Ajouter groupe /admin avec basic auth

Pour admin panel
This commit is contained in:
Victor Lacasse-Beaudoin 2023-04-26 19:15:22 -04:00
parent 32d86b79c9
commit 2bfa133349

View file

@ -81,6 +81,18 @@ func init() {
// server.api.key - --server-api-key // server.api.key - --server-api-key
serverCmd.Flags().String("server-api-key", "", "Key to use for authenticating to /v1 routes") serverCmd.Flags().String("server-api-key", "", "Key to use for authenticating to /v1 routes")
viper.BindPFlag("server.api.key", serverCmd.Flags().Lookup("server-api-key")) viper.BindPFlag("server.api.key", serverCmd.Flags().Lookup("server-api-key"))
// server.admin.auth - --server-admin-auth
serverCmd.Flags().Bool("server-admin-auth", false, "Enable to allow basic authentication for /admin routes (config: server.admin.auth)")
viper.BindPFlag("server.admin.auth", serverCmd.Flags().Lookup("server-admin-auth"))
// server.admin.username - --server-frontend-username
serverCmd.Flags().String("server-admin-username", "", "Username for basic authentication for /admin routes (config: server.admin.username)")
viper.BindPFlag("server.admin.username", serverCmd.Flags().Lookup("server-admin-username"))
// server.admin.password - --server-frontend-password
serverCmd.Flags().String("server-admin-password", "", "Password for basic authentication for /admin routes (config: server.admin.password)")
viper.BindPFlag("server.admin.password", serverCmd.Flags().Lookup("server-admin-password"))
} }
func RunServer() { func RunServer() {
@ -106,6 +118,35 @@ func RunServer() {
groupV1.Use(middleware.KeyAuth(func(key string, c echo.Context) (bool, error) { groupV1.Use(middleware.KeyAuth(func(key string, c echo.Context) (bool, error) {
return subtle.ConstantTimeCompare([]byte(key), []byte(viper.GetString("server.api.key"))) == 1, nil return subtle.ConstantTimeCompare([]byte(key), []byte(viper.GetString("server.api.key"))) == 1, nil
})) }))
log.Println("Key auth for /v1 activated")
}
groupAdmin := e.Group("/admin")
groupAdmin.Use(middleware.AddTrailingSlash())
if viper.GetBool("server.admin.auth") {
username := viper.GetString("server.admin.username")
password := viper.GetString("server.admin.password")
if len(username) < 5 {
log.Fatal("server.admin.auth is enabled, but server.admin.username is too small (needs at least 5 characters)")
}
if len(password) < 10 {
log.Fatal("server.admin.auth is enabled, but server.admin.password is too small (needs at least 10 characters)")
}
groupAdmin.Use(middleware.BasicAuth(func(username_entered, password_entered string, c echo.Context) (bool, error) {
// Be careful to use constant time comparison to prevent timing attacks
if subtle.ConstantTimeCompare([]byte(username_entered), []byte(username)) == 1 &&
subtle.ConstantTimeCompare([]byte(password_entered), []byte(password)) == 1 {
return true, nil
}
return false, nil
}))
log.Println("Basic auth for /admin activated")
} }
// API Routes // API Routes
@ -154,6 +195,10 @@ func RunServer() {
e.GET("/public/documentation/:bucket/:document", handlePublicDocumentation) e.GET("/public/documentation/:bucket/:document", handlePublicDocumentation)
// Admin Routes
groupAdmin.GET("", handleAdmin)
e.Logger.Fatal(e.Start( e.Logger.Fatal(e.Start(
fmt.Sprintf(":%d", viper.GetInt("server.port")))) fmt.Sprintf(":%d", viper.GetInt("server.port"))))
} }
@ -671,6 +716,10 @@ func handlePublicDocumentation(c echo.Context) error {
return c.Blob(http.StatusOK, "application/octet-stream", result) return c.Blob(http.StatusOK, "application/octet-stream", result)
} }
func handleAdmin(c echo.Context) error {
return c.JSON(http.StatusNotImplemented, map[string]string{"message": "Not Implemented"})
}
// CSS Handlers // CSS Handlers
func handleStaticCSSIndex(c echo.Context) error { func handleStaticCSSIndex(c echo.Context) error {