Merge branch 'feature/auth'
This commit is contained in:
commit
51c0930f98
3 changed files with 31 additions and 1 deletions
|
@ -4,6 +4,7 @@ Copyright © 2023 AGECEM & Victor Lacasse-Beaudoin
|
|||
package cmd
|
||||
|
||||
import (
|
||||
"crypto/subtle"
|
||||
"fmt"
|
||||
"log"
|
||||
|
||||
|
@ -30,6 +31,13 @@ var apiCmd = &cobra.Command{
|
|||
|
||||
e.Pre(middleware.AddTrailingSlash())
|
||||
|
||||
if cfg.API.Key != "" {
|
||||
e.Use(middleware.KeyAuth(func(key string, c echo.Context) (bool, error) {
|
||||
return subtle.ConstantTimeCompare([]byte(key), []byte(cfg.API.Key)) == 1, nil
|
||||
}))
|
||||
log.Println("API server is using an API key")
|
||||
}
|
||||
|
||||
v0 := e.Group("/v0")
|
||||
|
||||
bottinApiClient := bottindata.NewApiClient(cfg.Bottin.API.Key, cfg.Bottin.API.Host, cfg.Bottin.API.Protocol, cfg.Bottin.API.Port)
|
||||
|
@ -38,6 +46,7 @@ var apiCmd = &cobra.Command{
|
|||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
defer dbClient.DB.Close()
|
||||
|
||||
handler := apihandler.New(bottinApiClient, dbClient)
|
||||
|
||||
|
|
|
@ -4,6 +4,7 @@ Copyright © 2023 AGECEM & Victor Lacasse-Beaudoin
|
|||
package cmd
|
||||
|
||||
import (
|
||||
"crypto/subtle"
|
||||
"fmt"
|
||||
"log"
|
||||
"net/http"
|
||||
|
@ -34,6 +35,12 @@ var webCmd = &cobra.Command{
|
|||
|
||||
e.Pre(middleware.AddTrailingSlash())
|
||||
|
||||
e.Use(middleware.BasicAuth(func(user, password string, c echo.Context) (bool, error) {
|
||||
usersMatch := subtle.ConstantTimeCompare([]byte(user), []byte(cfg.Web.User)) == 1
|
||||
passwordsMatch := subtle.ConstantTimeCompare([]byte(password), []byte(cfg.Web.Password)) == 1
|
||||
return usersMatch && passwordsMatch, nil
|
||||
}))
|
||||
|
||||
client := http.DefaultClient
|
||||
defer client.CloseIdleConnections()
|
||||
|
||||
|
|
|
@ -46,7 +46,9 @@ type WebConfig struct {
|
|||
Port int
|
||||
Protocol string
|
||||
}
|
||||
Port int
|
||||
Password string
|
||||
Port int
|
||||
User string
|
||||
}
|
||||
|
||||
func UnmarshalConfig() (cfg Config, err error) {
|
||||
|
@ -184,11 +186,23 @@ func RegisterFlags(cmd *cobra.Command) error {
|
|||
return err
|
||||
}
|
||||
|
||||
// web.password ; --web-password
|
||||
if err := RegisterString(cmd, true,
|
||||
"web.password", "web-password", "Webserver basic auth password", "bottinag"); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// web.port ; --web-port
|
||||
cmd.PersistentFlags().Int("web-port", 3183, "Webserver port")
|
||||
if err := viper.BindPFlag("web.port", cmd.PersistentFlags().Lookup("web-port")); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// web.user ; --web-user
|
||||
if err := RegisterString(cmd, true,
|
||||
"web.user", "web-user", "Webserver basic auth username", "bottinag"); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
|
Reference in a new issue