BasicAuth Login/Logout eingebaut

This commit is contained in:
Sven Schmalle 2020-01-20 15:56:39 +01:00
parent fa880cdaed
commit d7e91ebdba
4 changed files with 59 additions and 9 deletions

View File

@ -17,7 +17,9 @@ Eine `config.json` könnte z.B. wie folgt aussehen:
"Host":"http://127.0.0.1",
"Port":"8000",
"DataPath":"./data",
"DataPathFTS":"./FTSData"
"DataPathFTS":"./FTSData",
"WebUser":"admin",
"WebPasswd":"pwd"
}
```

View File

@ -2,5 +2,7 @@
"Host":"http://127.0.0.1",
"Port":"8000",
"DataPath":"./data",
"DataPathFTS":"./FTSData"
"DataPathFTS":"./FTSData",
"WebUser":"",
"WebPasswd":""
}

38
main.go
View File

@ -2,6 +2,7 @@ package main
import (
"bufio"
"crypto/subtle"
"encoding/json"
"fmt"
"html/template"
@ -29,6 +30,8 @@ type Configuration struct {
Port string
DataPath string
DataPathFTS string
WebUser string
WebPasswd string
}
// our main function
@ -131,12 +134,12 @@ func main() {
*/
router := mux.NewRouter()
router.HandleFunc("/_api/md/{pagename:.*}", getRawPage).Methods("GET")
router.HandleFunc("/_api/pdf/{pagename:.*}", getPDFPage).Methods("GET")
router.HandleFunc("/_api/pinfo/{pagename:.*}", getPageInfo).Methods("GET")
router.HandleFunc("/_api/fts/{searchterm:.*}", getFTS).Methods("GET")
router.HandleFunc("/{pagename:.*}", getHTMLPage).Methods("GET")
router.HandleFunc("/{pagename:.*}", postHTMLPage).Methods("POST")
router.HandleFunc("/_api/md/{pagename:.*}", basicAuth(getRawPage)).Methods("GET")
router.HandleFunc("/_api/pdf/{pagename:.*}", basicAuth(getPDFPage)).Methods("GET")
router.HandleFunc("/_api/pinfo/{pagename:.*}", basicAuth(getPageInfo)).Methods("GET")
router.HandleFunc("/_api/fts/{searchterm:.*}", basicAuth(getFTS)).Methods("GET")
router.HandleFunc("/{pagename:.*}", basicAuth(getHTMLPage)).Methods("GET")
router.HandleFunc("/{pagename:.*}", basicAuth(postHTMLPage)).Methods("POST")
log.Fatal(http.ListenAndServe(":"+config.Port, router))
@ -327,6 +330,27 @@ func getPageInfo(w http.ResponseWriter, r *http.Request) {
json.NewEncoder(w).Encode(data)
}
func basicAuth(handler http.HandlerFunc) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
if config.WebUser == "" && config.WebPasswd == "" {
handler(w, r)
return
}
user, pass, ok := r.BasicAuth()
if !ok || subtle.ConstantTimeCompare([]byte(user), []byte(config.WebUser)) != 1 || subtle.ConstantTimeCompare([]byte(pass), []byte(config.WebPasswd)) != 1 {
w.Header().Set("WWW-Authenticate", `Basic realm="Login GoWiki"`)
w.WriteHeader(401)
w.Write([]byte("Unauthorised.\n"))
return
}
handler(w, r)
}
}
//--------------------------------------------------------------------------
// Typen
//--------------------------------------------------------------------------
@ -369,7 +393,7 @@ func directoryExists(filename string) bool {
func readConfig(filename string) *Configuration {
// initialize conf with default values.
conf := &Configuration{Host: "http://127.0.0.1", Port: "8000", DataPath: "./data", DataPathFTS: ""}
conf := &Configuration{Host: "http://127.0.0.1", Port: "8000", DataPath: "./data", DataPathFTS: "", WebUser: "", WebPasswd: ""}
b, err := ioutil.ReadFile("./config.json")
if err != nil {

View File

@ -124,6 +124,7 @@ mark {
<li id="btnPreviewpage"><a href="#" onclick="PreviewPage()">Preview</a></li>
<li id="btnSavepage"><a href="#" onclick="SavePage()">Save</a></li>
<li id="btnPDFgen"><a href="#" onclick="PDFGen()">PDF</a></li>
<li id="btnPDFgen"><a href="#" onclick="Logout()">Logout</a></li>
</ul>
<form class="navbar-form nav navbar-nav navbar-right" role="search">
<div class="input-group">
@ -370,6 +371,27 @@ mark {
});
}
function Logout(){
try {
// Hack for Firefox/Chrome
$.ajax({
url: "/",
username: 'reset',
password: 'reset',
// If the return is 401, refresh the page to request new details.
statusCode: { 401: function() {
location.reload();
}
}
});
} catch (exception) {
// Hack for IE only
if (!document.execCommand("ClearAuthenticationCache")) {
document.location = "http://reset:reset@" + document.location.hostname + document.location.pathname;
location.reload();
}
}
}
</script>
<script>
//--------------------------------------------------------------------------