dashboard: Can restrict access through htpasswd
This commit is contained in:
parent
635e67c224
commit
437ed4d393
5 changed files with 89 additions and 2 deletions
|
|
@ -15,7 +15,7 @@ type App struct {
|
|||
bind string
|
||||
}
|
||||
|
||||
func NewApp(baseURL string, bind string) App {
|
||||
func NewApp(htpasswd_file *string, baseURL string, bind string) App {
|
||||
gin.ForceConsoleColor()
|
||||
router := gin.Default()
|
||||
|
||||
|
|
@ -29,6 +29,11 @@ func NewApp(baseURL string, bind string) App {
|
|||
} else {
|
||||
baserouter = router.Group("")
|
||||
}
|
||||
|
||||
if htpasswd_file != nil && len(*htpasswd_file) > 0 {
|
||||
baserouter.Use(Htpassword(*htpasswd_file))
|
||||
}
|
||||
|
||||
declareStaticRoutes(baserouter, baseURL)
|
||||
|
||||
app := App{
|
||||
|
|
|
|||
78
dashboard/htpasswd.go
Normal file
78
dashboard/htpasswd.go
Normal file
|
|
@ -0,0 +1,78 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"bufio"
|
||||
"fmt"
|
||||
"log"
|
||||
"net/http"
|
||||
"os"
|
||||
"strings"
|
||||
|
||||
"github.com/gin-gonic/gin"
|
||||
"gitlab.com/nyarla/go-crypt"
|
||||
)
|
||||
|
||||
func Htpassword(file string) func(c *gin.Context) {
|
||||
htpasswd := &Htpasswd{}
|
||||
|
||||
log.Println("Reading htpasswd file...")
|
||||
var err error
|
||||
if htpasswd, err = NewHtpasswd(file); htpasswd == nil {
|
||||
log.Fatal("Unable to parse htpasswd:", err)
|
||||
}
|
||||
|
||||
return func(c *gin.Context) {
|
||||
username, password, ok := c.Request.BasicAuth()
|
||||
if !ok {
|
||||
c.Writer.Header().Add("WWW-Authenticate", "Basic realm=\"FIC challenge Dashboard\"")
|
||||
c.AbortWithError(http.StatusUnauthorized, fmt.Errorf("Please login"))
|
||||
return
|
||||
}
|
||||
|
||||
if !htpasswd.Authenticate(username, password) {
|
||||
c.Writer.Header().Add("WWW-Authenticate", "Basic realm=\"FIC challenge Dashboard\"")
|
||||
c.AbortWithError(http.StatusUnauthorized, fmt.Errorf("Not authorized"))
|
||||
return
|
||||
}
|
||||
|
||||
c.Next()
|
||||
}
|
||||
}
|
||||
|
||||
type Htpasswd struct {
|
||||
entries map[string]string
|
||||
}
|
||||
|
||||
func NewHtpasswd(path string) (*Htpasswd, error) {
|
||||
if fd, err := os.Open(path); err != nil {
|
||||
return nil, err
|
||||
} else {
|
||||
defer fd.Close()
|
||||
|
||||
htpasswd := Htpasswd{
|
||||
map[string]string{},
|
||||
}
|
||||
|
||||
scanner := bufio.NewScanner(fd)
|
||||
for scanner.Scan() {
|
||||
line := strings.SplitN(strings.TrimSpace(scanner.Text()), ":", 2)
|
||||
if len(line) == 2 && len(line[1]) > 2 {
|
||||
htpasswd.entries[line[0]] = line[1]
|
||||
}
|
||||
}
|
||||
if err := scanner.Err(); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &htpasswd, nil
|
||||
}
|
||||
}
|
||||
|
||||
func (h Htpasswd) Authenticate(username, password string) bool {
|
||||
if hash, ok := h.entries[username]; !ok {
|
||||
return false
|
||||
} else if crypt.Crypt(password, hash[:2]) != hash {
|
||||
return false
|
||||
} else {
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
|
@ -69,6 +69,7 @@ func main() {
|
|||
|
||||
// Read parameters from command line
|
||||
var bind = flag.String("bind", "127.0.0.1:8082", "Bind port/socket")
|
||||
htpasswd_file := flag.String("htpasswd", "", "Restrict access with password, Apache htpasswd format")
|
||||
flag.StringVar(&baseURL, "baseurl", baseURL, "URL prepended to each URL")
|
||||
staticDir := flag.String("static", "./htdocs-dashboard/", "Directory containing static files")
|
||||
flag.StringVar(&fic.FilesDir, "files", fic.FilesDir, "Base directory where found challenges files, local part")
|
||||
|
|
@ -118,7 +119,7 @@ func main() {
|
|||
interrupt := make(chan os.Signal, 1)
|
||||
signal.Notify(interrupt, os.Interrupt, syscall.SIGTERM)
|
||||
|
||||
app := NewApp(baseURL, *bind)
|
||||
app := NewApp(htpasswd_file, baseURL, *bind)
|
||||
go app.Start()
|
||||
|
||||
// Wait shutdown signal
|
||||
|
|
|
|||
Reference in a new issue