mirror of
https://github.com/mickael-kerjean/filestash.git
synced 2025-10-31 01:58:11 +08:00
86 lines
2.1 KiB
Go
86 lines
2.1 KiB
Go
package ctrl
|
|
|
|
import (
|
|
"encoding/json"
|
|
. "github.com/mickael-kerjean/nuage/server/common"
|
|
"golang.org/x/crypto/bcrypt"
|
|
"io/ioutil"
|
|
"net/http"
|
|
"time"
|
|
)
|
|
|
|
func AdminSessionGet(ctx App, res http.ResponseWriter, req *http.Request) {
|
|
if admin := Config.Get("auth.admin").String(); admin == "" {
|
|
SendSuccessResult(res, true)
|
|
return
|
|
}
|
|
obfuscate := func() string{
|
|
c, err := req.Cookie(COOKIE_NAME_ADMIN)
|
|
if err != nil {
|
|
return ""
|
|
}
|
|
return c.Value
|
|
}()
|
|
|
|
str, err := DecryptString(SECRET_KEY, obfuscate);
|
|
if err != nil {
|
|
SendSuccessResult(res, false)
|
|
return
|
|
}
|
|
token := AdminToken{}
|
|
json.Unmarshal([]byte(str), &token)
|
|
|
|
if token.IsAdmin() == false || token.IsValid() == false {
|
|
SendSuccessResult(res, false)
|
|
return
|
|
}
|
|
SendSuccessResult(res, true)
|
|
}
|
|
|
|
func AdminSessionAuthenticate(ctx App, res http.ResponseWriter, req *http.Request) {
|
|
// Step 1: Deliberatly make the request slower to make hacking attempt harder for the attacker
|
|
time.Sleep(1500*time.Millisecond)
|
|
|
|
// Step 2: Make sure current user has appropriate access
|
|
admin := Config.Get("auth.admin").String()
|
|
if admin == "" {
|
|
SendErrorResult(res, NewError("Missing admin account, please contact your administrator", 500))
|
|
return
|
|
}
|
|
var params map[string]string
|
|
b, _ := ioutil.ReadAll(req.Body)
|
|
json.Unmarshal(b, ¶ms)
|
|
if err := bcrypt.CompareHashAndPassword([]byte(admin), []byte(params["password"])); err != nil {
|
|
SendErrorResult(res, ErrInvalidPassword)
|
|
return
|
|
}
|
|
|
|
// Step 3: Send response to the client
|
|
body, _ := json.Marshal(NewAdminToken())
|
|
obfuscate, err := EncryptString(SECRET_KEY, string(body))
|
|
if err != nil {
|
|
SendErrorResult(res, err)
|
|
return
|
|
}
|
|
http.SetCookie(res, &http.Cookie{
|
|
Name: COOKIE_NAME_ADMIN,
|
|
Value: obfuscate,
|
|
Path: COOKIE_PATH_ADMIN,
|
|
MaxAge: 60*60, // valid for 1 hour
|
|
})
|
|
SendSuccessResult(res, true)
|
|
}
|
|
|
|
|
|
func AdminBackend(ctx App, res http.ResponseWriter, req *http.Request) {
|
|
backends := make(map[string]Form)
|
|
|
|
drivers := Backend.Drivers()
|
|
for key := range drivers {
|
|
if obj, ok := drivers[key].(interface{ LoginForm() Form }); ok {
|
|
backends[key] = obj.LoginForm()
|
|
}
|
|
}
|
|
SendSuccessResult(res, backends)
|
|
}
|