From 9ac6bf79401a43d2876d2a4f977d63e56bb561e6 Mon Sep 17 00:00:00 2001 From: Victor Lacasse-Beaudoin Date: Tue, 19 Sep 2023 16:46:44 -0400 Subject: [PATCH 1/3] Ajouter flags web.password et web.user --- config/config.go | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/config/config.go b/config/config.go index c1f239a..be43f13 100644 --- a/config/config.go +++ b/config/config.go @@ -46,7 +46,9 @@ type WebConfig struct { Port int Protocol string } - Port int + Password string + Port int + User string } func UnmarshalConfig() (cfg Config, err error) { @@ -184,11 +186,23 @@ func RegisterFlags(cmd *cobra.Command) error { return err } + // web.password ; --web-password + if err := RegisterString(cmd, true, + "web.password", "web-password", "Webserver basic auth password", "bottinag"); err != nil { + return err + } + // web.port ; --web-port cmd.PersistentFlags().Int("web-port", 3183, "Webserver port") if err := viper.BindPFlag("web.port", cmd.PersistentFlags().Lookup("web-port")); err != nil { return err } + // web.user ; --web-user + if err := RegisterString(cmd, true, + "web.user", "web-user", "Webserver basic auth username", "bottinag"); err != nil { + return err + } + return nil } From 3b9a51c76712ca0d0cacd57150115cb7d05220c2 Mon Sep 17 00:00:00 2001 From: Victor Lacasse-Beaudoin Date: Tue, 19 Sep 2023 16:47:57 -0400 Subject: [PATCH 2/3] Ajouter API keyauth Defer dbclient.DB.Close() dans apiCmd --- cmd/api.go | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/cmd/api.go b/cmd/api.go index a612846..14ba555 100644 --- a/cmd/api.go +++ b/cmd/api.go @@ -4,6 +4,7 @@ Copyright © 2023 AGECEM & Victor Lacasse-Beaudoin package cmd import ( + "crypto/subtle" "fmt" "log" @@ -30,6 +31,13 @@ var apiCmd = &cobra.Command{ e.Pre(middleware.AddTrailingSlash()) + if cfg.API.Key != "" { + e.Use(middleware.KeyAuth(func(key string, c echo.Context) (bool, error) { + return subtle.ConstantTimeCompare([]byte(key), []byte(cfg.API.Key)) == 1, nil + })) + log.Println("API server is using an API key") + } + v0 := e.Group("/v0") bottinApiClient := bottindata.NewApiClient(cfg.Bottin.API.Key, cfg.Bottin.API.Host, cfg.Bottin.API.Protocol, cfg.Bottin.API.Port) @@ -38,6 +46,7 @@ var apiCmd = &cobra.Command{ if err != nil { log.Fatal(err) } + defer dbClient.DB.Close() handler := apihandler.New(bottinApiClient, dbClient) From a74e36afc1b42a521ed0be1f3ad250cf839385c8 Mon Sep 17 00:00:00 2001 From: Victor Lacasse-Beaudoin Date: Tue, 19 Sep 2023 16:48:29 -0400 Subject: [PATCH 3/3] Ajouter basicauth web --- cmd/web.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/cmd/web.go b/cmd/web.go index 0706774..52d584f 100644 --- a/cmd/web.go +++ b/cmd/web.go @@ -4,6 +4,7 @@ Copyright © 2023 AGECEM & Victor Lacasse-Beaudoin package cmd import ( + "crypto/subtle" "fmt" "log" "net/http" @@ -34,6 +35,12 @@ var webCmd = &cobra.Command{ e.Pre(middleware.AddTrailingSlash()) + e.Use(middleware.BasicAuth(func(user, password string, c echo.Context) (bool, error) { + usersMatch := subtle.ConstantTimeCompare([]byte(user), []byte(cfg.Web.User)) == 1 + passwordsMatch := subtle.ConstantTimeCompare([]byte(password), []byte(cfg.Web.Password)) == 1 + return usersMatch && passwordsMatch, nil + })) + client := http.DefaultClient defer client.CloseIdleConnections()