forked from zephyyrr/authprox
/
routes.go
240 lines (211 loc) · 6.6 KB
/
routes.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
package main
import (
"github.com/Sirupsen/logrus"
"github.com/gorilla/mux"
"github.com/gorilla/sessions"
"log"
"net/http"
"net/http/httputil"
"regexp"
"strings"
)
const (
loginPath = "/login"
)
var (
pages Pages
renderer Renderer
store sessions.Store
)
func init() {
pages = constPages
renderer = defaultRenderer
}
func setupHandlers() http.Handler {
store = sessions.NewCookieStore(config.Keys.AuthenticationKey, config.Keys.EncryptionKey)
muxer := mux.NewRouter()
muxer.Handle("/", LoggingMW(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if config.RootRedirect != nil {
http.Redirect(w, r, *config.RootRedirect, http.StatusMovedPermanently)
}
mainHandler(w, r)
})))
muxer.MatcherFunc(wildcard).Handler(LoggingMiddleware{
Wrapped: http.HandlerFunc(mainHandler),
Message: "HTTP Proxied",
}) //Both are necessary.
proxymux := muxer.PathPrefix("/proxy").Subrouter()
proxymux.Handle("/", LoggingMW(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
renderer.Render(w, pages.Get(MainMenuPage))
})))
{ // GET handlers
m := proxymux.Methods("GET").Subrouter()
m.PathPrefix("/login").Handler(LoggingMW(http.HandlerFunc(getLogin)))
m.PathPrefix("/register").Handler(LoggingMW(http.HandlerFunc(getRegister)))
m.PathPrefix("/logout").Handler(LoggingMW(http.HandlerFunc(getLogout)))
if config.StaticResources != nil { //Only put up this route if we have static content. Could all be served from CDN or similar.
m.PathPrefix("/static").Handler(LoggingMW(CacheMW{RewriteMW{
Wrapped: http.FileServer(http.Dir(*config.StaticResources)),
From: "/proxy/static/(.*)",
To: "/$1",
}}))
logger.WithField("dir", *config.StaticResources).Info("Static route setup.")
}
}
{ // POST handlers
m := proxymux.Methods("POST").Subrouter()
m.PathPrefix("/login").Handler(LoggingMW(http.HandlerFunc(postLogin)))
m.PathPrefix("/register").Handler(LoggingMW(http.HandlerFunc(postRegister)))
}
return muxer
}
func wildcard(r *http.Request, rm *mux.RouteMatch) bool {
return !strings.HasPrefix(r.URL.Path, "/proxy/")
}
type CacheMW struct{ Wrapped http.Handler }
func (c CacheMW) ServeHTTP(w http.ResponseWriter, r *http.Request) {
w.Header().Set("cache-control", "public,max-age:360000")
c.Wrapped.ServeHTTP(w, r)
}
func LoggingMW(h http.Handler) http.Handler {
return LoggingMiddleware{
Message: "HTTP Request",
Wrapped: h,
}
}
type LoggingMiddleware struct {
Message string
Wrapped http.Handler
}
func (lm LoggingMiddleware) ServeHTTP(w http.ResponseWriter, r *http.Request) {
logger.WithFields(logrus.Fields{
"method": r.Method,
"url": r.URL,
"client": r.RemoteAddr,
}).Info(lm.Message)
lm.Wrapped.ServeHTTP(w, r)
}
type RewriteMW struct {
Wrapped http.Handler
From string
To string
exp *regexp.Regexp
}
func (rw RewriteMW) ServeHTTP(w http.ResponseWriter, r *http.Request) {
if rw.exp == nil {
var err error
rw.exp, err = regexp.Compile(rw.From)
if err != nil {
logger.WithField("from", rw.From).Fatal("Error compiling Rewrite rule.")
