Esempio n. 1
0
File: http.go Progetto: fxnn/gone
func (a *HttpBasicAuthenticator) LoginHandler() http.Handler {
	return http.HandlerFunc(func(writer http.ResponseWriter, request *http.Request) {
		if a.loginRequiresHeader != "" && request.Header.Get(a.loginRequiresHeader) == "" {
			log.Printf("%s %s: deny login because of missing connection header '%s'",
				request.Method, request.URL, a.loginRequiresHeader)
			failer.ServeBadRequest(writer, request)
			return
		}

		var user = a.userAttemptingAuth(request)
		if user != "" {
			a.authenticate(writer, request)

			// NOTE: Delay request even if authentication was successful, so that the
			// attacker needs our response
			time.Sleep(a.bruteBlocker.Delay(user, request.RemoteAddr, a.requestAuth.IsAuthenticated(request)))

			if a.requestAuth.IsAuthenticated(request) && a.requestAuth.UserID(request) == user {
				log.Printf("%s %s: authenticated as %s", request.Method, request.URL, a.requestAuth.UserID(request))
				a.sessionAuth.SetUserID(writer, request, a.requestAuth.UserID(request))
				router.RedirectToViewMode(writer, request)
				return
			}
		}

		a.basicAuth.RequireAuth(writer, request)
	})
}
Esempio n. 2
0
File: editor.go Progetto: fxnn/gone
func (e *Editor) serveWriter(writer http.ResponseWriter, request *http.Request) {
	if !e.store.HasWriteAccessForRequest(request) {
		log.Printf("%s %s: no write permissions", request.Method, request.URL)
		failer.ServeUnauthorized(writer, request)
		return
	}

	var content = request.FormValue("content")
	if content == "" {
		log.Printf("%s %s: no valid content in request", request.Method, request.URL)
		failer.ServeBadRequest(writer, request)
		return
	}

	e.store.WriteString(request, content)
	if err := e.store.Err(); err != nil {
		log.Printf("%s %s: %s", request.Method, request.URL, err)
		failer.ServeInternalServerError(writer, request)
		return
	}
	log.Printf("%s %s: wrote %d bytes", request.Method, request.URL, len(content))

	if request.FormValue("saveAndReturn") != "" {
		router.RedirectToViewMode(writer, request)
		return
	}

	router.RedirectToEditMode(writer, request)
}