a3a 100644 --- a/Handlers/AddHandler.go +++ b/Handlers/AddHandler.go @@ -4,6 +4,7 @@ import ( "fmt" "net/http" + "github.com/SommerEngineering/Ocean/ConfigurationDB" "github.com/SommerEngineering/Ocean/Log" LM "github.com/SommerEngineering/Ocean/Log/Meta" ) @@ -33,5 +34,5 @@ func AddAdminHandler(pattern string, handler func(http.ResponseWriter, *http.Req }() // Add the handler: - muxAdmin.HandleFunc(pattern, handler) + muxAdmin.HandleFunc(pattern, BasicAuth(handler, `admin`, ConfigurationDB.Read(`AdminWebServerEnabled`), `Please enter your username and password for this site`)) } diff --git a/Handlers/BasicAuth.go b/Handlers/BasicAuth.go new file mode 100644 index 0000000..a37b32d --- /dev/null +++ b/Handlers/BasicAuth.go @@ -0,0 +1,30 @@ +package Handlers + +import ( + "crypto/subtle" + "net/http" +) + +// BasicAuth wraps a handler requiring HTTP basic auth for it using the given +// username and password and the specified realm, which shouldn't contain quotes. +// +// Most web browser display a dialog with something like: +// +// The website says: "" +// +// Which is really stupid so you may want to set the realm to a message rather than +// an actual realm. +// +// Taken from on http://stackoverflow.com/questions/21936332/idiomatic-way-of-requiring-http-basic-auth-in-go/39591234#39591234 +func BasicAuth(handler http.HandlerFunc, username, password, realm string) http.HandlerFunc { + return func(w http.ResponseWriter, r *http.Request) { + user, pass, ok := r.BasicAuth() + if !ok || subtle.ConstantTimeCompare([]byte(user), []byte(username)) != 1 || subtle.ConstantTimeCompare([]byte(pass), []byte(password)) != 1 { + w.Header().Set("WWW-Authenticate", `Basic realm="`+realm+`"`) + w.WriteHeader(401) + w.Write([]byte(http.StatusText(401))) + return + } + handler(w, r) + } +} diff --git a/System/Version/Variables.go b/System/Version/Variables.go index b4fd560..2307d09 100644 --- a/System/Version/Variables.go +++ b/System/Version/Variables.go @@ -1,5 +1,5 @@ package Version var ( - oceansVersion string = `2.1.2` // Ocean's current version + oceansVersion string = `2.1.3` // Ocean's current version )