2020-10-12 22:34:52 +02:00
|
|
|
// +build ignore
|
2020-09-27 23:39:44 +02:00
|
|
|
|
|
|
|
package main
|
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto/x509"
|
|
|
|
"fmt"
|
|
|
|
"log"
|
|
|
|
|
2020-10-28 04:35:22 +01:00
|
|
|
"git.sr.ht/~adnano/go-gemini"
|
2020-09-27 23:39:44 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
type user struct {
|
|
|
|
password string // TODO: use hashes
|
|
|
|
admin bool
|
|
|
|
}
|
|
|
|
|
|
|
|
type session struct {
|
|
|
|
username string
|
|
|
|
authorized bool // whether or not the password was supplied
|
|
|
|
}
|
|
|
|
|
|
|
|
var (
|
|
|
|
// Map of usernames to user data
|
|
|
|
logins = map[string]user{
|
|
|
|
"admin": {"p@ssw0rd", true}, // NOTE: These are bad passwords!
|
|
|
|
"user1": {"password1", false},
|
|
|
|
"user2": {"password2", false},
|
|
|
|
}
|
|
|
|
|
|
|
|
// Map of certificate fingerprints to sessions
|
|
|
|
sessions = map[string]*session{}
|
|
|
|
)
|
|
|
|
|
|
|
|
func main() {
|
2020-10-28 04:35:22 +01:00
|
|
|
var mux gemini.ServeMux
|
|
|
|
mux.HandleFunc("/", login)
|
|
|
|
mux.HandleFunc("/password", loginPassword)
|
2020-10-21 23:47:34 +02:00
|
|
|
mux.HandleFunc("/profile", profile)
|
|
|
|
mux.HandleFunc("/admin", admin)
|
|
|
|
mux.HandleFunc("/logout", logout)
|
|
|
|
|
2020-10-28 04:35:22 +01:00
|
|
|
var server gemini.Server
|
2020-10-28 19:59:45 +01:00
|
|
|
if err := server.Certificates.Load("/var/lib/gemini/certs"); err != nil {
|
2020-10-12 06:13:24 +02:00
|
|
|
log.Fatal(err)
|
|
|
|
}
|
2020-10-21 23:47:34 +02:00
|
|
|
server.Register("localhost", &mux)
|
2020-09-27 23:39:44 +02:00
|
|
|
|
|
|
|
if err := server.ListenAndServe(); err != nil {
|
|
|
|
log.Fatal(err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func getSession(crt *x509.Certificate) (*session, bool) {
|
2020-10-28 04:35:22 +01:00
|
|
|
fingerprint := gemini.Fingerprint(crt)
|
2020-09-27 23:39:44 +02:00
|
|
|
session, ok := sessions[fingerprint]
|
|
|
|
return session, ok
|
|
|
|
}
|
|
|
|
|
2020-10-28 04:35:22 +01:00
|
|
|
func login(w *gemini.ResponseWriter, r *gemini.Request) {
|
|
|
|
cert, ok := gemini.Certificate(w, r)
|
2020-10-21 23:47:34 +02:00
|
|
|
if !ok {
|
|
|
|
return
|
|
|
|
}
|
2020-10-28 04:35:22 +01:00
|
|
|
username, ok := gemini.Input(w, r, "Username")
|
2020-10-21 23:47:34 +02:00
|
|
|
if !ok {
|
|
|
|
return
|
|
|
|
}
|
2020-10-28 04:35:22 +01:00
|
|
|
fingerprint := gemini.Fingerprint(cert)
|
2020-10-21 23:47:34 +02:00
|
|
|
sessions[fingerprint] = &session{
|
|
|
|
username: username,
|
|
|
|
}
|
2020-10-31 21:51:10 +01:00
|
|
|
w.WriteHeader(gemini.StatusRedirect, "/password")
|
2020-09-27 23:39:44 +02:00
|
|
|
}
|
|
|
|
|
2020-10-28 04:35:22 +01:00
|
|
|
func loginPassword(w *gemini.ResponseWriter, r *gemini.Request) {
|
|
|
|
