diff --git a/README.md b/README.md
index eeb5c11..cc1be64 100644
--- a/README.md
+++ b/README.md
@@ -17,7 +17,9 @@ Eine `config.json` könnte z.B. wie folgt aussehen:
"Host":"http://127.0.0.1",
"Port":"8000",
"DataPath":"./data",
- "DataPathFTS":"./FTSData"
+ "DataPathFTS":"./FTSData",
+ "WebUser":"admin",
+ "WebPasswd":"pwd"
}
```
diff --git a/config.json b/config.json
index cf5b96e..f63a2c4 100644
--- a/config.json
+++ b/config.json
@@ -2,5 +2,7 @@
"Host":"http://127.0.0.1",
"Port":"8000",
"DataPath":"./data",
- "DataPathFTS":"./FTSData"
+ "DataPathFTS":"./FTSData",
+ "WebUser":"",
+ "WebPasswd":""
}
\ No newline at end of file
diff --git a/main.go b/main.go
index 34b282d..5a7726d 100644
--- a/main.go
+++ b/main.go
@@ -2,6 +2,7 @@ package main
import (
"bufio"
+ "crypto/subtle"
"encoding/json"
"fmt"
"html/template"
@@ -29,6 +30,8 @@ type Configuration struct {
Port string
DataPath string
DataPathFTS string
+ WebUser string
+ WebPasswd string
}
// our main function
@@ -131,12 +134,12 @@ func main() {
*/
router := mux.NewRouter()
- router.HandleFunc("/_api/md/{pagename:.*}", getRawPage).Methods("GET")
- router.HandleFunc("/_api/pdf/{pagename:.*}", getPDFPage).Methods("GET")
- router.HandleFunc("/_api/pinfo/{pagename:.*}", getPageInfo).Methods("GET")
- router.HandleFunc("/_api/fts/{searchterm:.*}", getFTS).Methods("GET")
- router.HandleFunc("/{pagename:.*}", getHTMLPage).Methods("GET")
- router.HandleFunc("/{pagename:.*}", postHTMLPage).Methods("POST")
+ router.HandleFunc("/_api/md/{pagename:.*}", basicAuth(getRawPage)).Methods("GET")
+ router.HandleFunc("/_api/pdf/{pagename:.*}", basicAuth(getPDFPage)).Methods("GET")
+ router.HandleFunc("/_api/pinfo/{pagename:.*}", basicAuth(getPageInfo)).Methods("GET")
+ router.HandleFunc("/_api/fts/{searchterm:.*}", basicAuth(getFTS)).Methods("GET")
+ router.HandleFunc("/{pagename:.*}", basicAuth(getHTMLPage)).Methods("GET")
+ router.HandleFunc("/{pagename:.*}", basicAuth(postHTMLPage)).Methods("POST")
log.Fatal(http.ListenAndServe(":"+config.Port, router))
@@ -327,6 +330,27 @@ func getPageInfo(w http.ResponseWriter, r *http.Request) {
json.NewEncoder(w).Encode(data)
}
+func basicAuth(handler http.HandlerFunc) http.HandlerFunc {
+
+ return func(w http.ResponseWriter, r *http.Request) {
+ if config.WebUser == "" && config.WebPasswd == "" {
+ handler(w, r)
+ return
+ }
+
+ user, pass, ok := r.BasicAuth()
+
+ if !ok || subtle.ConstantTimeCompare([]byte(user), []byte(config.WebUser)) != 1 || subtle.ConstantTimeCompare([]byte(pass), []byte(config.WebPasswd)) != 1 {
+ w.Header().Set("WWW-Authenticate", `Basic realm="Login GoWiki"`)
+ w.WriteHeader(401)
+ w.Write([]byte("Unauthorised.\n"))
+ return
+ }
+
+ handler(w, r)
+ }
+}
+
//--------------------------------------------------------------------------
// Typen
//--------------------------------------------------------------------------
@@ -369,7 +393,7 @@ func directoryExists(filename string) bool {
func readConfig(filename string) *Configuration {
// initialize conf with default values.
- conf := &Configuration{Host: "http://127.0.0.1", Port: "8000", DataPath: "./data", DataPathFTS: ""}
+ conf := &Configuration{Host: "http://127.0.0.1", Port: "8000", DataPath: "./data", DataPathFTS: "", WebUser: "", WebPasswd: ""}
b, err := ioutil.ReadFile("./config.json")
if err != nil {
diff --git a/web/index.html b/web/index.html
index e9962ce..846044d 100644
--- a/web/index.html
+++ b/web/index.html
@@ -124,6 +124,7 @@ mark {
Preview
Save
PDF
+ Logout