Goit - Log

Author	Jakob Wakeling <[email protected]>
Date	2023-11-27 11:01:06
Commit	473d02cac949c8b69172128569571b64cf335b3a
Parent	b8047017f5dc43349e044cdcee1994c6e906ca47
Move all authentication to unified function
Diffstat

M	src/goit/auth.go	\|	38	--------------------------------------
M	src/repo/commit.go	\|	10	+++++++---
M	src/repo/create.go	\|	9	+++++++--
M	src/repo/file.go	\|	11	++++++++---
M	src/repo/refs.go	\|	10	+++++++---
M	src/repo/tree.go	\|	10	+++++++---
M	src/user/edit.go	\|	18	+++++-------------
M	src/user/login.go	\|	8	+++++++-
M	src/user/sessions.go	\|	14	++++++++++----
9 files changed, 58 insertions, 70 deletions
diff --git a/src/goit/auth.go b/src/goit/auth.go
index 809cf18..f6b287c 100644
--- a/src/goit/auth.go
+++ b/src/goit/auth.go
@@ -197,43 +197,6 @@ func Auth(w http.ResponseWriter, r *http.Request, renew bool) (bool, *User, erro
 	return true, user, nil
 }
 
-/* Authenticate a user session cookie. */
-func AuthCookie(w http.ResponseWriter, r *http.Request, renew bool) (bool, int64) {
-	if uid, s := GetSessionCookie(r); s != (Session{}) {
-		if s.Expiry.After(time.Now()) {
-			if renew && time.Until(s.Expiry) < 24*time.Hour {
-				ip, _, _ := net.SplitHostPort(r.RemoteAddr)
-				s1, err := NewSession(uid, ip, time.Now().Add(2*24*time.Hour))
-				if err != nil {
-					log.Println("[Renew Auth]", err.Error())
-				} else {
-					SetSessionCookie(w, uid, s1)
-					EndSession(uid, s.Token)
-				}
-			}
-
-			return true, uid
-		}
-
-		EndSession(uid, s.Token)
-	}
-
-	return false, -1
-}
-
-/* Authenticate a user session cookie and check admin status. */
-func AuthCookieAdmin(w http.ResponseWriter, r *http.Request, renew bool) (bool, bool, int64) {
-	if ok, uid := AuthCookie(w, r, renew); ok {
-		if user, err := GetUser(uid); err == nil && user.IsAdmin {
-			return true, true, uid
-		}
-
-		return true, false, uid
-	}
-
-	return false, false, -1
-}
-
 /* Hash a password with a salt using Argon2. */
 func Hash(pass string, salt []byte) []byte {
 	return argon2.IDKey([]byte(pass), salt, 3, 64*1024, 4, 32)
diff --git a/src/repo/commit.go b/src/repo/commit.go
index 3ce03b5..c409427 100644
--- a/src/repo/commit.go
+++ b/src/repo/commit.go
@@ -20,13 +20,17 @@ import (
 )
 
 func HandleCommit(w http.ResponseWriter, r *http.Request) {
-	auth, uid := goit.AuthCookie(w, r, true)
+	auth, user, err := goit.Auth(w, r, true)
+	if err != nil {
+		log.Println("[/repo/commit]", err.Error())
+		goit.HttpError(w, http.StatusInternalServerError)
+	}
 
 	repo, err := goit.GetRepoByName(mux.Vars(r)["repo"])
 	if err != nil {
 		goit.HttpError(w, http.StatusInternalServerError)
 		return
-	} else if repo == nil || (repo.IsPrivate && (!auth || repo.OwnerId != uid)) {
+	} else if repo == nil || (repo.IsPrivate && (!auth || repo.OwnerId != user.Id)) {
 		goit.HttpError(w, http.StatusNotFound)
 		return
 	}
@@ -49,7 +53,7 @@ func HandleCommit(w http.ResponseWriter, r *http.Request) {
 	}{
 		Title: repo.Name + " - Log", Name: repo.Name, Description: repo.Description,
 		Url:      util.If(goit.Conf.UsesHttps, "https://", "http://") + r.Host + "/" + repo.Name,
-		Editable: (auth && repo.OwnerId == uid),
+		Editable: (auth && repo.OwnerId == user.Id),
 	}
 
 	gr, err := git.PlainOpen(goit.RepoPath(repo.Name, true))
diff --git a/src/repo/create.go b/src/repo/create.go
index 48f5a3f..37d6ee1 100644
--- a/src/repo/create.go
+++ b/src/repo/create.go
@@ -11,8 +11,13 @@ import (
 )
 
