add Protected and Authorize middleware, fix cookie bug, gofmt

auth/auth.go

@@ -1,9 +1,9 @@
 package auth
 
 import (
-  "time"
 	"net/http"
 	"nilfm.cc/git/quartzgun/cookie"
+	"time"
 )
 
 type User struct {

cookie/cookie.go

@@ -1,8 +1,8 @@
 package cookie
 
 import (
-  "net/http"
 	"crypto/rand"
+	"net/http"
 	"time"
 )
 
@@ -30,7 +30,7 @@ func StoreToken(field string, token string, w http.ResponseWriter, hrs int) {
 
 func GetToken(field string, req *http.Request) (string, error) {
 	c, err := req.Cookie(field)
-  if err != nil {
+	if err == nil {
 		return c.Value, nil
 	} else {
 		return "", err

go.mod

@@ -2,8 +2,4 @@ module nilfm.cc/git/quartzgun
 
 go 1.17
 
-require (
-  golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3
-)
-
-
+require golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3

go.sum

@@ -1,2 +1,9 @@
 golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3 h1:0es+/5331RGQPcXlMfP+WrnIIS6dNnNRe0WB02W0F4M=
 golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=

indentalUserDB/indentalUserDB.go

@@ -1,14 +1,14 @@
 package indentalUserDB
 
 import (
-  "time"
-  "nilfm.cc/git/quartzgun/cookie"
-  "nilfm.cc/git/quartzgun/auth"
+	"errors"
+	"fmt"
 	"golang.org/x/crypto/bcrypt"
+	"nilfm.cc/git/quartzgun/auth"
+	"nilfm.cc/git/quartzgun/cookie"
 	"os"
 	"strings"
-  "fmt"
-  "errors"
+	"time"
 )
 
 type IndentalUserDB struct {
@@ -114,7 +114,7 @@ func (self *IndentalUserDB) AddUser(user string, password string) error{
 		Session:   "",
 	}
 	writeDB(self.Basis, self.Users)
-  return nil;
+	return nil
 }
 
 func (self *IndentalUserDB) SetData(user string, key string, value interface{}) error {
@@ -122,8 +122,8 @@ func (self *IndentalUserDB) SetData(user string, key string, value interface{})
 		return errors.New("User not in DB")
 	}
 
-  self.Users[user].Data[key] = value;
-  return nil;
+	self.Users[user].Data[key] = value
+	return nil
 }
 
 func (self *IndentalUserDB) GetData(user string, key string) (interface{}, error) {
@@ -228,7 +228,7 @@ func writeDB(filePath string, users map[string]*auth.User) error {
 			user.Pass,
 			user.Session,
 			user.LoginTime,
-      user.LastSeen));
+			user.LastSeen))
 		for k, v := range user.Data {
 			f.WriteString(fmt.Sprintf("\t\t%s: %s\n", k, v))
 		}

middleware/middleware.go

@@ -0,0 +1,53 @@
+package middleware
+
+import (
+	"context"
+	"net/http"
+	"nilfm.cc/git/quartzgun/auth"
+	"nilfm.cc/git/quartzgun/cookie"
+)
+
+func Protected(next http.Handler, userStore auth.UserStore) http.Handler {
+	handlerFunc := func(w http.ResponseWriter, req *http.Request) {
+		user, err := cookie.GetToken("user", req)
+		if err == nil {
+			session, err := cookie.GetToken("session", req)
+			if err == nil {
+				login, err := userStore.ValidateUser(user, session)
+				if err == nil && login {
+					next.ServeHTTP(w, req)
+					return
+				}
+			}
+		}
+		req.Method = http.MethodGet
+		http.Redirect(w, req, "/login", http.StatusTemporaryRedirect)
+	}
+
+	return http.HandlerFunc(handlerFunc)
+}
+
+func Authorize(next string, userStore auth.UserStore) http.Handler {
+	handlerFunc := func(w http.ResponseWriter, req *http.Request) {
+		err := auth.Login(
+			req.FormValue("user"),
+			req.FormValue("password"),
+			userStore,
+			w,
+			24*7*52)
+		if err == nil {
+			req.Method = http.MethodGet
+			http.Redirect(w, req, next, http.StatusOK)
+		} else {
+			*req = *req.WithContext(
+				context.WithValue(
+					req.Context(),
+					"message",
+					"Incorrect credentials"))
+			req.Method = http.MethodGet
+			http.Redirect(w, req, "/login", http.StatusTemporaryRedirect)
+		}
+	}
+
+	return http.HandlerFunc(handlerFunc)
+}

quartzgun_test.go

@@ -1,13 +1,13 @@
 package main
 
 import (
-  "fmt"
-	"net/http"
-  "html/template"
 	"context"
-  "nilfm.cc/git/quartzgun/router"
-  "nilfm.cc/git/quartzgun/renderer"
+	"fmt"
+	"html/template"
+	"net/http"
 	"nilfm.cc/git/quartzgun/indentalUserDB"
+	"nilfm.cc/git/quartzgun/renderer"
+	"nilfm.cc/git/quartzgun/router"
 	"testing"
 )
 

renderer/renderer.go

@@ -1,10 +1,10 @@
 package renderer
 
 import (
-  "net/http"
-  "html/template"
 	"encoding/json"
 	"encoding/xml"
+	"html/template"
+	"net/http"
 )
 
 func Template(t ...string) http.Handler {

router/router.go

@@ -1,16 +1,16 @@
 package router
 
 import (
-  "net/http"
+	"context"
+	"errors"
 	"html/template"
-  "regexp"
 	"log"
+	"net/http"
+	"os"
+	"path"
+	"regexp"
 	"strconv"
 	"strings"
-  "path"
-  "os"
-  "errors"
-  "context"
 )
 
 type Router struct {
@@ -83,7 +83,7 @@ func (self *Router) ServeHTTP(w http.ResponseWriter, req *http.Request) {
 			p = path.Clean(p)
 
 			/* If the file exists, try to serve it. */
-      info, err := os.Stat(p);
+			info, err := os.Stat(p)
 			if err == nil && !info.IsDir() {
 				http.ServeFile(w, req, p)
 				/* Handle the common errors */
@@ -116,7 +116,7 @@ func (self *Router) ServeHTTP(w http.ResponseWriter, req *http.Request) {
 				req.ParseForm()
 				ProcessParams(req, params)
 				/* handle the request! */
-        handler.ServeHTTP(w, req);
+				handler.ServeHTTP(w, req)
 				return
 			}
 		}