cert, ok := gemini.Certificate(w, r)
|
2020-10-21 23:47:34 +02:00
|
|
|
if !ok {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
session, ok := getSession(cert)
|
|
|
|
if !ok {
|
2020-10-28 04:35:22 +01:00
|
|
|
w.WriteStatus(gemini.StatusCertificateNotAuthorized)
|
2020-10-21 23:47:34 +02:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2020-10-28 04:35:22 +01:00
|
|
|
password, ok := gemini.SensitiveInput(w, r, "Password")
|
2020-10-21 23:47:34 +02:00
|
|
|
if !ok {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
expected := logins[session.username].password
|
|
|
|
if password == expected {
|
|
|
|
session.authorized = true
|
2020-10-31 21:51:10 +01:00
|
|
|
w.WriteHeader(gemini.StatusRedirect, "/profile")
|
2020-10-21 23:47:34 +02:00
|
|
|
} else {
|
2020-10-28 04:35:22 +01:00
|
|
|
gemini.SensitiveInput(w, r, "Wrong password. Try again")
|
2020-10-21 23:47:34 +02:00
|
|
|
}
|
2020-09-27 23:39:44 +02:00
|
|
|
}
|
|
|
|
|
2020-10-28 04:35:22 +01:00
|
|
|
func logout(w *gemini.ResponseWriter, r *gemini.Request) {
|
|
|
|
cert, ok := gemini.Certificate(w, r)
|
2020-10-21 23:47:34 +02:00
|
|
|
if !ok {
|
|
|
|
return
|
|
|
|
}
|
2020-10-28 04:35:22 +01:00
|
|
|
fingerprint := gemini.Fingerprint(cert)
|
2020-10-21 23:47:34 +02:00
|
|
|
delete(sessions, fingerprint)
|
|
|
|
fmt.Fprintln(w, "Successfully logged out.")
|
2020-09-27 23:39:44 +02:00
|
|
|
}
|
|
|
|
|
2020-10-28 04:35:22 +01:00
|
|
|
func profile(w *gemini.ResponseWriter, r *gemini.Request) {
|
|
|
|
cert, ok := gemini.Certificate(w, r)
|
2020-10-21 23:47:34 +02:00
|
|
|
if !ok {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
session, ok := getSession(cert)
|
|
|
|
if !ok {
|
2020-10-28 04:35:22 +01:00
|
|
|
w.WriteStatus(gemini.StatusCertificateNotAuthorized)
|
2020-10-21 23:47:34 +02:00
|
|
|
return
|
|
|
|
}
|
|
|
|
user := logins[session.username]
|
|
|
|
fmt.Fprintln(w, "Username:", session.username)
|
|
|
|
fmt.Fprintln(w, "Admin:", user.admin)
|
|
|
|
fmt.Fprintln(w, "=> /logout Logout")
|
2020-09-27 23:39:44 +02:00
|
|
|
}
|
|
|
|
|
2020-10-28 04:35:22 +01:00
|
|
|
func admin(w *gemini.ResponseWriter, r *gemini.Request) {
|
|
|
|
cert, ok := gemini.Certificate(w, r)
|
2020-10-21 23:47:34 +02:00
|
|
|
if !ok {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
session, ok := getSession(cert)
|
|
|
|
if !ok {
|
2020-10-28 04:35:22 +01:00
|
|
|
w.WriteStatus(gemini.StatusCertificateNotAuthorized)
|
2020-10-21 23:47:34 +02:00
|
|
|
return
|
|
|
|
}
|
|
|
|
user := logins[session.username]
|
|
|
|
if !user.admin {
|
2020-10-28 04:35:22 +01:00
|
|
|
w.WriteStatus(gemini.StatusCertificateNotAuthorized)
|
2020-10-21 23:47:34 +02:00
|
|
|
return
|
|
|
|
}
|
|
|
|
fmt.Fprintln(w, "Welcome to the admin portal.")
|
2020-09-27 23:39:44 +02:00
|
|
|
}
|