2022-01-17 05:11:24 +00:00
|
|
|
package databag
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"errors"
|
|
|
|
|
"strings"
|
|
|
|
|
"net/http"
|
|
|
|
|
"encoding/base64"
|
|
|
|
|
"golang.org/x/crypto/bcrypt"
|
|
|
|
|
"databag/internal/store"
|
|
|
|
|
)
|
|
|
|
|
|
2022-01-17 21:42:17 +00:00
|
|
|
func AdminLogin(r *http.Request) bool {
|
2022-01-17 05:11:24 +00:00
|
|
|
|
|
|
|
|
// extract request auth
|
|
|
|
|
username, password, ok := r.BasicAuth();
|
|
|
|
|
if !ok || username == "" || password == "" {
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// nothing to do if not configured
|
|
|
|
|
if !getBoolConfigValue(CONFIG_CONFIGURED, false) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// compare username
|
|
|
|
|
if getStrConfigValue(CONFIG_USERNAME, "") != username {
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// compare password
|
|
|
|
|
p := getBinConfigValue(CONFIG_PASSWORD, nil);
|
|
|
|
|
if bcrypt.CompareHashAndPassword(p, []byte(password)) != nil {
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
2022-01-17 21:42:17 +00:00
|
|
|
func BearerAccountToken(r *http.Request) (store.AccountToken, error) {
|
2022-01-17 05:11:24 +00:00
|
|
|
|
|
|
|
|
// parse bearer authentication
|
|
|
|
|
auth := r.Header.Get("Authorization")
|
|
|
|
|
token := strings.TrimSpace(strings.TrimPrefix(auth, "Bearer"))
|
|
|
|
|
|
|
|
|
|
// find token record
|
|
|
|
|
var accountToken store.AccountToken
|
|
|
|
|
err := store.DB.Where("token = ?", token).First(&accountToken).Error
|
|
|
|
|
return accountToken, err
|
|
|
|
|
}
|
|
|
|
|
|
2022-01-17 21:42:17 +00:00
|
|
|
func BasicCredentials(r *http.Request) (string, []byte, error) {
|
2022-01-17 05:11:24 +00:00
|
|
|
|
|
|
|
|
var username string
|
|
|
|
|
var password []byte
|
|
|
|
|
|
|
|
|
|
// parse bearer authentication
|
|
|
|
|
auth := r.Header.Get("Credentials")
|
|
|
|
|
token := strings.TrimSpace(strings.TrimPrefix(auth, "Basic"))
|
|
|
|
|
|
|
|
|
|
// decode basic auth
|
|
|
|
|
credentials, err := base64.StdEncoding.DecodeString(token)
|
|
|
|
|
if err != nil {
|
|
|
|
|
LogMsg("faield to decode basic credentials");
|
|
|
|
|
return username, password, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// parse credentials
|
|
|
|
|
login := strings.Split(string(credentials), ":");
|
|
|
|
|
if login[0] == "" || login[1] == "" {
|
|
|
|
|
LogMsg("failed to parse basic credentials");
|
|
|
|
|
return username, password, errors.New("invalid credentials")
|
|
|
|
|
}
|
|
|
|
|
username = login[0]
|
|
|
|
|
|
|
|
|
|
// hash password
|
|
|
|
|
password, err = bcrypt.GenerateFromPassword([]byte(login[1]), bcrypt.DefaultCost)
|
|
|
|
|
if err != nil {
|
|
|
|
|
LogMsg("failed to hash password")
|
|
|
|
|
return username, password, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return username, password, nil
|
|
|
|
|
}
|