 func HandleCreate(w http.ResponseWriter, r *http.Request) {
-	ok, uid := goit.AuthCookie(w, r, true)
-	if !ok {
+	auth, user, err := goit.Auth(w, r, true)
+	if err != nil {
+		log.Println("[admin]", err.Error())
+		goit.HttpError(w, http.StatusInternalServerError)
+	}
+
+	if !auth {
 		goit.HttpError(w, http.StatusUnauthorized)
 		return
 	}
@@ -45,7 +50,7 @@ func HandleCreate(w http.ResponseWriter, r *http.Request) {
 		} else if exists {
 			data.Message = "Name \"" + data.Name + "\" is taken"
 		} else if err := goit.CreateRepo(goit.Repo{
-			OwnerId: uid, Name: data.Name, Description: data.Description, IsPrivate: data.IsPrivate,
+			OwnerId: user.Id, Name: data.Name, Description: data.Description, IsPrivate: data.IsPrivate,
 		}); err != nil {
 			log.Println("[/repo/create]", err.Error())
 			goit.HttpError(w, http.StatusInternalServerError)
diff --git a/src/repo/file.go b/src/repo/file.go
index 440ad1d..edc42db 100644
--- a/src/repo/file.go
+++ b/src/repo/file.go
@@ -18,7 +18,11 @@ import (
 )
 
 func HandleFile(w http.ResponseWriter, r *http.Request) {
-	auth, uid := goit.AuthCookie(w, r, true)
+	auth, user, err := goit.Auth(w, r, true)
+	if err != nil {
+		log.Println("[admin]", err.Error())
+		goit.HttpError(w, http.StatusInternalServerError)
+	}
 
 	treepath := mux.Vars(r)["path"]
 	// if treepath == "" {
@@ -30,7 +34,7 @@ func HandleFile(w http.ResponseWriter, r *http.Request) {
 	if err != nil {
 		goit.HttpError(w, http.StatusInternalServerError)
 		return
-	} else if repo == nil || (repo.IsPrivate && (!auth || repo.OwnerId != uid)) {
+	} else if repo == nil || (repo.IsPrivate && (!auth || repo.OwnerId != user.Id)) {
 		goit.HttpError(w, http.StatusNotFound)
 		return
 	}
@@ -45,7 +49,7 @@ func HandleFile(w http.ResponseWriter, r *http.Request) {
 	}{
 		Title: repo.Name + " - File", Name: repo.Name, Description: repo.Description,
 		Url:      util.If(goit.Conf.UsesHttps, "https://", "http://") + r.Host + "/" + repo.Name,
-		Editable: (auth && repo.OwnerId == uid),
+		Editable: (auth && repo.OwnerId == user.Id),
 	}
 
 	gr, err := git.PlainOpen(goit.RepoPath(repo.Name, true))
diff --git a/src/repo/refs.go b/src/repo/refs.go
index a42e938..b0f2af4 100644
--- a/src/repo/refs.go
+++ b/src/repo/refs.go
@@ -16,13 +16,17 @@ import (
 )
 
 func HandleRefs(w http.ResponseWriter, r *http.Request) {
-	auth, uid := goit.AuthCookie(w, r, true)
+	auth, user, err := goit.Auth(w, r, true)
+	if err != nil {
+		log.Println("[admin]", err.Error())
+		goit.HttpError(w, http.StatusInternalServerError)
+	}
 
 	repo, err := goit.GetRepoByName(mux.Vars(r)["repo"])
 	if err != nil {
 		goit.HttpError(w, http.StatusInternalServerError)
 		return
-	} else if repo == nil || (repo.IsPrivate && (!auth || repo.OwnerId != uid)) {
+	} else if repo == nil || (repo.IsPrivate && (!auth || repo.OwnerId != user.Id)) {
 		goit.HttpError(w, http.StatusNotFound)
 		return
 	}
@@ -36,7 +40,7 @@ func HandleRefs(w http.ResponseWriter, r *http.Request) {
 	}{
 		Title: repo.Name + " - References", Name: repo.Name, Description: repo.Description,
 		Url:      util.If(goit.Conf.UsesHttps, "https://", "http://") + r.Host + "/" + repo.Name,
-		Editable: (auth && repo.OwnerId == uid),
+		Editable: (auth && repo.OwnerId == user.Id),
 	}
 
 	gr, err := git.PlainOpen(goit.RepoPath(repo.Name, true))
diff --git a/src/repo/tree.go b/src/repo/tree.go
index 5657b60..e4f3bc6 100644
--- a/src/repo/tree.go
+++ b/src/repo/tree.go
@@ -18,14 +18,19 @@ import (
 )
 
 func HandleTree(w http.ResponseWriter, r *http.Request) {
-	auth, uid := goit.AuthCookie(w, r, true)
+	auth, user, err := goit.Auth(w, r, true)
+	if err != nil {
+		log.Println("[admin]", err.Error())
+		goit.HttpError(w, http.StatusInternalServerError)
+	}
+
 	path := mux.Vars(r)["path"]
 
 	repo, err := goit.GetRepoByName(mux.Vars(r)["repo"])
 	if err != nil {
 		goit.HttpError(w, http.StatusInternalServerError)
 		return
-	} else if repo == nil || (repo.IsPrivate && (!auth || repo.OwnerId != uid)) {
+	} else if repo == nil || (repo.IsPrivate && (!auth || repo.OwnerId != user.Id)) {
 		goit.HttpError(w, http.StatusNotFound)
 		return
 	}
@@ -42,7 +47,7 @@ func HandleTree(w http.ResponseWriter, r *http.Request) {
 	}{
 		Title: repo.Name + " - Tree", Name: repo.Name, Description: repo.Description,
 		Url:      util.If(goit.Conf.UsesHttps, "https://", "http://") + r.Host + "/" + repo.Name,
-		Editable: (auth && repo.OwnerId == uid),
+		Editable: (auth && repo.OwnerId == user.Id),
 	}
 
