2022-06-02 23:53:32 +03:00
|
|
|
package controllers
|
|
|
|
|
|
|
|
|
|
import (
|
2022-06-03 22:56:25 +03:00
|
|
|
"crypto/sha512"
|
|
|
|
|
"encoding/hex"
|
2022-06-02 23:53:32 +03:00
|
|
|
"fmt"
|
2022-06-03 22:56:25 +03:00
|
|
|
"net/http"
|
2022-06-02 23:53:32 +03:00
|
|
|
|
2022-06-03 22:56:25 +03:00
|
|
|
"github.com/JustKato/FreePad/lib/helper"
|
2022-06-02 23:53:32 +03:00
|
|
|
"github.com/gin-gonic/gin"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
func AdminMiddleware(router *gin.RouterGroup) {
|
|
|
|
|
|
|
|
|
|
// Handl
|
|
|
|
|
router.Use(func(ctx *gin.Context) {
|
|
|
|
|
|
|
|
|
|
// Check which route we are accessing
|
|
|
|
|
fmt.Println(`Accesing: `, ctx.Request.RequestURI)
|
|
|
|
|
|
2022-06-03 22:56:25 +03:00
|
|
|
// Check if the request is other than the login request
|
|
|
|
|
if ctx.Request.RequestURI != "/admin/login" {
|
|
|
|
|
// Check if the user is logged-in
|
|
|
|
|
|
|
|
|
|
fmt.Println(`Checking if admin`)
|
|
|
|
|
|
|
|
|
|
if !IsAdmin(ctx) {
|
|
|
|
|
// Not an admin, redirect to homepage
|
|
|
|
|
ctx.Redirect(http.StatusTemporaryRedirect, "/")
|
|
|
|
|
ctx.Abort()
|
|
|
|
|
|
|
|
|
|
fmt.Println(`Not an admin!`)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
2022-06-02 23:53:32 +03:00
|
|
|
})
|
|
|
|
|
|
|
|
|
|
}
|
2022-06-03 22:56:25 +03:00
|
|
|
|
|
|
|
|
func IsAdmin(ctx *gin.Context) bool {
|
|
|
|
|
adminToken, err := ctx.Cookie("admin_token")
|
|
|
|
|
if err != nil {
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Encode the real token
|
|
|
|
|
sha512Hasher := sha512.New()
|
|
|
|
|
sha512Hasher.Write([]byte(helper.GetAdminToken()))
|
|
|
|
|
hashHexToken := sha512Hasher.Sum(nil)
|
|
|
|
|
trueToken := hex.EncodeToString(hashHexToken)
|
|
|
|
|
|
|
|
|
|
// Check if the user's admin token matches the token
|
|
|
|
|
if adminToken != "" && adminToken == trueToken {
|
|
|
|
|
// Yep, it's the admin!
|
|
|
|
|
return true
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Definitely not an admin
|
|
|
|
|
return false
|
|
|
|
|
}
|
