func (a *HttpBasicAuthenticator) LoginHandler() http.Handler { return http.HandlerFunc(func(writer http.ResponseWriter, request *http.Request) { if a.loginRequiresHeader != "" && request.Header.Get(a.loginRequiresHeader) == "" { log.Printf("%s %s: deny login because of missing connection header '%s'", request.Method, request.URL, a.loginRequiresHeader) failer.ServeBadRequest(writer, request) return } var user = a.userAttemptingAuth(request) if user != "" { a.authenticate(writer, request) // NOTE: Delay request even if authentication was successful, so that the // attacker needs our response time.Sleep(a.bruteBlocker.Delay(user, request.RemoteAddr, a.requestAuth.IsAuthenticated(request))) if a.requestAuth.IsAuthenticated(request) && a.requestAuth.UserID(request) == user { log.Printf("%s %s: authenticated as %s", request.Method, request.URL, a.requestAuth.UserID(request)) a.sessionAuth.SetUserID(writer, request, a.requestAuth.UserID(request)) router.RedirectToViewMode(writer, request) return } } a.basicAuth.RequireAuth(writer, request) }) }
func (e *Editor) serveWriter(writer http.ResponseWriter, request *http.Request) { if !e.store.HasWriteAccessForRequest(request) { log.Printf("%s %s: no write permissions", request.Method, request.URL) failer.ServeUnauthorized(writer, request) return } var content = request.FormValue("content") if content == "" { log.Printf("%s %s: no valid content in request", request.Method, request.URL) failer.ServeBadRequest(writer, request) return } e.store.WriteString(request, content) if err := e.store.Err(); err != nil { log.Printf("%s %s: %s", request.Method, request.URL, err) failer.ServeInternalServerError(writer, request) return } log.Printf("%s %s: wrote %d bytes", request.Method, request.URL, len(content)) if request.FormValue("saveAndReturn") != "" { router.RedirectToViewMode(writer, request) return } router.RedirectToEditMode(writer, request) }