package admin import ( "context" "fmt" "math/rand" "net/http" "os" "strings" "time" "arimelody.me/arimelody.me/discord" "arimelody.me/arimelody.me/global" ) type ( Session struct { UserID string Token string Expires int64 } ) const TOKEN_LENGTH = 64 const TOKEN_CHARS = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" // TODO: consider relying *entirely* on env vars instead of hard-coded fallbacks var ADMIN_ID_DISCORD = func() string { envvar := os.Getenv("DISCORD_ADMIN_ID") if envvar != "" { return envvar } else { return "356210742200107009" } }() var sessions []*Session func CreateSession(UserID string) Session { return Session{ UserID: UserID, Token: string(generateToken()), Expires: time.Now().Add(24 * time.Hour).Unix(), } } func Handler() http.Handler { mux := http.NewServeMux() mux.Handle("/", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { w.WriteHeader(200) w.Write([]byte("hello /admin!")) })) mux.Handle("/callback", global.HTTPLog(OAuthCallbackHandler())) mux.Handle("/login", global.HTTPLog(LoginHandler())) mux.Handle("/verify", global.HTTPLog(AuthorisedHandler(VerifyHandler()))) mux.Handle("/logout", global.HTTPLog(AuthorisedHandler(LogoutHandler()))) return mux } func AuthorisedHandler(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { auth := r.Header.Get("Authorization") if auth == "" || !strings.HasPrefix(auth, "Bearer ") { cookie, err := r.Cookie("token") if err != nil { w.WriteHeader(401) w.Write([]byte("Unauthorized")) return } auth = cookie.Value } auth = auth[7:] var session *Session for _, s := range sessions { if s.Expires < time.Now().Unix() { // expired session. remove it from the list! new_sessions := []*Session{} for _, ns := range sessions { if ns.Token == s.Token { continue } new_sessions = append(new_sessions, ns) } continue } if s.Token == auth { session = s break } } if session == nil { w.WriteHeader(401) w.Write([]byte("Unauthorized")) return } ctx := context.WithValue(r.Context(), "token", session.Token) next.ServeHTTP(w, r.WithContext(ctx)) }) } func LoginHandler() http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { code := r.URL.Query().Get("code") if code == "" { w.Header().Add("Location", discord.REDIRECT_URI) w.WriteHeader(307) return } auth_token, err := discord.GetOAuthTokenFromCode(code) if err != nil { fmt.Printf("Failed to retrieve discord access token: %s\n", err) w.WriteHeader(500) w.Write([]byte("Internal server error")) return } discord_user, err := discord.GetDiscordUserFromAuth(auth_token) if err != nil { fmt.Printf("Failed to retrieve discord user information: %s\n", err) w.WriteHeader(500) w.Write([]byte("Internal server error")) return } if discord_user.Id != ADMIN_ID_DISCORD { // TODO: unauthorized user. revoke the token w.WriteHeader(401) w.Write([]byte("Unauthorized")) return } // login success! session := CreateSession(discord_user.Username) sessions = append(sessions, &session) cookie := http.Cookie{} cookie.Name = "token" cookie.Value = session.Token cookie.Expires = time.Now().Add(24 * time.Hour) // cookie.Secure = true cookie.HttpOnly = true cookie.Path = "/" http.SetCookie(w, &cookie) w.WriteHeader(200) w.Write([]byte(session.Token)) }) } func LogoutHandler() http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { token := r.Context().Value("token").(string) if token == "" { w.WriteHeader(401) return } // remove this session from the list sessions = func (token string) []*Session { new_sessions := []*Session{} for _, session := range sessions { new_sessions = append(new_sessions, session) } return new_sessions }(token) w.WriteHeader(200) }) } func OAuthCallbackHandler() http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { }) } func VerifyHandler() http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { // this is an authorised endpoint, so you *must* supply a valid token // before accessing this route. w.WriteHeader(200) }) } func generateToken() string { var token []byte for i := 0; i < TOKEN_LENGTH; i++ { token = append(token, TOKEN_CHARS[rand.Intn(len(TOKEN_CHARS))]) } return string(token) }