 	gr, err := git.PlainOpen(goit.RepoPath(repo.Name, true))
diff --git a/src/user/edit.go b/src/user/edit.go
index 19cda31..f3a4486 100644
--- a/src/user/edit.go
+++ b/src/user/edit.go
@@ -13,20 +13,14 @@ import (
 )
 
 func HandleEdit(w http.ResponseWriter, r *http.Request) {
-	auth, uid := goit.AuthCookie(w, r, true)
-	if !auth {
-		goit.HttpError(w, http.StatusUnauthorized)
-		return
-	}
-
-	user, err := goit.GetUser(uid)
+	auth, user, err := goit.Auth(w, r, true)
 	if err != nil {
-		log.Println("[/user/edit]", err.Error())
-		goit.HttpError(w, http.StatusInternalServerError)
-		return
-	} else if user == nil {
-		log.Println("[/user/edit]", uid, "is a nonexistent UID")
+		log.Println("[admin]", err.Error())
 		goit.HttpError(w, http.StatusInternalServerError)
+	}
+
+	if !auth {
+		goit.HttpError(w, http.StatusUnauthorized)
 		return
 	}
 
@@ -53,7 +47,7 @@ func HandleEdit(w http.ResponseWriter, r *http.Request) {
 
 			if data.Form.Name == "" {
 				data.MessageA = "Username cannot be empty"
-			} else if slices.Contains(goit.Reserved, data.Form.Name) && uid != 0 {
+			} else if slices.Contains(goit.Reserved, data.Form.Name) && user.Id != 0 {
 				data.MessageA = "Username \"" + data.Form.Name + "\" is reserved"
 			} else if exists, err := goit.UserExists(data.Form.Name); err != nil {
 				log.Println("[/user/edit]", err.Error())
diff --git a/src/user/login.go b/src/user/login.go
index a87e7fa..cc8a7ee 100644
--- a/src/user/login.go
+++ b/src/user/login.go
@@ -17,7 +17,13 @@ import (
 )
 
 func HandleLogin(w http.ResponseWriter, r *http.Request) {
-	if auth, _ := goit.AuthCookie(w, r, true); auth {
+	auth, _, err := goit.Auth(w, r, true)
+	if err != nil {
+		log.Println("[admin]", err.Error())
+		goit.HttpError(w, http.StatusInternalServerError)
+	}
+
+	if auth {
 		http.Redirect(w, r, "/", http.StatusFound)
 	}
 
diff --git a/src/user/sessions.go b/src/user/sessions.go
index b046091..1c3b6ae 100644
--- a/src/user/sessions.go
+++ b/src/user/sessions.go
@@ -12,7 +12,12 @@ import (
 )
 
 func HandleSessions(w http.ResponseWriter, r *http.Request) {
-	auth, uid := goit.AuthCookie(w, r, true)
+	auth, user, err := goit.Auth(w, r, true)
+	if err != nil {
+		log.Println("[admin]", err.Error())
+		goit.HttpError(w, http.StatusInternalServerError)
+	}
+
 	if !auth {
 		goit.HttpError(w, http.StatusUnauthorized)
 		return
@@ -34,14 +39,14 @@ func HandleSessions(w http.ResponseWriter, r *http.Request) {
 	goit.SessionsMutex.RLock()
 	goit.Debugln("[goit.HandleSessions] SessionsMutex rlock")
 
-	if revoke >= 0 && revoke < int64(len(goit.Sessions[uid])) {
-		var token = goit.Sessions[uid][revoke].Token
+	if revoke >= 0 && revoke < int64(len(goit.Sessions[user.Id])) {
+		var token = goit.Sessions[user.Id][revoke].Token
 		var current = token == ss.Token
 
 		goit.SessionsMutex.RUnlock()
 		goit.Debugln("[goit.HandleSessions] SessionsMutex runlock")
 
-		goit.EndSession(uid, token)
+		goit.EndSession(user.Id, token)
 
 		if current {
 			goit.EndSessionCookie(w)
@@ -53,7 +58,7 @@ func HandleSessions(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	for i, v := range goit.Sessions[uid] {
+	for i, v := range goit.Sessions[user.Id] {
 		data.Sessions = append(data.Sessions, row{
 			Index: fmt.Sprint(i), Ip: v.Ip, Seen: v.Seen.Format(time.DateTime), Expiry: v.Expiry.Format(time.DateTime),
 			Current: util.If(v.Token == ss.Token, "(current)", ""),
	Goit
	Simple and lightweight Git web server
	Mirror of https://github.com/Jamozed/Goit
	git clone http://git.omkov.net/Goit
	Log \| Tree \| Refs \| README \| Download