func cookieHandler(w http.ResponseWriter, req *http.Request) {
w.Header().Set("Content-Type", "text/html; charset=utf-8")
if cn := req.FormValue("set"); cn != "" {
cv, cp := req.FormValue("val"), req.FormValue("pat")
trace("cookieHandler recieved cookie %s=%s; path=%s.", cn, cv, cp)
w.Header().Set("Set-Cookie", fmt.Sprintf("%s=%s; Path=/de/index; Domain=my.domain.org; Secure;", cn, cv))
}
if t := req.FormValue("goto"); t != "" {
w.Header().Set("Location", "localhost:54123/"+t)
w.WriteHeader(302)
} else {
w.WriteHeader(200)
body := "<html><head><title>Cookies</title></head>\n<body><h1>All Submitted Cookies</h1>"
for _, cookie := range req.Cookies() {
body += "<div class=\"cookies\">\n"
body += " <ul>\n"
body += " <li>" + cookie.Name + " :: " + cookie.Value + "</li>\n"
body += " </ul>\n"
body += "</div>\n"
}
body += "</body></html>"
w.Write([]byte(body))
}
}
func newRequest(hr *http.Request, hc http.ResponseWriter) *Request {
remoteAddrIP, remotePort := hr.RemoteAddr, 0
remoteAddr, _ := net.ResolveTCPAddr("tcp", hr.RemoteAddr)
if remoteAddr != nil {
remoteAddrIP = remoteAddr.IP.String()
remotePort = remoteAddr.Port
}
req := Request{
Method: hr.Method,
URL: hr.URL,
Proto: hr.Proto,
ProtoMajor: hr.ProtoMajor,
ProtoMinor: hr.ProtoMinor,
Headers: hr.Header,
Body: hr.Body,
Close: hr.Close,
Host: hr.Host,
Referer: hr.Referer(),
UserAgent: hr.UserAgent(),
FullParams: hr.Form,
Cookie: hr.Cookies(),
RemoteAddr: remoteAddrIP,
RemotePort: remotePort,
}
return &req
}
// given an http.Request r, returns the username associated with the given
// request, as determined with an extremely unsafe cookie. Returns an empty
// string if the user is not logged in.
func ParseUsername(r *http.Request) string {
for _, c := range r.Cookies() {
if c.Name == "username" {
return c.Value
}
}
return ""
}
func redirectHandler(w http.ResponseWriter, req *http.Request) {
w.Header().Set("Content-Type", "text/html; charset=utf-8")
switch lastPath(req) {
case "redirect", "":
w.Header().Set("Location", "http://localhost:54123/redirect/first")
w.Header().Add("Set-Cookie", "rda=rda; Path=/")
w.Header().Add("Set-Cookie", "clearme=eraseme; Path=/")
w.WriteHeader(302)
return
case "first":
w.Header().Set("Location", "http://localhost:54123/redirect/second")
w.Header().Set("Set-Cookie", "rdb=rdb; Path=/redirect")
w.WriteHeader(302)
return
case "second":
w.Header().Set("Location", "http://localhost:54123/redirect/third")
w.Header().Set("Set-Cookie", "rdc=rdc; Path=/otherpath")
w.WriteHeader(302)
return
case "third":
w.Header().Set("Location", "http://localhost:54123/redirect/fourth")
exp := time.SecondsToUTC(time.UTC().Seconds() - 10000).Format(http.TimeFormat)
w.Header().Set("Set-Cookie", "clearme=; Path=/; Max-Age=0; Expires="+exp)
w.WriteHeader(302)
return
case "fourth":
w.Header().Set("Location", "http://localhost:54123/redirect/last")
rdav, rdae := req.Cookie("rda")
rdbv, rdbe := req.Cookie("rdb")
_, rdce := req.Cookie("rdc")
_, cme := req.Cookie("clearme")
if rdae == nil && rdav.Value == "rda" && rdbe == nil && rdbv.Value == "rdb" && rdce != nil && cme != nil {
w.WriteHeader(302)
} else {
w.WriteHeader(500)
body := "<html><body><h1>Wrong cookies</h1><pre>"
for _, c := range req.Cookies() {
body += fmt.Sprintf("\n%#v\n", *c)
}
body += "</pre></body></html>"
w.Write([]byte(body))
}
return
case "last":
w.WriteHeader(200)
w.Write([]byte("<html><body><h1>No more redirects.</h1></body></html>"))
return
default:
w.WriteHeader(404)
w.Write([]byte("<html><body><h1>Oooops..." + lastPath(req) + "</h1></body></html>"))
return
}
}
func htmlHandler(w http.ResponseWriter, req *http.Request) {
if log, err := os.OpenFile("log.log", os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0666); err == nil {
txt := req.FormValue("tolog")
log.WriteString("Stamp[html] Sehr Wichtig\nStamp[html] Hubba Buba\n")
if len(txt) > 0 {
log.WriteString(txt + "\n")
}
log.Sync()
log.Close()
trace("Wrote to log.log")
} else {
panic(err.String())
}
w.Header().Set("Content-Type", "text/html; charset=utf-8")
w.Header().Set("Fancy-Header", "Important Value")
w.WriteHeader(200)
t := req.FormValue("text")
s := req.FormValue("sleep")
x := req.FormValue("xxx")
t2 := ""
if x == "foo" || x == "bar" || x == "baz" {
xCounter[x] = xCounter[x] + 1
if xCounter[x] < 4 { // Fifth run succeeds....
t2 += "\n<h2>Still Running...</h2>"
} else {
t2 += "\n<h2 class=\"okay\">Finished.</h2>"
}
}
if ms, err := strconv.Atoi(s); err == nil {
time.Sleep(1000000 * int64(ms))
}
if len(req.Cookies()) > 0 {
t2 += "\n<a href=\"/bin.bin\" title=\"TheCookieValue\">" + req.Cookies()[0].Name + " = " + req.Cookies()[0].Value + "</a>"
}
body := fmt.Sprintf(htmlPat, html.EscapeString(t), t2)
if req.FormValue("badhtml") == "bad" {
body += "</h3></html>"
} else {
body += "</body></html>"
}
w.Write([]byte(body))
}
func (authData *validatorImpl) Validate(w http.ResponseWriter, r *http.Request) (bool, *string) {
client := getCookieValue(r.Cookies(), "client")
if client == nil {
http.Error(w, "Missing client cookie", http.StatusBadRequest)
return false, nil
}
token := getCookieValue(r.Cookies(), "token")
if token == nil {
http.Error(w, "Missing token cookie", http.StatusBadRequest)
return false, nil
}
existingToken, found := authData.tokenMap[*client]
if !found {
log.Printf("Unknown client " + *client)
http.Error(w, "Invalid auth token", http.StatusForbidden)
return false, nil
}
if *token != existingToken {
log.Printf("Invalid token: %s != %s", *token, existingToken)
http.Error(w, "Invalid auth token", http.StatusForbidden)
return false, nil
}
return true, client
}