}
}
r.URL.Path = string(rw.exp.ReplaceAll([]byte(r.URL.Path), []byte(rw.To)))
rw.Wrapped.ServeHTTP(w, r)
}
func mainHandler(w http.ResponseWriter, r *http.Request) {
session, _ := store.Get(r, "auth")
if loggedin, ok := session.Values["loggedin"].(bool); !(ok && loggedin) {
if isWebsocket(r) {
http.Error(w, "You need to login first.", http.StatusUnauthorized)
}
logger.WithFields(logrus.Fields{
"method": r.Method,
"url": r.URL,
"client": r.RemoteAddr,
"redirect": "/proxy/login",
"status": http.StatusTemporaryRedirect,
}).Info("Client not logged in.")
http.Redirect(w, r, "/proxy/login", http.StatusTemporaryRedirect)
}
if isWebsocket(r) {
p := websocketProxy{}
p.ServeHTTP(w, r)
return
}
wlogger := logger.Writer()
defer wlogger.Close()
revProxy := &httputil.ReverseProxy{
Director: func(r *http.Request) {
r.URL.Scheme = "http"
r.URL.Host = config.Destination
logger.WithField("path", r.URL.Path).Debug("Directing reverse-proxy")
},
ErrorLog: log.New(wlogger, "", 0),
}
revProxy.ServeHTTP(w, r)
}
func getLogin(w http.ResponseWriter, r *http.Request) {
session, _ := store.Get(r, "auth")
if loggedin, ok := session.Values["loggedin"].(bool); ok && loggedin {
//Already logged in, so redirect to mainpage.
renderer.Render(w, Page{
Title: "Already Logged in",
Content: "You are already logged in!",
})
return
}
renderer.Render(w, pages.Get(LoginPage)) //Not logged in. Serve login page
}
func postLogin(w http.ResponseWriter, r *http.Request) {
session, _ := store.Get(r, "auth")
//Temp code. Autologin.
r.ParseForm()
if users.Authenticate(r.PostFormValue("username"), r.PostFormValue("password")) {
session.Values["loggedin"] = true
session.Save(r, w)
logger.WithFields(logrus.Fields{
"method": r.Method,
"url": r.URL,
"client": r.RemoteAddr,
"user": r.PostFormValue("username"),
}).Info("Client logged in.")
renderer.Render(w, pages.Get(LoginSuccessPage))
} else {
logger.WithFields(logrus.Fields{
"method": r.Method,
"url": r.URL,
"client": r.RemoteAddr,
"user": r.PostFormValue("username"),
}).Info("Client failed to logged in.")
renderer.Render(w, pages.Get(LoginPage))
}
}
func getRegister(w http.ResponseWriter, r *http.Request) {
//If they are logged in and want to register again, then fine.
//Can add measures against this if it becomes and issue.
renderer.Render(w, pages.Get(RegistrationPage)) //Serve register page
}
func postRegister(w http.ResponseWriter, r *http.Request) {
r.ParseForm()
username, password := r.PostFormValue("username"), r.PostFormValue("password")
if !recaptcher.Verify(*r) {
logger.WithFields(logrus.Fields{
"user": username,
"error": recaptcher.LastError(),
}).Error("Failed to verify reCaptcha during registration.")
w.Write([]byte("Failed to verify the reCaptcha. Please verify that you are human and try again."))
return
}
err := users.Register(username, password)
switch err {
case nil:
//Success
logger.WithFields(logrus.Fields{
"method": r.Method,
"url": r.URL,
"client": r.RemoteAddr,
"user": username,
}).Info("User registration")
renderer.Render(w, pages.Get(RegistrationSuccessPage))
case ErrUserExists:
http.Error(w, "The user already exists. Please try again with a different username.", http.StatusPreconditionFailed)
default:
http.Error(w, err.Error(), http.StatusInternalServerError)
}
}
func getLogout(w http.ResponseWriter, r *http.Request) {
session, _ := store.Get(r, "auth")
session.Values["loggedin"] = false
session.Save(r, w)
renderer.Render(w, pages.Get(LogoutPage))
}