atsebay.t/auth.go

package main

import (
	"encoding/base64"
	"encoding/json"
	"net/http"
	"time"

	"github.com/julienschmidt/httprouter"
)

var LocalAuthFunc = checkAuthKrb5
var localAuthUsers arrayFlags

type loginForm struct {
	Login    string `json:"username"`
	Password string `json:"password"`
}

func init() {
	router.GET("/api/auth", apiAuthHandler(validateAuthToken))
	router.POST("/api/auth", apiRawHandler(func(w http.ResponseWriter, ps httprouter.Params, body []byte) HTTPResponse {
		return formatApiResponse(LocalAuthFunc(w, ps, body))
	}))
	router.POST("/api/auth/logout", apiRawHandler(logout))
}

func validateAuthToken(u *User, _ httprouter.Params, _ []byte) HTTPResponse {
	return APIResponse{u}
}

func logout(w http.ResponseWriter, ps httprouter.Params, body []byte) HTTPResponse {
	http.SetCookie(w, &http.Cookie{
		Name:     "auth",
		Value:    "",
		Path:     baseURL + "/",
		Expires:  time.Unix(0, 0),
		Secure:   true,
		HttpOnly: true,
		SameSite: http.SameSiteStrictMode,
	})

	return APIResponse{true}
}

func completeAuth(w http.ResponseWriter, username string, email string, firstname string, lastname string, groups string, session *Session) (err error) {
	var usr User
	if !userExists(username) {
		if usr, err = NewUser(username, email, firstname, lastname, groups); err != nil {
			return err
		}
	} else if usr, err = getUserByLogin(username); err != nil {
		return err
	}

	if len(groups) > 255 {
		groups = groups[:255]
	}
	if usr.Groups != groups {
		usr.Groups = groups
		usr.Update()
	}

	if session == nil {
		var s Session
		s, err = usr.NewSession()
		session = &s
	} else {
		_, err = session.SetUser(usr)
	}

	if err != nil {
		return err
	}

	http.SetCookie(w, &http.Cookie{
		Name:     "auth",
		Value:    base64.StdEncoding.EncodeToString(session.Id),
		Path:     baseURL + "/",
		Expires:  time.Now().Add(30 * 24 * time.Hour),
		Secure:   true,
		HttpOnly: true,
		SameSite: http.SameSiteStrictMode,
	})

	return nil
}

func dummyAuth(w http.ResponseWriter, _ httprouter.Params, body []byte) (interface{}, error) {
	var lf map[string]string
	if err := json.Unmarshal(body, &lf); err != nil {
		return nil, err
	}

	return map[string]string{"status": "OK"}, completeAuth(w, lf["login"], lf["email"], lf["firstname"], lf["lastname"], "", nil)
}
Initial commit 2020-03-04 11:07:12 +00:00			`package main`

			`import (`
			`"encoding/base64"`
			`"encoding/json"`
			`"net/http"`
			`"time"`

			`"github.com/julienschmidt/httprouter"`
			`)`

Add fallback authentication through Kerberos 2021-09-22 15:02:30 +00:00			`var LocalAuthFunc = checkAuthKrb5`
			`var localAuthUsers arrayFlags`

			`type loginForm struct {`
			Login string `json:"username"`
			Password string `json:"password"`
			`}`

Initial commit 2020-03-04 11:07:12 +00:00			`func init() {`
			`router.GET("/api/auth", apiAuthHandler(validateAuthToken))`
Add fallback authentication through Kerberos 2021-09-22 15:02:30 +00:00			`router.POST("/api/auth", apiRawHandler(func(w http.ResponseWriter, ps httprouter.Params, body []byte) HTTPResponse {`
			`return formatApiResponse(LocalAuthFunc(w, ps, body))`
			`}))`
Initial commit 2020-03-04 11:07:12 +00:00			`router.POST("/api/auth/logout", apiRawHandler(logout))`
			`}`

			`func validateAuthToken(u *User, _ httprouter.Params, _ []byte) HTTPResponse {`
			`return APIResponse{u}`
			`}`

			`func logout(w http.ResponseWriter, ps httprouter.Params, body []byte) HTTPResponse {`
			`http.SetCookie(w, &http.Cookie{`
Add sameSite attribute to cookies 2020-09-13 14:36:07 +00:00			`Name: "auth",`
			`Value: "",`
			`Path: baseURL + "/",`
			`Expires: time.Unix(0, 0),`
			`Secure: true,`
Initial commit 2020-03-04 11:07:12 +00:00			`HttpOnly: true,`
Add sameSite attribute to cookies 2020-09-13 14:36:07 +00:00			`SameSite: http.SameSiteStrictMode,`
Initial commit 2020-03-04 11:07:12 +00:00			`})`

			`return APIResponse{true}`
			`}`

Handle student groups 2021-09-15 22:26:09 +00:00			`func completeAuth(w http.ResponseWriter, username string, email string, firstname string, lastname string, groups string, session *Session) (err error) {`
Initial commit 2020-03-04 11:07:12 +00:00			`var usr User`
			`if !userExists(username) {`
Handle student groups 2021-09-15 22:26:09 +00:00			`if usr, err = NewUser(username, email, firstname, lastname, groups); err != nil {`
Initial commit 2020-03-04 11:07:12 +00:00			`return err`
			`}`
			`} else if usr, err = getUserByLogin(username); err != nil {`
			`return err`
			`}`

Truncate groups to 255 chargs max 2021-09-28 14:27:48 +00:00			`if len(groups) > 255 {`
			`groups = groups[:255]`
			`}`
Handle student groups 2021-09-15 22:26:09 +00:00			`if usr.Groups != groups {`
			`usr.Groups = groups`
			`usr.Update()`
			`}`

Initial commit 2020-03-04 11:07:12 +00:00			`if session == nil {`
			`var s Session`
			`s, err = usr.NewSession()`
			`session = &s`
			`} else {`
			`_, err = session.SetUser(usr)`
			`}`

			`if err != nil {`
			`return err`
			`}`

			`http.SetCookie(w, &http.Cookie{`
Add sameSite attribute to cookies 2020-09-13 14:36:07 +00:00			`Name: "auth",`
			`Value: base64.StdEncoding.EncodeToString(session.Id),`
			`Path: baseURL + "/",`
			`Expires: time.Now().Add(30 * 24 * time.Hour),`
			`Secure: true,`
Initial commit 2020-03-04 11:07:12 +00:00			`HttpOnly: true,`
Add sameSite attribute to cookies 2020-09-13 14:36:07 +00:00			`SameSite: http.SameSiteStrictMode,`
Initial commit 2020-03-04 11:07:12 +00:00			`})`

			`return nil`
			`}`

			`func dummyAuth(w http.ResponseWriter, _ httprouter.Params, body []byte) (interface{}, error) {`
			`var lf map[string]string`
			`if err := json.Unmarshal(body, &lf); err != nil {`
			`return nil, err`
			`}`

Handle student groups 2021-09-15 22:26:09 +00:00			`return map[string]string{"status": "OK"}, completeAuth(w, lf["login"], lf["email"], lf["firstname"], lf["lastname"], "", nil)`
Initial commit 2020-03-04 11:07:12 +00:00			`}`